The Policy of Information Security and Anti-Virus Activities in China Zhang Jian National Computer...
-
Upload
emerald-hudson -
Category
Documents
-
view
215 -
download
0
Transcript of The Policy of Information Security and Anti-Virus Activities in China Zhang Jian National Computer...
The Policy of Information Security The Policy of Information Security and Anti-Virus Activities in Chinaand Anti-Virus Activities in China
Zhang JianZhang Jian
National Computer Virus Emergency Response CenterNational Computer Virus Emergency Response Center
Anti-Virus Products Testing and Certification CenterAnti-Virus Products Testing and Certification Center
86-22-6621148786-22-66211487
Http://www.antivirus-China.org.cnHttp://www.antivirus-China.org.cn
AgendaAgenda The policy of information security in ChinaThe policy of information security in China Antivirus laws in ChinaAntivirus laws in China Responsibility of National Computer Virus EmergenResponsibility of National Computer Virus Emergen
cy Response Center(CVERC)cy Response Center(CVERC) Process of CVERCProcess of CVERC Introduction of China computer virus surveyIntroduction of China computer virus survey The actual state and trend of CVERCThe actual state and trend of CVERC Punish crime that writes or distributes computer virusPunish crime that writes or distributes computer virus Problems faced by us nowProblems faced by us now
Policy and regulator On june 2003, State Information Leadship Group rOn june 2003, State Information Leadship Group r
eviewed and passed “the comments regarding the eviewed and passed “the comments regarding the strengthening of information security safeguard wstrengthening of information security safeguard works” in the group’s third meeting orks” in the group’s third meeting
The National network and Information Security CThe National network and Information Security Coordination Team is responsible for the compreheoordination Team is responsible for the comprehensive coordination works of national information snsive coordination works of national information security safeguard ecurity safeguard
Strategic Guidelines of NationalInformation Security Safeguard Proactive DefenseProactive Defense Comprehensive PrecautionComprehensive Precaution
Proactive defense Solve information security problems with the
thinking of development, security amid development, and development based on security
Implement the information security safeguard, on the basis of grading, classification and phase-in
Strengthen early warning and emergency response, on the basis of secure defense
Strengthen investigation and crack-down on illegal crimes
Realize secure control of network and information system with necessary capabilities and means
Comprehensive Precaution Information security comprehensive precaution
system is composed of protection, detection, response and early warning
Various technologies and management measures be adopted in the areas of prevention, detection, emergency response and crack-down on crimes and the aspects of law, management, operation, technology, talent, etc.
Improve the overall capability of defending information security through the joint efforts of the whole society
Antivirus laws in ChinaAntivirus laws in China
Promulgation of “Computer Information Promulgation of “Computer Information System Security Protection Ordinance of System Security Protection Ordinance of People’s Republic of China” in 1994People’s Republic of China” in 1994
- Promulgation of new “Criminal Law of Promulgation of new “Criminal Law of People’s Republic of China” in 1997People’s Republic of China” in 1997
- Promulgation of “Rules of Computer Virus Promulgation of “Rules of Computer Virus Protection and Disinfections Management” Protection and Disinfections Management” by PSM of PRC in 2000by PSM of PRC in 2000
Definition of Computer Virus in ChinaDefinition of Computer Virus in China
A set of codes programmed or inserted A set of codes programmed or inserted into computer programs, which is able into computer programs, which is able to self-duplicate, harm the computer to self-duplicate, harm the computer function, destruct data and affect the function, destruct data and affect the proper use of computerproper use of computer
- Article 28 “Computer Information System - Article 28 “Computer Information System Security Protection Ordinance of PRC”Security Protection Ordinance of PRC”
“ “Deliberately program and distribute malicious codDeliberately program and distribute malicious codes like computer virus etc., with the result of affectes like computer virus etc., with the result of affecting the proper running of computer system, leads ting the proper running of computer system, leads to destructive consequence ” will be punished. o destructive consequence ” will be punished.
- “Criminal Law of People’s Republic of China”- “Criminal Law of People’s Republic of China”
- Promulgated according to “Computer Information System Security Protection Promulgated according to “Computer Information System Security Protection Ordinance”Ordinance”
- No entities or individual are allowed to publish the false computer virus No entities or individual are allowed to publish the false computer virus prevalence informationprevalence information
- Anti-Virus products testing and certification institutions should conduct timely Anti-Virus products testing and certification institutions should conduct timely analysis and confirmation of the submitted virus samples and report the result analysis and confirmation of the submitted virus samples and report the result to Public Network Information Security Supervision Bureauto Public Network Information Security Supervision Bureau
- Provide education and training to the computer information system operating Provide education and training to the computer information system operating personnel of each entitiespersonnel of each entities
- Use those computer virus protection products which obtained computer Use those computer virus protection products which obtained computer information security system product sales license information security system product sales license
-“Rules of Computer Virus Protection and Disinfections management ”-“Rules of Computer Virus Protection and Disinfections management ”
Antivirus organization in ChinaAntivirus organization in China - National Information Work Leading Committee is in charge of National Information Work Leading Committee is in charge of
information security work in Chinainformation security work in China- Public Security Ministry and its branch are in charge of antivirus case Public Security Ministry and its branch are in charge of antivirus case
in Chinain China- CNCERT/CC is responsible for the coordination of activities among CNCERT/CC is responsible for the coordination of activities among
all Computer Emergency Response Teams within China concerning all Computer Emergency Response Teams within China concerning incidents in national public telecommunications infrastructure incidents in national public telecommunications infrastructure networks like the Internet.networks like the Internet.
