防止ajax数据篡改_如何防止业务中的数据篡改

防止ajax数据篡改

Who likes people messing with their stuff? We’ve learned (or known) since we were toddlers, what is ours is OURS and we don’t want people messing with OUR stuff. Same is true for our organization’s data. Don’t let attackers mess with it!

谁喜欢人们弄乱他们的东西？ 我们从蹒跚学步开始就已经学过(或知道)，我们的是我们的，我们不希望人们弄乱我们的东西。 我们组织的数据也是如此。 不要让攻击者弄乱它！

One of the most critical assets of an organization is this data and it is among the top priorities of businesses to prevent their data from being tampered with.

数据是组织最重要的资产之一，它是防止数据被篡改的企业的首要任务之一。

Cyberattacks have witnessed a substantial increase every year.

网络攻击每年都在大量增加。

While organizations are addressing these security concerns, data authenticity continues to be one of the most critical factors when it comes to cybersecurity. Thus, companies are now finding ways to prevent data tampering and enforce better security in their organizations.

尽管组织正在解决这些安全问题，但在网络安全方面，数据真实性仍然是最关键的因素之一。 因此，公司现在正在寻找防止数据篡改并在组织中实施更好的安全性的方法。

Before we dive into the best ways for data tampering prevention, let’s take a look at how it affects your organization and why you should be concerned about it.

在我们探讨防止数据篡改的最佳方法之前，让我们看一下它如何影响您的组织以及您为什么要为此担心。

数据篡改有哪些风险？ (What Are the Risks of Data Tampering?)

According to the National Health Services (NHS), they lost $100 million to the WannaCry ransomware attack. What’s more disturbing is that cyberattacks such as ransomware often involve some kind of data tampering.

根据国家卫生服务局(NHS)的数据，他们因WannaCry勒索软件攻击而损失了1亿美元 。 更令人不安的是，勒索软件等网络攻击经常涉及某种数据篡改。

Attackers insert malicious files that change the configuration of a network or system, modify user credentials to gain access to sensitive data, or tamper with log files.

攻击者插入恶意文件，这些文件会更改网络或系统的配置，修改用户凭据以访问敏感数据或篡改日志文件。

Imagine if an attacker infiltrated your company’s network, modified your customers’ data, and then tampered with the log files to cover their tracks.

想象一下，如果攻击者渗透到您公司的网络中，修改了客户的数据，然后篡改了日志文件以掩盖他们的踪迹。

How long would it be before you realized you have become a victim of data tampering?

您意识到自己已成为数据篡改的受害者之前需要多长时间？

Would you be able to trace the attack back to the attacker or secure your customers’ data?

您能否将攻击追溯到攻击者或保护客户的数据？

Attackers are increasingly using ransomware, a type of malware attack during which hackers encrypt an organization’s data or system and demand for ransom to release the decryption keys.

攻击者越来越多地使用勒索软件，这是一种恶意软件攻击，在此期间，黑客对组织的数据或系统进行加密，并要求勒索以释放解密密钥。

According to Coveware, the average amount of ransom demand increased to $84,116 in the last quarter of 2019.

根据Coveware的数据 ，2019年最后一个季度的平均赎金需求增加到84,116美元。

While it is advised that companies do not pay ransom to attackers, often such attacks could leverage sensitive data of a company, and may threaten their entire business all at once. Data tampering can have far-reaching, severe consequences on an organization.

尽管建议公司不要向攻击者支付赎金，但此类攻击通常会利用公司的敏感数据，并可能一次威胁到其整个业务。 数据篡改会对组织产生深远而严重的后果。

Two of the most important steps to contain the damage due to data tampering is to quickly detect that your data has been modified or tampered with and to maintain good backups of your data that are separated from your core data (so they cannot be tampered with). Clearly, it is imperative that businesses stay vigilant to protect their data from tampering attacks.

遏制由于数据篡改而造成损害的最重要的两个步骤是，快速检测到您的数据已被修改或篡改，并保持与核心数据分离的数据的良好备份(因此无法对其进行篡改) 。 显然，企业必须保持警惕，以保护其数据免遭篡改攻击。

Let’s check out what you can do for data tampering prevention.

让我们来看看如何防止数据篡改。

如何防止数据篡改？ (How Can You Prevent Data Tampering?)

As businesses handle large volumes of data on a regular basis, prevention against data tampering has become necessary.

随着企业定期处理大量数据，防止数据篡改变得很有必要。

Here are 5 effective ways you can use for data tampering prevention:

您可以使用以下5种有效方法来防止数据篡改：

1.对静态数据和传输中的数据强制执行加密 (1. Enforce Encryption for Data-at-Rest and Data-in-Transit)

Unprotected data, whether at rest or in transit, leaves organizations vulnerable to data tampering and other cyberattacks. One of the most effective ways to protect data-at-rest and -in-transit is encryption.

