档案
security, cloud computing, telecom
About Security, Security Management and security for telecom and cloudcomputing!
看看现在的国内安全市场呀!!!! (2009-02-17 17:23:46)
下面内容是转自cnbeta, 链接: http://www.cnbeta.com/articles/77259.htm
另外还有几个地方报道:
科技日报 http://www.stdaily.com/gb/stdaily/2009-02/17/content_909678.htm
京报网 http://www.beijingdaily.com.cn/sdbd/200902/t20090217_505104.htm
北京晚报》:杀毒业最大丑闻是如何炮制的
假报案假损失假鉴定 瑞星巨资行贿 多家防病毒公司作假
北京查获一起造假陷害高科技企业案.今天出版的《科技日报》刊发了题为“一项重大原始创新何以大难不死——北京东方微点公司起死回生始末”的特稿,对此案进行了详细报道.今天中央人民广播电台《新闻与报纸摘要》节目也予以报道.本报记者采访了相关各方,力图还原这桩堪称中国计算机杀毒业界最大的丑闻.
瑞星主动请托 要“铲”竞争对手
3年前,一条题为“北京破获全国首例故意传播网络病毒案件”的消息,在北京和地方各大媒体刊出,震惊全国.消息称,“北京东方微点信息技术有限责任公司 (以下简称微点公司)在世界首创主动防御病毒软件,打破了对于计算机病毒全世界只能被动防御的局面.然而,该公司在软件研制过程中,违规在互联网上下载、运行多种病毒”, “致使计算机病毒在互联网上大量传播,严重危害网络安全,造成重大经济损失”.
消息引起了计算机用户极大的愤慨,众多网民对此予以谴责.案件当事人之一、微点公司副总经理田亚葵也因“网络传播病毒案”被警方逮捕关押11个月.微点公司背上了“防病毒公司传毒”的罪名.
然而,谁也不会想到,这样一个震惊全国的“国内首例防病毒公司传播病毒案”,竟是个别执法人员与商业公司联手制造的一起假案.让微点公司横遭不测的正是前文提到的“主动防御病毒软件”.
刘旭,瑞星杀毒软件的原设计者和发明人,在辞去北京瑞星科技股份有限公司董事总经理兼总工程师两年后,于2005年1月创办了北京东方微点信息技术有限责任公司.“主动防御病毒软件”是该公司计划冲击杀毒市场的新产品.
2005年的中国IT安全市场已经呈现出瑞星一家独大的局面,根据国际数据公司(IDC)发布的2004年年度安全市场分析,瑞星的市场份额是其后三家竞争对手赛门铁克、金山和趋势科技的总和.而在软件分销商骏网公布的2005年杀毒软件销售情况中,瑞星杀毒软件远远超过其他同类产品,获年度销售榜第一名.瑞星占据了国内个人信息安全市场的70%,企业级市场的40%以上.
2005年5月13日和31日,刘旭在《光明日报》先后发表了“杀毒软件亟待克服重大技术缺陷我国应尽快研制主动防御型产品”和“主动防御电脑病毒并非天方夜谭”的论断.“一切的厄运都是从那时开始的.”刘旭回忆,“竞争对手嗅觉很灵敏,他们很清楚刘旭能这么说就是已经有了产品了”.
据《科技日报》报道,原北京市公安局公共信息网络安全监察处处长于兵,就是在2005年7月初接受了北京瑞星科技股份有限公司的请托,指令他人“铲”了从事计算机病毒防范软件研发业务的东方微点公司.
厄运
“微点”研发人员遭通缉有家不能回
要阻止微点软件的上市,最有效的就是阻止其取得销售许可证.
由于我国对病毒防治产品实施销售许可证制度,而要取得销售许可证必须具备企业经营执照、产品备案、公安部指定机构的产品检测报告三个基本条件,其中,检测机构的检测报告对获得许可证尤为关键.正当微点公司向网监处递交研发备案报告,同时向公安部指定的国家计算机病毒防治产品检测中心申请产品检测并为产品上市做各项准备之际,“几个民警来到公司,进行’反病毒公司资质调查’”.
