如何保护您的数据免遭未经授权的访问

Data protection is one of the primary concerns of organizations around the world today. Information security (InfoSec), which is primarily about prohibiting unauthorized access to information, is what makes data protection possible.

数据保护是当今世界各地组织的主要关注之一。 信息安全(InfoSec)主要是关于禁止未经授权访问信息，这使得数据保护成为可能。

By 2020, security services such as security information and event management (SIEM) and other managed services are estimated to account for nearly 50% of cyber security budgets. This implies that enterprises are increasingly prioritizing cyber security and implementing better and more robust security practices to prevent unauthorized access by attackers or malicious insiders.

到2020年，安全信息和事件管理(SIEM)等安全服务以及其他托管服务估计将占网络安全预算的近50％ 。 这意味着企业越来越重视网络安全，并实施更好和更强大的安全实践，以防止攻击者或恶意内部人员未经授权的访问。

Is your data secure enough to prevent unauthorized access? In this article, let’s take a look at what you can do to boost your security.

您的数据是否足够安全以防止未经授权的访问？ 在本文中，让我们看一下可以采取哪些措施来增强安全性。

防止未经授权的数据访问：帮助您提高网络安全性的9条提示 (Prevent Unauthorized Data Access: 9 Tips to Help You Boost Your Cybersecurity)

There are several high-level security best practices that every enterprise should adopt to protect their data from unauthorized access. Here are our recommendations to help you prevent unauthorized data access:

每个企业都应采用几种高级安全最佳实践来保护其数据免遭未经授权的访问。 以下是我们的建议，可帮助您防止未经授权的数据访问：

1.保持所有安全补丁的最新状态 (1. Keep Current on all Security Patches)

The first step for any organization to prevent unauthorized data access is to keep current on all the security patches.

任何组织要防止未经授权的数据访问，第一步就是保持所有安全补丁程序的最新状态。

Here’s why:

原因如下：

Security patches address vulnerabilities in software, operating systems, drivers, etc., that attackers might use to gain access to your device and your data. Security patches for operating systems such as Windows, Linux, Android, iOS are essential because an OS vulnerability can have severe consequences. Additionally, continually update drivers and software applications as new patches become available.

安全补丁解决了软件，操作系统，驱动程序等中的漏洞 ，攻击者可能会利用这些漏洞来访问您的设备和数据。 Windows，Linux，Android，iOS等操作系统的安全补丁至关重要，因为OS漏洞可能会带来严重后果。 此外，随着新补丁的发布，不断更新驱动程序和软件应用程序。

The WannaCry virus that took down more than 400,000 computer systems across 150 countries was one of the most severe attacks in recent years. It attacked the vulnerability in the SMB V1 (Server Message Block) protocol of Windows and was launched by using the EternalBlue exploit.

WannaCry病毒破坏了150个国家/地区的40万多个计算机系统，是近年来最严重的攻击之一。 它攻击了Windows的SMB V1(服务器消息块)协议中的漏洞，并使用EternalBlue漏洞进行了启动。

What’s interesting is that security patches for these vulnerabilities were available long before the attack was launched. But there were thousands of users who had not updated their security patches and thus, became victims of the attack.

有趣的是，针对这些漏洞的安全补丁在攻击发起之前就已经存在。 但是，成千上万的用户尚未更新其安全补丁，因此成为攻击的受害者。

With the use of updated security patches, users could have prevented giving unauthorized access for the system attacks.

通过使用更新的安全补丁，用户可以防止未经授权的系统攻击访问。

It is important to ensure that you download the latest security patches and updates for your operating systems and other software to protect it against cyberattacks. You can also enable automatic updates so that whenever a security patch or update is released, the system automatically installs it.

重要的是，请确保为操作系统和其他软件下载最新的安全补丁程序和更新，以防止受到网络攻击。 您还可以启用自动更新，以便每当发布安全补丁或更新时，系统都会自动安装它。

By staying prepared and updated, you can protect your data from those trying to get unauthorized access to it.

通过随时准备和更新，可以保护您的数据免受试图未经授权访问的数据的侵害。

2.快速检测并响应入侵 (2. Detect and Respond to Intrusions Quickly)

Of course, you’d want to stay vigilant and be prepared to prevent hackers from unauthorized data access.

当然，您需要保持警惕，并做好防止黑客未经授权访问数据的准备。

But what if you couldn’t detect an intrusion?

但是，如果您无法检测到入侵怎么办？

What’s the way forward?

