Operation and maintenance of security as the cornerstone of enterprise security, especially Internet companies, it is different from Web security, mobile security, or business security, operation and maintenance because of security lies at the bottom, or it comes to servers, network devices. Basic application, once the security problems, will direct threat to the security server. In daily operations, the operation and maintenance of security incidents occur usually indicates the company's safety regulations, processes in question, in this case will be more than one machine has the same vulnerabilities, will be a blockbuster, and even spread to the entire company the core business.
Share six classic associated with operation and maintenance of security vulnerabilities:
-
A successful Jingdong internal network of the roaming process (errors caused by a developer)
First, the company's R & D staff will release the code to third-party code hosting platform, such as GitHub.
Secondly, there are some configuration code of e-mail functions, and call the company's mailbox.
The company e-mail and VPN authentication is interconnected, and no VPN two-factor authentication.
A malicious user landed on corporate VPN through this account, in the process so as to achieve a roaming network. -
How do I get a high moral 7 vcenter and roaming within the network **
First, researchers will publish the company code to third-party code hosting platform, such as GitHub.
Secondly, there are some configuration code of e-mail functions, and call the company's mailbox.
No mailbox limit contacts traversal function, leading to traverse the address book
for a weak password sack (refer to FIG one weak password) for all users, is Burpsuite cracks (abbreviation: BP)
to give a group operation and maintenance or operation and maintenance employee mailboxes in the mail inside to find a plaintext password .txt -
Baidu station vulnerability to cause a leakage of sensitive information Getshell (involving at least 66W + password may contain user data network)
No security check on the front line, the directory .git leakage
detecting the source, to give UC_KEY
using UC_KEY webshell obtained
by the network webshell
-
Sohu zabbix, can lead to network penetration
zabbix default password (admin / zabbix)
execute normal command to test the command execution module
to execute malicious commands the server Anti connected to your machine
get zabbix Unix shell
within mention the right to mention the right, within the network network -
Presence of a weak passwords city 558 sites leads to a plurality of service Getshell (small roaming network)
Tomcat service manager module is present and opens
configured tomcat-users.xml, and there is a weak password
upload war package webshell obtained
network provide the right to provide the right, within the network
- Artifact only within a 360-odd tigers roaming station GETSHELL to webscan the
site backup files in the WEB root directory, and the user can download
website code loopholes
after Shell internal roaming network
Operation and maintenance management practices generally consists of the following nine elements:
1. Information Security Governance and Risk Management
2. Physical Security
3. Identity and Access Management
4. Host Security
The communication with the network security
6. disaster recovery and business continuity plan
7. Security Operations: Department of the role and responsibility
8. Security Configuration Management: step on-line security, data loss prevention (DLP) and vulnerability scan test
9. Operational Safety Standards and Reference System: Includes ISO27001, administrative and other content example of a safety management system
Security is a whole, is not the place to ensure the safety of more powerful, but to find their weak areas. Not one-sided approach to security, that is not considered accidents is peace and harmony, there must be a sense of crisis.
>>>>> full content of operation and maintenance and safety management compulsory
Courses Address: https://www.aqniukt.com/course/4502