During major national events, the government, enterprises, universities, operators, financial institutions and other units all need significant protection against the impact of network security threats, with the key target being the key information infrastructure such as core business systems and sensitive information assets.
Therefore, all units need to prepare for re-insurance services, implement the corresponding network security responsibility system, establish a 7 * 24-hour monitoring and early warning protection system, ensure timely disposal of network security risks, fully prepare for network emergency response and security, and try to avoid security risks such as hacking, tampering, and being infected with ransomware.
The multi-faceted Rubik's cube security service team has deployed and served a number of heavy insurance units since before the Spring Festival, and summarized the security operation service content for reference in the industry based on work experience.
Re-insurance targets and objects
The key targets of the re-insurance scenario are key information infrastructures and important information systems, such as websites of party and government organs, enterprises and institutions, key news websites, and major platforms and production and business systems. Its core purpose is to ensure the stable operation of key information infrastructures and important information systems during major events and avoid network security attacks by reactionary hackers and hostile forces as much as possible.
Re-insurance service scope
The re-insurance service covers all key security units in China, including key infrastructure facilities such as public security, education, electric power, municipal administration, transportation, military, radio and television, medical care, railways, banks, telecommunications and mainstream media.
National Cyberspace Security Strategy 20 16 years1February
National key information infrastructure refers to information facilities that are related to national security, national economy and people's livelihood. Once data is leaked, destroyed or lost, it may seriously endanger national security and public interests, including but not limited to basic information networks that provide services such as public communication, radio and television transmission, energy, finance, transportation, education, scientific research, water conservancy, industrial manufacturing, medical and health care, social security, public utilities and other fields.
Regulations on the Protection of Critical Information Infrastructure (draft for approval) 20 181Feb
Eighteenth network facilities and information systems operated and managed by the following units, once damaged, lost function or data leakage, may seriously endanger national security, national economy and people's livelihood, public interests, should be included in the scope of protection of key information infrastructure:
(1) Finance, including banking, securities and insurance;
(two) energy, including electricity, oil and gas, petrochemical, etc.;
(3) Transportation, including civil aviation and railways;
(4) water conservancy;
(five) public services, including education, health care and social security;
(6) National defense science, technology and industry;
(7) E-government.
Threats to network security of major events
Every year, the competent units, such as the network supervisor of Re-insurance Network Security, will check the key information infrastructure of key units, and report the rectification of hidden dangers. Therefore, the time is tight and the task is the same problem faced by all Re-insurance units, and it is urgent to organize personnel to carry out hidden dangers investigation, loophole repair, security reinforcement, and monitoring duty work of business systems.
Re-insurance demand analysis
In the face of complicated work, information security work will also face various demands. In addition to internal and external rigid requirements, it is also necessary to report and arrange specific work for leaders.
Re-guarantee core work
Vulnerability detection
Before re-insurance, detect and evaluate the security vulnerability of all important business systems and network/security equipment;
Internet security risk assessment
Assess intranet security risk assessment
Equipment/terminal safety baseline verification
Evaluation of safety management system
......
Safety reinforcement and rectification
Security rectification and reinforcement of business systems and equipment with security risks detected;
Network security equipment reinforcement
Terminal equipment reinforcement
Server reinforcement
Business system backup
......
Notice early warning
Notification (verification), disposal and feedback process of network security status, events, notification and early warning during re-insurance:
Security vulnerability notification process
Security incident notification process
Internet asset notification process
Security vulnerability verification process
Security event verification process
Notification or early warning process
Quick disposal
A set of emergency handling work for rapid handling of network security incidents such as emergency hidden trouble handling, website backdoor, webpage tampering and anti-* * hackers during re-insurance.
Re-insurance solution framework and process
Decomposition of reinsurance scheme: three stages
Before re-insurance-intranet security risk assessment (asset sorting)?
Identify high probability attacks, safeguard target assets and related assets and network equipment, and clearly include them in the scope of key re-protection protection.
The target assets are the hosts of important business systems (class III and above, key information infrastructure systems) facing the Internet, including management background and middleware servers.
The potential target assets are servers or proxy devices with Internet communication IP and external ports.
Hosts, servers, middleware and fixed terminals of other business systems that have direct interactive communication with potential target systems by using springboard at high risk.
Key equipment: remote network access access equipment and network boundary equipment.
Related safety protection equipment within the network scope of the existing safety equipment system.
High-risk assets Shadow assets (unknown assets) equipment with network external communication connection capability.
Network security awareness is an activity that takes people in an organization as a starting point, focuses on the weak links where network security loopholes may occur, such as knowledge, skills and behavior activities, and strengthens and promotes the network security awareness of people in an organization through some methods such as publicity, training and education.
Re-insurance period-safety monitoring and real-time defense
Work objective: Monitor for 7*24 hours during re-insurance, monitor the security situation in real time, discover the attack behavior, and respond to security incidents urgently to ensure the safety during the whole re-insurance.
Reinsurance is over
1, work summary
2. Suggestions on safety planning
3. List of programs
Our values and advantages