前进的方向是什么？

The earlier you detect an intrusion, the earlier you can respond to it. Prevention is undoubtedly important, but monitoring user activity, login attempts, logs, and other activities can also provide insights into how secure your system is.

您越早检测到入侵，就可以越早响应。 预防无疑很重要，但是监视用户活动，登录尝试，日志和其他活动也可以提供有关系统安全性的见解。

There are several ways you can detect and respond to intrusions quickly:

您可以通过以下几种方法快速检测和响应入侵：

IDS / IPS(入侵检测系统/入侵防御系统) (IDS/IPS (Intrusion Detection System/Intrusion Prevention System))

An IDS uses known intrusion signs or behavior heuristics to assess network traffic for suspicious activities.

IDS使用已知的入侵迹象或行为试探法来评估网络流量中是否存在可疑活动。

Intrusion detection is the process of monitoring and analyzing the activities in your network or system for possible signs of intrusion incidents like imminent threats, violations, or threats to your security policies.

入侵检测是监视和分析您的网络或系统中活动的过程，以发现入侵事件的可能迹象，例如即将到来的威胁，违规或对安全策略的威胁。

On the other hand, an IPS complements an IDS by proactively monitoring a system’s incoming traffic to identify malicious requests. An IPS prevents intrusion attacks by blocking unauthorized or offending IPs, prohibiting malicious data, and alerting security personnel to potential security threats.

另一方面，IPS通过主动监视系统的传入流量以识别恶意请求来补充IDS。 IPS通过阻止未经授权或有问题的IP，禁止恶意数据以及警告安全人员潜在的安全威胁来防止入侵攻击。

SIEM(安全事件事件管理器) (SIEM (Security Incident Event Manager))

A Security Incident Event Manager, or SIEM, is a security management approach that enables security professionals to get insights into the activities within an IT environment. SIEM software collects and analyzes log data generated by the company’s technology infrastructure, from applications, host systems, networks, to security devices.

安全事件事件管理器(SIEM)是一种安全管理方法，使安全专业人员可以深入了解IT环境中的活动。 SIEM软件收集并分析由公司技术基础架构生成的日志数据，从应用程序，主机系统，网络到安全设备。

The software then detects and categorizes events and incidents, as well as analyzes them. Primarily, there are two main objectives of SIEM:

然后，该软件将检测事件和事件并对其进行分类，并对它们进行分析。 SIEM主要有两个主要目标：

• Track records and provide reports on security-related events and incidents, such as failed and successful login attempts, malware activity or any other suspicious activity.
  跟踪记录并提供有关安全性事件和事件的报告，例如失败和成功的登录尝试，恶意软件活动或任何其他可疑活动。
• Notify security personnel if any suspicious activity is detected that indicates a security threat.
  如果检测到任何表明安全威胁的可疑活动，请通知安全人员。
• Implement User and Event Behavioral Analytics (UEBA)
  实施用户和事件行为分析(UEBA)
• To prevent unauthorized data access, you need to be on top of your analytics game.
  为了防止未经授权的数据访问，您需要处于分析游戏之上。

User and event behavioral analytics helps detect any anomalous behavior or instances if there are deviations from a users’ “normal” behavioral patterns. For instance, if a user regularly downloads files of 10MB size every day but suddenly downloads gigabytes of files, the system would detect this anomaly and alert the administrator immediately.

如果与用户的“正常”行为模式存在偏差，则用户和事件行为分析有助于检测任何异常行为或实例。 例如，如果用户每天定期下载10MB大小的文件，但突然下载了千兆字节的文件，则系统将检测到此异常并立即警告管理员。

User and event behavioral analytics uses algorithms, statistical analysis, and machine learning to determine deviations from established patterns, showing which anomalies are taking place and how they could result in a potential threat. In this way, you can get alerted about unauthorized data access.

用户和事件行为分析使用算法，统计分析和机器学习来确定与已建立模式的偏差，从而显示正在发生的异常以及它们如何导致潜在的威胁。 这样，您可以收到有关未经授权的数据访问的警报。

Such analytics focuses on users and entities within your system, especially insider threats like employees who could misuse their privileges to carry out targeted attacks or fraud attempts.

此类分析重点关注系统内的用户和实体，尤其是内部威胁，例如员工，他们可能滥用特权来进行有针对性的攻击或欺诈尝试。

3.实施最小特权原则(最小化数据访问) (3. Implement Principle of Least Privilege (Minimize Data Access))

Least privilege is the practice of restricting access rights for accounts, users, and computing processes to only those specific resources required to perform legitimate, routine activities. The 2019 Global Data Risk Report says that, on average, an employee has access to 17 million files.

