[read]大型互联网企业安全架构

=Start=

缘由:

整理记录一下最近在看的《大型互联网企业安全架构》一书,方便后续参考学习。

正文:

参考解答:

整体来说,全书的前8章内容不错(篇幅占了全书的77%左右),尤其是涉及到”主机安全”相关的内容(可能和作者近20年的信息安全从业经验有关,就我遇到过的来说,最早一批的安全大佬底层基础知识都很扎实),其次就是”参考资料”这一部分(应该和作者的安全视野,以及很强的开发能力和经验有关)。

下面整理一下该书的目录结构,跟着作者的思路捋一下大型互联网企业的安全架构和建设路径:

第一部分 安全理论体系

security philosophy
security architecture theory
security construction guideline

不同的公司对安全理念有不同的理解。阿里云的1+3安全运营管控理念,即通过“安全融入设计、自动化监控与响应、红蓝对抗与持续改进”这3个安全手段,实现保障用户数据安全这个核心目标。

“以安全文化建设为中心,将安全融于体系,建立自动化监控与响应系统,持续进行攻防对抗与安全创新”的新安全建设理念。

第1章 安全理念

1.1 安全组织与标准
1.2 企业安全风险综述
1.2.1 业务与运维安全
1.2.2 企业内部安全
1.2.3 法律法规与隐私保护
1.2.4 供应链安全
1.3 业界理念最佳实践

第2章 国际著名安全架构理论

2.1 P2DR模型
2.2 IPDRR模型
2.3 IATF
2.4 CGS框架
2.5 自适应安全架构
2.6 IACD
2.7 网络韧性架构
2.8 总结

第3章 大型安全体系建设指南

3.1 快速治理阶段
3.1.1 选择合适的安全负责人
3.1.2 识别主要的安全风险
3.1.3 实施快速消减策略
3.2 系统化建设阶段
3.2.1 依据ISMS建立安全管理体系
3.2.2 基于BSIMM构建安全工程的能力
3.2.3 参考Google云平台设计安全技术体系
3.3 全面完善与业界协同阶段
3.3.1 强化安全文化建设
3.3.2 完善安全韧性架构
3.3.3 建立协同安全生态

第二部分 基础安全运营平台

Threat Intelligence
Vulnerability Detection
Intrusion Detection
Active Defense
Anti Backdoor
Security Baseline (CIS Benchmark)
Security Platform All in One

第4章 威胁情报

4.1 公共情报库
4.2 漏洞预警
4.3 信息泄露

第5章 漏洞检测

5.1 网络漏洞
5.2 主机漏洞
5.3 网站漏洞

第6章 入侵感知

6.1 网络流量分析(NTA)
6.2 主机入侵检测(HIDS)
6.3 欺骗(Deception)技术

第7章 主动防御

7.1 主机入侵防御(HIPS)
7.2 Web应用防火墙(WAF)
7.3 运行时应用自保护(RASP)
7.4 数据库防火墙(DBF)

第8章 后门查杀(AV)

8.1 Rootkit
8.2 主机后门
8.3 Webshell

第9章 安全基线
第10章 安全大脑

10.1 安全态势感知(Security Situation Awareness, SSA)
10.2 安全信息和事件管理(Security Information Event Management, SIEM)
10.3 安全编排与自动化响应(Security Orchestration Automation and Response, SOAR)

第三部分 综合安全技术

SDL/DevSecOps
IT Security
Business Security
Cloud Security
Frontier Security Technology(AI & Cryptography)

第11章 安全开发生命周期

11.1 计划阶段
11.2 编码阶段
11.3 测试阶段
11.3.1 自动化安全测试
11.3.2 人工安全测试
11.4 部署阶段

第12章 企业办公安全

12.1 人员管理
12.2 终端设备
12.3 办公服务
12.4 实体场地

第13章 互联网业务安全

13.1 业务风控
13.2 数据安全与隐私

第14章 全栈云安全

14.1 可信计算
14.2 内核热补丁(KLP)
14.3 虚拟化安全(VMS)
14.4 容器安全(CS)
14.5 安全沙盒(Sandbox)

第15章 前沿安全技术

15.1 AI与安全
15.1.1 AI技术在安全领域中的应用
15.1.2 AI技术自身的安全性
15.2 其他技术


书中的参考资料(链接):

