{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"隨着信息技術與製造業的深度融合發展, “互聯網+先進製造業”不斷深化,工業互聯網實現了快速的發展,如何構建網絡、平臺、安全三大功能體系,強化工業互聯網安全保障,成爲一個備受關注的話題。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"工業互聯網安全現狀分析 "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"工業互聯網是滿足工業智能化發展需求,具有低時延、高可靠、廣覆蓋特點的關鍵網絡基礎設施,是新一代信息通信技術與先進製造業深度融合所形成的新興業態和應用模式。工業互聯網的重要性使它成爲網絡攻擊的首要目標,針對工業互聯網的攻擊事件頻發。2010-2012 年,針對伊朗核設施的震網病毒攻擊事件;2015 年,波蘭航空公司的地面操作系統遭遇黑客攻擊; 2015-2016 年,烏克蘭連續發生黑客攻擊導致的大面積斷電事等。相比其他國家,我國工業網絡安全領域的薄弱環節較多,事態較爲嚴峻。2017 年,全球爆發的“永恆之藍”勒索病毒事件,我國工業企業被攻擊事件佔國內總數的 17.3%,對工業運行造成嚴重影響。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"目前工業互聯網主要存在的安全問題有以下幾點:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"1、核心技術受制於人。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"目前我國工業產業規模較大,但在覈心芯片、工控系統及工控軟件等核心技術仍受制於國外公司,工業市場擁有自主核心技術和產品較少,需加強核心技術自主可控,否則工業互聯網的安全與發展將受制於人。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"2、網絡安全不夠重視。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"目前國內工業互聯網企業普遍缺乏安全意識,工業企業往往重視發展而忽略安全,重視設備功能性而忽略整體安全性等,導致工控系統安全隱患越來越突出,也是目前大部分企業存在的通病。 "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"3、安全防護能力較弱。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"目前國內工業企業在網絡安全防護能力上普遍缺乏,傳統工業在沒有與互聯網連接時,其安全隱患相對不那麼顯現,一旦工業+互聯網,當工業系統暴露在互聯網,如果缺乏安全防護手段,那系統將處於“裸奔”狀態,這就給工業企業自身安全防護能力提出更高要求。 "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"4、新興技術帶來的隱患。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"隨着雲計算、人工智能、大數據等新興技術在工業領域的應用和發展,給工業企業特別是工業互聯網帶來更多更復雜的安全問題,工業互聯網安全面臨着嚴峻挑戰。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"工業互聯網"},{"type":"link","attrs":{"href":"https://www.kiwisec.com/product/iot-test.html","title":null},"content":[{"type":"text","text":"滲透測試"}],"marks":[{"type":"strong"}]},{"type":"text","marks":[{"type":"strong"}],"text":"技術平臺研究 "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"工業互聯網安全掃描和滲透測試平臺以對主流工業控制系統進行滲透測試爲需求,以對典型滲透工具進行共性分析爲基礎,具備目標(資產)識別與剖析、漏洞掃描與挖掘、威脅建模、漏洞利用與滲透攻擊等功能。由於該系統採用高度可擴展和插件化的架構,支持滲透測試工具和插件的可擴展,支持數據的聯動與協同,因此利於工業控制系統滲透測試能力和技術的積累,以及測試效率的提高。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/17/17ac2ef3e520d40755e7aa0f31d24523.jpeg","alt":"工業互聯網滲透測試平臺框架.jpg","title":"","style":null,"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"工業互聯網滲透測試平臺框架 "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"工業互聯網安全漏洞掃描和滲透測評平臺框架以主動探測引擎爲基礎,聯動互聯網基礎資源平臺和工控行業知識庫,可建成主被動結合的工業互聯網安全監測平臺,具有安全風險評估、 安全風險預警和定位溯源等功能,該框架主要包括採集層、功能層、展示層。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"1、採集層:"},{"type":"text","text":"通過對工業互聯網系統流量採集,利用工業設備識別引擎提取和分析工業互聯網設備的通訊協議和行爲,獲取設備指紋和通訊流量特徵。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"2、功能層:"},{"type":"text","text":"通過漏洞掃描引擎對工業設備和系統進行安全漏洞掃描,並結合知識庫中的漏洞庫和惡意代碼庫進行設備的漏洞掃描和攻擊檢測,及時發現設備隱藏的各種漏洞。分析生成的設備庫信息通過統一存儲引擎寫入到數據存儲模塊中,形成工控設備資產庫。 "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"3、展示層:"},{"type":"text","text":"全局安全預警和態勢感知層,基於數據可視化技術,對平臺分析結果數據進行綜合展示,可展示資產分佈、漏洞分佈、行業分佈及設備類型分佈等情況,提供數據支撐,服務政府和行業。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"幾維安全IoT安全滲透測試服務"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"幾維安全IoT安全滲透測試服務是一項基於STRIDE模型對功能業務進行威脅發現的安全檢測服務。通過對智能終端應用系統的架構設計分析着手,然後對其架構設計中的業務功能實現進行威脅分析,得到業務可能面臨的威脅點,最後再以此爲基礎進行全面的滲透測試,檢測智能終端設備以及其整個生態系統中存在的漏洞問題,並制定整改措施。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"1、業務風險梳理"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"根據應用系統架構,對業務進行拆分,並針對每個業務進行威脅建模,梳理所有可能遇到的潛在安全風險。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"2、漏洞校驗與複檢"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"對梳理的潛在安全風險進行一一驗證,並提供詳細的漏洞驗證方法,以便確認風險,提供複檢服務,確保漏洞完全修復。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"3、支持漏洞修復"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"根據不同的業務漏洞場景,提供針對性的修復建議,幫助研發人員快速及時修復漏洞。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"4、專業安全報告"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"從多個維度和層次關係,詳細闡述漏洞影響,風險級別,漏洞位置,風險詳情,以及修復建議。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"當前工業互聯網的網絡安全面臨着越來越多的挑戰,因此必須高度重視工業互聯網安全威脅和問題,做好安全風險評估和監測預警工作。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}}]}
工業互聯網網絡安全滲透測試技術研究
{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"隨着信息技術與製造業的深度融合發展, “互聯網+先進製造業”不斷深化,工業互聯網實現了快速的發展,如何構建網絡、平臺、安全三大功能體系,強化工業互聯網安全保障,成爲一個備受關注的話題。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"工業互聯網安全現狀分析 "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"工業互聯網是滿足工業智能化發展需求,具有低時延、高可靠、廣覆蓋特點的關鍵網絡基礎設施,是新一代信息通信技術與先進製造業深度融合所形成的新興業態和應用模式。工業互聯網的重要性使它成爲網絡攻擊的首要目標,針對工業互聯網的攻擊事件頻發。2010-2012 年,針對伊朗核設施的震網病毒攻擊事件;2015 年,波蘭航空公司的地面操作系統遭遇黑客攻擊; 2015-2016 年,烏克蘭連續發生黑客攻擊導致的大面積斷電事等。相比其他國家,我國工業網絡安全領域的薄弱環節較多,事態較爲嚴峻。2017 年,全球爆發的“永恆之藍”勒索病毒事件,我國工業企業被攻擊事件佔國內總數的 17.3%,對工業運行造成嚴重影響。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"目前工業互聯網主要存在的安全問題有以下幾點:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"1、核心技術受制於人。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"目前我國工業產業規模較大,但在覈心芯片、工控系統及工控軟件等核心技術仍受制於國外公司,工業市場擁有自主核心技術和產品較少,需加強核心技術自主可控,否則工業互聯網的安全與發展將受制於人。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"2、網絡安全不夠重視。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"目前國內工業互聯網企業普遍缺乏安全意識,工業企業往往重視發展而忽略安全,重視設備功能性而忽略整體安全性等,導致工控系統安全隱患越來越突出,也是目前大部分企業存在的通病。 "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"3、安全防護能力較弱。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"目前國內工業企業在網絡安全防護能力上普遍缺乏,傳統工業在沒有與互聯網連接時,其安全隱患相對不那麼顯現,一旦工業+互聯網,當工業系統暴露在互聯網,如果缺乏安全防護手段,那系統將處於“裸奔”狀態,這就給工業企業自身安全防護能力提出更高要求。 "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"4、新興技術帶來的隱患。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"隨着雲計算、人工智能、大數據等新興技術在工業領域的應用和發展,給工業企業特別是工業互聯網帶來更多更復雜的安全問題,工業互聯網安全面臨着嚴峻挑戰。