Precautions for network security of major events

During the major activities, hacker attacks became more frequent, and relevant departments also strengthened network supervision and compliance review. The network security work hours of all units were tight, and the task was important and demanding. Convincingly Jun combed the "precautions for network security during major activities" to help the heavy maintenance units effectively carry out security work and successfully complete the security tasks.

Based on the summary of years of experience in re insurance, it is recommended that the re insurance unit establish an emergency support team and a safety monitoring team, designate the team leader and work plan, and carry out relevant work from the aspects of evaluation and reinforcement, strategy strengthening, threat monitoring and staff safety awareness strengthening, so as to improve the safety defense ability and personnel safety level.

picture

Safety risk assessment / reinforcement

Before the re insurance activities, the security risk assessment is carried out to find the security problems earlier than the attackers, so as to avoid the use of vulnerabilities, fragile configurations, weak passwords and other risks, resulting in data leakage, and carry out continuous repair to improve the security of the business system.

1. Vulnerability detection and repair

Web vulnerability detection: through the web vulnerability scanning tool (vulnerability library is upgraded to the latest), give priority to the in-depth scanning of websites and office systems exposed on the Internet. The security risks found should be repaired as soon as possible. During the activity, it is recommended to temporarily shut down non critical systems to reduce the risk of intrusion.

System vulnerability detection: detect vulnerabilities in the operating system, middleware, database, platform components and other programs, and repair and avoid them according to the vulnerability risk level and priority.

Password security evaluation: through on-site investigation of the service cycle and strength of passwords in business systems such as websites, we can inquire and evaluate them in advance, and use tools to identify and verify the weak passwords, repetitive passwords, high-risk passwords, etc. of the system in batches, and upgrade the account security strategy according to the results.

2. Evaluation and reinforcement of centralized system

Authority control system: focus on checking the security vulnerabilities and system configuration of domain control, fortress machine, identity management and other systems, check the external and internal user permissions, achieve the minimum scope of authorized use, and can be audited, controlled and traceable, so as to reduce the risk of account leakage or malicious use of accounts.

Intranet office system: the Internet and Intranet office system is the collection point of account information and sensitive data. It focuses on the inspection and evaluation of the system's operating environment, system vulnerabilities, account measures, etc., and carries out security reinforcement and restriction on the internal and external access scope and path according to the system.

Code management system: check the environmental security of code management, analyze the environmental risks of code operation and storage in SVN and test environment, and manage and control according to the principles of localization, no taking away and no going to the cloud of code operation. Especially for developers hosting code on GitHub, it should be strictly prohibited, and outsourcing units should sign a confidentiality agreement to reduce the risk of code leakage and utilization.

3. Terminal risk screening

Carry out security assessment for terminals in network environments such as office, operation and maintenance, development, etc., check whether the anti-virus, patch installation, account strategy, etc. of the terminal are reinforced, and control the real name access of the terminal, so as to use the real name of the network and control the behavior.

picture

Security policy evaluation / optimization

The internal and external access security policies of the business system ensure that the security policies match the actual needs of the business, and effectively and continuously defend.

1. Website security reinforcement

Check the public IP, port and the corresponding intranet address of the business exposed to the Internet web service, check the effectiveness of the system with the person in charge of the business, and recommend offline for websites that have not been used for a long time; The management background of the website should prohibit direct access through Internet business, and it is recommended to use VPN for management. Reduce the risk of vulnerability services being used.

2. Internal and external network reinforcement

Internal and external boundary reinforcement: reinforcement can be carried out according to the following priorities: the boundary from Internet to DMZ, the boundary from DMZ to intranet, the boundary from Internet segment to office network, the boundary from branch or external organization to intranet, the boundary from office network to production network, the boundary from Wi Fi to office network, the boundary between test network and production network, and the boundary from guess network to intranet. Under the condition that the above boundaries do not affect the business, it is recommended to strictly implement physical isolation or logical isolation.

