With the rapid development of information technology, network information application is everywhere. The emergence of new modes of production and life, such as e-commerce, e-government, online banking and information superhighway, has not only greatly improved our production efficiency, but also raised the impact on human social life to the level of production relations and social superstructure, and human society has really entered the information society. In all kinds of network information applications, the server has played an extremely important role, how to manage and maintain the server, how to ensure the security of the server has become the first problem to be solved.
Facing the challenges of system and network security, IT operation and maintenance management and IT internal control and external audit, managers need effective technical means to carry out accurate management, retrospective audit, real-time monitoring and alarm in accordance with industry standards. How to improve the system operation and maintenance management level, meet the requirements of relevant standards, prevent hackers from invading and malicious access, track user behavior on the server, reduce operation and maintenance costs, and provide control and audit basis have become more and more difficult problems for these enterprises.



Industry demand
Under the current domestic network conditions, each enterprise server and web server and other network equipment, generally adopt the centralized hosting model of computer room. In practical applications, an equipment room with dozens to hundreds of servers can be equipped with only one or two network management personnel. This cannot meet the management requirements of a large number of servers in the equipment room.

Therefore, in the daily management and maintenance of the equipment, you can either log in to the operation and management directly or send personnel to the equipment room to operate the external display of the required equipment.

The existing network security products mostly focus on the network level of security management. For example: internal and external network isolation, network communication encryption, prevention of low-level network attacks and so on. And did not consider the actual daily work encountered in the application level or system management level of the problem. Through our practical investigation, users are mainly concerned about the following issues at the application level and system management level:

1. How to prevent information leakage of enterprise core data;

2. How to supervise and audit the operation of core assets.

In response to the above two common problems, Parady identified the following reasons from a large number of project practices:

1. Loose management of user names and passwords in the internal core system of the enterprise;

2. After a security incident occurs, the source of the incident cannot be quickly and accurately located, let alone prevented in time;

3. No operation records can be audited afterwards. Therefore, it is not known how to patch the security holes in the system;

4. Due to the lack of one-to-one identity authentication, natural persons cannot be located even if the source of security incidents is found;



According to the above phenomenon, in order to ensure the security of enterprise core information, Hangzhou Palladi Network Technology Co., Ltd. independently developed the "Palladi unified security management and comprehensive audit system", the system mainly includes authentication, account, authorization, audit four core functions, using the system can easily achieve the following purposes:

1. Verify the account password of each system operator on a one-to-one basis. You can check the specific operator by logging in to the account.

2. In single sign-on mode, each system operator only needs to use his own user name and password to log in, and then can directly use various background systems within his authority without re-entering the user name and password of each background system. This limits the background system's various user names and passwords to the maximum extent;

3. Set permissions for each administrator. The administrator can manage the device only within the permitted range to avoid human errors.

4. Track and record the online status, operation status and equipment running status of each operator, and any equipment changes are under control.

Unified security management and operational audit system based on information system to collect, record, all kinds of security incident analysis user operation behavior, positioning the ins and outs of the operator to reconstruct events process, until the full source and audit log analysis orientation events do not tamper with, there is no denying the fact that basis and analysis tools to improve safety management strategy.



Deployment way

Standardize operation and maintenance behavior

Establish a unified security management and comprehensive audit platform, unified access, centralized authority control, and realize centralized and standardized management of operation and maintenance operations. The platform can manage the access and maintenance of different systems in a unified manner, including account management, identity authentication and authorization. Based on user permissions, unified network layer and application layer access control can be implemented on the platform to improve system security. Reduce the working pressure of the administrator, improve the working efficiency and ensure the smooth implementation of the management system.

Compliance requirements met

Meet the compliance audit requirements of the Ministry of Public Security, such as the Basic Requirements for Network Security Level Protection; Provide audit reports of operation and maintenance management and original and accurate operation logs for the supervision department; Help to improve the organization's IT internal control and security audit system.

Reduce operation and maintenance risks, and quickly locate faults and track responsibilities
The technology of fortress host is adopted to avoid the direct connection of illegal terminals and insecure terminals to core resources and reduce the influence of Trojan horses, commercial espionage and internal security threats on core resources. Standardized management of third-party maintenance and system integrator site construction to prevent external risks; When a safety accident occurs, responsibility identification and safety incident tracing can be carried out quickly and accurately through playback of operation records.