create value for improving information technology abilities of the enterprise

under the guidance of user demand,provide the best service to customers
IT Security And Operation Solution
Suzhou Metalogic Information Technology Co.,Ltd   2018-11-08 14:31:53 Author:SystemMaster

1.11.1 Status of operations management

The customer's maintenance department is mainly responsible for the construction and maintenance of the application system and the information system infrastructure platform, as well as the construction and maintenance of the internal network. There are hundreds of various servers, and the following status quo prevails in daily operations:
The user's access method is mainly internal direct remote access. Among them, the remote access method of the operation is mainly SSH/Telnet/RDP/VNC/X-window/http/https/FTP/SFTP
Because there are many maintenance personnel, and the maintenance of some equipment is completed by third-party maintenance vendors, the maintenance operations are relatively decentralized and the rights change is complex;
Use shared system accounts on the device for authentication and authorization;
implement the requirement for periodic changes to the device password;
No audit of user's operations;
Need to accept regular inspection of other legal and regulatory standards such as insurance, SOX, ISO 27001, etc..

1.21.2 Problems

Inconsistent approach to maintenance;
The sharing account is difficult to control;
The operation behavior is difficult to constrain;
Device password is difficult to manage;
No Audit of Operation;
Laws and regulations are difficult to comply with;

1.31.3 Problem analysis

Unstandardized operation;
The operation of transportation is not transparent;
Operation risk is not controllable;

1.41.4 Consequences

Violation of the operation may lead to abnormal equipment or downtime;
operations may cause sensitive data/information on the system to be tampered with or destroyed;
When the failure occurs, it is impossible to quickly locate the cause of the failure or the responsible person;