[1] https://www.iso.org/isoiec-27001-information-security.html
[2] http://www.djbh.net/webdev/web/PolicyStandardsAction.do?p=getListZcbzJcbz
[3] https://cloudsecurityalliance.org/star/certification/
[4] https://www.pcisecuritystandards.org/document_library?category=pcidss&document=pci_dss
[5] https://www.eugdpr.org/
[6] http://www.visualcapitalist.com/worlds-biggest-data-breaches/
[7] https://www.nds.rub.de/media/ei/veroeffentlichungen/2017/01/30/printer-security.pdf
[8] http://mtc.baidu.com/site/app
[9] http://dev.360.cn/html/vulscan/scanning.html
[10] https://service.security.tencent.com/kingkong
[11] https://www.owasp.org/index.php/OWASP_Mobile_Security_Testing_Guide
[12] https://github.com/MobSF/Mobile-Security-Framework-MobSF
[13] https://wiki.sei.cmu.edu/confluence/display/android/Android+Secure+Coding+Standard
[14] https://developer.apple.com/library/archive/documentation/Security/Conceptual/SecureCodingGuide/Introduction.html
[15] https://www.bsimm.com/
[16] https://www.opensamm.org/
[17] http://www.sse-cmm.org/
[18] https://ai.google/research/pubs?area=SecurityPrivacyandAbusePrevention
[19] https://www.google.com/about/appsecurity/tools/
[20] https://ai.google/research/pubs/pub43231
[21] https://cloud.google.com/blog/products/gcp/titan-in-depth-security-in-plaintext
[22] https://github.com/opencomputeproject/Project_Olympus/tree/master/Project_Cerberus
[23] https://cloud.google.com/armor/
[24] https://landing.google.com/sre/sre-book/chapters/production-environment/
[25] https://cloud.google.com/security/encryption-in-transit/application-layer-transport-security/
[26] https://cloud.google.com/security/encryption-in-transit/
[27] https://molo.ch/
[28] https://redborder.com/
[29] https://github.com/thinkst/
[30] https://cloud.google.com/shielded-vm/
[31] https://cloud.google.com/container-optimized-os/
[32] https://github.com/google/gvisor
[33] https://osquery.io/
[34] https://cloud.google.com/security-scanner/
[35] https://cloud.google.com/apigee-sense/
[36] https://rasp.baidu.com/
[37] https://cloud.google.com/vision/
[38] https://cloud.google.com/video-intelligence/
[39] https://cloud.google.com/iam/
[40] https://cloud.google.com/iap/
[41] https://cloud.google.com/resource-manager/
[42] https://cloud.google.com/security-key/
[43] https://www.gluu.org/
[44] https://cloud.google.com/kms/
[45] https://cloud.google.com/hsm/
[46] https://cloud.google.com/dlp/
[47] http://ranger.apache.org/
[48] http://eagle.apache.org/
[49] https://www.vaultproject.io/
[50] https://cloud.google.com/logging/
[51] https://cloud.google.com/security-command-center/
[52] https://forsetisecurity.org/
[53] https://cloud.google.com/beyondcorp/
[54] https://github.com/mozilla/MozDef
[55] https://abc.xyz/investor/other/google-code-of-conduct.html
[56] https://osintframework.com/
[57] https://www.virustotal.com/
[58] https://developers.facebook.com/programs/threatexchange/
[59] http://nelab-bdst.org.cn/index.php?g=portal&m=list&a=index&id=35
[60] https://x.threatbook.cn/
[61] https://oases.io/
[62] https://osintframework.com/
[63] https://mitre.github.io/attack-navigator/enterprise/
[64] https://github.com/michenriksen/gitrob
[65] https://github.com/MiSecurity/x-patrol
[66] https://github.com/s-rah/onionscan/
[67] https://github.com/CIRCL/AIL-framework
[68] https://github.com/archerysec/archerysec
[69] http://www.openvas.org/
[70] https://github.com/greenbone/
[71] https://github.com/greenbone/openvas-scanner
[72] https://www.greenbone.net/en/install_use_gce/
[73] https://secinfo.greenbone.net/omp?cmd=get_info&info_type=nvt&token=guest
[74] http://dl.greenbone.net/community-nvt-feed-current.tar.bz2
[75] https://www.open-scap.org/
[76] https://github.com/OpenSCAP/scap-workbench
[77] https://github.com/OpenSCAP/openscap-daemon
[78] https://github.com/sjvermeu/cvechecker
[79] https://github.com/clearlinux/cve-check-tool
[80] https://github.com/jeremylong/DependencyCheck
[81] https://github.com/retirejs/retire.js/
[82] https://github.com/coreos/clair
[83] https://github.com/Arachni/arachni
[84] https://htcap.org/
[85] https://github.com/fcavallarin/htcap/archive/1.1.0.tar.gz
[86] https://github.com/yahoo/gryffin
[87] https://github.com/ring04h/papers/
[88] https://github.com/snort3/snort3
[89] https://github.com/OISF/suricata
[90] https://github.com/bro
[91] http://www.haka-security.org/
[92] https://github.com/haka-security/haka
[93] http://spot.incubator.apache.org/
[94] https://stream4flow.ics.muni.cz/
[95] https://github.com/CSIRT-MU/Stream4Flow/
[96] https://github.com/dreadl0ck/netcap/blob/master/mied18.pdf
[97] https://github.com/dreadl0ck/netcap
[98] https://github.com/dreadl0ck/netcap-tf-dnn
[99] https://github.com/facebookincubator/katran
[100] https://github.com/iqiyi/dpvs
[101] http://www.ossec.net/
[102] https://github.com/ossec/ossec-hids
[103] https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon
[104] https://github.com/SwiftOnSecurity/sysmon-config
[105] https://osquery.io/
[106] https://github.com/facebook/osquery
[107] https://github.com/palantir/osquery-configuration
[108] https://github.com/palantir/osquery-configuration/blob/master/Classic/Servers/Linux/osquery.conf
[109] https://github.com/kolide/fleet
[110] https://github.com/airbnb/streamalert
[111] https://www.elastic.co/cn/solutions/security-analytics
[112] https://github.com/elastic/beats
[113] https://sysdig.com/
[114] https://github.com/draios/sysdig
[115] https://capsule8.com/
[116] https://github.com/capsule8/capsule8
[117] https://github.com/droberson/exec-logger
[118] https://github.com/a2o/snoopy
[119] https://github.com/leahneukirchen/extrace
[120] https://lwn.net/Articles/157150/
[121] https://github.com/cloudfoundry/gosigar/blob/master/psnotify/psnotify_linux.go
