Shulou(Shulou.com)06/01 Report--

How to solve the risk of data file transfer?

The important and core data files at the bottom of the system are often faced with update and transmission. It is impossible to avoid accidents, quickly locate the causes of accidents, and recover disasters in time only by preventing copying data files.

Then "quickly locate the cause of the accident, recover data files in time, and minimize economic losses" has become a string of tension for us all the time.

◎ security events can occur at any time

[11:44, 2016-06-20] accident feedback

The head of the operation and maintenance department received feedback from the front-end business staff that some pages of a business system could not be accessed, so that the product order could not be traded normally.

[11:45 on 2016-06-20] accident analysis

After checking by the system developer, it is found that a file in the business system was updated at 11:43, and it is very likely that the file update caused the system to be inaccessible.

The head of the department ordered the business system to be restored and the cause of the accident traced as soon as possible.

[11:46 on 2016-06-20] accident location

Through a global search based on the "file name" and "address of the business system", we quickly located the background where someone logged in to the business system at 11: 40, downloaded the file at 11:41 using the sz command, and uploaded the file at 11:43 using the rz-y command, directly overwriting the original file and making a page of the business system inaccessible.

[11:49, 2016-06-20] crisis is over

Export the downloaded file and uploaded file in the fortress machine, compare and analyze the contents of the two files, and find that some of the codes of the two files are inconsistent. After the developers repaired the files in time, the business system was quickly restored to normal.

◎ simulates the accident

Simulate the entire event process:

(1) Operation and maintenance personnel log in to the system backend, and before transfer, the content of the test.txt file is "123456 111111".

(2) then use the sz command to download the file locally.

(3) modify the contents of test.txt file locally.

(4) then use the rz-y command to upload the file to the system background.

(5) finally, the content of test.txt is "111111".

(6) quickly locate through the audit function of the fortress machine.

(7) the consistency of the file can be judged directly by the SHA1 value.

Download the file:

Upload files:

◎, more risks await us.

There are a variety of ways to transfer files, such as SCP, SFTP, FTP, RDP (disk mapping and clipboard), zmodem and so on. If you fail to achieve prevention, control and audit in time, the consequences will be unimaginable.

The possible risks are:

(1) upload malicious files or *

(2) stealing data files

(3) *

(4) intention to *

(5) unintentional operation

.

◎ risk minimization

In view of the fact that the crisis was handled in a timely and smooth manner, thanks to the early standardization of the entire operation and maintenance management, especially the strict control and audit of file transmission:

(1) based on the rights management, standardize the relationship between the person and the server, and achieve prevention in advance.

(2) based on the file transfer control strategy, control who can transfer files and who can not transfer files, to achieve in-process control.

(3) based on file audit, any transferred file must be completely saved and positioned afterwards.

(4) based on the examination and approval of electronic work orders, people who do not have the authority to transfer files can apply for the transfer of files, but they can only transfer the files with the consent of the administrator, and the transferred files can be preserved completely.

"introduction to Zmodem/rz/sz" of Operation and maintenance Encyclopedia

What is Zmodem?

Zmodem protocol is an error checking protocol for modem. Using the Zmodem protocol, 512-byte blocks can be sent on modem. It is an enhancement of the Xmodem file transfer protocol, which not only transmits larger data, but also has a lower error rate.

What is rz/sz?

Rz/sz is a command line tool for Zmodem file transfer between Linux/Unix and Windows. To use this command line tool, you must require telnet/ssh client programs that support Zmodem on the windows side, such as xshell, SecureCRT and other tools.

How to use rz/sz

Log in to Linux/Unix using xshell, SecureCRT and other tools, and run rz/sz commands and parameters:

(1) sz: send (send) the selected file to the local terminal file directory

(2) rz: running this command will pop up a file selection window and upload the local selection file to the Linux/Unix server.

When using rz/sz, please note that some Linux/Unix systems do not install the rzsz package by default, so you need to download the corresponding version of the installation package from the Internet to install it manually.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.