最小特权是将帐户，用户和计算过程的访问权限限制为仅执行合法的常规活动所需的那些特定资源的实践。 《 2019年全球数据风险报告 》指出，平均而言，一名员工可以访问1700万个文件。

Implementing least privilege can help you secure your data from providing unauthorized access. The principle of least privilege (POLP) enforces a minimal level of user rights which allows the user to access specific resources needed only to perform his/her role. It reduces the risk of exploitation by unauthorized users, applications, or systems without impacting the overall productivity of the organization.

实施最低特权可以帮助您保护数据免遭未经授权的访问。 最小特权原则(POLP)强制执行最低级别的用户权限，该权限使用户可以访问仅执行其角色所需的特定资源。 它降低了未经授权的用户，应用程序或系统进行利用的风险，而不会影响组织的整体生产力。

While least privilege helps provide authority for only specific resources required to complete the job at hand, it also enforces better security practices and reduces the likelihood of your organization becoming a victim to a cyber attack.

最小特权有助于仅为完成手头工作所需的特定资源提供权限，同时还可以实施更好的安全措施，并降低组织成为网络攻击受害者的可能性。

4.使用多重身份验证 (4. Use Multi-Factor Authentication)

It is essential for companies to use strong authentication by implementing robust password policies in addition to multi-factor authentication. That can go a long way in preventing unauthorized data access.

对于公司来说，除了实施多因素身份验证之外，还必须通过实施可靠的密码策略来使用强身份验证。 这对于防止未经授权的数据访问可能会大有帮助。

As the name suggests, multi-factor authentication requires multiple pieces of information to be presented by the user and validated by the system before they are granted access to the system. This makes it difficult for attackers to compromise users’ accounts as it takes more effort than simply cracking the password.

顾名思义，多因素身份验证要求用户提供多条信息并由系统验证，然后再授予它们对系统的访问权限。 这使攻击者很难破坏用户的帐户，因为它不仅需要破解密码，还需要付出更多的努力。

Multi-factor authentication might use a one-time password sent via an out-of-band communication channel such as an automated phone call or SMS text message to the authorized device of the user, a security question set by the user, or biometric authentication. Though this makes authentication a bit cumbersome, it ensures better security and forces the attacker to not only break the password, but compromise the second factor as well. This makes breaking authentication much more difficult for the attacker.

多因素身份验证可能使用通过带外通信通道(例如自动电话呼叫或SMS文本消息)发送给用户授权设备的一次性密码，用户设置的安全问题或生物特征认证。 尽管这使身份验证有些麻烦，但它可以确保更好的安全性，并迫使攻击者不仅破坏密码，而且还损害了第二个因素。 这使得破坏身份验证对于攻击者而言更加困难。

Want a pro tip to prevent unauthorized access to your data?

是否需要专家提示以防止未经授权访问您的数据？

Leverage passphrases.

利用密码短语。

While multifactor authentication should definitely be used, you can also move towards the use of passphrases instead of passwords. A passphrase is a series of random words or a sentence that can also contain spaces in between words such as, “Ten herds of elephants bowl frequently in Tanzania!!”

尽管绝对应该使用多因素身份验证，但是您也可以使用密码代替密码。 密码短语是一系列随机单词或句子，这些单词或句子之间也可以包含空格，例如“坦桑尼亚经常出现十只大象群！”

A passphrase doesn’t have to be grammatically correct; it can be any combination of random words and also contain symbols. It can be easier to remember a complex passphrase than a complex password. Care must still be taken to generate strong passphrases. Simple passphrases that use only everyday vocabulary words may still be easily cracked.

密码不必在语法上正确； 它可以是随机单词的任意组合，也可以包含符号。 记住复杂的密码短语比记住复杂的密码更容易。 仍然必须注意生成强密码短语。 仅使用日常词汇的简单密码短语可能仍然很容易被破解。

5.实施IP白名单 (5. Implement IP Whitelisting)

Another way to prevent unauthorized data access is through IP whitelisting.

防止未经授权的数据访问的另一种方法是通过IP白名单。

IP whitelisting helps limit and control access to only trusted users. It allows you to create a list of trusted and authorized IP addresses from which users can access your network. Typically a company uses the internet via a defined set of IP addresses, so they can add a list of all the trusted IP addresses that are allowed access.