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"工業互聯網"},{"type":"link","attrs":{"href":"https://www.kiwisec.com/product/iot-test.html","title":null},"content":[{"type":"text","text":"滲透測試"}],"marks":[{"type":"strong"}]},{"type":"text","marks":[{"type":"strong"}],"text":"技術平臺研究 "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"工業互聯網安全掃描和滲透測試平臺以對主流工業控制系統進行滲透測試爲需求,以對典型滲透工具進行共性分析爲基礎,具備目標(資產)識別與剖析、漏洞掃描與挖掘、威脅建模、漏洞利用與滲透攻擊等功能。由於該系統採用高度可擴展和插件化的架構,支持滲透測試工具和插件的可擴展,支持數據的聯動與協同,因此利於工業控制系統滲透測試能力和技術的積累,以及測試效率的提高。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/17/17ac2ef3e520d40755e7aa0f31d24523.jpeg","alt":"工業互聯網滲透測試平臺框架.jpg","title":"","style":null,"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"工業互聯網滲透測試平臺框架 "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"工業互聯網安全漏洞掃描和滲透測評平臺框架以主動探測引擎爲基礎,聯動互聯網基礎資源平臺和工控行業知識庫,可建成主被動結合的工業互聯網安全監測平臺,具有安全風險評估、 安全風險預警和定位溯源等功能,該框架主要包括採集層、功能層、展示層。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"1、採集層:"},{"type":"text","text":"通過對工業互聯網系統流量採集,利用工業設備識別引擎提取和分析工業互聯網設備的通訊協議和行爲,獲取設備指紋和通訊流量特徵。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"2、功能層:"},{"type":"text","text":"通過漏洞掃描引擎對工業設備和系統進行安全漏洞掃描,並結合知識庫中的漏洞庫和惡意代碼庫進行設備的漏洞掃描和攻擊檢測,及時發現設備隱藏的各種漏洞。分析生成的設備庫信息通過統一存儲引擎寫入到數據存儲模塊中,形成工控設備資產庫。 "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"3、展示層:"},{"type":"text","text":"全局安全預警和態勢感知層,基於數據可視化技術,對平臺分析結果數據進行綜合展示,可展示資產分佈、漏洞分佈、行業分佈及設備類型分佈等情況,提供數據支撐,服務政府和行業。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"幾維安全IoT安全滲透測試服務"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"幾維安全IoT安全滲透測試服務是一項基於STRIDE模型對功能業務進行威脅發現的安全檢測服務。通過對智能終端應用系統的架構設計分析着手,然後對其架構設計中的業務功能實現進行威脅分析,得到業務可能面臨的威脅點,最後再以此爲基礎進行全面的滲透測試,檢測智能終端設備以及其整個生態系統中存在的漏洞問題,並制定整改措施。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"1、業務風險梳理"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"根據應用系統架構,對業務進行拆分,並針對每個業務進行威脅建模,梳理所有可能遇到的潛在安全風險。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"2、漏洞校驗與複檢"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"對梳理的潛在安全風險進行一一驗證,並提供詳細的漏洞驗證方法,以便確認風險,提供複檢服務,確保漏洞完全修復。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"3、支持漏洞修復"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"根據不同的業務漏洞場景,提供針對性的修復建議,幫助研發人員快速及時修復漏洞。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"4、專業安全報告"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"從多個維度和層次關係,詳細闡述漏洞影響,風險級別,漏洞位置,風險詳情,以及修復建議。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"當前工業互聯網的網絡安全面臨着越來越多的挑戰,因此必須高度重視工業互聯網安全威脅和問題,做好安全風險評估和監測預警工作。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}}]}
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章
TiKV 源碼分析之 PointGet
作者:來自 vivo 互聯網存儲研發團隊-Guo Xiang 本文介紹了TiDB中最基本的PointGet算子在存儲層TiKV中的執行流程。 一、背景介紹 TiDB是一款具有HTAP能