[122] https://github.com/dbrandt/proc_events
[123] https://github.com/facebook/osquery/tree/experimental/osquery/events/linux
[124] https://github.com/elastic/beats/tree/master/auditbeat
[125] https://github.com/elastic/go-libaudit
[126] https://github.com/slackhq/go-audit
[127] https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/security_guide/sec-defining_audit_rules_and_controls#sec-Defining_Audit_Rules_with_the_auditctl_utility
[128] https://www.kernel.org/doc/Documentation/trace/tracepoints.txt
[129] https://github.com/draios/sysdig/tree/dev/driver
[130] https://github.com/draios/sysdig/blob/dev/driver/main.c
[131] https://lwn.net/Articles/740157/
[132] https://github.com/draios/sysdig/blob/dev/driver/bpf/
[133] https://github.com/draios/sysdig/blob/dev/driver/bpf/probe.c
[134] https://github.com/draios/sysdig/blob/dev/driver/bpf/maps.h
[135] https://github.com/torvalds/linux/blob/master/include/linux/bpf_types.h
[136] https://github.com/iovisor/bpftrace
[137] https://github.com/capsule8/capsule8/blob/master/pkg/sys/perf/monitor.go
[138] https://www.kernel.org/doc/Documentation/trace/kprobetrace.txt
[139] https://github.com/capsule8/capsule8/blob/master/pkg/sys/perf/source_linux.go
[140] https://github.com/capsule8/capsule8/blob/master/pkg/sensor/process.go
[141] https://docs.aws.amazon.com/inspector/latest/userguide/inspector_agents.html
[142] https://s3.amazonaws.com/aws-agent.us-east-1/linux/support/AwsAgentKernelModule.tar.gz
[143] https://github.com/ysrc/yulong-hids
[144] https://github.com/DianrongSecurity/AgentSmith-HIDS
[145] https://github.com/ysrc/yulong-hids/blob/master/syscall_hook/syscall_hook.c
[146] https://github.com/ysrc/yulong-hids/blob/master/syscall_hook/syscall_stub_hook.S
[147] http://www.kdvelectronics.eu/ssh-logging/ssh-logging.html
[148] https://www.zhoufengjie.cn/?p=174
[149] https://sourceforge.net/projects/ttyrpld/
[150] https://github.com/cloudposse/sudosh
[151] https://github.com/squash/sudosh2
[152] https://github.com/honeytrap/honeytrap
[153] https://github.com/thinkst/opencanary/
[154] https://github.com/0x4D31/honeybits
[155] http://canarytokens.org/generate
[156] https://github.com/thinkst/canarytokens
[157] https://github.com/libvmi/libvmi
[158] https://github.com/fireeye/rvmi
[159] https://github.com/honeytrap/honeytrap-agent
[160] https://github.com/honeytrap/honeytrap/blob/master/services/ssh/ssh-proxy.go
[161] https://github.com/GoSecure/pyrdp
[162] http://canarytokens.org/generate
[163] https://github.com/thinkst/canarytokens/blob/master/msword.py
[164] https://github.com/tokesr/honeytoken
[165] https://github.com/troydo42/CIA-Hacking-Tools/tree/master/Scribbles/
[166] https://github.com/thinkst/canarytokens/blob/master/ziplib.py
[167] https://github.com/thinkst/canarytokens/blob/master/sign_file.py
[168] http://grsecurity.net/
[169] http://grsecurity.net/features.php
[170] https://www.kernel.org/doc/html/latest/security/self-protection.html
[171] https://wiki.ubuntu.com/Security/Features
[172] https://patchwork.kernel.org/patch/9965207/
[173] https://www.openwall.com/lkrg/
[174] https://bitbucket.org/Adam_pi3/lkrg-main/
[175] https://www.kernel.org/doc/Documentation/kprobes.txt
[176] https://openwall.info/wiki/p_lkrg/Main
[177] https://github.com/Safe3/clean-cow
[178] https://github.com/cormander/tpe-lkm
[179] https://github.com/kkamagui/shadow-box-for-x86
[180] https://github.com/SpiderLabs/ModSecurity
[181] https://github.com/SpiderLabs/ModSecurity-nginx
[182] https://github.com/SpiderLabs/owasp-modsecurity-crs
[183] https://github.com/Flameeyes/modsec-flameeyes
[184] https://github.com/client9/libinjection
[185] https://github.com/wallarm/libdetection
[186] https://wallarm.com/
[187] https://github.com/wallarm/wallnet
[188] https://github.com/facebookincubator/katran
[189] https://www.iovisor.org/technology/xdp
[190] https://netdevconf.org/2.1/session.html?zhou
[191] https://github.com/tempesta-tech/tempesta
[192] https://github.com/tempesta-tech/tempesta/wiki/HTTP-cache-performance
[193] http://natsys-lab.blogspot.ru/2014/11/the-fast-finite-state-machine-for[194] http.html
[195] http://natsys-lab.blogspot.ru/2016/10/[196] http-strings-processing-using-csse42.html
[197] https://github.com/tempesta-tech/tempesta/wiki/DDoS-mitigation
[198] https://pan.baidu.com/s/13mowO
[199] https://github.com/kyprizel/testcookie-nginx-module
[200] http://ipset.netfilter.org/
[201] http://getrepsheet.com/
[202] https://github.com/repsheet/repsheet-nginx
[203] http://www.slideshare.net/abedra/knock-knock-24105973
[204] https://github.com/SpiderLabs/ModSecurity-nginx
[205] https://github.com/SpiderLabs/ModSecurity-apache
[206] https://github.com/SpiderLabs/ModSecurity
[207] https://github.com/SpiderLabs/ModSecurity-nginx/blob/master/src/ngx_[208] http_modsecurity_pre_access.c
[209] https://securitytrails.com/
[210] https://0x09al.github.io/waf/bypass/ssl/2018/07/02/web-application-firewall-bypass.html
[211] https://github.com/LandGrey/abuse-ssl-bypass-waf
[212] https://github.com/nccgroup/BurpSuiteHTTPSmuggler
[213] https://www.ietf.org/rfc/rfc2047.txt
[214] https://github.com/php/php-src/blob/master/main/rfc1867.c
[215] https://soroush.secproject.com/downloadable/A_Forgotten_HTTP_Invisibility_Cloak_v1.1.pdf
[216] https://github.com/sqlmapproject/sqlmap/tree/master/tamper
[217] https://websec.ca/kb/sql_injection
[218] https://pcre.org/pcre.txt
[219] https://github.com/client9/libinjection/issues/56
[220] https://waf.ninja/libinjection-fuzz-to-bypass/
[221] https://waf.ninja/libinjection-different-databases-fuzzing/
[222] https://waf.ninja/review-wafninja/
[223] https://dev.mysql.com/doc/refman/5.5/en/expressions.html
[224] https://www.prevoty.com/