- National Computer Virus Emergency Response Center that belongs to National Computer Virus Emergency Response Center that belongs to CNCERT is in charge of virus emergency response work in ChinaCNCERT is in charge of virus emergency response work in China
- Anti-Virus Products Testing and Certification Center is in charge of Anti-Virus Products Testing and Certification Center is in charge of the certification work of anti-virus productsthe certification work of anti-virus products
Responsibility of National Computer Responsibility of National Computer
Virus Emergency ResponseVirus Emergency Response Set up the national computer virus monitoring network in ChinaSet up the national computer virus monitoring network in China
Detect and deal with the computer virus events, and submit the virus infection Detect and deal with the computer virus events, and submit the virus infection report to CNCERT and the department in charge of antivirus report to CNCERT and the department in charge of antivirus
Provide solutions of the computer viruses for the users in China, instruct the usProvide solutions of the computer viruses for the users in China, instruct the user to establish and implement the antivirus countermeasureer to establish and implement the antivirus countermeasure
Provide technical support to related department for implementing the policies Provide technical support to related department for implementing the policies of treating computer viruses in Chinaof treating computer viruses in China
Provide rescue services for the computer users attacked by computer viruses in Provide rescue services for the computer users attacked by computer viruses in ChinaChina
According to the terms of law, coordinate with the Public Security Department According to the terms of law, coordinate with the Public Security Department to punish the criminal activities using computer virusesto punish the criminal activities using computer viruses
Implement technical collaboration and information exchange mechanism with Implement technical collaboration and information exchange mechanism with local and international antivirus researching organizationslocal and international antivirus researching organizations
Train antivirus technical and management practitioners in ChinaTrain antivirus technical and management practitioners in China Hold computer viruses prevalence situation surveyHold computer viruses prevalence situation survey Announce computer virus predictionAnnounce computer virus prediction
How to deal with new virus found by CVERC in ChinaHow to deal with new virus found by CVERC in China -- Virus Virus Emergency Response Center will forward the virus sample to all anti-virEmergency Response Center will forward the virus sample to all anti-vir
us companies when detecting new viruses;us companies when detecting new viruses;-- Anti-virus companies should provide analysis report and virus samples after finAnti-virus companies should provide analysis report and virus samples after fin
ding new viruses;ding new viruses;- Virus Emergency Response Center will provide the analysis report to CNCER- Virus Emergency Response Center will provide the analysis report to CNCER
T , and according to the risk level to suggest whether or not to issue virus outbT , and according to the risk level to suggest whether or not to issue virus outbreak announcementreak announcement
- Monitoring the new virus, if finding the information of virus writer, informing - Monitoring the new virus, if finding the information of virus writer, informing police of detection police of detection
-- Upgrading of software by each of anti-virus companies;Upgrading of software by each of anti-virus companies;
From 2001 to 2004, hold the national wide pFrom 2001 to 2004, hold the national wide prevalence situation survey in China for four trevalence situation survey in China for four timesimes
Hold antivirus conference two times, antivirHold antivirus conference two times, antivirus experts from USA, Japan, Korea, UK, Spaus experts from USA, Japan, Korea, UK, Spain, Russia, Singapore, Philippine and Hongkin, Russia, Singapore, Philippine and Hongkong attended the conference for technical coong attended the conference for technical communion.mmunion.
Introduction of China computer virus surveyIntroduction of China computer virus survey
Computer Vi rus I nf ect i on Rate
73%
83. 98% 85. 57% 87. 93%
50%55%60%65%70%75%80%85%90%95%
100%
2001 2002 2003 2004
Frequency of Computer Vi rus I nf ect i on
0%10%20%30%40%50%60%70%80%90%
1 t i me 2 t i mes Over 3 t i mes
2001200220032004
Virus Infection Rate in Different Period
0. 00%2. 00%4. 00%6. 00%8. 00%
10. 00%12. 00%14. 00%16. 00%18. 00%
May Jun. Jul. Aug. Sept. Oct. Nov. Dec. Jan. Feb. Mar. Apr.
