5. 常见的服务器安全威胁
• 非授权访问与入侵
• 拒绝服务攻击
• 非授权配置变更
• 数据丢失与窃取
• 跳板攻击或入侵
SOURCE: NIST Guide to General Server Security (July 2008)
Protection Suite Enterprise Edition for Servers Symantec Vision 2010 5
6. 常见的服务器攻击方式 非授权访问
应用漏洞分析/入侵
用户/账号权限变更 数据库服务器
文件服务器
Domain
恶意代码植入与数
据收割 邮件服务器 Controller Server
Web 服务器
Entry as email
attachment or file link
应用服务器
Internet 系统后门与非授权访问
Protection Suite Enterprise Edition for Servers Symantec Vision 2010 6
14. DMZ 区服务器保护
攻击: 应对方案:
•Hosts running unnecessary
services provide attackers
critical access info 系统防火墙
Web Server FTP Server Proxy Server
•Applications left unpatched 系统访问控制
or in default configuration
are vulnerable 监控、审计、报警
• Mis-configured web servers
给予策略的应用控制
外部攻击 Firewall
lead to installation of
malicious software
漏洞消除
Med
Med Med
Low High
Low High Low High
Performance/ Security
Compliance Availability
Protection Suite Enterprise Edition for Servers Symantec Vision 2010 14
15. 文件服务器保护
攻击: 应对方案:
•Infected files on file server can
lead to further infection
外部攻击 •Excessive file & directory access 系统防火墙
rights and open shares expand
entry points 系统访问控制
•Un-patched applications or
监控、审计、报警
services allow remote code
File Server Print Server
execution
给予策略的应用控制
•Unauthorized plug-ins of USB or
removable media allow data 漏洞消除
Regular
Disgruntled Ignorant leaks
Employee/
Employee
Insider Attack
Employee
设备控制
病毒查杀
Med Med Med
Low High Low High Low High
Performance/
Compliance Availability
Security
Protection Suite Enterprise Edition for Servers Symantec Vision 2010 15
16. 域控制服务器保护
攻击: 应对方案:
•User accounts created with
elevated privileges
• User accounts or lockouts 系统防火墙
Host-based Firewall
外部攻击 that are disabled by malware
or hackers 系统访问控制
System Hardening
Admin Access Control
• Modification of account
监控、审计、报警
Monitoring,
settings or clearing of windows Auditing, and Alerting
logs to hide tracks
Domain Server
给予策略的应用控制
Exploit Prevention
• Vulnerable services that could
allow compromise and
infection
Disgruntled
Ignorant
Admin / Insider
Admin
Attack
Med
Med Med
Low High
Low High Low High
Performance/ Security
Compliance Availability
Protection Suite Enterprise Edition for Servers Symantec Vision 2010 16
17. 应用、邮件、数据库服务器保护
攻击: 应对方案:
•SQL Injection Attack
•Vulnerable applications can lead
to remote execution attacks and 系统防火墙
Host-based Firewall
Database Server Application Server
shell access
Mail Server
•Deleting, viewing or changing System Hardening
系统访问控制
Admin Access Control
application configuration files
expose critical data Monitoring,
监控、审计、报警
Auditing, and Alerting
• Applications with default user
accounts or accounts with weak Policy-based
外部攻击
passwords
给予策略的应用控制
Application Control
• Remote access to the outside
漏洞消除
Exploit Prevention
Disgruntled
Ignorant
Admin / Insider
Admin Med Med Med
Attack
Low High Low High Low High
Performance/
Compliance Availability
Security
Protection Suite Enterprise Edition for Servers Symantec Vision 2010 17
18. Symantec 全面保护服务器 √ Unauthorized server
监控与防护访问
access
√attack监控与保护应用与行为
Application Exploit
to gain access
Changes to user
√ 监控与防护访问
privileges/accounts 数据库服务
文件服务器
器
Domain
√ Malware installed to
监控与保护文件系统
capture data 邮件服务器 Controller Server
Web Server
√ Entry as an email
防御非授权防问与操作
attachment or file link
应用服务器
Internet √ Backdoor entry enables
监控与防护访问
unauthorized access
Protection Suite Enterprise Edition for Servers Symantec Vision 2010 18
20. 最佳的服务器防护技术
Detection +
Antivirus + Protection Antivirus for Linux Process Automation
Prevention
For Linux
Workflow
Symantec Symantec Symantec Symantec
Critical System Endpoint Antivirus for Workflow
Protection Protection for Linux
Servers
Protection Suite Enterprise Edition for Servers Symantec Vision 2010 20
21. 多合一的解决方案
VALUE
跨平台全面防护
高性能确保稳定
低成本集中管理
Protection Suite Enterprise Edition for Servers Symantec Vision 2010 21
22. Symantec Protection Center 同一管理平台,智能化集
中管理
• 单点登录
• 统一视图 Symantec Critical System
Protection
• 综合管理
– 配置
– 报表,报告
– 仪表板
Symantec Protection
Center
Symantec Endpoint
Protection
Protection Suite Enterprise Edition for Servers Symantec Vision 2010 22