marconimedical

　　On June 18 international report majority of networks were very easy to receive each type the hacker attack, but we may come the preventing hacker attack through set of security specifications maximum limit the occurrence.

　　But, distributional refuses to serve the attack (DDoS) is completely different forms of defensive action, you are unable to prevent the hacker to start the DDoS attack to your website, only if you separate the Internet access on own initiative.

　　If we are unable to prevent this kind of attack, then does to be able maximum limit to protect the enterprise network?

　　First you should understand clearly the DDoS attack three stages, how then again study fall this kind of attack harm lowly.

　　Understands the DDoS attack

　　A DDoS attack is divided into three stages generally. The first stage is the goal confirmed: The hackers will lock an enterprise network on the Internet the IP address. This locked IP address has possibly represented enterprise\’s Web server, the DNS server, the Internet gateway and so on. But choice these goals carry on the attack the goal to be similarly many and varied, for instance to make money (some people will pay expenses to hacker attack certain stands), or takes destroying as happily.

　　The second stage is preparatory stage: In this stage, the hacker will invade on the Internet massive not to have the good shielding systems\’ computer (basically is in network home computer, the DSL wide band or wired electric cable surfer way primarily). The hackers will implant the tool which in these computers the target will need in the future.

　　The third stage is the actual attack stage: The hackers will transmit the attack order to all invaded computers (are also corpse computer) on, and orders the attack tool which these computer uses implant in advance unceasingly to the target transmission data packet, causes the goal unable to process the massive data or the bandwidth is fully occupied.

　　The intelligent hacker will also let these corpse computer forge transmission attack data packets the IP address, and target\’s IP address will insert in the data packet primitive address place, this is the so-called reflection attack. The server or the router saw after these material packages, will retransmit (i.e. reflection) to respond to a primitive IP address receive, aggravates the data stream which the goal main engine withstood.

　　Therefore, we are unable to prevent this kind of DDoS attack, but had known this kind of attack\’s principle, we may reduce the influence which this kind of attack brings as far as possible.

　　Reduced attack influence

　　The invasion filtration (Ingress filtering) is one kind simple the security policy, moreover all networks (ISP) should implement. In your network edge (for instance each with outside net connected router, should establish a route to state directly) that originates the IP mark all data for this net address data packet discarding. Although this way cannot prevent DDoS to attack, but actually may prevent the DDoS reflection attack. (Invites connection next page of reading)

　　Reduces the DDoS attack harm

　　But large-scale ISP probably because each kind of reason refuses to realize the invasion filtration, therefore we need other ways to reduce the influence which DDoS brings. At present a most effective method is counter-tracing (backscatter traceback method).

　　Must select this method, first should determine what present suffers is exterior DDoS attacks, but is not from in net or the route question. Then must the complete edge router\’s exterior connection carry on the disposition on as soon as possible, refuses to flow to the DDoS target the data stream.

　　Moreover, but must carry on the disposition on these edge router ports, completely invalid or is unable to locate the data originates IP data packet discarding. For instance following address:

　　10.0.0.0 – 10.255.255.255

　　172.16.0.0 – 172.31.255.255

　　192.168.0.0 – 192.168.255.255

　　Establishes after the router to reject these material packages, when the router will be rejecting the data packet each time transmits an Internet control news agreement (ICMP) package, and \” destination unreachable \” information and rejected data packet pack will transmit originates the IP address.

　　Then, opens the router diary, examined that router receives attack material package most. Then according to data packet which records originates IP to determine that which webpage the data volume is biggest. Adjusts router on this router in view of this webpage is “black hole” condition, and isolates because of the revision subnet mask\’s method this webpage.

　　Then again seeks for this webpage owner\’s information, relates your ISP as well as data distribution webpage ISP, will attack the situation report to give them, and requested the assistance. No matter they whether is willing to help, nothing but is a telephone\’s question.

　　Then to let the service and legitimate current capacity pass, you may restore normally some other attack situation light routers, only retains withstanding to attack the heaviest that router, and refuses to attack to originate the biggest webpage. If your ISP and opposite party ISP very responsible assistance impediment attack data packet, your network will restore quickly normally.

　　On July 17 news, because the junk mail starts to use the PDF document to take their new transmission forms, forever junk mail shield activity reappearance mighty waves without limits. Soon before, the people also in discussing these insert GIF or the JPEG picture junk mail in the letter, now junk mail\’s manufacturer has to carry on the change, because the junk mail interceptor and survey mechanism to detecting the picture junk mail was quite mature.