2001- 20022002- 20032003- 2004
Virus damage rate
43%
64. 05% 63. 57%49. 38%
0%
20%
40%
60%
80%
2001 2002 2003 2004
Mai n channel s of vi rus di ssemi nati on
0%
10%
20%
30%
40%
50%
60%
downl oad orbrowse
E-mai l Local network CD-ROM or fl oppydi sk
2001200220032004
The top 10 viruses in ChinaThe top 10 viruses in China time
No.(2001,5) ( 2002,5 ) (2003,5) ( 2004 , 5 )
1 CIH Exploit Redlof Netsky
2 Funlove Nimda Spage Redlof
3 Binghe Binghe Nimda Homepage
4 W97M.marker JS.SeekerTrojan.QQKiller6
.8.serUnknown mail
5 MTX Happytime Klez Lovegate
6 Troj.erase Funlove Funlove Funlove
7 BO Klez JS.AppletAcx htadropper
8 YAI CIH Mail.virus Webimport
9 wyx GopScript.exploit.htm.
pageactiveXCompone
nt
10 Troj.gdoor Troj.netthiefHack.crack.foxma
ilwyx
The actual state and trend of CVERCThe actual state and trend of CVERC
Set up computer virus monitor networkSet up computer virus monitor networkLocal and international antivirus vendors become the member of computeLocal and international antivirus vendors become the member of computer virus emergency response team.r virus emergency response team.Computer users actively submit computer virus prevalence situation.Computer users actively submit computer virus prevalence situation.
Detect and solve computer virus incidentsDetect and solve computer virus incidents– More than 3400 rescue emails and 3000 rescue phone calls procMore than 3400 rescue emails and 3000 rescue phone calls proc
essed in 2004 essed in 2004 – For the 22 times of most emergent virus outbreak like “Mydoom”, “NetskFor the 22 times of most emergent virus outbreak like “Mydoom”, “Netsk
y” and “Sasser” collaborate with computer virus emergency response teay” and “Sasser” collaborate with computer virus emergency response team for providing virus analyzing, monitoring and solutions to computer usem for providing virus analyzing, monitoring and solutions to computer users in China.rs in China.
Buildup special emergency response teams for important events and pBuildup special emergency response teams for important events and period during holidayseriod during holidays
Organize local and international antivirus vendors to set up “Computer virOrganize local and international antivirus vendors to set up “Computer virus emergency response team for both the NPC and CPPCC sessions”us emergency response team for both the NPC and CPPCC sessions”Monitor the computer virus activities during the period of holding NationaMonitor the computer virus activities during the period of holding National conference, ensure the computer security.l conference, ensure the computer security.
The actual state and trend of The actual state and trend of CVERCCVERC(( ContinuedContinued ))
Announce computer virus pre-cautionAnnounce computer virus pre-caution
Released 50 times of computer virus monitoring weeklReleased 50 times of computer virus monitoring weekly news paper in 2004y news paper in 2004
– Released 52 times of computer virus forecast in Released 52 times of computer virus forecast in 20042004
Establish antivirus propagandize areaEstablish antivirus propagandize area
– Collaborate with CCTV for computer virus foreCollaborate with CCTV for computer virus forecast programcast program
– Collaborate with Xinhuanet for computer virus Collaborate with Xinhuanet for computer virus forecastforecast
– Hold webcast program with XinhuanetHold webcast program with Xinhuanet
Computer virus forecast on xinhuanet
Webcast of xinhuanet
The Headlline News of XinhuanetThe Headlline News of Xinhuanet
Enhance the technical communionEnhance the technical communion
CEO of Microsoft Great China Area
Technical communion with TrendMicro
According to the contribution for the According to the contribution for the development of AVAR in 2003, National development of AVAR in 2003, National Computer Virus Emergency Response Computer Virus Emergency Response Center was awarded as the best membership Center was awarded as the best membership of AVAR 2003.of AVAR 2003.
Best membership of AVAR 2003Best membership of AVAR 2003
Cooperate with Trend Micro Incorporated and Cooperate with Trend Micro Incorporated and set up TrendLab China for tracing internatioset up TrendLab China for tracing international computer virus development trends.nal computer virus development trends.
Trend Lab China
Detect virus PEDetect virus PE__MINCER.A MINCER.A
Detect virus “Hedong”Detect virus “Hedong”
Detect virus “WORMDetect virus “WORM__MYBA.A ”MYBA.A ”
Discover and detect “WORMDiscover and detect “WORM__MUMU.A”\MUMU.A”\
The problem faces us nowThe problem faces us now
--New users continuously increase while lacking ofNew users continuously increase while lacking of
appropriate security knowledge and techniques;appropriate security knowledge and techniques;
- Lacking of a full effective computer virus protection and- Lacking of a full effective computer virus protection and
disinfections training coursedisinfections training course
- Young people lack of legal knowledge regarding computer- Young people lack of legal knowledge regarding computer
securitysecurity
-Lacking of Nation level computer monitoring and pre-caution -Lacking of Nation level computer monitoring and pre-caution systemsystem
Our GoalOur Goal
Effective punishmentEffective punishment
Insuring RecoveryInsuring Recovery
Celerity reactionCelerity reaction
Active PreventionActive Prevention
Timely FindTimely Find
ThanksThanks
National Computer Virus Emergency Response CenterNational Computer Virus Emergency Response CenterAnti-Virus Products Testing and Certification CenterAnti-Virus Products Testing and Certification Center
Http://www.antivirus-China.org.cnHttp://[email protected] [email protected]