[225] https://github.com/UpstandingHackers/hammer
[226] http://langsec.org/
[227] https://github.com/Geal/nom
[228] https://rasp.baidu.com/
[229] https://github.com/baidu/openrasp
[230] https://docs.oracle.com/javase/8/docs/platform/jvmti/jvmti.html
[231] https://docs.oracle.com/javase/7/docs/api/java/lang/instrument/Instrumentation.html
[232] https://docs.oracle.com/javase/specs/jvms/se7/html/jvms-4.html
[233] https://asm.ow2.io/javadoc/org/objectweb/asm/MethodVisitor.html
[234] https://blogs.oracle.com/poonam/jvm-hang-with-cms-collector
[235] http://hg.openjdk.java.net/jdk8u/jdk8u/hotspot/rev/b955bd18e8fe
[236] http://hg.openjdk.java.net/jdk8u/jdk8u/hotspot/rev/2c4cecfa5ce5
[237] http://hg.openjdk.java.net/jdk9/jdk9/hotspot/rev/031d1463ed4c
[238] http://www.phpinternalsbook.com/
[239] https://github.com/nim4/DBShield
[240] https://github.com/cossacklabs/acra
[241] https://github.com/uptimejp/sql_firewall
[242] https://github.com/mcafee/mysql-audit
[243] https://github.com/alibaba/druid/wiki/%E9%85%8D%E7%BD%AE-wallfilter
[244] https://github.com/Qihoo360/mysql-sniffer
[245] http://nbviewer.jupyter.org/github/ClickSecurity/data_hacking/blob/master/sql_injection/sql_injection.ipynb
[246] https://github.com/cloudsec/brootkit/
[247] https://github.com/ewust/ulrk
[248] https://github.com/Safe3/godpock/blob/master/Rootkit/mafix.tar.gz
[249] https://packetstormsecurity.com/files/download/10533/lrk5.src.tar.gz
[250] https://github.com/unix-thrust/beurk
[251] https://github.com/mempodippy/vlany
[252] https://github.com/m0nad/Diamorphine
[253] https://github.com/yaoyumeng/adore-ng/
[254] https://github.com/jiayy/lkm-rootkit
[255] https://github.com/f0rb1dd3n/Reptile
[256] https://github.com/falk3n/subversive
[257] https://github.com/elfmaster/kprobe_rootkit
[258] http://phrack.org/issues/58/7.html
[259] http://www.phrack.org/issues/68/6.html
[260] http://phrack.org/issues/68/11.html
[261] https://github.com/google/rekall/tree/master/tools/linux/lmap/lmap
[262] https://github.com/quarkslab/dreamboot
[263] https://github.com/ajkhoury/UEFI-Bootkit
[264] https://github.com/NextSecurity/Gozi-MBR-rootkit
[265] https://github.com/m0n0ph1/Win64-Rovnix-VBR-Bootkit
[266] https://github.com/chesteroni/kitgen
[267] https://github.com/sgxrop/sgxrop
[268] https://arxiv.org/pdf/1902.03256.pdf
[269] https://lwn.net/Articles/682302/
[270] https://www.volatilityfoundation.org/
[271] https://github.com/monnappa22/linux_mem_diff_tool
[272] https://cysinfo.com/linux-memory-diff-analysis-using-volatility-2/
[273] https://gitlab.com/nowayout/prochunter
[274] https://github.com/nbulischeck/tyton
[275] https://nbulischeck.github.io/tyton/
[276] https://github.com/dgoulet/kjackal
[277] http://rkhunter.sourceforge.net/
[278] http://www.chkrootkit.org/download/
[279] http://www.blackhat.com/presentations/bh-europe-01/shaun-clowes/bh-europe-01-clowes.ppt
[280] https://github.com/gaffe23/linux-inject/
[281] https://www.clamav.net/
[282] https://github.com/malscan/malscan
[283] https://virustotal.github.io/yara/
[284] https://binaryalert.io/
[285] https://github.com/airbnb/binaryalert
[286] https://github.com/KasperskyLab/klara
[287] https://github.com/rastrea2r/rastrea2r
[288] https://github.com/Yara-Rules/rules
[289] https://github.com/InQuest/awesome-yara
[290] https://cuckoosandbox.org/
[291] https://github.com/mxmssh/drltrace
[292] https://github.com/AFAgarap/malware-classification
[293] https://github.com/ALFA-group/robust-adv-malware-detection
[294] https://github.com/surajr/Machine-Learning-approach-for-Malware-Detection
[295] https://github.com/mprhode/malware-prediction-rnn
[296] https://github.com/PUNCH-Cyber/stoq
[297] https://github.com/search?q=webshell
[298] https://github.com/tennc/webshell/tree/master/fuzzdb-webshell/servlet
[299] https://security.tencent.com/index.php/blog/msg/104
[300] https://4hou.win/wordpress/?p=20456
[301] https://github.com/rebeyond/memShell
[302] https://github.com/nbs-system/php-malware-finder
[303] https://github.com/sfaci/masc
[304] https://github.com/hi-WenR0/MLCheckWebshell
[305] https://paper.seebug.org/526/
[306] https://scanner.baidu.com/
[307] https://www.cisecurity.org/
[308] https://www.cisecurity.org/cybersecurity-tools/cis-cat-pro/
[309] https://www.cisecurity.org/cis-benchmarks/
[310] https://www.cisecurity.org/controls/
[311] https://cisofy.com/lynis/
[312] https://github.com/CISOfy/Lynis
[313] https://www.inspec.io/docs/reference/resources/
[314] https://github.com/slimm609/checksec.sh
[315] https://www.rudder.io/en/
[316] https://aws.amazon.com/cn/guardduty/
[317] https://www.secviz.org/
[318] https://d3js.org/
[319] http://visjs.org/
[320] https://threejs.org/
[321] https://www.babylonjs.com/
[322] https://playcanvas.com/
[323] https://clickhouse.yandex/
[324] http://doris.incubator.apache.org/
[325] https://www.graylog.org/
[326] https://github.com/Neo23x0/sigma
[327] https://www.elastic.co/cn/products/stack
[328] https://github.com/elastic/beats
[329] https://www.elastic.co/cn/products/stack/machine-learning
[330] https://www.splunk.com/zh-hans_cn/software/user-behavior-analytics.html
[331] http://metron.apache.org/
[332] https://github.com/rob-med/awesome-TS-anomaly-detection
[333] https://github.com/yzhao062/anomaly-detection-resources
[334] https://github.com/hugegraph
[335] https://github.com/deepmind/graph_nets
[336] https://arxiv.org/pdf/1806.01261.pdf
[337] https://github.com/phantomcyber/playbooks
[338] https://github.com/StackStorm/st2
[339] https://github.com/Patrowl/
[340] https://github.com/mozilla/MozDef
[341] https://www.csa.gov.sg/legislation/supplementary-references
[342] https://continuumsecurity.net/
[343] https://github.com/continuumsecurity/bdd-security
