当前位置:网站首页>The boss is quarantined
The boss is quarantined
2022-07-07 02:18:00 【Ma Nong turns over】
1
Telecommuting
As a small and medium-sized company IT Head of department operation and maintenance , Zhang Dafu has been under great pressure recently .
Under the epidemic , Several people in the company have been isolated as close contacts , The voice of other employees for home telecommuting is getting louder .
Zhang Dapu also wants to work remotely at home , Safe and free , But the company's customer management system ,OA The systems are deployed in the company's own computer room , It is an internal LAN , How can I visit at home ?
Cannot access , How to telecommute ?
Obviously , The simplest way is to build a set VPN System , Everyone is assigned an account , This solves the problem . however VPN The configuration is complex and expensive , It's not suitable for this small company .
Zhang dafun is bored searching on the Internet , I found a man called “ Dandelion Yi Lian ” Office platform , No need for a private network 、 There is no need for the public network IP, There is no need to change the existing network structure , You can easily build a virtual LAN , Let employees visit the company at home IT System .
This “ The dandelion ” It works like this :
First step , Operations staff ( That is, oneself ) Create a dandelion management platform “ virtual network ”.
The second step , Create a member account for each employee in the virtual network , Each member will be assigned one ID、 Passwords and virtual IP Address .
( Click to see a larger image )
The third step , Each employee downloads and installs dandelion client .( Of course , It also needs to be installed on the company's server )
In addition to supporting Windows outside , Dandelion client also supports almost all other mainstream operating systems on the market :
then , Employees can log in with the previously created account and password .
Now every machine has a virtual IP, Employees can not only use it to access OA and CRM System , Machines among employees can also be interconnected .
Zhang Dapu really didn't expect , It's so simple to build a virtual LAN !
He excitedly went to the boss to report the good news , Expect the boss to give an order , Everyone can go home and work remotely .
The boss listened to the report , be noncommittal , Just a faint question : How safe ? If an employee's account is compromised , our OA and CRM The system is not equivalent to running naked on the Internet ?
Zhang Dafu's head was suddenly covered , I'm too impulsive , Report to the boss before considering improvement , I made a big mistake .
Zhang Dafu apologized repeatedly : I don't think well , Go back and study , Come back and make a report .
2
Secure access
Back to your seat , Zhang Dafan thought carefully : Is the boss too demanding ?!
Now even VPN System , The account has been leaked , Isn't the intranet system also exposed ? Also streaked ? The same problem !
If you make an analogy ,VPN The gateway is like a guard , Legal users have passed the inspection of the guard , Enter the community , He will only go where he wants to go 1 building .
But for hackers who steal other people's identities , Once he enters the community , Just go 1 building , I will definitely go 1,2,3... Stroll around building , See if there is anything valuable , Steal it , Or ambush a back door or something .
Can't even a user who logs in to the system through the account password be trusted ? What should I do ?
Zhang Dafu was stunned .
Is this time , Go to the tea room to fetch water CTO Lao he saw Zhang Dafu in a daze , Gently patted him on the shoulder : What do you daydream in broad daylight ?
Zhang Dafu told Lao he about his experience and confusion , Lao he laughed :“ Your problem is also easy to solve , Use your example to compare , We first check at the gate of the community , But even if a person passes the guard's inspection , Enter the community , When he is doing something , And continue to be checked , See if his identity is right , Do you have permission to , If an exception is found , Just kick him out .”
“ That is to say, the principle of minimum permission should be used , Implement refined authority control ?” Zhang Da Pang asked .
“ Children can teach !” Old he left with a cup .
Zhang Dafu immediately went to check the dandelion easy plan , It is found that it supports custom setting of access permissions between members , So as to realize the refined access strategy .
Managers can meet different job requirements 、 Working hours , Set different access permissions for resources in the network . for example : Ordinary employees can only access OA System 、 Finance can access the corresponding financial system , R & D visit git、SVN etc. , Implement the minimum permission principle , High precision protection of sensitive data access security .
( Click to see a larger image )
This solves the problem ?
3
In depth research
however , This time, Zhang Dafang learned well , We must do in-depth research , Then you can report to the boss .
This time when Zhang Dafu was creating the network , I chose “ Custom network ”:
Assign account numbers to employees , When creating network members , Specify the role of the employee :
By default , Ordinary members cannot communicate with each other , Only with center members ( For example, server ) Interworking .
“ Dandelion Yi Lian ” There is also a very powerful access strategy , Fine authorization , For example, you can specify that certain users can only access certain machines , It can only be accessed at a certain time :
( Click to see a larger image )
For example, he Xiaoheng's machine in the above figure can only be accessed from Monday to Friday CRM The server .
