In order to discover their own safety hazards and weak links in time , The blue team needs to carry out targeted self-examination , And carry out safety rectification and reinforcement , The content includes asset sorting 、 Network architecture 、 Safety inspection and reinforcement .
One 、 Asset sorting
1)
Sorting out sensitive information
Use sensitive information to disclose intelligence services , Sort out the sensitive information exposed on the Internet by the company and clean it up or hide it , To reduce the risk of information being used by the attack team .
2)
Internet asset discovery
Take advantage of Internet asset discovery services , Sort out the assets of the company units exposed to the Internet , Find unknown assets and unknown Services , Form a list of Internet system assets ; Define asset attributes and asset information , To have no owner 、 Is not important 、 Clean up high-risk assets .
3)
Sorting of Intranet assets
By combing the intranet assets 、 The component version 、 Those responsible 、 Fingerprint identification, etc , Clarify the status of Intranet assets , Form an asset list , It is convenient for subsequent rectification and reinforcement , In case of emergency disposal, the responsible person can be notified in time , It can also locate and repair the exposed vulnerabilities of relevant components in time ; And the identification of important systems ( Including centralized system ) It is also convenient for the subsequent protection of important systems and business flow sorting .
4)
Third party suppliers sort out
Sort out all third-party suppliers , Including equipment manufacturers ( Network devices 、 Safety equipment, etc )、 Application developer 、 Service provider ( The cloud service 、 Operation and maintenance services, etc ), They are required to do well in their own safety management 、 Own product safety reinforcement , Provide defensive monitoring personnel support .
5)
Business connection units sort out
Sort out all business connection units and connection forms 、 System 、 Area 、IP entrance , Understand the protection monitoring status , Joint prevention and control with participating business connection units , Establish a security incident notification mechanism
6)
Cloud assets sorting
By combing the cloud management platform of private cloud 、 Cloud software 、 Underlying operating systems and public cloud assets , Clear the status of cloud assets , Form an asset list , It is convenient for subsequent rectification and reinforcement , In case of emergency disposal, the responsible person can be notified in time , It can also locate and repair the exposed vulnerabilities of relevant components in time .
Two 、 Network architecture
1) Network access path sorting
Specify the system access source ( Include users 、 A device or system ) The type of 、 Location and network nodes , For subsequent monitoring 、 Use when tracing , Ensure the integrity of the North-South monitoring traffic after the security architecture is sorted out .
2) Operation and maintenance access path sorting
Identify whether there are potential safety hazards , It is convenient for subsequent optimization and unified rectification 、 strengthening , Confirm whether the protective and monitoring equipment is missing .
3) Security architecture
Assess whether the security domain division is reasonable by sorting out the architecture , Whether the protective and monitoring equipment is properly deployed , Is there a missing , Is there any potential safety hazard .
4) Security device deployment
It is suggested that the company should supplement relevant safety equipment as soon as possible , So as not to affect the smooth progress of safety protection work . According to the experience of defensive events in recent years , Evaluate the safety protection equipment that customers lack in key places .
3、 ... and 、 security check
1) Routine safety checks
Routine safety checks , That is, the traditional safety assessment and inspection work , It mainly involves network security 、 Host security 、 Application security 、 Terminal security 、 Log audit 、 Security assessment of backup, etc . By carrying out safety inspection , Find out the environmental risks of the company , And write according to the results of the inspection output 《 Risk rectification report 》.
2) Special inventory
Carry out a special inventory of the key attack means and targets adopted by the attack team , It mainly involves password and unauthorized vulnerability 、 Safety inspection of important systems , Try to avoid high risks 、 Low cost problem .
3)Web Safety inspection
Web Security detection should focus on finding security vulnerabilities and hidden dangers to the greatest extent , Verify whether the previously discovered security vulnerabilities have been rectified in place . If conditions permit , Carry out source code security detection for important information systems 、 Security vulnerability scanning and penetration testing Web Safety inspection , Key points should be tested Web The weak link of invasion , For example, weak passwords 、 Upload any file 、 Middleware remote command execution 、SQL Injection, etc. .
In order to test the effectiveness of monitoring measures , The security of the security product itself 、 Deployment location 、 Coverage assessment ; In order to find problems faster , It is necessary to deploy full traffic threat detection as much as possible 、 Network analysis system 、 Honeypot 、 Host monitoring and other safety protection equipment , Improve the effectiveness of monitoring 、 timeliness 、 accuracy ; The monitoring personnel also need to master the safety products , Optimize safety product rules .
原网站版权声明
本文为[InfoQ]所创,转载请带上原文链接,感谢
https://yzsam.com/2022/177/202206262149559756.html
![leetcode:6103. Delete the minimum score of the edge from the tree [DFS + connected component + value record of the subgraph]](/img/16/8dc63e6494b3f23e2685e287abc94c.png)