[344] http://capec.mitre.org/data/definitions/3000.html
[345] https://github.com/mozilla/seasponge
[346] http://mozilla.github.io/seasponge/
[347] https://threatdragon.org/
[348] https://www.microsoft.com/en-us/download/details.aspx?id=49168
[349] https://github.com/google/vsaq
[350] https://github.com/OWASP/CheatSheetSeries/blob/master/Index.md
[351] https://www.owasp.org/index.php/OWASP_Secure_Coding_Practices_-Quick_Reference_Guide [352] https://www.owasp.org/images/7/73/OWASP_SCP_Quick_Reference_Guide%28Chinese%29.pdf
[353] http://google.github.io/styleguide/
[354] https://github.com/alibaba/p3c
[355] https://github.com/spotbugs/spotbugs
[356] https://github.com/pumasecurity/puma-scan
[357] http://cppcheck.sourceforge.net/
[358] https://github.com/fossology/fossology
[359] https://github.com/jeremylong/DependencyCheck
[360] https://github.com/snyk/snyk
[361] https://github.com/srcclr/efda
[362] https://github.com/ESAPI/
[363] https://github.com/eggjs/egg-security
[364] https://eggjs.org/zh-cn/core/security.html
[365] https://docs.spring.io/spring-security/site/docs/5.0.x/reference/html/
[366] https://github.com/cure53/DOMPurify
[367] http://rips-scanner.sourceforge.net/
[368] https://github.com/designsecurity/progpilot
[369] https://github.com/globocom/huskyci
[370] http://fb-contrib.sourceforge.net/
[371] http://find-sec-bugs.github.io/
[372] https://dwheeler.com/flawfinder/
[373] https://github.com/facebook/infer
[374] https://docs.sonarqube.org/display/PLUG
[375] https://www.sonarlint.org/
[376] https://www.sonarqube.org/
[377] https://github.com/SonarSource/sonarqube
[378] https://rules.sonarsource.com/
[379] https://github.com/michenriksen/gitrob
[380] https://github.com/flipkart-incubator/Astra
[381] https://github.com/YalcinYolalan/WSSAT
[382] https://github.com/zaproxy/zaproxy
[383] https://github.com/fuzzdb-project/fuzzdb
[384] https://github.com/linkedin/qark
[385] https://appcritique.boozallen.com/
[386] https://github.com/laruence/taint
[387] https://researcher.watson.ibm.com/researcher/files/us-msteiner/php.nyphp.ppt
[388] https://www.usenix.org/legacy/event/webapps11/tech/final_files/webapps11_proceedings.pdf
[389] https://github.com/jpapayan/aspis
[390] https://github.com/cdaller/security_taint_propagation
[391] https://www.blackhat.com/presentations/bh-dc-08/Chess-West/Presentation/bh-dc-08-chess-west.pdf
[392] https://www.owasp.org/images/2/2e/OWASP_Code_Review_Guide-V1_1.pdf
[393] https://www.peach.tech/products/peach-fuzzer/
[394] https://llvm.org/devmtg/2015-10/slides/SerebryanyCollingbourne-BeyondSanitizers.pdf
[395] https://github.com/google/oss-fuzz
[396] https://github.com/secfigo/Awesome-Fuzzing
[397] https://github.com/octopus-platform/joern
[398] http://www.mlsec.org/joern/docs.shtml
[399] https://github.com/MobSF/Mobile-Security-Framework-MobSF
[400] https://labs.mwrinfosecurity.com/tools/drozer/
[401] https://github.com/mwrlabs/needle
[402] https://github.com/alibaba/iOSSecAudit
[403] https://github.com/secmobi/wiki.secmobi.com
[404] https://appsecwiki.com/#/mobilesecurity
[405] https://github.com/OWASP/owasp-mstg
[406] https://klee.github.io/
[407] https://angr.io/
[408] https://github.com/angr/angr
[409] https://github.com/radare/radare2
[410] https://github.com/Gallopsled/pwntools
[411] https://github.com/apsdehal/awesome-ctf
[412] https://github.com/malicious0x01/Awesome-Vulnerability-Research
[413] https://github.com/nebgnahz/awesome-iot-hacks
[414] https://www.owasp.org/index.php/OWASP_Testing_Project
[415] https://www.owasp.org/images/1/19/OTGv4.pdf
[416] https://github.com/hashicorp/vault
[417] https://www.vaultproject.io/
[418] https://cn.aliyun.com/product/dms
[419] https://help.aliyun.com/document_detail/47550.html
[420] https://github.com/cookieY/Yearning
[421] https://github.com/jumpserver/jumpserver
[422] https://guacamole.apache.org/
[423] https://www.kali.org/
[424] https://linux.backbox.org/
[425] https://www.parrotsec.org/
[426] http://www.deftlinux.net/
[427] https://www.metasploit.com/
[428] https://github.com/n1nj4sec/pupy
[429] https://github.com/stevenaldinger/decker
[430] https://github.com/gyoisamurai/GyoiThon
[431] https://github.com/enaqx/awesome-pentest
[432] https://github.com/mozilla/mig
[433] https://github.com/TheHive-Project/TheHive
[434] https://github.com/flyve-mdm
[435] https://github.com/bryanpkc/corkscrew
[436] https://cloud.google.com/beyondcorp/?hl=zh-cn
[437] https://github.com/Valve/fingerprintjs2
[438] https://github.com/jackspirou/clientjs
[439] https://github.com/ay-kay/unique
[440] https://github.com/salesforce/pixel-captcha-project
[441] https://github.com/ecthros/uncaptcha2
[442] https://www.drools.org/
[443] https://github.com/jdereg/n-cube
[444] https://www.h2o.ai/solutions/usecases/
[445] https://www.slideshare.net/0xdata/paypal-fraud-detection-with-deep-learning-in-h2o-presentationh2oworld2014
[446] https://shiring.github.io/machine_learning/2017/05/01/fraud
[447] https://ieeexplore.ieee.org/abstract/document/7838276
[448] https://zhuanlan.zhihu.com/p/36530032
[449] http://ramok.tech/2017/09/08/fraud-detection-with-java-and-spark-mlib/
[450] https://github.com/klevis/frauddetection
[451] https://github.com/GitiHubi/deepAI
[452] https://github.com/yazanobeidi/fraud-detection
[453] https://github.com/entrepreneur-interet-general/graph-explorer
[454] https://neo4j.com/use-cases/fraud-detection/
[455] https://www.dataguise.com/
[456] https://www.ibm.com/security/data-security/guardium
[457] https://www.microfocus.com/en-us/products/voltage-data-encryption-security/overview
[458] http://sentry.apache.org/
[459] http://knox.apache.org/
[460] http://ranger.apache.org/
[461] http://eagle.apache.org/
[462] https://github.com/troydo42/CIA-Hacking-Tools/tree/master/Scribbles/