Zhang Dafan is very satisfied , With refined authorization , It solves the boss's requirements .
In addition to the prior permission configuration ,“ Dandelion Yi Lian ” It also supports post event log auditing , Who logged in to the client at what time and where , Have you done anything , You can check . The so-called prior perception , Ex post facto .
He continued to try , I also found several very good functions , For example, data transmission adopts RSA/AES Hybrid asymmetric encryption algorithm , It's kind of like Https The implementation of , Very safe .
There is also device terminal verification , If this device is not a trusted terminal like a private computer ,“ The dandelion ” It will be continuously verified , It is required to provide dynamic verification code .
This is equivalent to security guards everywhere in the community , To thieves ( Untrusted terminals ) Keep checking , Exception found , Alarm immediately .
What's more useful is , It also supports third-party data access , You can put enterprise wechat 、 nailing 、 Flying book, etc IM Get your address book data , Real time synchronization , Staff entry 、 quit 、 Permission changes are updated in real time , Greatly improve the convenience of member management .
4
The end of the
Before reporting , Zhang Dafan made one PPT, Count it “ Dandelion Yi Lian ” Several advantages of :
1. Support pure software solutions , Not limited by hardware , Do not change the existing network structure
2. Efficient and easy to use , Low threshold for use , One click networking 、 One click connection
3. Low cost , High cost performance , There is no need for special line and public network IP
4. The most important , Very safe
Zhang Dafu is full of confidence this time , He was preparing to report , In wechat, the boss suddenly called him crazily :
Da Pang Zhang , I was quarantined ! How come the network of remote office hasn't been set up yet ?!
Zhang Dafu was surprised and delighted , Hurry up PPT Transfer the past : Boss, don't worry ,“ Dandelion Yi Lian ” Do it right away , You can access the Intranet in a moment !
Welcome to scan the code and consult dandelion Yilian
边栏推荐
- Recent applet development records
- FLIR blackfly s usb3 industrial camera: how to use counters and timers
- 【服务器数据恢复】raid损坏导致戴尔某型号服务器崩溃的数据恢复案例
- ROS学习(25)rviz plugin插件
- 机器人队伍学习方法,实现8.8倍的人力回报
- 红外相机:巨哥红外MAG32产品介绍
- 【论文阅读|深读】RolNE: Improving the Quality of Network Embedding with Structural Role Proximity
- The GPG keys listed for the "MySQL 8.0 community server" repository are already ins
- Livox激光雷达硬件时间同步---PPS方法
- 新一代云原生消息队列(一)
猜你喜欢
Errors made in the development of merging the quantity of data in the set according to attributes
组合导航:中海达iNAV2产品描述及接口描述
FLIR blackfly s industrial camera: explanation and configuration of color correction and code setting method
建議收藏!!Flutter狀態管理插件哪家强?請看島上碼農的排行榜!
STM32F4---PWM输出
Batch delete data in SQL - set in entity
【Unity】升级版·Excel数据解析,自动创建对应C#类,自动创建ScriptableObject生成类,自动序列化Asset文件
Modify the system time of Px4 flight control
@Before, @after, @around, @afterreturning execution sequence
Flir Blackfly S USB3 工业相机:计数器和定时器的使用方法
随机推荐
Jacob Steinhardt, assistant professor of UC Berkeley, predicts AI benchmark performance: AI has made faster progress in fields such as mathematics than expected, but the progress of robustness benchma
PartyDAO如何在1年内把一篇推文变成了2亿美金的产品DAO
【论文阅读|深读】 GraphSAGE:Inductive Representation Learning on Large Graphs
Threadlocalutils (tool class IV)
处理streamlit库上传的图片文件
Flir Blackfly S工业相机:颜色校正讲解及配置与代码设置方法
Zabbix 5.0:通过LLD方式自动化监控阿里云RDS
ROS学习(二十)机器人SLAM功能包——rgbdslam的安装与测试
Shell script quickly counts the number of lines of project code
ROS learning (23) action communication mechanism
CISP-PTE实操练习讲解(二)
【论文阅读|深读】DNGR:Deep Neural Networks for Learning Graph Representations
Big guys gather | nextarch foundation cloud development meetup is coming!
Freeswitch dials extension number source code tracking
Date processing tool class dateutils (tool class 1)
UC伯克利助理教授Jacob Steinhardt预测AI基准性能:AI在数学等领域的进展比预想要快,但鲁棒性基准性能进展较慢
Processing image files uploaded by streamlit Library
【Unity】升级版·Excel数据解析,自动创建对应C#类,自动创建ScriptableObject生成类,自动序列化Asset文件
Time synchronization of livox lidar hardware -- PPS method
RC振荡器和晶体振荡器简介