Shulou(Shulou.com)06/01 Report--

Picture: University data security

Colleges and universities have a large number of scientific research achievements, academic materials, staff information and massive student information, but the data security construction of colleges and universities has not reached the high investment and large-scale construction of banking, securities, finance and other industries. the data security of a large number of sensitive information and personal information in the university system can not be effectively guaranteed.

The year 2020 is the end of the 13th five-year Plan of Educational Informatization, and colleges and universities are also actively carrying out the 14th five-year Plan and Design of Educational Informatization. With the development of digital campus and intelligent campus, the confidentiality, integrity and availability of data must be carried out simultaneously.

So how to protect the university data security and better carry out the university data security construction and protection? This is the practice of these five top universities.

Data sharing security

Case 1

Shanghai University of Finance and Economics

After years of information construction, Shanghai University of Finance and Economics has now built more than 30 information systems, covering all business areas of the university. These systems contain a large number of sensitive data such as student status information, financial information, staff information and so on.

Shanghai University of Finance and Economics has used relevant data security protection means to protect the data in key production systems, but the development and testing work needs to be carried out in a highly simulated environment, and requires a large number of production data. The traditional use of script desensitization has been unable to meet the needs of data desensitization, so in order to prevent data leakage, Shanghai University of Finance and Economics in the development, testing, training and other non-production environment data security capability needs to be improved.

Shanghai University of Finance and Economics has adopted Midea's data desensitization system to improve data security.

Picture: Midea data desensitization system

As the network of the production environment and the development environment of Shanghai University of Finance and Economics is relatively independent, the Midea data desensitization system is deployed in the development environment network.

Midea's data desensitization system can automatically extract production center data, automatically discover sensitive data in source data, and continuously discover new sensitive data. Compared with the traditional manual desensitization, it is smarter and more efficient.

According to the actual needs of the development, testing and other demand scenarios, the data of the production database is transferred to the development and testing environment through data backup, and then the source database of the development test database is desensitized. Sensitive data including teacher and student name, ID number, telephone number, student number, address and other sensitive data are deformed, transformed and bleached, and then provided to development, testing and other third parties to prevent the leakage of sensitive data in the production database. At the same time, the Midea data desensitization system supports the function of automatically performing desensitization tasks at a fixed time and on a regular basis.

Internal safety control

Case 2

Xi'an University of Electronic Science and Technology

The database operators in colleges and universities are more complex, and the phenomena of account sharing, privileged access and misoperation are common. If there is a lack of effective management and monitoring measures in this link, the occurrence of the "Trojan Horse incident" will cause serious consequences.

At present, the operation and maintenance management of the whole school business system of Xi'an University of Electronic Science and Technology stays at the application system level based on account operation and maintenance management, and can not go deep into the data layer to carry out effective fine management and control of the relationship between data assets and personnel and the interaction process, so as to ensure the data security of colleges and universities.

Figure: Midea database waterproof dam deployment map

First, based on the classification and classification function of sensitive data of Meituang database waterproof dam, fine-grained management is carried out in tables or listed units, and the important and sensitive data of Xidian are separated from ordinary business data for independent management, so as to clarify the data protection objects of colleges and universities. and implement more secure protection measures.

Second, Meituang database waterproof dam system takes identity as the center, through the identification of operation and maintenance personnel, developers, and business operators, and based on the principle of minimizing permissions, different data users are granted different rights to use data. Sensitive data access control. Isolate privileges such as DBA, SYSDBA, SchemaUser, Any, and so on, so that they can only access sensitive table data within the scope of authorization.

Third, monitor high-risk operations such as DDL, DML and code, combined with fine-grained access control and workflow approval, support data recovery mechanism, and avoid data loss caused by misoperation.

Fourth, monitor from the perspectives of database access, terminals, risk strategies and sensitive assets, and give a real-time alarm when the risk occurs.

Accurate and comprehensive audit

Case 3

A university

At present, a university has begun to accelerate the construction of digital campus, and various services are going online. With the improvement of the information value and accessibility of the database, the security risks faced by the university database are greatly increased, such as R & D personnel and operation and maintenance personnel have the authority to operate the database, but the background database work, such as data query, update and deletion, can not be demarcated, which makes it difficult to distinguish the powers and responsibilities of the university data security management.