IP白名单有助于限制和控制仅对受信任用户的访问。 它使您可以创建受信任和授权IP地址的列表，用户可以从中访问您的网络。 通常，公司通过一组定义的IP地址使用Internet，因此他们可以添加所有允许访问的受信任IP地址的列表。

By whitelisting IP addresses, you can grant permission to only trusted users within a specific IP address range to access specific network resources such as URLs, applications, emails, or more.

通过将IP地址列入白名单，您可以仅授予特定IP地址范围内的受信任用户访问特定网络资源(例如URL，应用程序，电子邮件等)的权限。

If someone with an untrusted IP address tries to access your network, they will be denied access. IP whitelisting also enables organizations to secure remote access to the network including Bring Your Own Device (BYOD) that allows employees to use their own devices.

如果某个IP地址不受信任的人试图访问您的网络，则将拒绝他们访问。 IP白名单还使组织能够保护对网络的远程访问，包括自带设备(BYOD)，允许员工使用自己的设备。

6.加密系统内部的网络流量 (6. Encrypt Network Traffic Inside the System)

By encrypting network traffic, you can ensure that it cannot be intercepted by an attacker who might be snooping on the network traffic.

通过对网络流量进行加密，可以确保可能无法窥探网络流量的攻击者将其截获。

However, network traffic in server-to-server communications and inside data centers is often not encrypted. If an attacker gains access to such a network, they could intercept data in transit between servers in a multi-machine cluster.

但是，服务器到服务器通信和数据中心内部的网络流量通常不加密。 如果攻击者获得了对此类网络的访问权限，则他们可以拦截多计算机群集中服务器之间传输的数据。

To prevent attackers from snooping on data with unauthorized access, organizations are increasingly monitoring their own network traffic to detect intrusions. Companies might store copies of network traffic for long periods of time in their monitoring systems.

为了防止攻击者通过未经授权的访问来窥探数据，组织越来越多地监视自己的网络流量以检测入侵。 公司可能会在监视系统中长时间存储网络流量的副本。

It’s crucial for all networks to use encryption if they store privacy-protected data. This applies to both the connections made by authorized users from outside the data center to access the system and network links between nodes in a multi-server system.

如果所有网络存储受隐私保护的数据，那么使用加密就至关重要。 这适用于授权用户从数据中心外部建立的用于访问系统的连接以及多服务器系统中节点之间的网络链接。

You can use a VPN layer between the users and the system or implement an SSL/TLS to encrypt network traffic. Inside the system, communications can be secured using IPsec, SSL/TLS, or some other VPN technology.

您可以在用户和系统之间使用VPN层，也可以实施SSL / TLS来加密网络流量。 在系统内部，可以使用IPsec，SSL / TLS或其他某些VPN技术保护通信的安全。

7.加密静态数据 (7. Encrypt Data-at-Rest)

Encryption of data at rest ensures that data is stored securely and not as plain text. As data is written to the disk, it is encrypted via a set of secret keys which is known only to authorized administrators of the system.

静态数据加密可确保安全地存储数据，而不是将其存储为纯文本。 当数据写入磁盘时，它会通过一组秘密密钥进行加密，这只有系统的授权管理员才能知道。

The access to these secret keys is limited and controlled to ensure that only privileged users can access the encrypted data and use it. This technique safeguards the data from attackers who might attempt to gain remote access to the system and protect the data from being compromised.

对这些秘密密钥的访问受到限制和控制，以确保只有特权用户才能访问加密数据并使用它。 这项技术可以保护数据免受攻击者的攻击，这些攻击者可能试图获得对系统的远程访问并保护数据免遭破坏。

It’s an effective way of shielding your data from anyone trying to get unauthorized access. Encryption-at-rest requires proper auditing of all places where data might be stored, such as caching servers or temporary storage devices.

这是保护您的数据免受任何试图未经授权访问的人的有效方法。 静态加密要求对可能存储数据的所有位置进行适当的审核，例如缓存服务器或临时存储设备 。

8.确保反恶意软件保护/应用程序列入白名单 (8. Ensure Anti-Malware Protection/Application Whitelisting)

Malware is one of the most common forms of cyberattacks. In fact, 1 in every 13 web requests leads to malware. It is a severe issue that plagues numerous computer systems, and it is infamous for cropping up in inconspicuous locations that are unbeknownst to the users.

