Shulou(Shulou.com)06/01 Report--

Due to unknown sources, ultra vires operation, password disclosure, data theft, illegal operations and other factors, enterprises may face serious threats. Therefore, enterprises often build fortress machines to prevent and prevent such things from happening in time. So what aspects do enterprises need to pay attention to when building fortress machines?

Principle 1: account management of fortress machine

In order to facilitate login, enterprise managers often have multiple users using one account or one user using multiple accounts. Because the shared account is commonly used by many people, when there is a problem with the system, it is impossible to accurately locate the specific person responsible for malicious operation or misoperation. Therefore, when building a fortress machine, we must pay attention to one account per person, and never allow multiple people to share a personal account, let alone allow a common account to log on to the fortress machine.

Principle 2: access control of fortress machines

The purpose of access control is to ensure that information resources are not illegally used and accessed by limiting the ability and scope of maintenance personnel to access data and information.

Principle 3: instruction review of fortress machines

The operation audit function of the fortress machine mainly audits the account usage (login, resource access) and resource usage of the operation and maintenance personnel. According to the sensitive instructions, the fortress machine can block the response or trigger the audit operation, and the fortress machine will intercept the sensitive instructions that fail.

Principle 4: identity authentication of fortress machines

Do not log in to the fortress machine only with a password. It is recommended that when performing various important operations such as host restart, password modification, session creation, snapshot rollback, disk replacement, etc., you can perform two-factor identity confirmation through Wechat or SMS to ensure the legitimacy of the visitor's identity.

Principle 5: resource authorization of fortress machines

User authorization, it is recommended to combine the company's internal CMDB to do role-based access control model to achieve access control. Through centralized access control and fine-grained command-level authorization policy, the centralized and orderly operation and management of operation and maintenance is realized based on the principle of minimum authority.

Principle 6: audit video of the fortress machine

At the security level, in addition to the prior authorization of the fortress machine and the interception of sensitive instructions, it is also necessary to provide the characteristics of post-operation and maintenance audit of the fortress machine. The operation and maintenance operations carried out by users in the fortress machine will be recorded in the form of a log, and the manager will audit the operation and maintenance operation of the operation and maintenance personnel through the log.

Principle 7: operation audit of fortress machines

The operation audit function of the fortress machine mainly audits the account usage (login, resource access) and resource use of the operation and maintenance personnel. After the access log records of each server host are identified by a unified account number and resources, the operation audit function of the fortress machine can better track the complete use process of the account.

The above are the seven principles that enterprises should pay attention to when building fortress machines. Only by adhering to and abiding by the seven principles to build fortress machines can the data security of enterprises be guaranteed as much as possible. For startups or small and medium-sized enterprises, cost is a big issue that has to be considered. looking at many brands of fortress machines on the market, the mainstream fortress machines are divided into two categories: open source fortress machines and commercial fortress machines. When enterprises choose a suitable fortress machine to build, they need to combine their own cost estimation and product performance characteristics. The open source fortress machine is flexible and convenient to use, but the later operation and maintenance cost is quite high, so you need to hire someone to carry out operation and maintenance or find the original manufacturer for secondary development. On the whole, the cost is no less than directly buying a commercial fortress machine. And the original manufacturer of the open source fortress machine does not have any responsibility.

Commercial fortress machine is divided into three types, here do not elaborate, interested can refer to: what are the fortress machine brands? What is the market share of fortress machine manufacturers? It is recommended that you use the Cloud Fortress machine, which is installation-free and maintenance-free. Cloud Housekeeping is the first and only fortress machine on the market that supports the audit of operating instructions of the Windows2012/2016 system. In addition to the private deployment version of the fortress machine, Bank Cloud Housekeeping also provides cheaper and functional SaaS-like fortress machines, providing users with a free management quota of 4 cloud hosts or LAN hosts. Generally speaking, the free quota of four hosts has been able to meet the basic needs of startups or small and medium-sized enterprises.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.