浅析工业蜜罐技术在工业互联网场景下应用

Analyzing the Application of Industrial Honeypot Technology in the Industrial Internet Scene

从NAS方程式组织网络攻击武器的大规模泄露,到不死的“永恒之蓝”漏洞,再到被广泛应用的各类web应用漏洞、IoT漏洞;从趋于定向化和敏捷化的勒索攻击,到各类挖矿攻击的全面铺开;从屡次的数据泄露事件曝光,到几乎每天曝光的APT攻击。不绝于耳的网络安全事件让工业企业深切感受到攻击手段更加武器化,在经济利益驱使下黑客的攻击更加理性化,网络攻击更加产业化,国与国之间的攻防对抗常态化,网络攻击面更加扩大化。“网络安全的本质是对抗,对抗的本质是攻防两端能力的较量”,高级威胁逐年呈上升趋势,APT攻击、0day漏洞等未知威胁攻击对传统安全防护手段带来极大挑战,攻防博弈不断升级,攻防不平衡的现状亟待新防御方案的出现。本文通过分析当下工业企业想要提升主动防御的需求,梳理工业蜜罐的技术架构和实现功能,以及在工业企业中的应用场景,实现帮助工业企业有效提升防护能力的目的。

With the large-scale leakage of network attack tools organized by the NAS Equation Group,to the enduring"EternalBlue"vulnerability,and then to various widely exploited web application vulnerabilities and loT vulnerabilities;from targeted and agile ransomware attacks to the comprehensive proliferation of various mining attacks;from repeated exposure of data breach events to nearly daily disclosed APT attacks.The constant network security incidents have made industrial enterprises deeply feel that the attack methods are becoming more weaponized,hacker attacks driven by economic interests are becoming more rational,network attacks are becoming more industrialized,and confrontations between nations in terms of offense and defense are becoming more normalized,thereby broadening the spectrum of network attacks.The core of network security is confrontation,and at its heart lies the competition of capabilities between attack and defense.Advanced threats are on the rise year by year,and unknown threat attacks such as APT attacks and Oday vulnerabilities pose great challenges to traditional security protection methods.The contest between attack and defense is continuously escalating,and the current situation of imbalance between them urgently requires the emergence of new defensive solutions.This article analyzes the current needs of industrial enterprises to enhancing proactive defense,outlines the technical architecture and implementation functions of industrial honeypots,as well as their application scenarios in industrial enterprises,in order to help industrial enterprises effectively improve their protection capabilities.