《EN航空结算中心checkup报告-EN.doc》由会员分享,可在线阅读,更多相关《EN航空结算中心checkup报告-EN.doc(41页珍藏版)》请在金锄头文库上搜索。
1、PREPARED FORPREPARED BYDATE March 25, 2016REPORT IDID_025D4456-740C-4175-9942-E287853ED59ETABLE OF CONTENTEXECUTIVE SUMMARY3ACCESS CONTROL & DATA PROTECTION FINDINGS4Web Security Events4Data Loss Events8THREAT PREVENTION FINDINGS11Bot Events11Virus Events13Advanced Threats16Intrusion & Attack Events
2、18ENDPOINT SECURITY FINDINGS19COMPLIANCE SECURITY ANALYSIS22BANDWIDTH ANALYSIS26REMEDIATION RECOMMENDATIONS28SOFTWARE-DEFINED PROTECTION37ABOUT CHECK POINT SOFTWARE TECHNOLOGIES41 EXECUTIVE SUMMARYThis document provides the findings of a recent security analysis of your infrastructure. The document
3、represents a summary of these findings and presents a set of recommendations for addressing the detected events. The analysis is based on data collected using the characteristics below:The following is a summary of the main high and critical risk security events detected: ACCESS CONTROL & DATA PROTE
4、CTION FINDINGSWEB SECURITY EVENTSTop High Risk Applications & SitesWithin the areas of web applications and websites, the following items are of the highest risk levels Risk level 5 indicates an application that can bypass security or hide identities (for example: Tor, VTunnel). Risk level 4 indicat
5、es an application that can cause data leakage or malware infection without user knowledge (for example: File Sharing, P2P uTorrent or P2P Kazaa). Remote Administration applications might be legitimate when used by admins and helpdesk. High Risk Applications Compliant with Organizational Security Pol
6、icy High risk applications are applications that can bypass security, hide identities, cause data leakage or even malware infection without user knowledge. In most cases, use of such applications is against organizational security policy. However, in some cases specific applications can be made comp
7、liant with organizational policy. The following high risk applications were detected during the security analysis, but comply with organizational security policy.Application Organizational Security PolicyN/A (to be filled in manually)N/A (to be filled in manually)Top High Risk Applications Descripti
8、onThe following tables provide summary explanations of the top events found and their associated security or business risks:Top Users of High Risk Applications The following users were involved in the highest number of risky application and web usage events:*Note: User names will be displayed in the
9、 above table only when Check Point Identity Awareness Software Blade is enabled and configured. DATA LOSS EVENTSYour company data is one of the the most valuable assets of your organization. Any intentional or unintentional loss can cause damage to your organization. The following represents the cha
10、racteristics of the data loss events that were identified during the course of the anlysis.Top Data Loss EventsThe following list summarizes the identified data loss activity and the number of times that the specific type of event occurred.Top Files Sent Outside of the Organization over HTTPThe foll
11、owing table presents files sent outside of the organization that may contain sensitive data.Top Files Sent Outside of the Organization over SMTP The following table presents files sent outside of the organization that may contain sensitive data.Top Data Loss Events by Mail SenderThis chart shows dat
12、a leakage by mail sender on your network.THREAT PREVENTION FINDINGSBOT EVENTSA bot is malicious software that invades your computer. Bots allow criminals to remotely control computer systems and execute illegal activities without users awareness. These activities can include: stealing data, spreadin
13、g spam, distributing malware, participating in Denial of Service attacks and more. Bots are often used as tools in targeted attacks known as Advanced Persistent Threats (APTs). A botnet is a collection of such compromised computer systems.The following table summarizes the number of hosts infected w
14、ith bots and their activities detected in your network. Hosts with High and Critical Bot EventsDuring the security analysis, the Check Point solution identified a number of Malware-related events that indicate bot activity. This table shows a sample of hosts that experienced high risk events.More de
15、tails about malware identified in this report can be found by searching Check Point ThreatWiki, Check Points public malware database at VIRUS EVENTSThere are numerous channels that cybercriminals use to distribute malware. Most common methods motivate users to open an infected file in an email attachment, download an infected file, or click on a link leading to a malicious site.The fol
