共查询到20条相似文献,搜索用时 218 毫秒
1.
2.
郑浩宇 《计算机光盘软件与应用》2010,(9):81-81,66
互联网的开放性与通信协议的安全缺陷,加之数据信息存储以及对其访问与处理的网络环境分布性特点,使网络很容易受到的安全攻击,攻击者只需攻击一点,就可能造成网络传输的数据信息泄露或被破坏。可见,单一的网络安全产品或安全技术以及各种安全产品不足以保证网络的安全性。而构建跨区IP专用网络安全防范系统,就能从网络系统的各个不安全环节中找出安全漏洞,并采取相应的措施进行控制,有效地保证了网络信息的安全及系统的正常运行。 相似文献
3.
4.
提出了一种基于博弈模型的网络安全性失效的分析方法。针对不可修复的网络系统,安全失效过程被看作一个攻击方控制状态转移的随机博弈过程。从攻击的角度计算分析了在此过程中攻击方的总收益和最优策略,结果表明当支付期望值在一定的范围内变化时,攻击者将不改变其行动选择。 相似文献
5.
随着工业网络的迅猛发展,安全事件层出不穷,网络抗毁性成为了该领域关注的焦点之一。针对工业网络中的安全问题,以攻击意图为切入点,开展了工业网络抗毁性评价问题的研究。首先,通过对已知攻击案例的分析,识别了多种攻击类型及其潜在影响;然后,区别于现有针对网络系统本身特性的评价方法,将攻击的潜在意图纳入考量,构建了一个综合性的抗毁性评价方法;最后,在一个工业网络系统模型上,通过与现有流行的网络系统抗毁性评价方法对比,发现所提出的基于攻击意图的工业网络抗毁性评价方法具有更加客观、稳定的评估效果。该抗毁性评价方法综合考虑了外界攻击的意图、发生概率、影响范围以及可能的后果,有效刻画了不同场景下系统面对相同规模外界攻击时的抗毁性。 相似文献
6.
7.
8.
1.引言渗透测试是指针对计算机网络通过模仿黑客入侵来进行的安全评估方法,是保障网络系统安全的重要手段,是安全工作者模拟入侵攻击测试,进一步寻找最佳安全防护方案的正当手段。渗透测试可以使网络系统存在的安全隐患和漏洞在遭受到攻击破坏之前就被发现,协助用户及时主动修复漏洞,降低安全风险,对于网络安全组织具有实际应用价值。 相似文献
9.
10.
随着网络攻防的快速发展,网络攻击与防御呈现螺旋式发展态势。近年来勒索攻击的安全威胁日益猖獗,给世界各种行业及个人造成巨大损失。基于攻击链模型的勒索攻击分析有助于此类网络攻击的风险评估,可以有效发现网络系统中的安全缺陷,进而实现网络安全主动防御。本文阐述了经典攻击链模型及相关安全技术,基于攻击链模型分析了典型勒索攻击的过程及阶段关系,梳理了基于攻击链的多阶段防御机制。 相似文献
11.
吴兰 《电脑编程技巧与维护》2014,(4):70-71
随着信息技术的发展,信息安全也面临着严峻的现实考验。近年来,针对工控系统的安全事件不断攀高。介绍了当前安全形势下工控系统的安全威胁,提出了应加强措施以应对安全威胁,切实保障工控网络信息安全。 相似文献
12.
随着计算机和网络技术的发展,工业控制系统产品越来越多地采用通用协议、通用硬件和通用软件,以各种方式与互联网等公共网络连接,病毒、木马等威胁正在向工业控制系统扩散,工业控制系统的安全问题日益突出。当前工业控制系统广泛应用于我国电力、化工、石油石化、市政、冶金等关系国计民生的重要行业和领域,但国外产品占据我国工业控制系统高端市场,这给我国带来了较大的安全隐患。此外,我国工业控制系统信息安全管理还存在诸多问题,有必要对我国工业控制系统的安全性进行分析,并提出相关建议。 相似文献
13.
