Purpose-Amidst an increasingly severe cybersecurity landscape,the widespread adoption of Xinchuang endpoints has become a strategic imperative.Governments and enterprises have established terminal localization as a cr...Purpose-Amidst an increasingly severe cybersecurity landscape,the widespread adoption of Xinchuang endpoints has become a strategic imperative.Governments and enterprises have established terminal localization as a critical objective,aiming for comprehensive indigenous replacement through rapid technological iteration.Consequently,Xinchuang systems and Windows platforms are expected to coexist over an extended period.This study seeks to establish an automated verification framework for multi-version operating systems and validate the efficacy of baseline hardening in mitigating security risks.Design/methodology/approach-Based on the Classified Protection 2.0 framework and relevant national standards for endpoint security,this study proposes an endpoint security baseline verification scheme applicable to multiple operating systems.The scheme addresses divergent security policies and implementation methodologies across heterogeneous environments.It automates the inspection of core baselines,including account password complexity,default shared service status and patch installation status.Furthermore,a comprehensive scoring model is established by incorporating differentiated weights for account security,patch management and log auditing,ultimately generating visualized risk reports to facilitate remediation prioritization.Findings-This study reveals that baseline configuration serves as the fundamental prerequisite in endpoint security practices.Through a scalable detection engine and quantitative scoring model,the system can promptly identify and remediate potential risks,thereby reducing the attack surface and mitigating intrusion risks.However,on certain domestic chip architectures,compatibility issues persist in detecting specific configuration items.Further improvement in hardware-software co-adaptation for domestic platforms is required to advance the development of localized security protection systems.Originality/value-Through in-depth research on security baseline configurations across multiple operating systems,this study implements an automated and visualized baseline verification methodology.This approach significantly strengthens the security posture of domestic operating systems and supports the establishment of a more robust,national-level cybersecurity defense framework.展开更多
Recently,with the normalization of non-face-to-face online environments in response to the COVID-19 pandemic,the possibility of cyberattacks through endpoints has increased.Numerous endpoint devices are managed meticu...Recently,with the normalization of non-face-to-face online environments in response to the COVID-19 pandemic,the possibility of cyberattacks through endpoints has increased.Numerous endpoint devices are managed meticulously to prevent cyberattacks and ensure timely responses to potential security threats.In particular,because telecommuting,telemedicine,and teleeducation are implemented in uncontrolled environments,attackers typically target vulnerable endpoints to acquire administrator rights or steal authentication information,and reports of endpoint attacks have been increasing considerably.Advanced persistent threats(APTs)using various novel variant malicious codes are a form of a sophisticated attack.However,conventional commercial antivirus and anti-malware systems that use signature-based attack detectionmethods cannot satisfactorily respond to such attacks.In this paper,we propose a method that expands the detection coverage inAPT attack environments.In this model,an open-source threat detector and log collector are used synergistically to improve threat detection performance.Extending the scope of attack log collection through interworking between highly accessible open-source tools can efficiently increase the detection coverage of tactics and techniques used to deal with APT attacks,as defined by MITRE Adversarial Tactics,Techniques,and Common Knowledge(ATT&CK).We implemented an attack environment using an APT attack scenario emulator called Carbanak and analyzed the detection coverage of Google Rapid Response(GRR),an open-source threat detection tool,and Graylog,an open-source log collector.The proposed method expanded the detection coverage against MITRE ATT&CK by approximately 11%compared with that conventional methods.展开更多
基金supported by scientific research projects of China Academy of Railway Sciences Co.,Ltd.(grant no.2024YJ117).
文摘Purpose-Amidst an increasingly severe cybersecurity landscape,the widespread adoption of Xinchuang endpoints has become a strategic imperative.Governments and enterprises have established terminal localization as a critical objective,aiming for comprehensive indigenous replacement through rapid technological iteration.Consequently,Xinchuang systems and Windows platforms are expected to coexist over an extended period.This study seeks to establish an automated verification framework for multi-version operating systems and validate the efficacy of baseline hardening in mitigating security risks.Design/methodology/approach-Based on the Classified Protection 2.0 framework and relevant national standards for endpoint security,this study proposes an endpoint security baseline verification scheme applicable to multiple operating systems.The scheme addresses divergent security policies and implementation methodologies across heterogeneous environments.It automates the inspection of core baselines,including account password complexity,default shared service status and patch installation status.Furthermore,a comprehensive scoring model is established by incorporating differentiated weights for account security,patch management and log auditing,ultimately generating visualized risk reports to facilitate remediation prioritization.Findings-This study reveals that baseline configuration serves as the fundamental prerequisite in endpoint security practices.Through a scalable detection engine and quantitative scoring model,the system can promptly identify and remediate potential risks,thereby reducing the attack surface and mitigating intrusion risks.However,on certain domestic chip architectures,compatibility issues persist in detecting specific configuration items.Further improvement in hardware-software co-adaptation for domestic platforms is required to advance the development of localized security protection systems.Originality/value-Through in-depth research on security baseline configurations across multiple operating systems,this study implements an automated and visualized baseline verification methodology.This approach significantly strengthens the security posture of domestic operating systems and supports the establishment of a more robust,national-level cybersecurity defense framework.
基金This study is the result of a commissioned research project supported by the affiliated institute of ETRI(No.2021-026)partially supported by the NationalResearch Foundation of Korea(NRF)grant funded by the Korean government(MSIT)(No.2020R1F1A1061107)+2 种基金the Korea Institute for Advancement of Technology(KIAT)grant funded by the Korean government(MOTIE)(P0008703,The Competency Development Program for Industry Specialist)the MSIT under the ICAN(ICT Challenge and Advanced Network of HRD)program[grant number IITP-2022-RS-2022-00156310]supervised by the Institute of Information&Communication Technology Planning and Evaluation(IITP).
文摘Recently,with the normalization of non-face-to-face online environments in response to the COVID-19 pandemic,the possibility of cyberattacks through endpoints has increased.Numerous endpoint devices are managed meticulously to prevent cyberattacks and ensure timely responses to potential security threats.In particular,because telecommuting,telemedicine,and teleeducation are implemented in uncontrolled environments,attackers typically target vulnerable endpoints to acquire administrator rights or steal authentication information,and reports of endpoint attacks have been increasing considerably.Advanced persistent threats(APTs)using various novel variant malicious codes are a form of a sophisticated attack.However,conventional commercial antivirus and anti-malware systems that use signature-based attack detectionmethods cannot satisfactorily respond to such attacks.In this paper,we propose a method that expands the detection coverage inAPT attack environments.In this model,an open-source threat detector and log collector are used synergistically to improve threat detection performance.Extending the scope of attack log collection through interworking between highly accessible open-source tools can efficiently increase the detection coverage of tactics and techniques used to deal with APT attacks,as defined by MITRE Adversarial Tactics,Techniques,and Common Knowledge(ATT&CK).We implemented an attack environment using an APT attack scenario emulator called Carbanak and analyzed the detection coverage of Google Rapid Response(GRR),an open-source threat detection tool,and Graylog,an open-source log collector.The proposed method expanded the detection coverage against MITRE ATT&CK by approximately 11%compared with that conventional methods.
