Network attacks focus on people's livelihood. How can we effectively defend against DDoS and apt attacks?

Recently, science and technology daily pointed out that , In recent years, cyber attacks have frequently focused on the field of people's livelihood , Like electricity 、 traffic 、 Water conservancy 、 Key infrastructure such as energy and even health care .

In the eyes of many people , Cyber attack seems to be far from us , However, when the infrastructure related to the national economy and people's livelihood is attacked , It may affect the operation of the whole city , And then threaten people's lives .

Remember last year's hacker attack on the largest oil pipeline in the United States , The United States continued to 6 There is a large area of oil shortage in the past few days , Related companies have also been blackmailed 500 Ten thousand dollars in ransom .

In the view of the network security industry , Whether civilian or military , War or peace , Cyber attacks can happen at any time .

According to the World Wide Web , Beijing jianjianbao was attacked not long ago DDOS attack （ Distributed denial of service attacks ）, The analysis found that the relevant attacks came from abroad , The company's technical team took timely countermeasures , To ensure that its relevant service applications are not affected .

A week ago , Activision Blizzard's battle. Net service was DDOS attack , Cause its game network to appear interrupt and serious delay phenomenon .

 360 Network security expert Li Fengpei pointed out that cyber attacks from abroad , Its intentions are diverse .DDOS The attack has destructive intent to attack key domestic facilities .

DDOS Attack as a persistent disease in cyberspace , Once the relevant enterprises are attacked , It means a fight “ Asymmetric war ”. Therefore, it is very important for website service providers to make network attack prevention and emergency plan in advance .

There's also... Based on the intent to steal information APT attack , It's a more subtle , Advanced cyber attacks with larger attack scale . When APT The attack took place , Traditional network defense systems are even difficult to detect .

Regarding this , Relevant safety experts point out that , All security vendors and IT Suppliers need to continuously enhance their own security strength , Flexible filing against various attacks , Promote the construction of a solid national digital security barrier .

Now we will learn more about DDOS and APT Attack and how to defend effectively .

About DDOS（Distributed Denial of Service） Distributed denial of service attacks , It refers to the attacker through technical means , Send a large number of requests to the target attack website in a very short time , It greatly consumes the host resources of relevant websites , Cause it to fail to work properly .

For example , Originally, a bank was in normal operation , Serving its customers , The attacker thought of a way , In a short time, I called dozens of bullies to the bank to arrange numbers , Then they're not doing business , It's talking about the bank customer service and occupying the bank service resources , As a result, it cannot provide normal services to customers .

DDoS There are many types of attacks , in the light of Web Server attacks include TCP SYN Flooding attacks and CC attack .

in addition UDP flood、Ping of Death and ICMP flood Attacks can be launched against various servers .Smurf The target of the attack is the server 、 Switches and routers .

About TCP SYN Flood attack ,SYN（Synchronize Sequence Numbers） Sync sequence number , yes TCP/IP Handshake signal used to establish a connection .DDOS The attacker took advantage of TCP Three times mobile phone system , By forging IP Address sends a request to the attack target , Make the attack target unable to respond to the service normally , And constantly consume resources , Finally, it may cause the server to crash , Thus, it is impossible to provide services to users .

Ping of Death It refers to that an attacker deliberately sends more than 65535 Bytes of IP Data packets , A malformed message attack .

because 65535 Bytes are IP The maximum number of bytes allowed by the protocol , When attackers increase IP The size of the bag , As a result, many operating systems don't know what to do after receiving it , The server will then freeze 、 Downtime or restart .

Smurf An attack is a virus attack , It passes through IP Deception and ICMP reply , Drive a large number of network transmission to the target system , Cause the system to refuse to provide normal service .

among IP Spoofing is the creation of a modified source address Internet agreement (IP) Data packets .

ICMP（Internet Control Message Protocol） yes Internet Control message protocol , yes TCP/IP A sub protocol of a protocol family , Used in IP host 、 Routing control messages between routers . The attacker took advantage of ICMP Fake gateway , And then a large number of forgeries IP The packet is sent to the target system , So as to launch attacks on the target equipment or surrounding infrastructure DDoS attack .

Deal with all kinds of DDOS attack , Its defense technology is also diverse , The main method is to use advanced anti DDoS server 、 Set a blacklist 、DDOS Cleaning and CDN Speed up, etc .

