Shulou(Shulou.com)06/01 Report--

Understand the organizational structure of the company

Division of corporate network

Quasi-access control

* detection capability

Emergency response capability

Follow-up employee safety awareness training sdl to develop * test web bash and other log audit.

System and network security

Ensure 100% accuracy of the asset in order to find the shortest board

Only when we find the border, can we implement the border security measures.

When the order of magnitude of assets increases, the accuracy of the newly added assets cannot be guaranteed.

Border security: ACL usage, IP whitelist usage, port usage

Problem: time, personnel changes will affect, ACL use, IP whitelist use, port use clarity and maintenance

Solution:

ACL lifecycle management: registration before launch, monitoring after launch, monitoring after change, monitoring after use

Server security lifecycle management: baseline configuration before launch, security assessment and scanning after launch, timely processing after going offline (many people are talking about it, but very little is really being done-Neeao)

Ideal result:

Every server, every service and port, every application version, every ACL rule, every IP whitelist should be clear and managed effectively.

Office network security

Isolation of office network from production network

Office network to achieve sso, unified entrance, to achieve two-factor authentication

All backends are transferred to the intranet.

Fortress machines in office networks and production networks only allow trusted devices to connect.

De-intranet, solve telecommuting through *, mobile phone app, and access equipment through trusted authentication

Business security

The three most common categories: library collision, malicious voucher collection, and information disclosure.

Solution:

Return the scattered landing entrances to one landing entrance

Business confrontation, by increasing cost and man-machine identification

Information disclosure: desensitization of sensitive information

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.