　　According to the foreign media, as a result of the improvement of spam filter, the picture junk mail has received the heavy losses. The statistics of Secure Computing indicated that for the recent several months the picture junk mail fell in the total e-mail capabilities\’ proportion from about 30% 10%. What displacing is a bigger trouble. In June, PDF form\’s junk mail only accounts for the total e-mail capabilities 1%, only during January rise 5%~6%.

　　GIF will be substituted for by PDF inevitably, Secure Computing resource management laboratory senior research fellow Dmitri Alperovitch indicated that “how e-mail filter\’s manufacturer has solved has distinguished the picture junk mail the question, and promoted their product to intercept them, therefore the junk mail must use PDF to camouflage now”.

　　Because in the market condition has manufactures PDF the free software, regarding the junk mail manufacturer thinks that uses PDF is very easy. But regarding spam filter\’s developer, this is lets the human have a headache. In the traditional sense, the PDF document never contacts with the junk mail and hoodlum software, when PDF through network little is inspected.

　　Alperovitch brings the good news is the PDF document has not been used to transmit the malicious code, at present up to it is used in carrying the conventional trash information. But filters effectively lets the human have a headache, because scans a PDF document to filtering a JPG document consumes to be more than much the time. “Because the PDF document is specially big, will analyze a PDF document to reduce filtration system\’s performance enormously”, he said.

　　Because early edition\’s Acrobat has the fatal weakness, once the malicious code is sent out is unable to stop. “Perhaps in the near future, hoodlum software manufacturer will find uses the PDF file transfer evil intention code the way, but so far it is used to transmit the junk mail.”

　　On April 21 the news, according to the foreign media, regarding the recent going on the market apple iPad tablet PC, all consumers is by no means satisfied, some even also proposed many complaints.　　The following is the user to the iPad 10 big disaffections:　　1. After Wi-Fi signal weak iPad goes on the market soon, the user had discovered the Wi-Fi signal is weak, after breaking the net, is unable to connect and other questions. The apple has given the confirmation afterward, but pushed the responsibility to the third party router.　　2. The non-physical keyboard has not disposed physical keyboard is a iPad big flaw, some users complained, simply does not want to use iPad to write an article. Although the apple has promoted 69 US dollars wireless keyboards, but needs the consumer to pay additionally. iPad selling price 499 US dollars, but cost has 260 US dollars.　　3. Does not support the multi-duty user when using the iPad writing, actually cannot in the backstage broadcast music.　　4. The charge question sometimes, iPad is unable to charge in the use process, can only close down or enter the waiting for an opportunity pattern.　　5. Does not support the printing itself not to support printing, needs iPad and Mac or the MacBook synchronization.　　6. The application question many applications and iPad are incompatible, cause the system collapse.　　7. Screen question many users complained that in the sunlight perpendicular incidence situation, cannot see clearly the screen content.　　8. The non-network camera is unable to support the video frequency to chat.　　9. The non-USB port is unable to turn on USB to dodge to save or the reader.　　10. Does not have the HDMI high clear connection unable with the high clear television or the high clear telltale connection.

　　On June 12 the international report said according to Symantec that aims at the OpenOffice.org documents the malicious software to carry on the dissemination through many kinds of operating systems.

　　Symantec responded the center to indicate in a report that one kind of new worm is disseminating in the malicious OpenOffice documents, it can infect Windows, Linux and Mac OS X systems. When the users in processing originates the unclear OpenOffice documents must be discrete.

　　Sophos forming a partnership founder Jan Hruska indicated that apple Mac OS will not receive the virus to infect by no means. He said that in the Mac platform presented the virus, they are disseminating, Mac does not look like some people imagine such regarding the virus has the immunity.

　　In non-Mac platform viral quantity are many, this has given the people one false impression: Mac will not be infected by the virus.

　　This worm earliest was at the end of last month is discovered that at that time, it is considered has not been disseminating.

　　Once this named badbunny.odg OpenOffice documents are opened, will start great. Operating system which uses according to the user, this great will carry out the different operation. On the Windows system, will produce named drop.bad the document, will also carry out JavaScript virus badbunny.js.

　　On the Mac system, this worm will produce one of two kinds of Ruby worm viruses; On the Linux system, this worm will produce XChat script virus badbunny.py and Perl virus badbunny.pl. Symantec to this worm\’s rating is “medium danger”.

　　VentureBeat (via John Battelle) recently Marissa Mayer carried on one time to the Google search product and user experience vice-president the interview, latter was interviewing to disclose some and Google search engine\’s future related important information. Broadly speaking, Marissa Mayer thinks the social search (social search) is a Google search key point. This is a very interesting transformation, because in last August, Marissa Mayer had said the social search prospect is not big. But along with the Facebook and other socialized website\’s the momenta and influence expands unceasingly, Google clearly had the change in the manner.

