It all starts combing assets

Others 2019-09-28 21:40:30 views: null

Tips: 1200+ word article is expected to read three minutes. Keywords: hidden assets, assets in order, to find out the real situation, asset security governance

If you want to invade a server, start from the open port services; so, if you want to invade an enterprise, from Internet assets exposed face detection, mainly to collect information about the domain name, IP.

You had to know how much business you are in net assets exposed it?

Posted outside the network through the firewall, where the internal and external network mapping between + DNS records, constitute a complete network link, and these links determines how many assets are exposed on the Internet. Many companies have no assets there is a clear problem, various historical issues, such as business registration and management port is not opened, or the transfer of the project objective factors, such as mobility, resulting in net foreign assets of the enterprise there has been chaos, invisible assets has become entry point for attackers.

Standing on the perspective of the attacker protection do we need to do a comprehensive sort of information assets.

Sort out ideas: internal and external network IP and port mapping -> Verify that the server administrator -> business systems and Description -> domain access address

The face of hundreds of mapping rules, a section of re-sort in the past, really is a very test of patience task. In this sort of process, you will find some of the obvious security risks are often overlooked.

  1. Outside the network open high-risk ports, such as port 3306,1521 and other sensitive databases.

  2. Internal applications open external network access.

  3. Simply open mobile terminal, yet the open end PC management background and went to the external network.

  4. The old system no longer in use or have completed testing of the system is not doing offline business operations.

  5. Server resources has been recovered, the network link relationship is not clear, the server IP reassigned to the new business system, leading to new business system was placed outside the network.

From the point of view of these security risks, in essence, we need to solve two more central question:

  1. What open service ports, these ports are risky business?

  2. Lack of effective recovery mechanism, how timely recovery of non-performing assets?

We have taken a number of improvement measures to further strengthen and improve the external network asset management, from the following four aspects, out-of-network asset security governance.

  1. Assets combing, carding a comprehensive business system current usage, and as a template, so that a unified online and offline.

  2. Clean up the recovery in the underlying assets of the sort, clean up the old system to stop updating or maintenance of the completed test of the business system, and an effective mechanism for effective asset recovery, resolve from inside and outside the domain mapping + + server resources, recycling train services .

  3. Registration audit, a new business system, the registration review, assess the reasonableness of the business open. The opening of business registration, business confirm the intended use, temporary or permanent, to be open to traffic safety assessment.

  4. Periodic inventory, asset inventory list on a regular basis and found inconsistent notify rectification.

Net foreign assets in order, in fact, is to figure out the business address and visit each DNS is pointing, understand internal and external network IP and port mapping.

Assets of the business streams: subdomain -> external network IP + port -> network IP + port -> Business Description -> Leader

Asset Recovery Flow: Head of confirmation stop Maintenance -> subdomain Cancel -> external network mapping disable -> server resource recovery.

As a safety / operation and maintenance engineers, you manage resources is the company's information assets. For example, domain management, domain name if you're just concerned about what time expired, then you do it too rough. Here, there is a very important job is to resolve the domain name, the domain name resolution as every asset lease relationship, you will care about your every capital expenditure sum is lent to who and what is its purpose, long-term lease or short-term borrowing, when you can return, and how to reduce bad debt losses.

The simplest is the truth, the hardest part is practice.

Assets in order, from chaos to order, and further how to do asset management business, which is worth to get to the bottom of a problem.

 

Guess you like

Origin www.cnblogs.com/xiaozi/p/11604845.html
Recommended
Ranking
#2019110700005
What materials and procedures are required for patent transfer
What is the blockchain Ethereum triplet state root transaction root receipt root
Front-end study notes 04 --- About the insertion of html pictures and videos
Documents required for the filing of WeChat Mini Programs in special industries, the filing process of WeChat Mini Programs in special industries, how to file WeChat Mini Programs in special industries
2017 Qingdao-site tournament I The Squared Mosquito Coil
[BZOJ3165][HEOI2013]Segment (line segment tree without marking)
Kettle series: KettleEasyExpand, an open source Kettle universal plugin by Ma Jinju
The latest tutorial on making framework for iOS
DAX Section 6: Statistical Functions
Daily
More
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)

Code World

© 2018 codetd.com