中国视频会议行业网络风险报告.pdf

1 Seraph 2 目 录 1 . 3 1.1 . 3 1.2 . 3 1.3 . 5 1.3.1 . 5 1.3.2 . 6 1.3.3 . 6 1.4 . 7 2 . 8 2.1 . 8 3 . 10 3.1 . 10 4 . 13 4.1 . 13 4.2 Web . 15 4.3 . 20 5 . 31 6 . 32 6.1 . 32 6.1 . 33 6.2 . 35 2020 Draft2.0 Draft2.0 haDDdsddDddddasdasdasdasdasdasd aD1DDDraftDraft1.0 3 1 1.1 Cyberspace , 1.2 2020 Draft2.0 Draft2.0 haDDdsddDddddasdasdasdasdasdasd aD1DDDraftDraft1.0 4 + 2020 Draft2.0 Draft2.0 haDDdsddDddddasdasdasdasdasdasd aD1DDDraftDraft1.0 5 1.3 1.3.1 antiratech 2018 10 DOCKER L2-L7 SAAS , Seraph 2019 8 IOT Seraph 2020 Draft2.0 Draft2.0 haDDdsddDddddasdasdasdasdasdasd aD1DDDraftDraft1.0 6 1.3.2 - Seraph - - CVSS - IP Web 5 1.3.3 contactantiratech 2020 Draft2.0 Draft2.0 haDDdsddDddddasdasdasdasdasdasd aD1DDDraftDraft1.0 7 1.4 60% 1181 CVE SSL SWEET32 Web 385 XSS CVE 2020 Draft2.0 Draft2.0 haDDdsddDddddasdasdasdasdasdasd aD1DDDraftDraft1.0 8 2 2.1 Seraph 2928 404 IP 428 2096 7762 Web 385 Web 2932 Web 1825 116 296 2208 2020 385 2932 1825 116 296 2208 0 500 1000 1500 2000 2500 3000 3500 2020 Web Web Web 2020 Draft2.0 Draft2.0 haDDdsddDddddasdasdasdasdasdasd aD1DDDraftDraft1.0 9 Web Web 2020 Draft2.0 Draft2.0 haDDdsddDddddasdasdasdasdasdasd aD1DDDraftDraft1.0 10 3 3.1 2928 404 428 IP 2096 TOP10 TOP10 2020 733, 60% 485, 40% 2020 2020 Draft2.0 Draft2.0 haDDdsddDddddasdasdasdasdasdasd aD1DDDraftDraft1.0 11 2020 60% 529 beget 2 72% 2 4 9 10 59 120 529 0 100 200 300 400 500 600 2020 beget ucloud aryaka towngastelecom cdnetworks 2020 Draft2.0 Draft2.0 haDDdsddDddddasdasdasdasdasdasd aD1DDDraftDraft1.0 12 2020 TOP10 2020 TOP10 TOP10 80 443Web 3306 22 21 3389 TOP10 Nginx 33% 18 18 20 20 23 40 44 63 63 236 295 0 100 200 300 400 2020 TOP10 8081 8888 3389 8009 49154 8080 21 3306 22 443 80 Nginx 33% Tengine 17% DigCert-Cert 12% OpenResty 5% Mysql 6% Ubuntu 5% OpenSSH 6% Apache 4% Tomcat FTP 3% Centos 1% PHP 4% 2020 TOP10 Nginx Tengine DigCert-Cert OpenResty Mysql Ubuntu OpenSSH Apache Tomcat FTP Centos PHP2020 Draft2.0 Draft2.0 haDDdsddDddddasdasdasdasdasdasd aD1DDDraftDraft1.0 13 4 4.1 2020 1811 CVE (Common Vulnerabilities and Exposures) 139 30 5 68% 201 XSS 51 SQL 252 CVE-2016-2183 SWEET32 90 CVE-2013-2566 SSL/TLS RC4 33 2020 Web , 385, 7% , 2932, 57% , 1825, 36% 2020 Web 2020 Draft2.0 Draft2.0 haDDdsddDddddasdasdasdasdasdasd aD1DDDraftDraft1.0 14 2020 68% CVE + , 116, 5% , 296, 11% , 2208, 84% 2020 2020 Draft2.0 Draft2.0 haDDdsddDddddasdasdasdasdasdasd aD1DDDraftDraft1.0 15 4.2 Web 2020 57 404 XSS 201 SQL 51 33 31 29 21 8 7 CORS 2 1 1 385 2020 Web , 385, 7% , 2932, 57% , 1825, 36% 2020 Web 2020 Draft2.0 Draft2.0 haDDdsddDddddasdasdasdasdasdasd aD1DDDraftDraft1.0 16 2020 Web 2020 57 404 CSRF1316 1071 252 84 51 TLS 48 41 26 SSL 20 XSS 17 URL 2 2 2 2932 1 1 2 7 8 21 29 31 33 51 201 0 50 100 150 200 250 2020 Web CORS