Shulou(Shulou.com)06/01 Report--

Who am i

All bloggers see the first chapter of the top blog.

I have been engaged in information security for 7 years, and I have not lost my hat or left a name on src such as Dark Cloud, but I have also paid attention to the motives and major events of hacker. I have been engaged in corporate security protection work to identify the vulnerability of intranet assets, so that it is not so easy for hacker guys to take down data, networks and sites.

Love life, love freedom.

Along the way, there are no enemies, just friends and division commanders.

Theme one

The network is the foundation of the enterprise business, in the level of network security, the traditional protection focuses on the external network, which is usually regarded as the place outside the boundary of the enterprise Internet. The intranet and its running or accommodating services often become the key factors affecting the security of enterprise business because of poor security. Therefore, to enhance the security of enterprise intranet is one of the important work to improve enterprise security.

What are the border security loopholes that we have ignored?

The importance of Enterprise Security Intranet Security

Office network

Production network

Other

Those that are serious and easily overlooked

1. Stubborn and unhealthy default configuration

2. Missing network security boundary

3, wayward code implementation, especially the kind of self-righteous programmers who operate like a tiger and sprinkle 3000 lines of code, who do not consider the logic defects of the code at all.

4. Slow event handling, emergency response has no effectiveness, no sample analysis, no timely review. No retrospective event handling.

5. Passive log audit

Stubborn and unhealthy default configuration

NO.1 default password-weak password

This weak password detection can be based on automated tools, explosive extraction, very simple

NO.2 's missing boundaries and wayward implementation bypass acl and access the management backend from the public network

NO.3. We are familiar with the management system will expose the core business server address, such as domain control and site group host address, this part will not give an example.

For the * events caused by the NO.4 monitoring system, some of the monitoring systems have a large permission to roam in the private network. Most of the OPS teams need to establish agent users on the corresponding servers to deploy the monitoring system, which can be used as a platform for the × × private network, all of which require high-level protection.

What will you do with the monitoring system?

1. Scanning

2. Login weak password blasting

System log

Port scanning, headache webshell, can not effectively deal with the emergency, bloggers do not give examples, write this post is intended to know the importance of intranet security. Safety protection needs to be considered as a whole, both internal and external.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.