　　What relations that social search and between the Google search engines has? Marissa Mayer suggested that Google will distinguish possibly your good friend in future through your Gmail, and uses their search historic record to affect and you and in your public relations network personnels\’ related Google search result. This means in the future, you in the public relations network performance, very possibly decided that becomes one of your network site\’s factors. Marissa Mayer will add from the beginning this kind of relationship network based on the Gmail contact person, but will not remove Google from the third party public relations website (for instance MySpace, Facebook and so on) to induct the user directly the good friend information. Although present Google did not have to carry out these operations officially, but they are very possible to be in the development. Once without a doubt, the Google search has begun using the social search characteristic, then based on the Google search engine technology\’s third party website for instance AOL and MySpace also will come under the influence. Because social search characteristic very probably causes them to rearrange the search result.

　　Joined of public relations network factor, will cause future Google search engine to be more complex, affects the place the factor also becomes more. In addition Google now gradually the carrying out personalized search and conformity search characteristic, believes that later carries on SEO when to Google, the difficulty becomes greatly. If you have the time, intense suggestion read interviews the full text.

　　[51CTO on March 1 foreign news dispatch headline]Novell had insisted 7 years Linux service has eventually realized the balanced revenues and expenditures, their good has completed one year ago commitment.

　　In last week Novell issue by in January 31 2010 wealth new year share quarter income report, company\’s turnover was 202 million US dollars, compares in 2009 the same time 215 million slightly had slides. But was better because of the net income aspect\’s situation, Novell reported that said company\’s net income is 20 million US dollars or each 0.06 US dollar, compared the same time last year 11 million US dollars or each 0.03 US dollar had great scope increase.

　　With emphasis but was mentioning in the Linux service, the Novell CFO Dana Russell report said that the Linux platform\’s revenue grew 6%, amounts to 37 million US dollars, and has obtained the balanced revenues and expenditures.

　　In 2003, Novell purchased SUSE Linux to start by 21 million US dollars to enter the Linux service. To May, 2009, Russell said that Novell Linux service is unable to make money as before, but he at that time had dared to declare in the future from 12 to 18 months obtains the balanced revenues and expenditures.

　　Now came out finally, Russell has brought the good news for the investors ahead of time.

　　2007 management software market, cannot say blustery, but is also the brilliant multi-colors. The SOA concept falls to the ground, draws out the management software product the transformation unrest; The management software continues along the platform and profession development; Opens ERP, although is subject to flatters, but still uncertain future; UC becomes the new pet, the management software manufacturer to obtain a cup of thick soup from the communications market; Software industry merger and acquisition tendency is obvious; SaaS enjoys the sight and sound of the wind whipping up the water; Management software user community emerges gradually ……

　　Along with 2007 quick pasts, we forecast one next in 2008 changing constantly of management software market.

　　Tendency one: SOA production tendency acceleration, the exploration application pattern becomes the focal point.

　　The concept proposed for 10 years later, China has welcomed her SOA year finally. In 2007, SOA in the Chinese big line of its road, IBM, Oracle, SAP, BEA and other group IT manufacturers and consultants says must call SOA. But in application software\’s circle, SOA wields great power with great arrogance similarly.

　　In June, 2007, Jin Die introduces the IBM strategic investment , to promote SOA with it is both sides cooperated the primary coverage; Several days later, the tide and IBM establish Chinese first SOA innovation center in Shandong; On August 21, the domestic ERP eldest child followed close on the tide after the friend, connecting rod IBM, establishes the SOA innovation center; But new early is greatly also choosing .NET platform construction of Microsoft based on the SOA application software platform.

　　Wang Wenjing once thinks that to use friend brings “the biggest gaining control by striking” in the new round technological change is SOA. In using the friend promotes in U8 the part has used the SOA technology architecture, but after undergoing 4 years secret research and development, in January, 2008, will promote with the friend completely based on the SOA technology architecture ERP product: U9. But after Jin Dieji introduces the IBM strategic investment, unites IBM to hold the SOA technology conference, vigorously impels the BOS platform, preached SOA. Established ERP manufacturer SAP does not want to fall behind, launches an attack in “11” earlier heavy fist , to promote completely based on SOA in view of the growth mid-sized enterprise\’s product: Business By Design.

　　Believes with friend company vice-President Zheng Yulin that besides SAP, and so on minority business enterprise has promoted 100% with the friend based on the SOA ERP product, next year will have more companies to make the transformation to the original ERP product, CRM and so on afterward will also start SOA.