无论是处于静止状态还是在传输过程中，不受保护的数据都会使组织容易受到数据篡改和其他网络攻击的攻击。 加密是保护静态数据和传输中最有效的方法之一。

Simply put, data encryption is the process of translating data from one form into another that unauthorized users cannot decrypt.

简而言之，数据加密是将数据从一种形式转换为未经授权的用户无法解密的另一种形式的过程。

How can data encryption prevent data tampering attacks?

数据加密如何防止数据篡改攻击？

For example, you store your customers’ credit card details in a database, so by encrypting data-at-rest, you are essentially converting your customers’ sensitive data into an encrypted format that cannot be decoded or read without a decryption key.

例如，您将客户的信用卡详细信息存储在数据库中，因此，通过加密静态数据，实际上就是将客户的敏感数据转换为加密格式，而没有解密密钥就无法解密或读取该数据。

While attackers may be able to tamper with the encrypted data, they cannot tamper it in a meaningful way. For example, they cannot change a transfer from Steve -> Joe to Steve -> Attacker.

尽管攻击者可以篡改加密的数据，但他们无法以有意义的方式篡改数据。 例如，他们不能更改从Steve-> Joe到Steve-> Attacker的转移。

To protect data-at-rest, you can simply encrypt sensitive data prior to storing it or encrypt the storage drive itself. For encrypting data in transit, you can use encrypted connections such as SSL, TLS, HTTPS, FTPS, etc.

为了保护静态数据，您可以在存储敏感数据之前对其进行简单加密，或者对存储驱动器本身进行加密。 为了加密传输中的数据，可以使用加密连接，例如SSL，TLS，HTTPS，FTPS等。

To further strengthen your data encryption, assign role-based controls to ensure only authorized users have access to the encrypted data. Additionally, you can also implement multi-factor authentication to increase security.

为了进一步加强数据加密，请分配基于角色的控件，以确保只有授权用户才能访问加密的数据。 此外，您还可以实施多因素身份验证以提高安全性。

2.写时复制文件系统 (2. Copy-on-Write File Systems)

Copy-on-write, often referred to as COW, is a concept used to maintain instant snapshots on database servers. It can also help with data tampering prevention.

写入时复制(通常称为COW)是用于在数据库服务器上维护即时快照的概念。 它还可以帮助防止数据篡改。

Each time a database is modified, delta snapshots are taken. Security teams can detect data tampering by monitoring snapshots and checking for unexpected file system snapshots.

每次修改数据库时，都会拍摄增量快照。 安全团队可以通过监视快照并检查意外的文件系统快照来检测数据篡改。

Many database applications and operating systems (such as Linux, Unix) come with a built-in snapshot feature. This makes it easy for enterprises to integrate COW or any other similar technology and stay updated about their database modifications.

许多数据库应用程序和操作系统(例如Linux，Unix)都具有内置的快照功能。 这使企业可以轻松集成COW或任何其他类似技术，并保持有关数据库修改的最新信息。

COW also helps protect data against potential cyberattacks such as ransomware based encryption attacks. Thus, it becomes easier to restore the file system to a pre-attack state with data in its original state, retrieve lost data, and eliminate any downtime.

COW还有助于保护数据免受潜在的网络攻击，例如基于勒索软件的加密攻击。 因此，变得更容易将文件系统还原到具有原始状态的数据的攻击前状态，检索丢失的数据并消除任何停机时间。

3.使用HMAC的数据完整性 (3. Data Integrity using HMACs)

Hash-based message authentication code (HMAC) is a type of message authentication code (MAC) that consists of a cryptographic hash function and a secret cryptographic key.

基于哈希的消息认证码(HMAC)是一种消息认证码(MAC)，它由加密哈希函数和秘密加密密钥组成。

Basically, an HMAC is a way of signing a message/file so that if the data is tampered with, it is very easy to detect and then you know not to trust the tampered data.

基本上，HMAC是对消息/文件进行签名的一种方法，因此，如果数据被篡改，则很容易检测到，然后您就知道不信任被篡改的数据。

How does HMAC work for data tampering prevention?

HMAC如何用于防止数据篡改？

When two or more parties exchange data through secure file transfer protocols, the data is accompanied by HMACs instead of just plain hashes. This technology consists of a shared secret key and a hash function.

当两个或多个参与方通过安全文件传输协议交换数据时，数据伴随有HMAC，而不仅仅是纯哈希。 该技术由共享密钥和哈希函数组成。

A hash is taken of the message and that is then signed by the shared key. A shared secret key helps exchanging parties ensure the authenticity of the data. Thus, providing a way to verify whether the data and HMAC they receive is really from the authorized, expected sender and the message has not been altered.

