Shulou(Shulou.com)06/01 Report--

Throughout the field of information security, in the numerous and complicated security systems and various security technologies, there are always some things at the forefront of development. As security manufacturers, they do not seek to be all big, but have made great achievements in one of them. it has the core competitiveness of information security technology. Here is a list to reflect my personal point of view.

The first is the knowledge of confrontation. If you don't know how to attack, you don't know how to defend. The understanding of system vulnerabilities, malicious code and * means basically determines the level of security protection, which is the first holy grail of information security. * Security incidents are the driving force behind the development of information security technology. From the initial figurines of Morris worm, to the hustle and bustle of code red and shock wave worms, to the surging of APT such as Stuxnet virus and the exposure of the NSA arsenal behind the "Prism Gate" incident, people's understanding and attention to information security deepens with the development of threats. This is also an area that needs to be constantly updated. Buffer overflow, XSS and other vulnerability exploitation technologies rise and fall with the development of operating systems, browsers, application platforms and programming languages. today, loopholes and exploitation in high-value fields such as mobile Internet and industrial control have become the focus of research. Big data, cloud computing and other new technologies are also used in the sharing and mining of vulnerabilities and malicious code, and even form a processing platform for massive knowledge on the Internet, which can provide services for countless terminals, network devices and security devices in a timely manner. This field needs not only rapid emergency response, but also long-term accumulation, but also the ultimate pursuit of technology.

The second is about the basis of security-passwords. Cryptography is the only complete theory in information security, and it is the basis of many security mechanisms, such as encryption, authentication, authorization, tampering prevention and so on. It is widely used in mobile communication, IPSEC, digital anti-counterfeiting, digital rights management, electronic money and other fields. As far as vulnerabilities are concerned, the balance of * * tends to be on the side of *. Loopholes always appear, there are always unknown, and protection needs to make up for all loopholes, while * * only needs to find one loophole. However, as far as passwords are concerned, on the contrary, the balance is miraculously inclined to the protective side, and the computational cost of protection is much less than that of cracking, which is determined by the mathematical nature of cryptography. However, it is a pity that the theoretical unbreakability does not mean that the implementation is foolproof, and there are too many weaknesses in the implementation, use and management of ciphers. Weak keys, careless key management, incorrect implementation, loopholes in cryptographic software and so on may lead to a careless move and lose the whole game. Therefore, passwords are subject to knowledge of confrontation. What is more frightening is that because of believing in the rigour of theory and ignoring the loopholes in reality, the use of passwords may bring a false impression of security. This field is also a relatively closed field, with too much regulation and too much Security by obsecurity, and this kind of security which violates the principle of Kerckhoff is too unreassuring. With an open mind, building a widely used and proven security foundation should be the goal of the password.

The last part is the control and combination of information system and business. Firewalls don't matter to high-end network manufacturers such as Cisco, Microsoft can easily integrate antivirus software into their operating systems, and Vmware can become the core of cloud security and virtualization security solutions. Of course, there is a certain deviation in reality, IT giants do not cover the sky, security manufacturers still have their own living space, which has something to do with the first two core competencies. However, the control of the system can eventually build a more perfect "integrated" security solution, which is the reason why security vendors and system manufacturers always comply with each other frequently in the security industry. For those Internet giants with outstanding security needs, they can no longer meet the products of third-party security vendors, they do not hesitate to build their own security research team, combined with their own systems and business to carry out targeted research. For online banking, security is no longer security, security is real gold and silver, which should be the ultimate goal of security.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.