“那是2005年7月5日”,摁灭手中的烟蒂,点燃另一支烟,刘旭陷入悲愤的情绪中,“从那天起,他们莫名其妙地对公司进行了一个多月的检查,频繁传唤包括我在内的公司管理和研发人员,直至2005年8月30日凌晨,网监处依照《刑法》第二百八十六条第三款的规定,将涉嫌所谓’故意制作、传播计算机病毒等破坏程序影响计算机系统正常运行造成严重后果’的公司副总经理田亚葵刑事拘留.”
9月6日,国家计算机病毒防治产品检测中心收到公函,以微点公司涉案为由,要求其对微点产品不予检测,封杀了微点公司防病毒产品的上市权利.同年10月21日,“破获国内首例防病毒公司传播病毒案”的新闻发布.
微点副总田亚葵被捕后,研发部负责病毒库保管、年仅23岁刚刚大学毕业的崔素辉,也遭到了通缉.小崔东躲西藏不敢来上班,几年不敢回老家河北过春节.2006年除夕夜,小崔躲在福州的一家小旅店里,嚎啕大哭.
“在三天两头研发部技术人员被传唤讯问的情况下,员工们担惊受怕,研发工作无法正常进行”.为保存公司研发实力,刘旭作出了把研发部从北京悄悄转移到福州的决定.为了员工的人身安全,刘旭特意将20多人的火车票终点站买到厦门,但安排大家在离福州较远的一个小站下车,然后找了两辆中巴车在夜深人静时把研发部员工接到了福州,而这一转移就是两年.
在田亚葵被逮捕和崔素辉被通缉后,刘旭清楚地知道,这个时候公司更不能没有自己.一方面,研发人员的情绪不稳定,最需要鼓励,更需要主心骨;另一方面,必须尽快向有关部门举报微点无辜遭陷害的重大情况.为了保证自己的通信安全,刘旭每天在自己的包里装着9部手机,用9个手机号与研发负责人和公司高层等单线联系.
2005年中秋节前后,刘旭多次路过家门而不敢回.连续几天,刘旭每晚都要换几个宾馆,最多的时候一晚上换了5个地方躲藏,他不知道自己要躲到哪一天.对攻克技术难题从不服输从不低头的刘旭,看着万家灯火,中秋节晚上流下了泪水.但是,刘旭始终坚定着一个信念,在提高自主创新能力已经成为国策的今天,微点公司研发的对用户、对国家信息安全都有现实意义的主动防御软件,一定会得到国家保护.
在此期间,刘旭的境遇受到了中央主要媒体的高度关注.新华社先后3次以内参的形式作了报道,呼吁保护原始创新成果.《科技日报》在2007年 12月19日和12月25日,在显著位置分别以“微点软件的上市之路为何如此艰难”和“谁保障自主创新成果不遭封杀”为题,对微点软件遭封杀的事件进行了披露,发出了“微点事件”背后到底是否另有“黑幕”的拷问.
真相
传毒电脑其实还未开通上网
据《科技日报》报道,2005年8月,于兵部署他人到北京思麦特管理顾问有限公司和北京健桥证券股份有限公司北京管理部,调查了解公司电脑被病毒感染及造成损失的情况.于兵在听取汇报上述两家公司有病毒感染但未造成损失的情况下,仍授意让思麦特公司和健桥公司,分别出具了10万元虚假损失证据材料.
2005年8月27日,为证实从思麦特公司和健桥公司查到的木马病毒——蠕虫病毒,是从东方微点公司副总经理田亚葵笔记本电脑中传播出来的,于兵授意他人召集病毒专家论证会.在论证过程中,没有给专家如实提供材料.专家论证后,在于兵授意下,专家意见又被从“基本可以确定”改为“可以确定”.
2005年9月,即微点公司副总经理田亚葵被刑事拘留后,由于缺少报案材料,于兵指使他人到北京另外三家杀毒软件公司做工作,让三家公司分别出具虚假“病毒爆发”报案材料.同时,于兵指使委托由瑞星公司副总裁赵四章推荐的瑞星公司监事为合伙人的中润华会计师事务所,对东方微点副总田亚葵传播病毒案件涉及的有关损失进行评估,并将该会计师事务所的违规评估结论作为认定田亚葵构成“破坏计算机信息系统罪”和“侵犯商业秘密罪”的主要证据.