Industry 4.0 uses a subset of the IoT, called Industrial IoT (IIoT) to achieve connectivity, interoperability and decentralisation. The deployment of industrial networks rarely considers security by design, but this becomes imperative in smart manufacturing as connectivity increases. The combination of OT and IT infrastructures in Industry 4.0 adds new security threats beyond those of traditional industrial networks. Defence-in-Depth (DiD) strategies tackle the complexity of this problem by providing multiple defence layers, each of these focusing on a particular set of threats. Additionally, the severe requirements of IIoT networks demand lightweight encryption algorithms. Nevertheless, these ciphers must provide E2E (End-to-End) security, as data pass through intermediate entities, or middleboxes, before reaching its destination. If compromised, middleboxes could expose vulnerable information to potential attackers if it is not encrypted throughout this path. This paper presents an analysis of the most relevant security strategies in Industry 4.0, focusing primarily on DiD. With these in mind, it proposes a combination of DiD, a lightweight E2E encryption algorithm called Attribute-Based-Encryption (ABE) and object security (i.e., OSCORE) to get a full E2E security approach. This analysis is a critical first step to develop more complex and lightweight security frameworks suitable for Industry 4.0. 相似文献
14.
信息科技的迅速发展,使网络成为全球重要的信息传播工具.而随着Internet的飞速发展,网络安全问题也开始倍受当前网络用户的关注,越来越多地引起人们的重视.基于网络安全的现状、威胁及影响网络安全的因素,提出相应的控制策略. 相似文献
15.
工业控制系统(ICS)作为国家基础设施的核心控制设备,其安全关系国计民生。震网(Stuxnet)病毒爆发以后,工控安全逐渐引起国家、企业、战略安全人士的高度重视。总结分析了工控系统的结构资产、脆弱性、存在的威胁、安全措施与风险评估等内容;提出了四层功能的仿免疫系统的安全管理模型,并重点分析其中的关键防御技术,例如深度防御、防火墙、异常检查、Conpot(Control Systems Honeypot)、安全远程访问以及管理策略;指出工控系统安全将会是智慧城市、智慧制造与工业4.0等新兴技术的发展契机与最大挑战;最后结合国内工控安全布局规划,给出工控安全建议,并展望未来的发展前景。 相似文献
16.
17.
18.
Modern industrial facilities consist of controllers, actuators and sensors that are connected via traditional IT equipment. The ongoing integration of these systems into the communication network yields to new threats and attack possibilities. In industrial networks, often distinct communication protocols like Profinet IO (PNIO) are used. These protocols are often not supported by typical network security tools. In this work, we present two attack techniques that allow to take over the control of a PNIO device, enabling an attacker to replay previously recorded traffic. We model attack detection rules and propose an intrusion detection system (IDS) for industrial networks which is capable of detecting those replay attacks by correlating alerts from traditional IT IDS with specific PNIO alarms. As an additional effort, we introduce defense in depth mechanisms in order to prevent those attacks from taking effect in the physical world. Thereafter, we evaluate our IDS in a physical demonstrator and compare it with another IDS dedicated to securing PNIO networks. In a conceptual design, we show how network segmentation with flow control allows for preventing some, but not all of the attacks. 相似文献
19.
利用IT安全运维系统能够全面、正确、及时地反映被管系统的运行状态,提高运维的质量和效率,确保信息部门的技术支持服务,以及信息化管理工作更为畅通、透明、完整和有效.提出了将信息安全运维管理应用到工业控制中,应对安全攻击,切实保障工控网络信息安全. 相似文献
20.
IS security threats have increased significantly in recent years. We identified the gaps between manager perceptions of IS security threats and the security countermeasures adopted by firms by collecting empirical data from 109 Taiwanese enterprises. Industry type and organizational use of IT were seen as the two factors that affected the motivation of firms to adopt security countermeasures, but their implementation did not necessarily affect the threat perceptions of the managers. Analyses of responses suggested that the scope of the countermeasures adopted were not commensurate with the severity of the perceived threats. Among the threats, networks were rated as contributing the most severe threat and yet had the lowest level of protection, this was followed by threats due to personnel and administrative issues. We therefore addressed threat mitigation strategies, specifically in terms of the differences between industries. 相似文献