Network control reinforcement: the network access control should be accurate to IP and ports. The access from outside to inside should be strictly controlled, and the access from inside to outside should also consider the necessity and minimization. This article applies to all access control devices, including Internet behavior management, next generation firewall, etc.

Wireless device reinforcement: considering that attackers use wireless network attacks, it is recommended to enable two factor, real name authentication for wireless access, and the coverage of wireless signals should be reduced as much as possible.

3. Reinforcement of operation and maintenance measures

It is recommended to close unsafe remote direct access, including but not limited to teamview, Telnet, RDP, VPN, vnc, etc., and open a more secure operation and maintenance mechanism for operation and maintenance personnel. Through multi factor authentication, the operation and maintenance behavior can be controlled and audited. Network access such as file sharing and FTP services that are not necessarily public are also recommended to be closed, or a more secure resource sharing mechanism should be replaced.

picture

Attack threat monitoring / analysis

Strengthen the monitoring ability of attack behavior, analyze the attack characteristics of key network nodes in real time, and check the interception ability of security devices for attacks such as penetration injection, vulnerability scanning, malicious access and brute force cracking of Internet services. For mailbox social worker attacks frequently used by attackers, strengthen monitoring and defense to ensure that internal defense and external control are fully safe and effective.

1. Website security prevention and control

Real time monitoring of the security situation exposed to Internet web sites, and timely adjusting security rules and blocking strategies according to the security risks found; Monitor the device log alarms of the vertical defense and audit of the web site at any time to ensure the accuracy of the correlation of security devices and ensure the effectiveness of the security defense line.

2. Intranet security control

The security access between cross network areas should establish a minimum authority mechanism and establish white list control as far as possible; The flow direction of business cross network access should be clear and traceable.

3. Host security defense

Establish the last line of defense at the host level, and establish an IP access white list mechanism for cross access of different services; Strengthen the ability to monitor and control the vertical and horizontal flow between hosts.

4. Critical path monitoring

The monitoring and early warning mechanism should be able to cover the critical access path of the business. According to the critical path (DMZ, boundary) → system → data concentration area (server area, core switch), relevant security monitoring and defense equipment should be deployed to realize the visibility, inspection and controllability of business risks.

5. Malicious email monitoring

Attackers will try to obtain the information in IT staff's emails by means of database collision, fishing, blasting, penetration and so on. It personnel of the whole network should be required to check and clean up their own public mailbox (priority) and sensitive information (including garbage cans) in the intranet mailbox.

The Security Department of the unit should send an email or inform internal colleagues of the attack means that attackers will use in the near future, and carry out safety awareness training to integrate safety awareness into work behavior.

picture

Ten safety instructions for employees

Account security

1. The office computer, personal terminal and personal application account should be set with more than 8 digits, and use the complex password of irregular combination of "Letter Case + number + special characters".

2. Office computers and personal terminals should be equipped with automatic screen savers with passwords. Individuals should lock the screen manually when leaving the computer, and turn off the computer after work.

3. No system password shall be posted in the office location, and no clear text password shall be stored on the system desktop and storage device.

4. If there are stored password files in the office mailbox, personal mailbox and shared network disk, they should be completely cleared, and the account and password of the corresponding system should be changed in time.

Terminal security

5. The office computer and personal terminal operating system should be upgraded to the latest patch version; The terminal that cannot be upgraded should be shut down.

6. Do not install any software with unknown source and do not use any USB flash disk with unknown source.

7. Anti virus software should be installed on office computers and personal terminals, and the latest virus database should be upgraded to check and kill computer viruses.

Wireless security

8. Turn off setting personal Wi Fi without permission, and do not access any open Wi Fi that is not in the unit. If you find that there is no password and open Wi Fi near the unit, you should notify the IT department.

Access security

9. Keep a good habit of surfing the Internet and don't trust any suspicious links, emails, text messages and calls with unknown sources.

10. The entrances and exits of offices and machine rooms should be closed frequently. If strangers enter or leave, be alert and notify the guard / security department for verification.