With the development of the Internet, people's demand for online shopping and e-commerce is increasing, which urges the banking industry to vigorously develop online business and provide financial services to the public through Internet channels such as mobile payment and online banking. At the same time, how to ensure the normal operation of these infrastructure assets and the non disclosure of core data, It has become a big problem in the banking industry to avoid unauthorized access by internal personnel and intrusion and attack by external hackers. A bank is a national joint-stock commercial bank approved by the CBRC. With the implementation of cross regional development strategy, continuous expansion of business and continuous development and growth of scale, once a business interruption accident occurs, even in a very short time, it will cause great losses; The large amount of transaction data stored in the database not only involves economic interests, but also contains personal privacy information. Once leaked, it will cause irreparable damage to the bank's reputation. The risks and threats of it information technology are increasing day by day. How to ensure the stable and safe operation of the whole IT system has also become an urgent challenge for decision-makers and management.

Industry demand

In order to ensure the safety of the financial industry, the CBRC has also strengthened the supervision of banks, issued various conditions and guidance documents to guide the information security construction and standardization of banks, so as to take precautions and prevent data security incidents. It focuses on the operation and maintenance operational risk management, which requires the unit to keep records of all operations in the background of the data center. The CBRC found many problems in the risk assessment of the information technology risk supervision and inspection of the commercial bank, mainly as follows:

1. Account sharing and cross Management: since multiple maintenance personnel use one account for operation and maintenance at the same time, in case of misoperation, the specific operator cannot be determined;

2. Authorization management: for high authority accounts, there is no good control method for authority. As long as the network is accessible and has a user name and password, you can log in and operate the background of the data center at any time;

3. Operation behavior control: the operation and maintenance personnel (maintenance agent) are opaque to the background operation of the data center. The person in charge of the information center does not know who did what operation in the background at what time, and there is no good monitoring method;

4. Data leakage: protocols such as RDP and FTP have disk mapping function. If the transmission control of maintenance protocol cannot be well controlled, the core confidential data has the risk of foreign exchange;

5. The source of database access is complex, and it is difficult to determine the real visitors of database operation;

6. The log record information of the database system is incomplete, and the violation events cannot be found in time and accurately;

7. The database operation process is completely in the "dark box", so it is difficult to understand the details.

Unified access entrance

Establish a unified secure operation and maintenance access platform, provide a unified operation and maintenance operation portal for the core business system, and realize single sign on. All operation and maintenance personnel first log in to the unified operation and maintenance platform to carry out operation and maintenance on the system to realize unified access control and management;

Centralized account management

Realize centralized and role-based master-slave account management, establish one-to-one correspondence between natural persons and equipment accounts, uniformly manage equipment accounts and modify passwords regularly;

Strict authority control

Reasonably allocate the specific conditions of users' use of resources in the business system, realize the legal access of different users to different parts of entity resources, and eliminate illegal access and unauthorized access. The authority of each operation and maintenance personnel shall be effectively controlled, and the policy shall be detailed to the accessible equipment and available account;

Improve post audit

Fully track and record the process of operation and maintenance, and completely save all logs of operation and maintenance; Make statistics on natural person's access to resources. In case of safety accident, it can be defined as fault and responsibility tracking; Audit and handle the login process and operation behavior of personnel, and establish and improve the complete audit of the "natural person → resource" access process; Provide audit platform and audit data for regulatory authorities. The audit provides a complete view of videos and commands, and can provide fast and accurate search and positioning;

Scheme high availability

The device bypass deployment does not need to change the existing network topology, supports dual machine hot standby, cluster and distributed deployment, and improves the reliability of the platform. There is no need to install any agent on the business system, which does not affect the business.

Meet compliance

1. Meet the compliance audit requirements of it internal control, Sox, COBIT, insurance and other laws and regulations; 2. Provide the banking regulatory department with the audit report of operation and maintenance management and the original and accurate operation and maintenance log; 3. Help to improve the organization's it internal control and audit system, so that the organization can successfully pass the IT audit.

Reduce safety risks, fast fault location and responsibility tracking

1. The technology of Fortress host is adopted to avoid the direct connection of illegal terminals and unsafe terminals to core resources, and reduce the impact of Trojans, spies and internal security threats on core resources; 2. In case of safety accident, responsibility identification and safety event tracking can be carried out quickly and accurately through playback of operation records; 3. As a third-party independent operation and maintenance audit management equipment, it realizes the separation of use right, management right and supervision right; At the same time, it also helps supervisors obtain effective technical means and improve the bank's it internal control mechanism.