论文部分内容阅读
网络攻击和入侵事件造成的影响和危害需要电信运营商引起足够重视和采取应对措施。在被黑客入侵后仅仅进行数据恢复、安全加固尚不足以规避风险,这种做法过于被动。通过对痕迹的提取分析了解入侵的过程和操作行为,能够彻底清除后患,同时获得证据线索和溯源。入侵痕迹提取分析的重要原则包括及时性、准确性、合法性、多备份、环境安全、严格管理过程。主要从网络层面提取入侵痕迹和从主机层面提取入侵痕迹。在进行痕迹提取分析的时候,不推荐在运行系统中直接查看各项痕迹,而应将所有的痕迹数据全部而迅速地提取出来进行备份,辅以截屏保留证据,对备份件进行分析。在工具的选择上,推荐使用命令行工具。
The impact and harms caused by cyberattacks and intrusion events require that telecom operators pay enough attention and take countermeasures. After being invaded by hackers only data recovery, security reinforcement is not enough to avoid the risk, this approach is too passive. By analyzing and analyzing the traces, we can understand the process and operation of intrusion, and eliminate the troubles thoroughly, and obtain the clues and traceability of evidence. The important principles of the intrusion trace analysis include timeliness, accuracy, legality, multiple backups, environmental safety and strict management process. Mainly from the network level to extract the traces of invasion and from the host level to extract the traces of invasion. In the trace extraction and analysis, it is not recommended to view the traces directly in the operating system, but all traces of data should be fully and quickly extracted for backup, supported by screenshots to retain evidence, the backup parts for analysis. The choice of tools, the recommended use of command line tools.