|
关于我们
 书单推荐 新书推荐 |
网络安全应急响应基础理论及关键技术 
定 价:69 元
9 7 4 8 3 7 7 1 3 2 1 1 1 读者对象:网络安全专业的从业者、学生、爱好者。 
本书主要针对网络安全专业的从业者、学生、爱好者,概述了网络安全应急响应方面国外的应对举措、以及我国应急响应体系及机构建设、法律法规解读,并对应急响应所涉及的基础理论和关键技术进行了重点研究及阐释,帮助从业人员全面了解国际国内应急响应国家的法律、法规、行业标准及规范、关键技术原理及应用,本书注重理论阐释和实践在操作相结合的原则,通过案例分析和工具使用,一是加强对理论的理解,同时也有助于提高读者的动手操作能力。
刘永刚,男,本科毕业,高级工程师。1984年10月份入伍,1986年9月至1989年7月于中国人名解放军重庆通信学院学习,毕业后被分配61938部队从事网络运行管理。1992年9月至1996年7月在合肥电子工程学院学习。毕业后至今,回原单位先后任工程师、训练室主任、分站副站部长、站长、高级工师等职。2007年被评为总参优秀专业技术人才,并享受部队特殊津贴,现为站专家委员会委员。
第1章 网络安全应急响应业务的发展简史 ············································.1
1.1 网络安全应急响应业务的由来 ·······························································.1 1.2 国际网络安全应急响应组织的发展 ·························································.2 1.2.1 FIRST 介绍 ···············································································.2 1.2.2 APCERT 介绍 ············································································.2 1.2.3 国家级 CERT 情况······································································.2 1.3 我国网络安全应急响应组织体系的发展简介 ·············································.3 第2章 网络安全应急响应概述 ···························································.5 2.1 网络安全应急响应相关概念 ··································································.5 2.2 网络安全与信息安全 ···········································································.5 2.3 产生网络安全问题的原因分析 ·······························································.6 2.3.1 技术方面的原因 ·········································································.6 2.3.2 管理方面的原因 ·········································································.8 第3章 网络安全应急响应法律法规 ·····················································.9 3.1 我国网络安全应急响应相关法律法规、政策 ·············································.9 3.2 《网络安全法》的指导意义 ·································································.10 3.2.1 建立网络安全监测预警和信息通报制度 ·········································.10 3.2.2 建立网络安全风险评估和应急工作机制 ·········································.11 3.2.3 制定网络安全事件应急预案并定期演练 ·········································.12 3.3 《信息安全技术 信息安全应急响应计划规范》(GB/T24363—2009) ··················.13 3.3.1 应急响应需求分析和应急响应策略的确定 ······································.14 3.3.2 编制应急响应计划文档 ······························································.14 3.3.3 应急响应计划的测试、培训、演练 ···············································.14 3.3.4 应急响应计划的管理和维护 ························································.14 3.4 信息安全事件分类分级 ·······································································.15 3.4.1 分类分级规范的重要意义 ···························································.15 3.4.2 信息安全事件分类原则 ······························································.16 3.4.3 信息安全事件分级原则 ······························································.16 第4章 网络安全应急响应的常用模型 ················································.18 4.1 网络杀伤链与反杀伤链模型 ·································································.18 4.2 钻石模型 ··························································································.19 4.3 自适应安全框架 ················································································.21 4.4 网络安全滑动标尺模型 ·······································································.22 第5章 应急响应处置流程 ·······························································.24 5.1 准备阶段 ··························································································.24 5.1.1 准备的目的 ··············································································.24 5.1.2 准备的实施 ··············································································.25 5.2 检测阶段 ··························································································.27 5.2.1 检测的目的 ··············································································.27 5.2.2 检测的实施 ··············································································.27 5.3 遏制阶段 ··························································································.28 5.3.1 遏制的目的 ··············································································.28 5.3.2 遏制的实施 ··············································································.29 5.4 根除阶段 ··························································································.30 5.4.1 根除的目的 ··············································································.30 5.4.2 根除的实施 ··············································································.30 5.5 恢复阶段 ··························································································.31 5.5.1 恢复的目的 ··············································································.31 5.5.2 恢复的实施 ··············································································.31 5.6 总结阶段 ··························································································.32 5.6.1 总结的目的 ··············································································.32 5.6.2 总结的实施 ··············································································.33 第6章 网络安全应急响应的实施体系 ················································.34 6.1 应急响应实施体系的研究背景与重要性 ··················································.34 6.1.1 应急响应实施体系的研究背景 ·····················································.34 6.1.2 应急响应实施体系的重要性 ························································.34 6.2 应急响应人员体系 ·············································································.35 6.2.1 应急响应小组的主要工作及目标 ··················································.35 6.2.2 人员组成 ·················································································.35 6.2.3 职能划分 ·················································································.36 6.3 应急响应技术体系 ·············································································.36 6.3.1 事前技术 ·················································································.37 6.3.2 事中技术 ·················································································.39 6.3.3 事后技术 ·················································································.40 6.4 应急响应实施原则 ·············································································.40 6.4.1 可行性原则 ··············································································.41 6.4.2 信息共享原则 ···········································································.41 6.4.3 动态性原则 ··············································································.42 6.4.4 可审核性原则 ···········································································.42 6.5 应急响应实施制度 ·············································································.42 6.5.1 实施制度总则 ···········································································.42 6.5.2 日常风险防范制度 ····································································.43 6.5.3 定期演训制度 ···········································································.43 6.5.4 定期会议交流制度 ····································································.43 第7章 重大活动网络安全保障 ·························································.45 7.1 重大活动网络安全保障的研究背景与其独特性 ·········································.45 7.1.1 研究背景 ·················································································.45 7.1.2 重保的独特性 ···········································································.45 7.2 重保体系建设的基础 ··········································································.46 7.2.1 明确重保对象 ···········································································.46 7.2.2 确立重保目标 ···········································································.47 7.2.3 梳理重保资产清单 ····································································.47 7.3 重保体系设计 ···················································································.49 7.3.1 管理体系 ·················································································.49 7.3.2 组织体系 ·················································································.50 7.3.3 技术体系 ·················································································.50 7.3.4 运维体系 ·················································································.50 7.4 重保核心工作 ···················································································.51 7.4.1 风险识别 ·················································································.51 7.4.2 风险评估 ·················································································.52 7.4.3 风险应对计划 ···········································································.52 7.4.4 风险的监控与调整 ····································································.53 7.5 重保实现过程 ···················································································.53 7.5.1 备战阶段 ·················································································.53 7.5.2 临战阶段 ·················································································.53 7.5.3 实战阶段 ·················································································.54 7.5.4 决战阶段 ·················································································.54 第8章 数据驱动的应急响应处理机制 ················································.55 8.1 概念分析 ··························································································.55 8.1.1 数据驱动的产业革命 ·································································.55 8.1.2 数据驱动的应急响应处理机制 ·····················································.56 8.2 需求分析 ··························································································.57 8.2.1 大数据场景中的应急响应处理的特殊要求 ······································.57 8.2.2 无人化战场中的应急响应处理机制的必要选择 ································.60 8.2.3 精细化管理中的应急响应处理机制的有效方法 ································.62 8.3 解决方案 ··························································································.63 8.3.1 数据驱动的事故预防机制 ···························································.63 8.3.2 数据驱动的事故处置机制 ···························································.65 8.3.3 数据驱动的事故寻因机制 ···························································.66 第9章 操作系统加固优化技术 ·························································.68 9.1 简介 ································································································.68 9.2 操作系统加固技术原理 ·······································································.68 9.2.1 身份鉴别 ·················································································.69 9.2.2 访问控制 ·················································································.69 9.2.3 安全审计 ·················································································.70 9.2.4 安全管理 ·················································································.70 9.2.5 资源控制 ·················································································.71 9.3 操作系统加固实际操作 ·······································································.71 9.3.1 系统口令加固 ···········································································.71 9.3.2 系统账户优化 ···········································································.76 9.3.3 系统服务优化 ···········································································.81 9.3.4 系统日志设置 ···········································································.84 9.3.5 远程登录设置 ···········································································.87 9.3.6 系统漏洞修补 ···········································································.90 9.4 经典案例分析与工具介绍 ····································································.92 9.4.1 “一密管天下” ········································································.92 9.4.2 臭名昭著的勒索病毒—WannaCry ·················································.93 9.4.3 主机安全加固软件 ····································································.93 第10章 网络欺骗技术 ·································································.105 10.1 综述 ····························································································.105 10.2 网络欺骗技术 ················································································.105 10.2.1 蜜罐 ···················································································.106 10.2.2 影子服务技术 ·······································································.113 10.2.3 虚拟网络拓扑技术 ·································································.113 10.2.4 蜜标技术 ·············································································.113 10.3 欺骗技术发展趋势 ··········································································.114 10.4 欺骗技术的工具介绍 ·······································································.114 10.5 欺骗技术运用原则与案例 ·································································.122 10.5.1 运用原则 ·············································································.122 10.5.2 运用案例 ·············································································.123 第11章 追踪与溯源 ····································································.126 11.1 追踪与溯源概述 ·············································································.126 11.1.1 追踪与溯源的含义及作用 ························································.126 11.1.2 追踪与溯源的分类 ·································································.126 11.2 追踪溯源技术 ················································································.127 11.2.1 网络流量追踪溯源技术 ···························································.127 11.2.2 恶意代码样本分析溯源技术 ·····················································.129 11.3 追踪溯源工具及系统 ·······································································.135 11.3.1 Traceroute 小程序 ··································································.135 11.3.2 科来网络回溯分析系统 ···························································.136 11.4 攻击溯源的常见思路 ·······································································.138 11.4.1 组织内部异常操作者 ······························································.138 11.4.2 组织内部攻击者 ····································································.138 11.4.3 组织外部攻击者 ····································································.139 11.5 溯源分析案例 ················································································.139 第12章 防火墙技术 ····································································.143 12.1 防火墙的定义及功能 ·······································································.143 12.1.1 防火墙的定义 ·······································································.143 12.1.2 防火墙的功能 ·······································································.143 12.2 防火墙的分类 ················································································.144 12.2.1 包过滤防火墙 ·······································································.144 12.2.2 状态检测防火墙 ····································································.145 12.2.3 应用代理防火墙 ····································································.146 12.3 防火墙的体系结构 ··········································································.146 12.3.1 双重宿主主机体系结构 ···························································.147 12.3.2 主机屏蔽型体系结构 ······························································.147 12.3.3 子网屏蔽型体系结构 ······························································.149 12.4 防火墙的发展 ················································································.149 12.4.1 防火墙的应用 ·······································································.149 12.4.2 防火墙的发展趋势 ·································································.155 第13章 恶意代码分析技术 ···························································.157 13.1 恶意代码概述 ················································································.157 13.1.1 恶意代码的概念 ····································································.157 13.1.2 恶意代码的分类 ····································································.157 13.1.3 恶意代码的传播途径 ······························································.158 13.1.4 恶意代码存在的原因分析 ························································.159 13.1.5 恶意代码的攻击机制 ······························································.159 13.1.6 恶意代码的危害 ····································································.160 13.2 恶意代码分析技术 ··········································································.160 13.2.1 恶意代码分析技术概述 ···························································.160 13.2.2 静态分析技术 ·······································································.161 13.2.3 动态分析技术 ·······································································.171 13.3 面对恶意代码攻击的应急响应 ···························································.180 13.3.1 应急响应原则 ·······································································.180 13.3.2 应急响应流程 ·······································································.181 13.4 实际案例分析 ················································································.182 13.4.1 查看恶意代码基本信息 ···························································.183 13.4.2 查看恶意代码的主要行为 ························································.183 13.4.3 工具分析恶意代码 ·································································.185 13.4.4 应急响应措施 ·······································································.186 第14章 安全取证技术 ·································································.187 14.1 安全取证技术基本介绍 ····································································.187 14.1.1 目标 ···················································································.187 14.1.2 特性 ···················································································.187 14.1.3 原则 ···················································································.188 14.1.4 现状 ···················································································.188 14.1.5 发展趋势 ·············································································.188 14.1.6 注意事项 ·············································································.188 14.2 安全取证基本步骤 ··········································································.189 14.2.1 保护现场 ·············································································.189 14.2.2 获取证据 ·············································································.189 14.2.3 保全证据 ·············································································.189 14.2.4 鉴定证据 ·············································································.190 14.2.5 分析证据 ·············································································.190 14.2.6 进行追踪 ·············································································.190 14.2.7 出示证据 ·············································································.190 14.3 安全取证技术介绍 ··········································································.190 14.3.1 安全扫描 ·············································································.190 14.3.2 流量采集与分析 ····································································.193 14.3.3 日志采集与分析 ····································································.194 14.3.4 源码分析 ·············································································.201 14.3.5 数据收集与挖掘 ····································································.201 14.4 安全取证工具介绍 ··········································································.202 14.4.1 工具概况 ·············································································.202 14.4.2 工具介绍 ·············································································.203 14.4.3 厂商研制工具 ·······································································.217 14.5 安全取证案例剖析 ··········································································.217 14.5.1 勒索病毒爆发 ·······································································.217 14.5.2 网络攻击 ·············································································.219 第15章 计算机病毒事件应急响应 ··················································.222 15.1 计算机病毒事件处置 ·······································································.222 15.1.1 计算机病毒分类 ····································································.222 15.1.2 计算机病毒检测与清除 ···························································.224 15.1.3 计算机病毒事件应急响应 ························································.226 15.2 计算机病毒事件处置工具示例 ···························································.228 15.2.1 常用系统工具 ·······································································.228 15.2.2 计算机病毒分析工具 ······························································.229 15.2.3 计算机病毒查杀工具 ······························································.235 15.2.4 系统恢复及加固工具 ······························································.237 15.3 计算机病毒事件应急响应处置思路及案例 ···········································.240 15.3.1 计算机病毒事件应急响应思路 ··················································.240 15.3.2 勒索病毒处置案例 ·································································.240 15.3.3 某未知文件夹病毒处置案例 ·····················································.242 第16章 分布式拒绝服务攻击事件应急响应 ······································.243 16.1 DDOS攻击介绍 ··············································································.243 16.1.1 DoS 攻击 ·············································································.243 16.1.2 DDoS 攻击 ···········································································.243 16.1.3 DDoS 攻击分类 ·····································································.244 16.1.4 DDoS 攻击步骤 ·····································································.248 16.2 DDOS攻击应急响应策略 ··································································.249 16.2.1 预防和防范(攻击前) ···························································.249 16.2.2 检测和过滤(攻击时) ···························································.250 16.2.3 追踪和溯源(攻击后) ···························································.252 16.3 DDOS攻击事件处置相关案例 ····························································.252 16.3.1 GitHub 攻击(2018 年) ·························································.252 16.3.2 Dyn 攻击(2016 年) ·····························································.254 16.3.3 Spamhaus 攻击(2013 年) ······················································.255 16.4 DDOS常见检测防御工具 ··································································.257 16.4.1 DDoS 攻击测试工具 ·······························································.257 16.4.2 DDoS 监测防御工具 ·······························································.260 第17章 信息泄露事件处置策略 ·····················································.266 17.1 信息泄露事件基本概念和理论 ···························································.266 17.2 信息防泄露技术介绍 ·······································································.267 17.2.1 信息存储防泄露技术介绍 ························································.267 17.2.2 信息传输防泄露技术介绍 ························································.267 17.2.3 信息使用防泄露技术介绍 ························································.268 17.2.4 信息防泄露技术趋势分析 ························································.268 17.3 信息防泄露策略分析 ·······································································.269 17.3.1 立法 ···················································································.270 17.3.2 管控 ···················································································.270 17.3.3 技术 ···················································································.271 第18章 高级持续性威胁 ······························································.273 18.1 APT攻击活动 ················································································.273 18.1.1 活跃的 APT 组织 ···································································.273 18.1.2 典型的 APT 攻击案例 ·····························································.275 18.2 APT概述 ······················································································.276 18.2.1 APT 含义与特征 ····································································.276 18.2.2 APT 攻击流程 ·······································································.277 18.2.3 APT 技术手段 ·······································································.278 18.3 APT攻击的检测与响应 ····································································.280 18.4 APT行业产品和技术方案 ·································································.281 18.4.1 绿盟威胁分析系统 ·································································.282 18.4.2 天融信高级威胁检测系统 ························································.285 参考文献 ····················································································.287
你还可能感兴趣
我要评论
|