[463] https://github.com/arx-deidentifier/arx
[464] https://github.com/uber/sql-differential-privacy
[465] https://github.com/google/rappor
[466] https://github.com/rdragos/awesome-mpc
[467] https://github.com/shaih/HElib
[468] http://di.baidu.com/product/calc
[469] https://github.com/hugegraph/hugegraph
[470] http://www.trustedcomputinggroup.org/
[471] https://github.com/PeterHuewe/tpm-emulator
[472] http://sourceforge.net/projects/trousers
[473] http://ibmswtpm.sourceforge.net/
[474] https://sourceforge.net/p/linux-ima/wiki/Home/
[475] https://github.com/pwnall/sanctum
[476] https://keystone-enclave.org/
[477] https://github.com/opencomputeproject/Project_Olympus/tree/master/Project_Cerberus
[478] https://cloud.google.com/blog/products/gcp/titan-in-depth-security-in-plaintext
[479] https://github.com/opencomputeproject/Project_Olympus/tree/master/Project_Cerberus
[480] https://github.com/keystone-enclave/
[481] https://github.com/jirislaby/ksplice
[482] https://ksplice.oracle.com/
[483] https://github.com/useidel/kgraft-tools
[484] https://git.kernel.org/pub/scm/linux/kernel/git/jirislaby/kgraft.git/
[485] https://www.suse.com/media/presentation/kGraft.pdf
[486] https://github.com/dynup/kpatch
[487] https://github.com/torvalds/linux/tree/master/kernel/livepatch
[488] https://www.kernel.org/doc/Documentation/livepatch/livepatch.txt
[489] https://www.kernelcare.com/
[490] http://patches.kernelcare.com/kmod_kcare.tar.gz
[491] https://github.com/cloudlinux/libcare
[492] http://firecracker-microvm.io/
[493] https://github.com/firecracker-microvm/firecracker
[494] https://chromium.googlesource.com/chromiumos/platform/crosvm/
[495] https://android.googlesource.com/platform/external/minijail/
[496] https://www.twistlock.com/
[497] https://github.com/coreos/clair
[498] https://github.com/eliasgranderubio/dagda
[499] https://github.com/anchore/anchore-engine
[500] https://github.com/goharbor/harbor
[501] https://katacontainers.io/
[502] https://github.com/kata-containers/runtime
[503] https://github.com/firecracker-microvm/firecracker-containerd
[504] https://github.com/google/gvisor
[505] https://www.projectcalico.org/
[506] https://github.com/projectcalico
[507] https://cilium.io/
[508] https://github.com/cilium/cilium
[509] https://www.aporeto.com/opensource/
[510] https://github.com/aporeto-inc/trireme-lib
[511] https://falco.org/
[512] https://github.com/falcosecurity/falco
[513] https://github.com/falcosecurity/falco/tree/dev/rules
[514] https://github.com/capsule8/capsule8
[515] https://github.com/docker/docker-bench-security
[516] https://github.com/kost/dockscan
[517] https://www.open-scap.org/resources/documentation/security-compliance-of-rhel7-docker-containers/
[518] https://docs.docker.com/compliance/
[519] https://github.com/chromium/chromium/blob/master/docs/design/sandbox.md
[520] https://github.com/chromium/chromium/tree/master/sandbox/win
[521] https://github.com/chromium/chromium/blob/master/docs/linux_sandboxing.md
[522] https://github.com/chromium/chromium/tree/master/sandbox/linux
[523] https://github.com/alibaba/JVM-Sandbox
[524] https://cuckoosandbox.org/
[525] https://github.com/cuckoosandbox
[526] https://www.freedesktop.org/software/systemd/man/systemd.exec.html#Sandboxing
[527] https://android.googlesource.com/platform/external/minijail/
[528] https://chromium.googlesource.com/chromiumos/docs/+/master/sandboxing.md
[529] https://github.com/projectatomic/bubblewrap
[530] https://github.com/google/sandboxed-api
[531] https://www.coursera.org/learn/machine-learning
[532] https://github.com/ZuzooVn/machine-learning-for-software-engineers
[533] https://github.com/imhuay/Algorithm_Interview_Notes-Chinese
[534] https://github.com/kk7nc/Text_Classification
[535] https://www.featuretools.com/
[536] https://github.com/scikit-learn-contrib/boruta_py
[537] https://github.com/hyperopt/hyperopt-sklearn
[538] https://github.com/AxeldeRomblay/MLBox
[539] https://github.com/ClimbsRocks/auto_ml
[540] https://github.com/h2oai/h2o-3
[541] https://github.com/endgameinc/dga_predict
[542] https://github.com/chwress/salad
[543] https://github.com/PositiveTechnologies/seq2seq-web-attack-detection
[544] https://github.com/makemytrip/dataShark
[545] https://github.com/georgymh/ml-fraud-detection
[546] https://github.com/klevis/frauddetection
[547] https://github.com/AFAgarap/malware-classification
[548] https://github.com/honeynet/cuckooml
[549] https://github.com/hgascon/adagio
[550] https://github.com/hgascon/pulsar
[551] https://code.fb.com/developer-tools/getafix-how-facebook-tools-learn-to-fix-bugs-automatically/
[552] https://github.com/13o-bbr-bbq/machine_learning_security/tree/master/DeepExploit
[553] http://web.stanford.edu/class/cs259d/
[554] https://github.com/PacktPublishing/Mastering-Machine-Learning-for-Penetration-Testing
[555] https://github.com/SuperCowPowers/data_hacking
[556] https://github.com/13o-bbr-bbq/machine_learning_security
[557] http://www.covert.io/
[558] https://github.com/jivoi/awesome-ml-for-cybersecurity
[559] https://arxiv.org/abs/1412.6572
[560] https://github.com/tensorflow/cleverhans
[561] https://github.com/baidu/AdvBox
[562] https://github.com/liftoff/pyminifier
[563] https://github.com/QQuick/Opy
[564] https://github.com/dashingsoft/pyarmor
[565] https://arxiv.org/abs/1610.05755v3
[566] https://github.com/tensorflow/privacy
[567] https://github.com/google/nsjail
[568] https://security.googleblog.com/2016/07/experimenting-with-post-quantum.html
[569] https://pqcrypto.org/
[570] https://microsoft.github.io/Picnic/
[571] https://openquantumsafe.org/
[572] https://github.com/open-quantum-safe/liboqs
[573] https://github.com/cloudflare/circl