于兵等人认定,田亚葵所用的与互联网连接的笔记本电脑中,有四种病毒于2004年12月21日被激活,导致对外传播,造成较大损失.而经查,田亚葵笔记本电脑上网的ADSL电话线是2005年4月1日才开通使用.而且,经国家信息中心电子数据司法鉴定中心重新鉴定,在田亚葵笔记本电脑中的四种病毒只发现了三种,而且从未被激活过.
据《科技日报》报道,北京市纪检机关经立案调查,查明“北京东方微点传播计算机病毒案件”是调取假报案、假损失、假鉴定等证据材料制造的一起假案.
进展
多家著名公司涉嫌作假
2007年5月,刘旭向最高人民检察院、公安部等国家有关部门的举报,得到了高度重视.2007年11月20日,田亚葵在被羁押11个月和取保候审12个月后,北京市海淀区检察院对田亚葵作出了不起诉的决定.微点主动防御软件在因所谓“国内首例防病毒公司传播病毒案”被封杀两年半后,获准向国家计算机病毒防治产品检测中心办理产品上市销售前的检测手续.2008年2月,微点主动防御软件终于获得被阻扰了近三年的销售许可证.
据《科技日报》报道,2008年7月,北京市纪委接到实名举报,反映于兵等人存在徇私枉法等问题.市纪委高度重视,成立专案组对于兵等人的严重违法违纪问题进行立案调查.现已查明,于兵涉嫌收受瑞星公司贿赂、利用职务便利贪污公款,涉案金额巨大.另据透露,瑞星公司副总裁赵四章已被批捕.
2009年2月7日,微点公司总经理刘旭向记者表示,“正在准备向瑞星公司索赔”.根据微点公司提供的数字,主动防御软件上市受阻近三年,使微点公司蒙受直接经济损失三千多万元,而“如果微点的产品早些出来,’熊猫烧香’这种恶性病毒会很快得到防治,间接损失堪以亿计”.
记者同时了解到,北京江民新技术有限公司、北京金山软件股份有限公司、北京启明星辰信息技术有限公司等反病毒公司据称曾为此案出具虚假“病毒爆发”证据,但这些公司负责人对此说法未予回应.
编后
商业竞争最后变成制造假案,发生在反病毒行业内的这一事件让我们思考——如何从机制入手保护自主创新技术?如何规范高科技行业的竞争行为?如何防止某些领域的官商“联手”?其中最关键的,仍然是依法规范企业竞争行为,不让罪恶之手再猖狂下去.
记者 辛宏
【转贴】一篇很好的VoIP安全的文章 (2009-02-17 17:33:49)
VoIP Security Challenges: 25 Ways to Secure your VoIP Network
VoIP technology has the tech geeks buzzing. It has been touted as:
– the killer of telecoms
– a solution for the third world’s communication gap
– revolutionizing factor in international business
But despite all the buzz, and the predictions that everyone will be it using it by 2009, why does it seem that every time you make a phone call with Skype the quality sucks…or that your Vonage calls constantly get dropped…or worse, that teenage hackers are stealing your personal information and bringing down the whole network?
A VoIP network is susceptible to the usual attacks that plague all data networks:
…viruses, spam, phishing, hacking attempts, intrusions, mismanaged identities, Denial of Service (DoS) attacks, lost and stolen data, voice injections, data sniffing, hijacked calls, toll fraud, eavesdropping, and on and on and on.
The only difference is, with other technologies people take basic steps to protect themselves. With VoIP, nobody is doing so. As a result, all we hear about in the mainstream media is how vulnerable and unreliable VoIP is. And let’s face it…until people start taking the steps to safeguard their networks, this technology isn’t going to go places.
So for those you geeks who want to see the technology get broadly adopted, (and maybe fulfill some of the lofty aspirations mentioned above) start by first protecting your own VoIP network, and then helping to protect those of your friends and neighbors. Pretty soon, we can dump the “vulnerable” label and start gaining some non-techie fans.
So without further adieu, here are 25 ways to help you get started.
1. Restrict all VoIP data to one Virtual Local Area Network (VLAN): Cisco recommends separate VLANs for voice and data; this helps prioritize voice over data and also keeps traffic on the voice network hidden from those connected to the data network. VLANs are also useful in protecting against toll fraud, DoS attacks, and eavesdroppers listening in and taking over conversations. A VLAN is an effective closed circle of computers that does not allow any other computer access to its facilities; with the lack of a PC to launch attacks, your VoIP network is quite safe. Even in the case of an attack, the disruption caused is a minimum.