About CDN Traffic acceleration , If you can accurately query users IP Address , Understand the distribution of users , Conducive to the realization of CDN Efficient scheduling of traffic .

Look again. APT（Advanced Persistent Threat） Advanced long-term threat attack , The attack is usually targeted by hackers , long-term 、 The act of stealing intelligence information in a planned and organized way , It is an advanced directional attack that integrates a variety of attack methods , Generally speaking APT The attack is equivalent to “ Cyber spies ” Behavior .

Complete a round APT Attacks are usually scanned and detected 、 Tool delivery 、 Exploit 、 Trojan implantation 、 Remote control 、 Horizontal penetration and target action .

In recent years , From abroad APT Hacker attacks occurred one after another , The attacker's methods become more complex and covert .

To defend against such attacks , The defense technology of information network security personnel needs to be continuously improved . defense APT attack , We need to start from all aspects of network security construction , Advancing security defense technology far exceeds the means of attackers .

About defense APT Methods and ideas of attack .

One side ,APT Attack concealment is strong , To defend , We need to find the source of the attack , Then through advanced detection technology and data analysis to complete . In the process , Data capability is an important support .

With IP Address as an example , Deploy highly accurate IP Address base , In real time IP Dynamic perception , Attack and defense positioning and security traceability , Can effectively promote network security . After detecting the attack source , Through in-depth analysis of visiting data , Then monitor or intercept unsafe access traffic .

On the other hand ,APT The main purpose of the attack is to steal intelligence , If you fail to intercept the attack source , The enterprise's own protection mechanism should also be excellent . Then using encryption technology to prevent sensitive data leakage will be a necessary investment .

In addition, user rights management and user identity authentication technology , It is also the mainstream idea of controlling intranet access to core business and data .

In this regard ,IP The application of address is also reflected . For example, through IP Address and GPS Cross validation of , It can identify whether the user's location information is consistent with the daily access data information , Then judge the risk degree of user operation behavior .

Targeting the field of people's livelihood is a manifestation of the expanded threat of cyber attacks , And the enemy is in the dark , The enterprise is in the Ming Dynasty . Enterprises want to win this “ Asymmetric war ”, It is necessary to have relevant technical capabilities and data support .

In the actual network attack and defense operations , In fact, what enterprises should consider is the cost and benefit . Of course , With the development of Digitalization , If an Internet enterprise wants to have a benign income , Continuously improve the user experience , Building a security defense system will be an important foundation .

4 End of month , Microblogging 、 WeChat 、 Zhihu and headlines and other big Internet companies have been launched one after another IP Home function , Is to build a network security barrier , A major measure to improve the Internet user experience .

On oil 、 Electric power 、 For people's livelihood enterprises such as transportation and medical treatment , Advance defense DDOS and APT Wait for a malicious attack , We also need to strengthen the all-round protection of enterprise network assets .

Attackers attack important enterprises , Often regard enterprise website and enterprise office network as two “ The main battlefield ”.

Corporate websites are easy to identify visitors , Many enterprises have also carried out safety construction at this level , However, the protection of network assets at the level of enterprise office network is often ignored .

In the digital age , The office network of key departments and relevant branches of enterprises has become complex , There are many types of cyberspace assets 、 The change is large and not intuitive . This makes it difficult for enterprises to detect network asset vulnerabilities in real time , Assess the security risks of all assets , As a result, protective measures cannot be taken in time , This provides an opportunity for the attacker .

To solve this hidden danger , Enterprises should first fully understand the exposure of their office assets . In this regard , You can deploy the enterprise office network IP Address base , To improve your network asset list , Then take defensive measures .

When an enterprise is attacked , By tracing the attacker's IP The source of information , It can also conduct accurate network attack forensics .

Of course , We don't want the attack to happen , But for a long time , Enterprises are in a passive position , It's often when you find an attack IP after , Just a blockade .

In order to improve the defense effect , Accurately identify the data center of the target area IP, Mass blockade is an effective idea .

Data Center IP yes IP A kind of application scenario . in general ,IP Address library and IP Comprehensive application of application scenarios , It is of positive significance to the security protection of enterprise office network .

Network security has become an important aspect of national and people's livelihood security , Dealing with external threats , Win a game “ Asymmetric war ”, Experts advocate building a strong digital security barrier . This requires not only enhanced data capabilities , Improve technical measures , It also requires all Internet companies to actively participate in it .