The words of the great God in those years (the classic sayings must be seen)

question 1: from the beginning to organize the relevant security operations, to fully comb clear, how much manpower costs, time costs? Especially for relatively small enterprises (mainly about 10 developers, operation and maintenance concept, network security awareness is weak), that is, in the first stage to the second phase between the implementation is more difficult?

A: Our company currently has 1 security personnel, operations and maintenance personnel about 10. Time cost is to see the size of the business, you can according to the existing business planning, deal with the old debt, for small and medium-sized enterprises, I think six months, up to a year is enough. The first stage can be half a year, the second phase will be slightly longer

Question 2: How to standardize the next operation, the recent company system is not too stable, resulting in customer complaints, we do operations can only back this pot. It's annoying.
Answer: How to annotate, this is too general. Can find the pain point, the focus is how to solve the pain point, you can find more industry operators to learn some of the solutions, or other counterparts, only the passive initiative will not "back pot."

Question 3: How does your company prevent DDoS attacks, and what is the usual way to do so?
A: We are currently preventing part of DDoS from being blocked by operators, and we have purchased commercial acceleration music to protect

Question 4: What do you do about unified Licensing & Authorization Verification & log auditing in Linux system account management?
A: We are also beginning to do Llinux account management This block, the first root permission to recover, other detection server survival account, unnecessary accounts are to be disabled. Only operations administrators can have root privileges, and other permissions that require access are assigned to normal user rights. Our log is still in the shop, planning elk Way, we use 4A system, can solve the unified account, strategy, audit, certification

Question 5: is your company logged in with a password or a key login? How to prevent employees to log on to the company intranet server after leaving? In addition, each operation has the ability to crash the server database, how to restrict access to the login?

A: We are logged in with a password. All permissions are recycled after the employee leaves, especially the VPN channel. Our database is operated only by DBAs. Database crashes are generally SQL associated query redundancy, no optimizations. You can limit the logging of SQL queries, such as adding top1000. We have developed a database query platform that can audit all SQL queries, as well as sensitive record masking

Continuous collection Updates ...

This article is from the "Wsyht90 blog" blog, make sure to keep this source http://wsyht90.blog.51cto.com/9014030/1846544

The words of the great God in those years (the classic sayings must be seen)