2. Monitor and track traffic patterns on your VoIP network: Monitoring tools and intrusion detection systems can help identify attempts to break into your VoIP network. Scrutinizing your VoIP logs can bring to light irregularities such as international calls made at odd hours or to countries your organization has no ties with (toll fraud), multiple log-on attempts like in a brute-force attempt to crack a password, or a surge in voice traffic during off-peak hours (voice spam).
3. Lock down your VoIP servers: Servers should be secured physically against both internal and external intruders who can intercept data using sniffing techniques, either within the LAN or at the ISP when data travels over the Internet. Since VoIP phones have fixed IP and MAC addresses, it’s easier for attackers to try to worm their way in. Which is why Gary Miliefsky, founder and CTO of NetClarity, recommends locking down IP and MAC addresses that allow access to the administrative interfaces of VoIP systems, and putting up another firewall in front of the SIP gateway. This will restrict incoming access to IT administrators and prevent hackers from getting in.
4. Use multiple layers of encryption: It’s not enough to just encrypt the data packets that are sent out, you have to encrypt call signaling too. Encrypting voice packets prevents voice injections where interceptors can insert their own words into the conversation, giving it a whole new meaning. Steve Mank, CEO of Qovia, cites two common methods of encryption – the Secure Real Time Protocol (SRTP) which encrypts communication between endpoints, and Transport Level Security (TLS) which encrypts the whole call process. Encryption of voice traffic should be supported by providing strong protection at gateways, networks and hosts.
5. Build redundancy into VoIP networks: Be prepared for the day DoS attacks or viruses threaten to bring your network crashing down – create a network that tolerates failures by setting up multiple nodes, gateways, servers, power sources, and call routers, and hooking up with more than one provider. Don’t stop with just putting the infrastructure in place; run frequent trials to ensure that they are working well and are ready to take over when the primary network fails.
6. Put your equipment behind firewalls: Create separate firewalls so that traffic crossing VLAN boundaries is restricted only to applicable protocols. This will prevent the spread of viruses and Trojans to servers in case clients are infected. The maintenance of security policies also becomes simpler when each firewall is considered separately. Choose networking and security vendors who support both the Session Initiation Protocol (SIP) and the International Telecommunication Union’s H.323 protocol. Firewall configurations have to be created so that the appropriate ports open and close when necessary.
7. Update patches regularly: The security of a VoIP network depends on both the underlying operating system and the applications that run on it. Maintaining patch currency for both the OS and VoIP applications is imperative in protecting against threats from malware. A study from Forrester Research urges companies to make sure they provide “added security measures for IP telephony, without assuming that vendors will respond to each and every risk that appears with patches for installed products.”
8. Keep your network away from the Internet: The University of Houston is a pioneer in this security approach – the institution has put its call manager and network out of direct access from the Internet; its IP PBXs are in a domain separate from its other servers and access is restricted.
9. Minimize the use of softphones: VoIP softphones are prone to hacker attacks, even when they are behind corporate firewalls, because they are used with an ordinary PC, VoIP software, and a pair of headphones. Also, softphones do not separate voice and data, and are vulnerable to the viruses and worms that normally infect a PC.
10. Perform security audits on a regular basis: Running checks on administrative and user sessions and service activities can help bring irregularities to light. Phishing attempts can be thwarted, spam can be filtered out so it doesn’t clog the network, and intruder attacks can be stopped.
11. Evaluate physical security: Make sure that only devices and users who are authenticated and pre-approved gain access to your network by limiting access to the Ethernet ports. Administrators are often fooled into accepting softphone devices that are not permitted on the network because hackers can easily imitate IP and MAC addresses by plugging into an RJ44 port.
12. Use vendors who provide digital security certificates: When IP phone vendors provide digital certificates to authenticate devices, users can ensure that the conversation is secure and is not being broadcast to other devices. The phones load digitally signed images to ensure that the software loaded is authentic. Verisign has been a pioneer in providing authentication certificates for wireless IP phones, in an effort to prevent “tapping” (illegal eavesdropping) and “spoofing” (illegal tampering) of conversations.