Picture: Midea database audit

In order to improve the organization's IT internal control system, meet a variety of compliance requirements; at the same time, trace the source to help the university to trace the causes and define the responsibility.

Through the deployment of Midea database audit, based on comprehensive audit and accurate audit, all kinds of operations of the database can be monitored and recorded, and alarm messages can be sent out in time by e-mail or text messages. And through big data search technology to provide efficient query audit report, locate the cause of the event, so as to query, analyze and filter in the future, and realize the monitoring and audit of the user operation of the target database system. Midea database audit perfectly meets the needs of the university for the security monitoring of the core database.

Guard the bottom line of data security

Case 4

Zhejiang University

In order to promote the construction of digital campus in colleges and universities, Zhejiang University has introduced Blackboard online teaching management platform to facilitate curriculum communication between teachers and students in the platform composed of multimedia and network.

Blackboard online teaching management platform is a set of intelligent teaching platform composed of front-end application server and database server, in which the database server runs on a Dell M830 blade and the front-end application runs in a virtual environment composed of five Dell M630 blade servers.

However, the database server of Blackboard online teaching management platform has all courseware in addition to oracle database software and other configuration files. Once the server is damaged or misoperated, it will lead to long-term downtime and business interruption of the educational administration system. And the platform has only one set of storage equipment, no data protection means, once the storage is damaged, database data and application data will be lost.

Figure: Midea DBRA backup all-in-one deployment map

Meituang Technology solved the data security dilemma faced by Zhejiang University by deploying Midea's DBRA backup all-in-one machine.

1. In the basic environment of Blackboard online teaching management platform, add an all-in-one DBRA backup machine to centrally back up the virtual machine, application environment and application data in the Oracle database and virtualized environment.

2. Backup mode flexibly adopts Lan and LanFree backup mode according to the amount of data. In daily backup strategy, incremental backup, full backup, differential backup and so on can be selected according to actual needs. Backup strategy and backup plan can be set on demand.

3. For important data, use RDX export function to export to offline tape or removable hard disk device for offline retention.

Scientific operation and maintenance

Case 5

Ningbo University

With the rapid development of educational informationization in Ningbo University, service systems such as teaching management, scientific research management, asset management and enrollment management have been put into use, but with the continuous increase in the number of servers and application systems, there are many and miscellaneous objects of operation and maintenance; the workload of operation and maintenance is increasing rapidly, and the pressure of operation and maintenance is great; the distribution of fault points is discrete, and the fault location and analysis time is long.

The university data center is becoming more and more large and complex, and the person in charge of the data center who undertakes the important task of data security operation and maintenance puts forward higher requirements for operation and maintenance: IT operation and maintenance needs to be standardized and automated.

Figure: Midea's active operation and maintenance service model

According to the operation and maintenance needs of Ningbo University, Midea innovatively put forward the active operation and maintenance service mode of "offline operation and maintenance all-in-one machine + online operation and maintenance cloud + localization service".

Meituang integrated operation and maintenance machine is the basic platform for active operation and maintenance of the operation and maintenance center, which mainly includes three modules: integrated monitoring of data center, database operation and maintenance toolbox and large screen display. The data center integrated monitoring module panoramic monitors university data center assets, allowing operation and maintenance personnel to control the operation of IT assets in real time 24 hours a day; database operation and maintenance toolbox covers common operation and maintenance scenarios, making database operation and maintenance simple; large screen display allows operation and maintenance personnel to panoramic and quickly locate the operation status of monitoring objects.

Meituang Weiyun provides alarm subscription, alarm notification, work order management and other functions, while localization service forms a complete data center technology delivery capability for the core operation and maintenance service team in Ningbo area together with Midea database experts.

With the rapid development of information technology in the education industry, Meituang Technology has provided many universities with products and services such as data desensitization, database security audit, database waterproof dam, database transparent encryption, disaster recovery and backup, to protect the data security pure land of colleges and universities.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.