对该消息进行哈希处理，然后由共享密钥对其进行签名。 共享密钥有助于交换双方确保数据的真实性。 因此，提供了一种方法来验证它们接收到的数据和HMAC是否确实来自授权的预期发件人，并且消息是否未被更改。

4.文件完整性监控(FIM) (4. File Integrity Monitoring (FIM))

File integrity monitoring is a powerful security technique to secure business data and IT infrastructure against both known and unknown threats. FIM is the process of monitoring files to check if any changes have been made.

文件完整性监视是一种强大的安全技术，可确保业务数据和IT基础架构免受已知和未知威胁的侵害。 FIM是监视文件以检查是否进行了任何更改的过程。

How does this technology help with data tampering prevention?

这项技术如何帮助防止数据篡改？

It assesses system files and generates a cryptographic checksum as a baseline. Then, the FIM repeatedly recalculates the checksum of the same resources, compares it to the baseline, and if it detects changes, it generates a security alert.

它评估系统文件并生成加密校验和作为基准。 然后，FIM反复重新计算相同资源的校验和，并将其与基准进行比较，如果检测到更改，它将生成安全警报。

FIM systems typically monitor user credentials, privileges, identities, operating systems, configuration files, application files, and encryption key stores.

FIM系统通常监视用户凭据，特权，身份，操作系统，配置文件，应用程序文件和加密密钥存储。

FIM systems are resource-intensive, especially while dealing with large amounts of data and those that change frequently. That said, it’s crucial to monitor files that are more vulnerable to cyberattacks or are confidential so that you invest your resources efficiently.

FIM系统是资源密集型的，尤其是在处理大量数据以及那些经常更改的数据时。 就是说，监视更容易受到网络攻击或机密的文件至关重要，以便您有效地投资资源。

5. WORM系统(一次写入多次读取) (5. WORM systems (Write Once Read Many))

Write once read many (WORM) systems refers to a storage technology where data, once written, cannot be overwritten or modified. This technology has long been used for archival purposes of large enterprises and government agencies.

一次写入多次读取(WORM)系统是指一种存储技术，其中一旦写入数据就不能覆盖或修改。 长期以来，该技术已用于大型企业和政府机构的存档目的。

WORM systems offer a long-term storage strategy that ensures users cannot accidentally or intentionally erase or modify data. This technology provides virtual protection against erasure of data.

WORM系统提供了一种长期存储策略，可确保用户不会意外或有意删除或修改数据。 该技术提供虚拟保护，防止数据擦除。

Compromising data on WORM systems is difficult at best, but still possible if an expert with a high degree of technical knowledge has unrestricted access to the deepest levels of the operating system and gains access to the WORM drives.

最好不要在WORM系统上破坏数据，但是，如果具有高水平技术知识的专家可以不受限制地访问操作系统的最深层并且可以访问WORM驱动器，则仍然有可能。

To ensure your WORM systems are well-protected, implement user access controls such as least privilege models that give users access to only what they need in order to perform their jobs.

为了确保您的WORM系统受到良好的保护，请实施用户访问控制(例如最低特权模型)，使用户只能访问他们执行工作所需的内容。

外卖 (Takeaways)

Data tampering is an emerging cybersecurity issue that could be devastating for an organization.

数据篡改是一个新兴的网络安全问题 ，对于组织而言可能是灾难性的。

While the impact of data tampering varies depending on the business value of the data compromised, it is more likely to cause severe damage to enterprises.

尽管数据篡改的影响取决于被泄露数据的业务价值，但它更可能对企业造成严重破坏。

Data tampering prevention can include simple security measures such as the encryption of data, and can include lengths such as using file integrity monitoring (FIM) systems for better security.

防止数据篡改可以包括简单的安全措施(例如，数据加密)，并且可以包括长度(例如，使用文件完整性监控(FIM)系统以获得更好的安全性)。

Ultimately, which solution works best for you to secure your data against potential threats depends on your organizational needs.

最终，哪种解决方案最适合您，以保护数据免受潜在威胁，取决于您的组织需求。

We can help you run security audits to ensure that your organization is secure from data tampering attacks and help you implement a sound, robust security model.

我们可以帮助您进行安全审核，以确保您的组织免受数据篡改攻击的侵害，并帮助您实施完善，强大的安全模型。

About Author:

关于作者：

Steve Kosten is a Principal Security Consultant at Cypress Data Defense and an instructor for the SANS DEV541 Secure Coding in Java/JEE: Developing Defensible Applications course.

Steve Kosten是赛普拉斯数据防御部门的首席安全顾问，并且是Java / JEE：开发防御性应用程序课程中SANS DEV541安全编码的讲师。

翻译自: https://towardsdatascience.com/how-to-prevent-data-tampering-in-your-business-7493066ca899

防止ajax数据篡改