13. Secure your gateways: Configure gateways so that only those who are allowed access can make and receive VoIP calls. Lists with authenticated and approved users can ensure that others are prevented from using the lines to make free calls. Protect gateways and the LANs behind them with a combination of an SPI firewall, application layer gateways (ALG), network address translation (NAT) tools, and SIP support for VoIP soft clients.
14. Manage servers separately: VoIP call servers are often the targets for attackers because they are the heart of any VoIP network. Critical weaknesses inherent in the server include its operating system, and the services and applications it supports. To minimize the chance that hackers get at your VoIP servers, manage traffic to them separately from VoIP signaling and call traffic.
15. Sort SIP traffic: Looking through your SIP traffic and checking for abnormal packets and traffic patterns that are different from the usual will help in cutting short sessions that are not genuine. Anomalies in the syntax and semantics of SIP and events that are irregular and out-of-sequence indicate that attacks are taking or likely to take place.
16. Examine call setup requests at the application layer: VoIP calls are susceptible to hijacking by outsiders who gain access to the network. Set up appropriate security policies so that only those call setup requests that conform to them are accepted.
17. Isolate voice traffic: For external communications, rely on a Virtual Private Network (VPN). Separate your voice and data traffic to prevent unwanted ears from listening in on your conversation. According to Kevin Flynn, senior manager of unified communications for Cisco, the biggest problem for organizations is “bad stuff from the data network getting on to the voice network.” He recommends blocking PC port access to the voice VLAN.
18. Use proxy servers: Protect your network even beyond firewalls by using proxy servers to process data that comes in and goes out. Authentication and integrity are ensured when signaling messages travel between user agents and SIP proxies by integrating SSL tunnels with SIP proxies.
19. Run only applications that are necessary to provide and maintain VoIP services: The very fact that VoIP applications use data that is encrypted could lead to them being used to launch DoS attacks. Attackers can hide behind the cloak of encryption to avoid their activities from being monitored.
20. Configure applications against misuse: Prevent your network from being used to perpetrate toll fraud, phishing scams, and illegal calls by preparing a list of permitted caller destinations.
21. Add endpoint security layers: Use network admission techniques and IEEE 802.1X port-based network access controls to keep out devices that are not authorized on your LAN or WLAN. Network Access Control (NAC) applications are available from Cisco – Network Admission Control (NAC), Microsoft – Network Access Protection (NAP), and TCG – Trusted Network Connect (TNC).
22. Restrict access according to certain criteria: VoIP network administrators can set up strict admission criteria to prevent access to devices that are potentially unsafe – when they are found to be infected with viruses or worms, when they do not have the latest patches, or when they do not have the right firewalls. These devices can be redirected to a disparate network that makes them compliant and then lets them onto the main network.
23. Avoid remote management: If possible, it is better to stay away from remote management and audits; but when necessary, use Secure Shell (SSH) or IPsec (IP Security) for the purpose. Access your IP PBX from a system that’s physically secure.
24. Use IPsec tunneling rather than IPsec transport: Tunneling and transport are two different encryption modes that support secure exchange of packets at the IP layer. The use of IPsec transport encrypts only the data while hiding the source and destination IP addresses. This prevents administrators from finding out who initiated the call when they analyze traffic.
25. Secure your VoIP platform: VoIP platforms that support the clients are built on operating systems that should be “hardened” to protect the integrity of the networks that run on it and keep out cyber attacks. Disable services that are not absolutely necessary and use host-based methods to detect intrusion.
Securing a VoIP network is an uphill task, especially when you consider the lack of standards and procedures in place. How secure a network is depends on the right choice of both hardware and software. Without a doubt, VoIP communications can be made more secure and reliable than regular PSTN interactions if the appropriate security measures are in place. So get out there and make the changes to your own networks…
文章来源:http://www.voiplowdown.com/2006/12/voip_security_c.html
国际光缆一断,MSN Spaces的劣势也显现了 (2007-01-29 11:50:33)
这一段时间,国际光缆一断,MSN登陆也不正常了,MSN Spaces也访问极度困难,也就没法更新了,实在是需要考虑换一个地方才好,可是还是满喜欢这个Windows Live Writer的,不知道那个Blog Server还支持比较好的工具,访问速度也比较好的,找找再说吧.
security for cloud computing 