One afternoon at Starbucks in fengshengding, Shenzhen, two cups of coffee may be the last chance to learn face-to-face from 0x001 in the foreseeable future years.
1. Asset sorting
- IP list, business group (person in charge, contact direction), business attribute
- Service port
- Business application architecture, technology stack
2. Border security, firewall policy control (need to comb business ports)
- If it is hardware, use firewall for unified control
- If it's an operating system, iptalbes + IPSec
- Monitor the change of business port in time (compare the results of external nmap scanning and collection, or write steps to collect the system monitoring port and firewall strategy on the operation and maintenance platform)
- Safety control of springboard machine
3. Account security management
- Weak password
- Root, sudoer permissions
- Account, authorization, access, audit, etc
4. Server security
- Safety baseline test
- Operational audit
- Abnormal login audit (log collection and analysis)
- Vulnerability inventory / scanning, patch repair testing and promotion
5. WEB security
- Application penetration test
- Interface security (encryption, communication)
- Webshell real time monitoring
- Nginx log analysis / nginx flow bypass analysis
6. Business risk control security
- User security mechanism (password, verification code, login)
- Transaction security
7. Safety training
- Safety awareness training
- Operation and maintenance safety training
- Web security development
8. Safety specifications and procedures
- Opening of personnel entry account
- Cancellation of resignation account
- Security management of server on and off shelves
- Safety emergency response mechanism
9. Intranet Security
- Intranet server security
- Unified verification and management mechanism of account (Unified verification of OA, RTX, mail, intranet business system by domain LDAP protocol)
- Weak password monitoring (NTLM / LM)
- Account abnormal login
- Network isolation (physical / virtualization)
- network access
- PC Security (Unified virus management, notification processing)
Asset information collection script:
Syslog, agent, puppet, func, saltsatck operation and maintenance tools