　　Looking from the user angle, although the understanding penetrates to SOA gradually, but majority domestic enterprises\’ CIO/CTO regarding based on SOA construction management software retribution by attitude of wait and see. However, from eagerly anticipating the IT technology tidal current\’s American SOA development momentum looked that SOA will certainly brings a revolution to application and the implementation the enterprise management software. At present, in lacking the implementation experience and in successful case\’s situation, regarding the leading management software manufacturer, explores SOA the business model, will set up the rendering meritorious service case undoubtedly to become in the future one year key emphasis.

　　Tendency two: The ERP product sends the version to be more nimble, the profession tendency is more obvious.

　　The platform is the SOA foundation. Since in the traditional ERP software application, has satisfied the customer personalization the demand is pain of the difficult word. But based on the SOA pattern, ERP product form had the fundamental change, the customer obtained very big flexibility.

　　Such words, the user may independence outside the ERP manufacturer, oneself carry on the high efficiency the personalized disposition. Not only this may meet own need, reduced “should” have the re-development expenses, but also needs to count the new function which the thorough several months can obtain to turn for several days even immediately to be possible to gain. May liberate regarding the manufacturer from the complex user personalization development, concentrates on the ERP core function application development and core technologies unceasing promotion. At the same time, the ERP enterprise\’s product sends the version to be more nimble, the software release promotion speed speeds up.

　　On the other hand, the ERP profession edition is getting stronger and stronger, is been getting more and more dedicated the numerous groups. Development of the management software experienced has had custom-made and universalized stage, at present enters in the universalized foundation the profession stage.

　　Looking from profession angle, not only circulates, the manufacture, bank, transportation and other profession service characteristics and informationization foundation construction difference is big, even if in the manufacturing industry flow manufacture and separate manufacture is different to the system function demand, moreover “few varieties and mass” and “multi-varieties and small batch” and “have custom-made production” the administrative mode is different, therefore does the good software certainly is the profession software.

　　In the future, the management software manufacturer to further understand that each segmentation profession the business model characteristic and system requirements, the universalized product\’s foundation provide the profession solution in. “Enters the universalization to be easy by the profession, into the profession is been difficult by the universalization”, the profession tendency will enable to have the manufacturer of superiority industry experience to obtain the more advantageous market niche.

　　Tendency three: ERP introduces the Kaiyuan technology, but opens ERP uncertain future.

　　At American CIO 08 annual congresses, before American financial group Capital One, chief information officer Gregor Bailar indicated that opens ERP in the future in three to five years, is in the enterprise application the most rousing emerging technology.

　　On June 7 the news, according to the foreign media, security software manufacturer CA reminded the user other day, its many patterns anti-virus software has the security loophole, may by the hacker use, be carried out in the user machine the malicious code.

　　CA recently indicated that its many patterns anti-virus software\’s engine has the cushion overflow loophole. The hackers may use this loophole through the transmission filename excessively long CAB document.

　　If this loophole is used successfully, will then allow the hacker to carry out the malicious code by the system-level jurisdiction in the user machine.

　　Or at least starts to refuse to serve the attack, eventually causes the system collapse.

　　It is reported that the antivirus engine edition is lower than 30.6 receives this loophole to affect, main product including CA Antivirus for the Enterprise (r8 and r8.1), CA Antivirus 2007 (v8), CA Internet Security Suite 2007 (v3), CA Secure Content Manager 8.0, CA Anti-Virus Gateway 7.1, as well as BrightStor ARCserve Backup (r11.1).

　　CA this security loophole grade is “high” risk, what namely is most serious is the dangerous rank. But Symantec also regards as it in 10 dangerous ranks the highest ranks “10”. Other day, CA has issued the corresponding patch procedure.

　　On June 18 international report majority of networks were very easy to receive each type the hacker attack, but we may come the preventing hacker attack through set of security specifications maximum limit the occurrence.

　　But, distributional refuses to serve the attack (DDoS) is completely different forms of defensive action, you are unable to prevent the hacker to start the DDoS attack to your website, only if you separate the Internet access on own initiative.

　　If we are unable to prevent this kind of attack, then does to be able maximum limit to protect the enterprise network?

　　First you should understand clearly the DDoS attack three stages, how then again study fall this kind of attack harm lowly.

　　Understands the DDoS attack

　　A DDoS attack is divided into three stages generally. The first stage is the goal confirmed: The hackers will lock an enterprise network on the Internet the IP address. This locked IP address has possibly represented enterprise\’s Web server, the DNS server, the Internet gateway and so on. But choice these goals carry on the attack the goal to be similarly many and varied, for instance to make money (some people will pay expenses to hacker attack certain stands), or takes destroying as happily.

