Common network slowness (ddos), machine slowness, unreasonable restart and logout, suspicious processes and files, unconventional actions (mouse movement, black box flashing, inexplicable startup program, etc.). ) appear.
The possibility of broiler chickens in the internal network is generally smaller than that in the external network, but depending on the specific black type, the probability of winning in Malaysia is roughly the same.
With Jinshan Broiler Detector, you can easily and accurately judge whether your computer is a "broiler" or not, and you can effectively kill it.
What is cloud computing like in the eyes of hackers?
Cloud computing is different from the traditional network structure. Where do hackers attack, where do service providers defend, and where is the security battlefield of cloud computing services? From the model analysis of cloud computing, it is not difficult to see the "five battlefields" of future security:
1. User access portal: Cloud computing services are provided through the network. Users use fixed or mobile smart terminals to log in to cloud services. Access to the portal is the website of cloud computing service and the only way for external visitors. This is the "gate" of cloud computing, where users come in and attackers come in. The most vulnerable attacks here are as follows:
Password attack: guess the user's password, impersonate the user to log in, and gain user resources. Cloud computing generally does not enable remote platform management, but for PaaS/IaaS, it is very common for users to remotely manage their own platforms, and the temptation to attack administrator passwords is even greater.
Forged "certificate": Multi-factor authentication includes digital certificate or fingerprint, iris, etc. In order to impersonate users, these "certificates" must be "forged". After collecting the user's relevant information on the terminal, it is relatively easy to copy, such as bank cards and ID cards.
Phishing website: This is a traditional attack method, and the target is the user's private information. The login interface of cloud computing is very similar to a website, and it is easy to be attacked by "phishing";
Information eavesdropping: eavesdropping on the user's communication, such as copying the user's mail after deciphering the user's mailbox and monitoring the user's business dealings;
DDOS attack: This is an attack against cloud service providers, which is divided into portal bandwidth attack and service capability attack. The purpose is to interrupt cloud computing services and threaten service providers to compromise and pay protection fees.
2. Business application software (SaaS, PaaS services): The business software provided by both service providers and users contains a lot of loopholes, which makes it difficult to use. Intruders can not only obtain user information by attacking application software, but also serve as a springboard to occupy the "host" in the next step. There are many kinds of attacks, mainly the following:
Viruses and worms: More and more viruses and worms spread through the loopholes in application software, and it is even more abominable to carry Trojan horses, because Trojan horses can go home and infiltrate into purposeful destruction organizations;
Hanging horses: cloud computing services are mostly based on BS architecture, and hanging horses through the Web is the main way of trojan horse transmission at present. Prominent are social services and warehousing services. Users upload a lot of complex information, which is easy to carry malicious code. Hanging on the website has no effect on the service of the service provider itself, but it is a matter of face, and the users are hurt;
Application software attack: invading Web applications, such as SQL injection, XSS, etc. , obtain user database permissions and steal user data; This is the most commonly used way to invade the Internet at present.
Host attack: The next step is to obtain the host, which can be directly attacked through the vulnerability of the operating system, which is more difficult (most servers are secure). It is relatively easy to use application software as a springboard. First, get the permission of the application, and then "lift the right" by means of buffer overflow, occupy the service host or virtual machine, install the back door or control program, and turn the host into a "broiler" controlled by the attacker.
3. Virtual machine (IaaS service): Virtual machine is the basic "container" of cloud computing service and the rental unit of IaaS service. Its own flexible service ability and low cost can be used through simple business contact. For hackers, this is a great "resource" in itself. In addition to using it, you can also break through it and invade the background management of service providers:
Virtual machine "overflow": Cloud computing service providers provide secure services for multiple users, because they can isolate users and avoid information sharing and access between users. Just like different customers in a hotel are arranged in different rooms, customers are prevented from "going to the wrong room" through key cards and monitoring. Attackers want to break through this limit, which is "overflow". After the overflow, they can not only access the data and systems of "neighbors", but also access the background management system to control the accounts of the whole "hotel".
This breakthrough technology depends on the security of cloud computing service platform used by service providers. At present, there are not many commercial platforms, and hackers have announced that they can "overflow".
Abuse of resources: For attackers, mastering the number of "broilers" is like how many troops they control, and cloud computing services can provide such cheap and legal "soldiers" without making great efforts to attack and hunt them one by one; The main ways of being "used" are as follows:
N Deciphering passwords: Deciphering passwords is the most expensive computing power in the process of invasion. Unless there is a national attack, computing power is a valuable asset for intruders. It's a good idea to rent cheap cloud computing and use it directly to crack passwords. For cloud computing service providers, it is difficult to distinguish whether users are "scientific computing" or decrypting high-precision passwords of the Ministry of National Defense. In addition, due to the privacy of users' "business", service providers cannot conduct in-depth monitoring.
Just like whether the user's transaction is rice or white powder, banks always provide the same "high quality" financial services.
N "Broiler": Virtual machine is "Broiler" and can be rented directly. When carrying out DDOS attacks, a large number of "broilers" were concentrated. The traffic and status of each "broiler" is not as abnormal as we thought, and it is difficult for cloud computing service providers to judge (if they can't judge, they can't stop it). Moreover, cloud computing services are cross-border, and attackers can develop their own "broiler" management software to make "broilers" dispersed or even.