参考链接:

大型互联网企业安全架构
http://www.broadview.com.cn/book/5241

=END=

声明: 除非注明,ixyzero.com文章均为原创,转载请以链接形式标明本文地址,谢谢!
https://ixyzero.com/blog/archives/4925.html

《[read]大型互联网企业安全架构》上的4个想法

  1. 十年百余起事件,软件供应链面临安全危机
    https://mp.weixin.qq.com/s/zWp0j805H62nUbl9KTOohw
    `
    数字化时代,软件已经成为人们生产生活不可或缺的必需品,而软件的获取(下载、更新、打补丁等)不可避免地要依赖软件的供应链。

    现有的网络安全解决方案日益完善,可以对网络进行全方位的防护,攻击者不得不尝试其他方式对企业和机构进行渗透。软件供应链攻击成为当下普遍和流行的攻击方式。

    当攻击者访问并修改复杂软件开发供应链中的软件,通过插入恶意代码来危害更深层目标时,就会发生软件供应链攻击。侵入软件供应链,可以使攻击者伪装成受信任程序来传递恶意代码。软件供应链攻击是一种非常有效的攻击方式,可以针对安全防护水平较高的系统进行广泛的攻击。

    对于国家安全机构而言,软件攻击链的风险尤为严重,他们查看大量监视数据、运行复杂武器系统以及支持现代物流系统的能力取决于软件,其中大多数软件是在政府外部开发的。

    在过去10年的软件供应链攻击呈现下面5个趋势:
    (1)国家级组织利用供应链攻击造成深远影响:国家级攻击组织利用软件供应链攻击取得巨大效果。通过劫持软件更新,国家级攻击发起后果严重的攻击。这些并非新颖的威胁。2012年Stuxnet和其他攻击事件就对物理世界造成了影响。2017年,NotPetya攻击和Equifax数据泄露影响了数百万用户,这些事件展示了软件供应链攻击的巨大潜在规模,及其对国家级攻击者的战略价值。
    攻击实例包括:CCleaner、NotPetya、Kingslayer、SimDisk和 ShadowPad。

    (2)绕过代码签名: 代码签名作为公钥加密和证书系统应用,确保软件更新完整性及来源身份。突破防护措施则是供应链攻击中的关键一步,从而可以实现从简单的开源代码篡改到复杂的国家级窃密行动。
    攻击实例包括:ShadowHammer、Naid / McRAT和 BlackEnergy 3。

    (3)开源威胁:这类安全事件中,攻击者通过获得帐户访问权限,实现开源代码篡改,或发布与常用软件包名字相似的恶意软件包。所传播的恶意代码通常会窃取受害者数据,有时也针对支付信息。攻击者通常是罪犯分子,通常很快会被发现。
    攻击实例包括:Cdorked / Darkleech、RubyGems后门、HackTask、 Colourama、JavaScript 2018后门和 PyPI存储库攻击。

    (4)劫持更新:这类攻击通常是由国家级组织或能力强大的攻击者发起。利用被窃取或伪造证书签名的软件更新,将恶意软件带进攻击目标。高级恶意软件通常可以从受感染的计算机通过网络或在硬件进一步传播。这类攻击更有可能加密数据,攻击物理系统或提取信息,通常比应用商店复杂得多。
    攻击实例包括:Flame、Stuxnet、CCleaner 1和2、NotPetya、Adobe pwdum7v71、Webmin和PlugX。

    (5)应用商店攻击:这类攻击使用谷歌 Play Store,苹果App Store和其他第三方应用软件分发工具,将恶意软件传播到移动设备。通常,攻击者设计的这些应用程序看起来都是合法的,尽管有些确实是被侵入的合法应用软件。这些恶意应用通常会运行广告软件,窃取支付信息,提取数据,发送到攻击者操作的服务器。大多数攻击者是罪犯分子,也发生了一些国家支持的攻击。
    攻击实例包括:Sandworm安卓攻击、ExpensiveWall、BankBot、Gooligan和 XcodeGhost。

    企业和机构在软件供应链问题上面临的安全风险在持续增长。
    首先,物理设备出厂之后很少修改,而软件需要通过更新和补丁进行持续的修订,容易出现大量无意和恶意的缺陷和漏洞。
    其次,越来越多功能丰富的软件正在进入越广泛的消费产品和企业服务领域,扩大了潜在的攻击面。
    第三,企业和组织将IT管理和服务外包给云计算和管理服务提供商(MSP),增加了企业和组织受到针对这些提供商之一的攻击的可能性。
    第四,企业和组织在场地开发复杂任务的软件系统也可能需要从第三方购买预先构建的软件组件,这些第三方构建的组件同样存在着安全漏洞。
    `

    美国智库大西洋理事会(Atlantic Council)发布题为《打破信任:不安全软件供应链中的危机阴影》的报告(Breaking trust: Shades of crisis across an insecure software supply chain)
    https://www.atlanticcouncil.org/wp-content/uploads/2020/07/Breaking-trust-Shades-of-crisis-across-an-insecure-software-supply-chain.pdf

  2. 浅谈大规模红蓝对抗攻与防
    https://mp.weixin.qq.com/s/s0osF1NCb8M6O-uq-8idPA
    `
    # 我的一些感想
    功夫在诗外!
    因为(圈定时间的)大规模演习项目时间紧、任务重、人力有限,防守方有相对充足的时间提前修筑防御工事、主动构建溯源资源库,攻击方如果想要准确高效的完成攻击目标,平时的信息、工具、0day储备就很重要,临时抱佛脚很难产生效果。

    虽然攻击方可以进行0day储备,对于防守方来说,0day也没那么可怕,因为主机上的对抗还是会回到基本面上去——【文件、进程、网络】行为肯定和正常的操作有区别,系统上的敏感、高危操作也会有所不同,平时的操作画像做好了,遇到0day也没问题。

    知易行难!
    当然,说起来简单,想做到、做好就很难了——毕竟知易行难,不过合理的分工协作对于日常的办公来说也是好的,以攻促防、携手共进。

    # 原文摘录
    近年来各种大规模的红蓝对抗赛事方兴未艾,攻防实战受到了更多的重视。红队和蓝队的打法逐渐提升并趋于成熟,已不再是单方面的攻击与防御,而演变为攻防博弈和几乎不限手法的对抗演习。与传统的渗透测试相比,这种高强度的红蓝对抗有着明显不同,甚至较量的不仅仅是技法,而包括战术打法、心态与体力的考验。

    # 溯源与反溯源
    溯源让演习得以攻守互换,是防守方的重要工作之一。演习攻击方并不能毫无顾忌的肆意输出,首先需要考虑的是隐藏自身,这也让演习更加贴近于真实的攻击行动。这里讨论的溯源并不只是停留在分析攻击手法和定位来源IP上,更进一步需要关联到真实的行为人,所以攻击方使用匿名资源变得非常必要:
    * VPN、匿名代理
    * 纯净的渗透环境、虚拟机
    * 匿名邮箱、手机号、VPS等
    * 纯净的移动设备、无线设备等

