Shulou(Shulou.com)05/31 Report--

In this issue, the editor will bring you about how to do a good VIRUS.COVID-19 emergency response. The article is rich in content and analyzes and describes for you from a professional point of view. I hope you can get something after reading this article.

In any case, the outbreak of the virus, at this time we are obsessed with the past prevention, preparatory measures of little significance, the top priority is to do a good job of emergency response and control.

1. After the emergence of the pneumonia epidemic in Wuhan, a large-scale asset survey should be carried out as soon as possible, focusing on how many assets there are, access and liquidity. Instead of replacing the epidemic with public opinion, early warning is treated as maintaining stability.

Decades of work experience tells me the fact that asset management is a task that all enterprises think is important, but no department attaches importance to it. Generally speaking, each department has its own asset list, but it is not complete. Generally speaking, as soon as you start to use assets to get the job done, you will find that the asset management of the enterprise is really a mess, and it may take a long time to realize that 500W terminal assets are missing.

After screening the infected assets and the affected system, it should be offline as soon as possible, repair, so that all infected people are admitted and quarantined.

2. In order to prevent the virus from spreading to other systems and carry out security monitoring at key nodes, the backbone network (high-speed entrances, airports, railway stations, etc.) should play the role of firewalls, NIDS and other systems to form a trend tracking of personnel flow throughout the network, and the market of suspected personnel can be used as a reference for decision-making.

3. According to the epidemic situation, send the detection ability to the probe nodes of the network (community entrances and exits, shopping malls, enterprises, etc.). Because the detection base is huge, in the case of limited resources, the body temperature of 37.3 degrees Celsius is temporarily used as the test condition to screen the list of fragile assets, and then assist with CT image scanning and nucleic acid analysis and other feature matching means to detect and confirm the diagnosis, all the diagnosed people are admitted and quarantined.

4. Issue a virus warning notice to the world, provide users with operational preventive measures, require all terminals to install firewalls, do a good job of port (mouth, nose) isolation, and terminals without firewalls are prohibited from entering the network.

5. Pay attention to official patches. Generally speaking, official patches lag behind. Local organizations should make concerted efforts to provide mitigation measures, such as establishing a mutex of the same name that misleads the virus to exist in the host. Since there is still no official patch vaccine so far, there is a clear risk of compatibility with existing mitigation measures. General business systems can try to restart, but the risk of human restart at the terminal is extremely high, so we need to avoid restarting, pay attention to the target system load after the implementation of mitigation measures, and avoid process deadlock and CPU and other resource exhaustion (immune storm).

6. Some sensitive businesses, such as flowers in the motherland, must be cut off from the network, some social basic security services can be operated with minimum authority, zero trust and no contact service can be used, and some systems need to assess the potential risk of operation with virus, and can not get under the line of fire slightly. However, it is necessary to do a good job in operation monitoring and backup to ensure that the running track is searchable and controllable.

After completing the initial emergency work quickly, we should further refine the management and control, avoid systemic risks, and resume business operations as soon as possible:

1. Gradually divide the security domain according to the province, city and community, and adopt the whitelist mechanism to require compulsory identity authentication. In and out of the community, we can use two-factor authentication, dynamic password, health code and other methods, combined with the actual situation to achieve the organic combination of convenience and control. Microisolation is carried out per household within the community.

2. Local government organs should conduct secondary screening according to the gate flow and access logs, and the terminal logs collected by the business systems of various agencies should adopt sharing measures and concentrate on the SOC platform for unified analysis, so as to avoid the embarrassing situation of relying solely on shouting in the whole network.

3. Because of the risk of evolution and deformation of the virus, it is necessary to link up with global scientists as soon as possible to share research achievements and research progress, to make an orderly division of labor with the help of superior scientific research institutions, to avoid repetitive work, and to synchronize sufficient information. strive to overcome the problem of virus detection and treatment at the first time, and write the paper on the land of the motherland.

4. Enable trusted evaluation mechanism, have registration mechanism for dishonest behaviors such as individual concealment, failure to install access components to commit crimes, and evaluate institutions for concealment and procrastination. There should be a scoring and evaluation mechanism for the response ability of each software warehouse and the confidence of media information of all parties.

5. Long-term attention to the cured target, perfect repair of samples is our goal, but most of the virus can be inactivated after infection, the target assets generally have legacy characteristics after infection repair, which is easy to cause false positives by other organizations. The individual file itself also has a section gap to be filled, and the function call process is modified, which needs to be tracked for a long time. The infected assets are often fragile assets, which need to be assessed and given humanistic care.

Review of accidents and how to do a good job in epidemic prevention and control

1. To attach importance to the construction of the intelligence system, we should not only have the mechanism of active reporting system of security terminals covering various provinces and cities, but also do a good job of information monitoring, information classification and analysis of multiple epidemic sources in the whole network. Pay attention to the third-party intrusion detection system, such as for the rumor system, to invite professionals to conduct manual analysis and investigation work, not simple rough admonition. In addition to the manpower of normal system construction, operation and maintenance, manual analysis is the top priority, and safety investment should be emphasized.

2. In peacetime, third parties and competitors from other regions can often be invited to conduct red and blue drills. You cannot meditate on security exercises behind closed doors at home. The drills should be conducted on the basis of actual combat and assisted by simulation exercises to fully verify the effectiveness of the defense system.

3. Do a good job in safety planning, which basic materials must be stored, what is the stock, what is the production capacity, how to transport, and whether all links have the ability to prepare for disasters when the epidemic occurs. Whether we can carry out a larger division of security areas, such as the Yangtze River Delta, the Pearl River Delta and so on, needs to be deeply considered. To do a good job of safety popular science education in an orderly manner can correctly identify the medicinal value of double yellow eggs. Conduct safety awareness training for all staff to enhance users' safety and health awareness and understand the basic safety knowledge, such as how to wear masks correctly, otherwise the loss of face is small and the infection is big.

4. To do a good job of safety management, it is required to have clear safety norms and work objectives, coding standards, operation and maintenance standards, operation procedures, etc. are concise and effective, can effectively evaluate the ability of mobilization and cooperation, for the operation is not clear, the management personnel who are not clear about the process are abolished in time, and the departments that have nothing to do and throw pots everywhere are evaluated and abolished in time for chaotic material management. Do a good job in the construction and security of information systems, do a good job in protecting personal privacy, destroy unnecessary redundant information in a timely manner, avoid the end of the epidemic, and personal information repeatedly registered by various institutions flows into the underground industry market.

That's it. I hope the epidemic will happen again. We really have the confidence to announce:

In recent years, our large-scale monitoring, early warning and prevention capabilities have been continuously improved, the prevention and control technology belongs to the world's leading level, the stocks of epidemic prevention drugs and equipment are relatively sufficient, the risk of outbreak in a large area of the epidemic is very low, and the harm is preventable and controllable.

The above is the editor for you to share how to do a good VIRUS.COVID-19 emergency response, if you happen to have similar doubts, you might as well refer to the above analysis to understand. If you want to know more about it, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.