N "springboard": Botnets are difficult to crack, because controllers often launch attacks through multi-layer "springboard", and defenders can't stop a large number of broilers, nor can they stop attackers from organizing the next "charge". Most cloud computing services are obtained through network authentication, and many of them are cross-regional and cross-border. The virtual machine directly serves as a "springboard", and the link between the attacker and the virtual machine is secretly encrypted. Even if the service provider finds that the attacker's command is issued by his own virtual machine, it is difficult to locate the controller in the background. It will be more difficult to find the real attack controller if you jump between several cloud computing service providers through virtual machines.
4. Cloud computing management platform: Cloud computing management platform is the core of cloud computing services (including business operation management and resource virtualization management), and the "failure" here is often fatal to services. What is protected here is not only the intruders from the outside, but also the "misoperation" of the insiders:
Hacking: If you invade here, you will become the "master" of the whole cloud computing service. You can not only master all the user data and billing information of the service provider, but also freely monitor the business dynamics of any user. Of course, it is a piece of cake to set up a dedicated virtual machine for yourself at will.
Because the security of cloud computing is very important, professional companies are generally selected for management, remote management channels are closed, and multi-dimensional security reinforcement is adopted. At present, hackers choose to "overflow" through vulnerabilities in virtual machines or platforms themselves;
Insider: Strict protection will inevitably lead to the attack turning to "internal implementation". Therefore, safety managers should be alert to the "mistakes", which are indeed the operational mistakes of staff; A considerable part of them may be "intentional", perhaps the attacker pretends to be an insider, or the insider may be bought by the attacker. In short, most cases of users' sensitive information leakage show that insiders have a high probability of "inside job stealing". Of course, there are also many cases of business interruption due to internal management problems. For example, the interruption of Amazon Web service in April 201/kloc-0 was caused by system upgrade.
5. Data center: Cloud computing services are virtual to users, but the final "work" still needs to be realized on physical machines and equipment. The data center supporting cloud computing services is real and clear, so physical security is equally important for cloud computing service providers:
Equipment failure: Equipment failure and natural disasters in the computer room have a great impact on user service. Even if user data is disaster-tolerant in different places, the processing ability of real-time services such as video conferencing and telemedicine will inevitably affect the quality of these services.
Data leakage: Stealing physical media, or artificially copying, seems primitive and simple, but it is a very practical acquisition method.
This is the "five battlefields" among cloud computing service providers, and competition is inevitable. In terms of user terminals, it is also a safe place, and it is also the place with the weakest security and the most complicated situation. The spread of viruses, Trojans and worms directly flows into the server of cloud computing with "user business". Terminals that cannot be "purified" are also a common reason for service providers to guarantee their services.
In short, in cloud computing, the boundaries of the network are gone, the positions of users and attackers are blurred, and the security theory of boundary isolation is not applicable. In the new business environment, user traffic has become the basic unit of business management and security protection, and the "isolation" and control of user traffic is the most basic unit of security protection. Information security has changed from network "packet" control to a new mode of user traffic control.
Vulnerability is a concern of hackers and security managers. This is the focus of security attack and defense, and it is also a strategic place for both sides to compete.
What is CC attack and its difference from DDOS?
Deputy Director, Deputies Director of Ordnance Services, Arms Services Department.
Full name: Distributed Denial of Service (DDOS). This attack method takes advantage of the defect of the target system's network service function or directly consumes its system resources, which makes the target system unable to provide normal services.
Denial of service attack has not been reasonably solved, and it is still a worldwide problem. The reason is the security defect of the network protocol itself.
DDoS attack is aimed at the server of the website, and CC attack is aimed at the pages of the website.
make a copy for
Full name: ChallengeCollapsar, which means to challenge a black hole in Chinese, because the previous security device against DDoS attacks was called a black hole. As the name implies, challenging a black hole means that the black hole cannot withstand such an attack. A new generation of anti-DDoS devices has been renamed as ADS(Anti-DDoSSystem), which can basically resist CC attacks perfectly.
The principle of CC attack is to simulate multiple users accessing the dynamic pages of the target website through proxy servers or a large number of broilers, creating a large number of background database query actions, consuming the target CPU resources and causing denial of service.
Different from DDOS, CC can be filtered by hardware firewall, and CC attack itself is a normal request. It is suggested that small and medium-sized websites use static pages to reduce the interaction with the database and consume less CPU.
As can be seen from the above analysis, the difference between ddos attack and cc attack is mainly aimed at different objects. DDoS is mainly aimed at IP attacks, while CC attacks are mainly aimed at web pages. CC attack is relatively speaking, the harm of the attack is not devastating, but it lasts for a long time; Ddos attack is a traffic attack, which is more harmful. It is more difficult to defend by sending a large number of packets to the target server and exhausting its bandwidth.
After understanding the difference and principle between ddos attack and cc attack, the rest is defense. It is difficult to prevent websites from being attacked, but we can usually take some protective measures to prevent website attacks or reduce the harm caused by website attacks. If the website is small, the self-defense ability is weak, and the capital investment is not much, then ddos.cc is the best choice.
How to judge that your machine has become a "broiler"?
Common network slowness (ddos), machine slowness, unreasonable restart and logout, suspicious processes and files, unconventional actions (mouse movement, black box flashing, inexplicable startup program, etc.). ) appear.
The possibility of broiler chickens in the internal network is generally smaller than that in the external network, but depending on the specific black type, the probability of winning in Malaysia is roughly the same.
With Jinshan Broiler Detector, you can easily and accurately judge whether your computer is a "broiler" or not, and you can effectively kill it.