Contents 1. IPSIDS...1... 19 2....2 IT... 21 3....2 4....3 FAQ... 26 5. 21 CISP...3 6. IPS...3 7. 2008...4 8. 2008...4...6...7 IPS Web...9...13...14...15 TOP10...16... 28... 31... 33... 37... 40... 42... 43
IPSIDS 2008 IT IT IPSIDS IPS IDS UTM IDSIPS 07 IDS IPS IPS IDS 5 IDS 07 1/4 IDS IPS 2007 UTM 2008/April 001
002 2008318 29 1999 55 50 2006 70 2008/April
3 12 3 24 21 CISP 2008 Certified Information Security Professional 2007 11 2002 Windows PKI/CAVPN UNIX CISP CISP! 21 CISP IPS IPS IPS IPS IPS IPS IPS 2008/April 003
3 20 2008 2008 2008 2008 2008 2008 004 2008/April IT IT 2008
IPS Web
006 2008/April 3 26 60 Web SQL Web Mail Web Web OWASP Web SQL SQL Web VXID IPS Web Web
007 2008/April DDOS 1.
008 2008/April 2. 3. 4.
IPS Web / Web Web Web Internet Web Internet VPN Web Web XML Web Web 80 443 Web Web (bugs) Web Web Web Web Web Web Web Gartner Web 75% Web Web Web Web Web OWASP Web 2008/April 009
30.00% 25.00% 20.00% 15.00% 10.00% 5.00% 0.00% SQL SQL HTTP SQL SQL Cross-site scripting Injectlon Flaws Malicous flie Execution Insecure Dlrect Object Reference Cross-site Request Forgery (CSRF) Information Leakage and Improper error handling Broken authentication and session management Figure 2: MITRE data on Top 10 web application vulnerabilities for 2006 Insecure cryptographic storage Insecure cryptographic communications Failure to restrict URL access 1 E-Mail HTTPBank.com 4 cookieseccion 5 seccion Bank.com 2 3 Web SQL : 1 2 SQL 3 Web 4 5 Web 6 Web 7 SQL 8 Web SQL SQL Web Web Web Web Web 2008/April 010
Web Web VXID VXID Web URLCookie Post Form Web VXID Web Web Web Web Web SQL XSS WEB VXID URL\COOKIE\ POST-Form SQL Web web Web VXID XSS Web 1 VXID SQL URL COOKIE FORM XSS IPS Internet SQL XSS Web 2Web web 2008/April 011
1 25 1996 800 2008/April 013
010 1 25 2237 39 014 2008/April
47% 35 85% 80% 400 015 2008/April
VenusTech 2008 3 TOP10 2008 03 TOP 10 ADLab 1 Linux Kernel vmsplice_to_user() 3 Linux Kernel vmsplice_to_pipe() 2 Linux Kernel fs/splice.c Linux Kernel fs/splice.c vmsplice_to_user() vmsplice_to_pipe splice_from_pipe() vmsplice root pipe_to_user() copy_to_user_inatomic() Microsoft Office Web ActiveX 4 vmsplice() root Microsoft Office Web ActiveX DataSource URL Web Microsoft Excel Microsoft Office 5 Microsoft Excel Style Rich Text Office Office Excel Office 2008/April 016
6 7 8 RealNetworks RealPlayer rmoc3260. 9 VMware MultiByte dll ActiveX ToWideChar() RealPlayer VMWare VMware RealPlayerrmoc3260.dll ActiveX Console Web Guest Host Guest VMware API PathName Alt-N MDaemon IMAP FETCH 10 Alt-N MDaemon MDaemon IMAP FETCH BODY Microsoft Outlook Microsoft Outlook "mailto" URI mailto: URI Outlook CiscoWorks Internetwork Outlook Performance Monitor Microsoft Outlook Mailto URI CiscoWorks Internetwork Performance Monitor ADLAB 1999 Solaris Windows CiscoWorks IPM SHELL TCP http://www.venustech.com.cn 2008/April 017
IT
IDS IPS VPN / 019 2008/April
OA Microsoft Office IRM UTM IDS IPS 020 2008/April
IT / IT IT IT IT IT IT IT 24 7 4 12 27.6 8 OA ERP IT 2008/April 021
DMIS IP MIS IT IT 1. 2. 3. IT IT : 4. 1. IT 2. IT IT IT 2008/April 022
1. Windows 2. IP 3. IP IDS Linux Web Web IE Web IT IT 023 2008/April
IT IT root IT IT IT IT IT IT 024 2008/April
FAQ
FAQ CERT 70% IPS 5) 1) bypass bypass SQL Server 2) 3) SQL Server 1) 2) 70 4) SQL Server 2008/April 026
DataTransfer.exe DataTransfer ping telnet 20001 0 20001 50000 telnet 20001 MSDE 2G : server client server client 1) client 2) > >DataTransfer DataTranfer 3) DataTransfer 4) client server client server DataTransfer.exe 2008/April 027
P2P 2006 P2P 2 028 2008/April
029 2008/April
11 2 2 3 4 5 3 6 1 2 1 3 2 4 3 4 5 6 7 2008/April 031
1 2 3 1 2 3 4 5 6 2008/April 032
/ 41 34 1555 40 40 4 22 5 27 4 2 5500 20 38 41 8 6 1 3 13 2008/April 033
423 2200 1 12 3000 42 12 2 44 9 2 5 2001, 5 33 2-3 1200 034 2008/April
11 5 2001 11 5 5 2001 510 -- 7 035 2008/April
2008/April 036
1929 19446 96 28... 64 2008/April 037
1929 1 9 1/4 3 1. 2. 3. IT 2008/April 038
200011 863 50 50 50 20 2007 (VXID) SQL Web SQL SQL Web SQL Web IDS IPS SQL IPS SQL UTM IDS VSID (Venus SQL Injection Detection Algorithm) SQL IDS IPS Web (VFBC) 2008/April 040
SQL IPS SQL SQL SQL SQL SQL SQL SQL 2005 2005 1 VFPR (Venus Fast Protocol Recognition) SQL 2008/April 041
sony T300 T300 20 / 2008/April 042
/ 80 43 2008/April 043