恶意软件是最常见的网络攻击形式之一。 实际上， 每13个Web请求中就有1个导致恶意软件。 这是困扰许多计算机系统的严重问题，并且臭名昭著地出现在用户不知道的不显眼的位置。

Malware is software designed to attack or infiltrate a computer without the user’s consent or authorized access. Trojan horses, computer viruses, worms, scareware, and spyware are some of the most common types of malware attacks. They can be present on emails and websites, or hidden in attachments, videos, and photos.

恶意软件是旨在在未经用户同意或未授权访问的情况下攻击或渗透计算机的软件。 特洛伊木马，计算机病毒，蠕虫，恐吓软件和间谍软件是最常见的恶意软件攻击类型。 它们可以出现在电子邮件和网站上，也可以隐藏在附件，视频和照片中。

Such malware can give hackers unauthorized data access easily.

这种恶意软件可以使黑客轻松地进行未经授权的数据访问。

Anti-malware protection is very important as it builds the foundation of security for your devices. Run good antivirus programs, avoid clicking on suspicious emails or downloading attachments from an unknown source, and do regular scans for spyware.

反恶意软件保护非常重要，因为它为您的设备建立了安全性基础。 运行良好的防病毒程序，避免单击可疑电子邮件或从未知来源下载附件，并定期扫描间谍软件。

Alternatively, a stronger control is to utilize application whitelisting. It can be very effective in preventing unauthorized data access.

或者，更强大的控制方法是利用应用程序白名单。 它可以非常有效地防止未经授权的数据访问。

Doing this, you identify the known and trusted applications that are allowed to run on your computer systems and reject all others. Even if someone gets unauthorized access, they won’t be able to run the malware on your systems if the application has not already been approved as a whitelisted application.

这样做，您可以确定允许在计算机系统上运行的已知和受信任的应用程序，并拒绝所有其他应用程序。 即使有人未经授权访问，如果该应用程序尚未被批准为列入白名单的应用程序，他们也将无法在您的系统上运行恶意软件。

9.追踪和管理您的风险 (9. Track and Manage Your Risks)

A risk could be anything that potentially impacts your project’s performance, budget, or timeline. If these risks become substantial, they become vulnerabilities that must be addressed to avoid cybersecurity attacks.

风险可能是可能影响项目的性能，预算或时间表的任何事物。 如果这些风险变得很大，则它们将成为必须避免的漏洞，以避免网络安全攻击。

It is critical that organizations identify, categorize, prioritize, and mitigate risks in an effective and timely manner. By tracking risks before they escalate, you can prevent them from becoming issues. Additionally, you should develop a response plan to tackle risks immediately.

组织必须有效，及时地识别，分类，确定优先级并减轻风险，这一点至关重要。 通过在风险升级之前跟踪风险，可以防止它们成为问题。 此外，您应该制定应对计划以立即解决风险。

最后的想法 (Final Thoughts)

Data protection isn’t a linear process or a one-time activity. You need to continuously invest resources, time, and effort into ensuring security from unauthorized data access.

数据保护不是线性过程或一次性活动。 您需要不断投入资源，时间和精力来确保防止未经授权的数据访问的安全性。

Cybercriminals are getting more advanced every day and they use the latest technologies to target organizations and get unauthorized data access.

网络犯罪分子每天都在进步，他们使用最新技术来瞄准组织并获得未经授权的数据访问。

As data breaches increase, you need to be more vigilant. It’s essential that you integrate strong security measures in your enterprise, and that each and every employee makes cybersecurity a top priority.

随着数据泄露的增加 ，您需要提高警惕。 您必须在企业中集成强大的安全措施，并且每位员工都将网络安全放在首位，这一点至关重要。

If you want to run a quick security audit on your existing security practices, let us know and we’ll help you ensure that you are well-protected from unauthorized data access and other cyber threats.

如果您想对现有的安全做法进行快速的安全审核，请告知我们，我们将帮助您确保受到保护，免受未经授权的数据访问和其他网络威胁。

About Author:

关于作者：

Steve Kosten is a Principal Security Consultant at Cypress Data Defense and an instructor for the SANS DEV541 Secure Coding in Java/JEE: Developing Defensible Applications course.

Steve Kosten是赛普拉斯数据防御部门的首席安全顾问，并且是Java / JEE：开发防御性应用程序课程中SANS DEV541安全编码的讲师。

翻译自: https://towardsdatascience.com/how-to-protect-your-data-from-unauthorized-access-bd74105d2ce4