    # 数据储备
    圈定时间的演习对抗跟真实世界的攻击还是有一定区别的,防守方有相对充足的时间提前修筑防御工事,比如收敛外网的入口、关闭不重要的业务网站、限制关键系统的访问来源、降低安全设备拦截阈值等,甚至不惜降低用户体验以提升安全性。而攻击方由于演习前目标未知,在战时状态下再临时进行信息搜集和扫描探测效果必然会有一定折扣,并且很容易被拦截和封禁,往往很难定位到关键的资产。
    此时,全网数据和被动信息搜集就会变得非常有价值,比如DNS历史解析记录、Whois历史信息、历史端口开放情况、网络流量信息等等,这些数据可以帮助你:
    * 找出网站真实IP,挖掘相邻网段、绕过安全设备
    * 判断目标是否为蜜罐
    * 定位内网IP和系统
    * 定位关键的应用系统

    # 0day储备
    大规模演习项目时间紧、任务重、人力有限,效率非常重要。常规突破手段无法完全满足需求,在对目标组织结构没有详细了解的情况下,正面硬刚的路径会很长,光是突破边界、摸清内网状态,判断是否连通靶标就需要花费较长时间。此时攻击关键的基础设施:邮件系统、OA系统、VPN系统、企业知识库、域控、集中管控等系统的价值则非常大。一个有效的0day则可以节省数天时间,至少可以直接获得一个外网的有效突破口,起到事半功倍的效果。譬如拿到OA系统可以摸清目标集团的组织架构,定位靶标系统位置,邮箱和VPN则更不用多说,从今年陆续曝出的0day数量也略见一斑。
    对于防守方来说,从行为检测上看,其实0day并没有那么可怕,即使遭遇0day攻击,主机上的对抗也会回到基本面上,比如:Webshell、恶意命令、反弹Shell、端口扫描、黑客工具、端口转发、提权、C2通信等等,这里就要求防守方超越IoC和传统黑特征的束缚,不依赖对特定漏洞利用的先验知识,而全面基于行为数据进行建模,从而拥有发现和识别通过未知漏洞突破的恶意活动检测能力。对于完善的纵深防御体系来说,抓住端点上的蛛丝马迹,可能在攻击者尝试执行探测命令时就可以告警了,甚至可以用蜜罐捕获0day。攻击队的0day利用也需要深思熟虑,识别绕过蜜罐,并尽量趋向于合法操作,比如添加账号,而不是执行黑命令或者直接反弹Shell。

    # 工具储备
    工欲善其事必先利其器,对于攻击队来说,需要将所使用的到的工具进行免杀处理。C2载荷常见的处理方式包括域前置、ShellcodeLoader、加壳,也包括合法的软件签名等等,除了对木马进行免杀之外,渗透过程中也尽量不直接使用公开的工具,至少重新编译或者消除已知的文件特征,否则防守方通过最简单的IoC匹配就能成功告警。

    # 弱口令与字典
    横亘在攻击者与目标企业内部资源之间的非常直接的因素就是账号,当不必要的业务都下线关站之后,一个可以进入在线业务系统的账号变得非常珍贵,比如域账号、WiFi账号、邮箱账号、员工OA账号、管理后台账号等等。除了考验攻击队的信息搜集能力之外,各种字典的合理性和命中率就可以在攻击队之间拉开一定的差距,常见的字典比如:用户名字典、针对性的密码字典、网站目录字典、参数字典等等。一个好字典发挥的作用很可能超出预期,哪怕是边界网络设备的弱口令,也可能会打开直达内网的通路。
    爆破账号时如果可以对用户名、密码分开爆破是最好的,在通过各种途径获取到一批用户后,可以以密码为维度进行密码喷射爆破。对于Web系统来说,可能会遇到验证码增加爆破成本和难度,这里可以调用打码平台的API,传统图片验证码的识别率已经相当高了。
    对于防守方来说,需要建模检测广度优先的密码喷射爆破行为及账号异常登录行为。另外可以将验证码升级为更加智能的下一代行为验证码,增加人机设备识别、滑动验证码等措施来有效防止爆破。

    # 分工配合
    大规模红蓝对抗有逐渐类军事化对抗的趋势,全局上要求攻击方具有更组织化的分工与合作,像社工钓鱼、近源渗透、无线入侵等入口也需要提前安排部署。大体上人员技能可以分为:
    * 信息搜集、数据分析
    * 外网渗透
    * 内网渗透、域渗透
    * 逆向分析
    * 钓鱼社工
    * 近源渗透
    * 漏洞利用、0day挖掘
    * 报告编写

    其他的技能点还包括安全设备绕过、数据库利用、网络设备利用、木马免杀、持久化、工具与协同平台支持等等。对于项目来说,报告编写往往是展现成果最直接的环节,报告的细节、侧重点需要尽可能贴近项目要求或者比赛规则,是比较繁杂而不可或缺的工作。
    作为防守方,为了应对全方位的攻击手法,除了常规防御外,加派安保人员防范近源渗透也不失为防御体系的一环。
    以上是笔者一些粗浅的观察,仅当抛砖引玉。攻击和防守的博弈需要靠技术和经验,同时也是个体力活。言知之易,行之难,如何在有限时间内达成目标?合理的分工协同与工作节奏非常重要,攻防过程中需要保持良好的心态与清晰的思路,沉着冷静避免失误。道阻且长,行则将至,攻防双方均需砥砺前行。
    `

  3. MDM MAM MCM这三者有什么区别和联系?
    https://www.zhihu.com/question/22424838
    `
    通俗点说:
    MDM:收集设备信息,设备功能管控,设备配置推送(wifi email vpn什么的,设备设置里有的),企业app商店(应用发布什么的),都是继续移动os提供的标准接口来开发的,安卓有安卓的,苹果有苹果的,国外厂商同步的速度比较快例如airwatch,mobileiron 基本能做到0延迟支持最新系统。还有一种方案是定制,根据用户需求,跟设备提供商合作通过签名或sdk方式获得更多更特殊的功能,但是只支持安卓,国内排名靠前的厂商基本都支持例如国信灵通

    MAM和MCM应该和在一起说,在移动设备上企业数据都是以应用形式呈现的,无论是email,文档或web客户端, 应该整体讨论

    MAM:通过sdk或重打包的方式,使原来不具备远程管理功能的app具备了这些功能,并通过mdm服务器做应用级的操作,我们称之为MAM。目前常见的功能包括:远程配置应用参数(sso,参数,vpn什么的,根配置和设置有关的)

    MCM:应用产生和存储在设备上的数据安全,目前常见的(数据加密,一般都是aes256。数据防泄漏DLP),目的就是保证这部分数据安全,禁止或者在企业可监控的情况下使用
    `

发表评论

邮箱地址不会被公开。 必填项已用*标注