The normal operation of the information technology system is directly related to the normal operation of the enterprise or production. However, IT network operation and maintenance managers often face the following problems: slow network speed, equipment failure and low application system efficiency. Failure of any information technology system, if not dealt with in time, will have a great impact and even cause huge economic losses. The information technology department comprehensively manages the information technology operating environment (such as software and hardware environment, network environment, etc.). ), information technology business systems and information technology network operation and maintenance personnel adopt relevant methods, means, technologies, systems, processes and documents, etc. Build a safe operation network operation and maintenance system.
Introduction to Network Operation and Maintenance
1. Environmental management requirements
1) Designate a special department or personnel to be responsible for the safety of the computer room, manage the entry and exit of the computer room, regularly maintain and manage the power supply and distribution, air conditioning, temperature and humidity control, fire protection and other facilities of the computer room.
2) A computer room security management system should be established to manage the actual entry into the computer room, the entry and exit of computer room items, and the environmental safety of the computer room.
3) Visitors should not be received in important areas. During reception, no paper files or removable media containing sensitive information are on the desktop.
2. Asset management requirements
1) A list of assets related to the protected object should be compiled and kept, including the department responsible for the assets, their importance and location, etc.
2) Assets should be identified and managed according to their importance, and corresponding management measures should be selected according to their value.
3) Specify information classification and identification methods, and standardize the management of information use, transmission and storage.
3. Media management requirements
1) Ensure that the media is stored in a safe environment, control and protect various media, have a special person manage the storage environment, and conduct regular inventory according to the catalog list of the archived media.
2) Control the personnel selection, packaging and delivery of the media during the physical transmission process, and record the archiving and query of the media.
4. Equipment maintenance and management requirements
1) All kinds of equipment (including standby and redundant equipment), lines and other designated special departments or personnel should be regularly maintained and managed.
2) Establish maintenance and management systems for supporting facilities, software and hardware, and effectively manage and maintain, including clarifying the responsibilities of network operation and maintenance personnel, approving foreign-related maintenance and services, and supervising and controlling the maintenance process.
3) It should be ensured that information processing equipment must be approved before being taken out of the computer room or office. When devices containing storage media are taken out of the work environment, important data must be encrypted.
4) Devices containing storage media should be completely cleared or securely overwritten before being scrapped or reused to ensure that sensitive data and authorized software on the device cannot be reused.
5. Vulnerability and Risk Management Requirements
1) Take necessary measures to identify safety and hidden dangers, and repair the discovered safety and hidden dangers in time or evaluate and repair the possible impact. 2) Regularly conduct safety evaluation, form a safety evaluation report, and take measures for the discovered safety problems.
6. Network and system security management requirements
1) Network and system operation and maintenance management should be divided into different administrator roles, and the responsibilities and permissions of each role should be clarified.
2) Designate a special department or personnel for account management, control account application, account establishment and account deletion.
3) A network operation and system security management system should be established to specify security policies, account management, configuration management, log management, daily operations, upgrades and repairs, password update cycles, etc.
4) Formulate configuration and operation manuals for important equipment, and perform safety-optimized configuration of equipment according to the manuals.
5) Record operation and maintenance logs in detail, including daily inspections, operation and maintenance records, parameter settings and modifications, etc.
6) Strictly control the change operation and maintenance. Changes to connections, installation of system components, or adjustments to configuration parameters should only be made after approval has been obtained. An irreversible audit log should be kept during operation. After running, the configuration repository should be updated synchronously.
7) Strictly control the use of operation and maintenance tools, and only enter the operation after approval. Unchangeable audit logs should be saved during the operation, and sensitive data in the tool should be deleted after the operation.
8) The remote control opening should be strictly controlled, and the remote control interface or channel must be approved before it can be opened. Unchangeable audit logs should be saved during the operation, and the interface or channel should be closed immediately after the operation.
9) Ensure that all external connections are authorized and approved, and regularly check for violations of wireless Internet access regulations and other violations of network security policies.
7. Malicious code prevention management requirements
1) All users should raise their awareness of anti-maliciousness and inform them to check for maliciousness before connecting external or storage devices to the system.
2) Provisions should be made for malicious protection requirements, including the authorized use of anti-malware software, malicious library upgrades, malicious regular inspections and killings, etc.
3) The effectiveness of technical measures to prevent malicious code attacks should be regularly verified.
8. Configuration management requirements
1) Record and save basic configuration information, including network topology, software components installed on each device, version and patch information of software components, configuration parameters of each device or software component, etc.
2) Incorporate changes in basic configuration information into the scope of changes, implement change control of configuration information, and update the basic configuration information database in a timely manner.
9. Password management requirements
Technologies and products that comply with national regulations should be used.
10. Change Management Requirements
1) Change requirements should be clearly defined. Before the change, a change plan should be formulated according to the change requirements. Change plans shall be reviewed and approved prior to implementation.
2) Establish change declaration and approval control procedures, control all changes according to the procedures, and record the change implementation process.
3) Establish procedures for suspending changes and recovering from failed changes, clarify process control methods and personnel responsibilities, and conduct drills for the recovery process if necessary. 11. Backup and recovery management requirements
1) Identify important business information, system data and software systems that need to be backed up regularly.
2) The backup method, backup frequency, storage medium and storage period of the backup information shall be specified.
3) According to the importance of data and the impact of data on system operation, formulate data backup and recovery strategies, backup procedures and recovery procedures.
12. Security incident handling requirements
1) The discovered security weaknesses and suspicious events should be reported.
2) Establish a security incident reporting and handling management system, clarify the reporting, handling, and response procedures for different security incidents, and clarify the management responsibilities for on-site handling, incident reporting, and post-security incident recovery.
3) In the process of security incident reporting and response processing, analyze and identify the cause of the incident, collect evidence, record the processing process, and summarize experience and lessons.
4) For major security incidents that cause system interruption and information leakage, different handling and reporting procedures should be adopted.
13. Emergency plan management requirements
1) A unified emergency plan framework should be stipulated, and emergency plans for different events should be formulated under this framework, including the conditions for starting the plan, emergency treatment process, system recovery process, post-event education and training, etc.
2) Provide sufficient resources for the implementation of emergency plans in terms of manpower, equipment, technology and funds.
3) Regularly conduct emergency plan training for relevant system personnel and conduct emergency plan drills.
4) The original emergency plan should be reassessed and revised regularly.
14. Outsourced operation and maintenance management requirements
1) Information technology should ensure that the selection of information technology outsourcing operation and maintenance service providers complies with relevant national regulations.
2) Sign a relevant agreement with the selected information technology outsourcing service provider, clearly specifying the scope and work content of the outsourcing.
3) It should be ensured that the selected information technology outsourcing service provider has the ability to carry out security work in accordance with technical and management requirements, and the capability requirements should be specified in the signed agreement.
4) All relevant security requirements should be stipulated in the agreement signed with the information technology outsourcing operation and maintenance service provider. For example, information technology may involve access, processing and storage requirements for sensitive information, and emergency assurance requirements for interruption of service of information technology infrastructure.