Safety Reinforcement Overview Network and Application System Reinforcement and Optimization Service is a key link to realize customer information system security. By using this service, the security status of customer security requirements will be established at the network layer, host layer and application layer of the customer information system, and with this as the starting point to ensure the security of the customer information system. Objects with network and application systems often have the following safety issues: 1. Installation, configuration does not meet the safety requirements; 2. Parameter configuration error; 3. Use, maintenance does not meet the security requirements; 4. System integrity is destroyed; 5. Implanted Trojans; 6. Account / Password Problem; 7. Safety Vulnerabilities There is no timely patch; 8. Application services and applications are abused; 9. Application development security issues. The purpose of network and application system reinforcement and optimization services is to do the following: 1. Correct installation; 2. Install the latest and all OS and application software security patches; 3. Operating system and Security configuration of application software; 4. System security risk prevention; 5. Provide system use and maintenance recommendations; 6. System function test; 7. System security risk test; 8. System integrity backup; 9. If necessary, reconstruct system, etc. The results of the above work determine the process of reinforcement and optimizing the network and application system, implementation, step, and complexity. Specifically, it can be summarized as:
1. Clear reinforcement goals also determine that the system is different after being reinforced and optimized, and the system that is achieved in different environments is different, and the reinforcement scheme used in different environments is also different. It is necessary to clear the results of the reinforcement target. It is possible to make a balance between functionality and security, which can meet the user needs after the security and security. 2. Confirm the content of the system's health includes: a) The specific use of the system, that is, the port and services that the system must open in the working environment. b) the application system running on the system and its normal services. c) We are to collect the health of the system from the network scan and manual assessment. 3. Clear reinforcement risk: Network and application system reinforcement are certain risks, generally possible risks include downtime, applications cannot be used normally, the most serious case is that the system is destroyed. These risks are generally due to the system operation status of the system, and it is also caused by inaccurate analysis of the cost of the reinforcement scheme. Therefore, it is very important to do a systematic backup before reinforcement. 4. System Backup: Backup content includes: file system, critical data, configuration information, password, user privilege, etc.; It is best to do system full backup to quickly recover.
Reinforcement and optimization process overview network and application system reinforcement and optimization The process is mainly composed of the following four links: 1. Status survey The process of the system's status survey is mainly the result of the following services: a) System security requirements Analysis B) System Security Policy C) System Security Risk Assessment (Network Scanning and Manual Assessment) For new systems, it is mainly the result of importing system security requirements analysis and system security policy to develop these two services. After the results of the above service should be determined, the security level of the reinforced system should be determined, that is, the degree of safety that can achieve by the reinforced system can be determined. At the same time, it is also necessary to determine the cost of reinforcement and optimizing the network and application system based on the above-mentioned service results.
2. The main contents of the reinforcement plan to formulate the reinforcement scheme are based on the results generated by the system status survey, steps, and timetables.
3. Implementing the reinforcement of the system implementation of reinforcement and optimization of the system contains two aspects: a) Strengthening the system to test the system to test the system to test the system is to inspect the system is safely reinforced, the system is safe Whether it can meet the needs of our customers. The work of the above two aspects is a repeated process, ie, each of the functional requirements and security requirements for testing the system will meet customer needs after completion of a reinforced or optimization step; if the requirements of one of them cannot be met, the reinforcement The steps are to be re-performed. For some systems, there is a reinforcement failure. If a reinforcement failure occurs, according to the customer's choice, the reinforcement is or rebuild. 4. Generating a reinforcement report reinforcement report is to provide users with the final report of the network and application system reinforcement and optimization services. It includes the following: a) Complete Record of the Reinforcement Process B) Suggestions or Solutions for System Security Management C) Safety Auditing Results for Reinforcement Systems