　　The second stage is preparatory stage: In this stage, the hacker will invade on the Internet massive not to have the good shielding systems\’ computer (basically is in network home computer, the DSL wide band or wired electric cable surfer way primarily). The hackers will implant the tool which in these computers the target will need in the future.

　　The third stage is the actual attack stage: The hackers will transmit the attack order to all invaded computers (are also corpse computer) on, and orders the attack tool which these computer uses implant in advance unceasingly to the target transmission data packet, causes the goal unable to process the massive data or the bandwidth is fully occupied.

　　The intelligent hacker will also let these corpse computer forge transmission attack data packets the IP address, and target\’s IP address will insert in the data packet primitive address place, this is the so-called reflection attack. The server or the router saw after these material packages, will retransmit (i.e. reflection) to respond to a primitive IP address receive, aggravates the data stream which the goal main engine withstood.

　　Therefore, we are unable to prevent this kind of DDoS attack, but had known this kind of attack\’s principle, we may reduce the influence which this kind of attack brings as far as possible.

　　Reduced attack influence

　　The invasion filtration (Ingress filtering) is one kind simple the security policy, moreover all networks (ISP) should implement. In your network edge (for instance each with outside net connected router, should establish a route to state directly) that originates the IP mark all data for this net address data packet discarding. Although this way cannot prevent DDoS to attack, but actually may prevent the DDoS reflection attack. (Invites connection next page of reading)

　　Reduces the DDoS attack harm

　　But large-scale ISP probably because each kind of reason refuses to realize the invasion filtration, therefore we need other ways to reduce the influence which DDoS brings. At present a most effective method is counter-tracing (backscatter traceback method).

　　Must select this method, first should determine what present suffers is exterior DDoS attacks, but is not from in net or the route question. Then must the complete edge router\’s exterior connection carry on the disposition on as soon as possible, refuses to flow to the DDoS target the data stream.

　　Moreover, but must carry on the disposition on these edge router ports, completely invalid or is unable to locate the data originates IP data packet discarding. For instance following address:

　　10.0.0.0 – 10.255.255.255

　　172.16.0.0 – 172.31.255.255

　　192.168.0.0 – 192.168.255.255

　　Establishes after the router to reject these material packages, when the router will be rejecting the data packet each time transmits an Internet control news agreement (ICMP) package, and \” destination unreachable \” information and rejected data packet pack will transmit originates the IP address.

　　Then, opens the router diary, examined that router receives attack material package most. Then according to data packet which records originates IP to determine that which webpage the data volume is biggest. Adjusts router on this router in view of this webpage is “black hole” condition, and isolates because of the revision subnet mask\’s method this webpage.

　　Then again seeks for this webpage owner\’s information, relates your ISP as well as data distribution webpage ISP, will attack the situation report to give them, and requested the assistance. No matter they whether is willing to help, nothing but is a telephone\’s question.

　　Then to let the service and legitimate current capacity pass, you may restore normally some other attack situation light routers, only retains withstanding to attack the heaviest that router, and refuses to attack to originate the biggest webpage. If your ISP and opposite party ISP very responsible assistance impediment attack data packet, your network will restore quickly normally.

　　Recently, the Jinshan software formally issues \”2007 Year China Computer virus Epidemic situation And Internet safety Report\”. The report showed that in 2007, the Jinshan poisonous tyrant altogether intercepts new virus/wooden horse 283084, compared compared with 06 years grew 17.88%, robbed the number wooden horse to increase quantity to reach 118895, accounted for all additional wooden horse total 42%. According, the Jinshan poisonous tyrant whole world counter-virus supervision center statistical data, the nation altogether has 49,652,557 computers to infect the virus, compared to the same period last year grew 18.15%, the Internet user has suffered the virus attack proportion to occupy 90.56%. And the Guangdong area still the computer virus infection\’s disaster area, 07 years always infected the computation radio station number to reach 5705520, are the only infection computation radio station number surpass 5 million provinces.

　　In this Jin Shan announced in the security report, net You Daohao the wooden horse “casting aside” panda burnt incense, grey in pigeon, AUTO virus and other years the influence big virus, relies on the heads of 8.13% high infection percentage glory row 2007 year Internet ten big virus. The Jinshan poisonous tyrant counter-virus engineer said that in 2008, the attempt of virus will increase in new platform massively. The Vista virus will become possibly the viral author\’s new favorite. At the same time, after when our smartphones enter the 3G time, handset platform\’s virus/wooden horse activity can rise. Mo Zhengchun