Shulou(Shulou.com)06/01 Report--

This weekend will be an unforgettable weekend for most network managers.

In the past 48 hours, a round of blackmail virus has raged around the world. Britain, Russia and Italy fell one after another. In the UK, the NHS suffered a massive network on May 12, with computer systems in several public hospitals paralyzed almost at the same time and telephone lines cut off, forcing many emergency patients to be transferred. In China, colleges and universities have become the worst-hit areas, many colleges and universities have virus infection, a large number of graduate papers have been encrypted and extorted, and even some gas stations have been infected.

It is worth noting that so far, there is no effective method to detect and kill the blackmail virus, which spreads quickly and is highly harmful, which has attracted the attention of the National Network and Information Security Information Communication Center, and a notification was issued around 20:00 on May 12, 2017:

The new "worm" blackmail virus has broken out. At present, tens of thousands of computers in more than 100 countries and regions have been infected by the blackmail virus, and some users of Windows operating systems in China have been infected. Please upgrade and install the patch as soon as possible, the address is: https://technet.microsoft.com/zh-cn/library/security/MS17-010.aspx. There are no official patches for Windows 2003 and XP, so users can turn on and enable Windows Firewall, enter the Advanced Settings to disable File and Printer sharing settings, or enable personal firewalls to close 445and high-risk ports such as 135,137,138,139. Machines that have been infected with the virus should be cut off immediately to avoid further transmission of infection. "

The virus is threatening, as information departments and network management technicians, what should we do to ensure the security of the local area network? We recommend that you do this:

1. The connection between the external network and port 445 of the intranet is prohibited on the firewall of the egress router.

two。 Port mapping, DMZ hosts, need to shut down ports 445 and 135,137,138,139 on the windows firewall.

3. Access to port 445 between vlan is prohibited on the core switch of the intranet.

4. The above steps, can only start a certain defense and isolation effect, or to seize the time to make patches!

In addition, WFilter's "network health detection" plug-in has a "suspicious host" detection function. Once the infected host starts the public network, it can also be detected.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.