Information security cannot be "dead ends"

Host system is usually served by the core business system, how to ensure that the key data is not lost, the whole year business uninterrupted, is the ultimate mission of host system, so the security of host systems is very important. It is aware of this, China's largest hydropower listed companies-China Changjiang Electric Co., Ltd. ("Changjiang Power") to protect the Gezhouba, the Three Gorges Project and other key projects, such as the safety of generator set operation data, using a wave SSR operating system security enhancements to the AIX operating system and Oracle The RAC database is securely strengthened, which constructs safety from the core of the host and ensures the smooth operation of the key applications such as the Changjiang Power production Management System (EPMS) at all times.

Information security cannot be "dead ends"

Yangtze River Electric Power is mainly engaged in hydropower operations, is currently China's largest hydropower listed companies, the company has Gezhouba hydropower station and the Three Gorges hydropower station all the generator sets, entrusted to run the management scale in the world's top ten hydropower stations listed in the creek and to the home Dam power station. As of December 31, 2013, the company's total installed capacity of 25.277 million kilowatts for China's economic development has made important contributions. For example, the Three Gorges hydropower station under the Yangtze River Power supply meets most of the electricity demand in South China, southwest and central China, which accounts for about 54% of the country's GDP and reaches 670 million of the population. For the Yangtze River Power, how to ensure that power production and supply is not only related to the business income, but also related to the industrial power of thousands enterprises and hundreds of millions of household electricity security, the responsibility is extremely heavy.

In order to guarantee the power production and operation, the Changjiang electric power began to build the Power informatization in 2002, and the Power Production Management Information System (EPMS) was deployed. EPMS system is an integrated, modular system, but the modules are closely related, equipment, maintenance, inventory, procurement, analysis and other inter-related. At the same time, as a closed-loop system, EPMS system can be divided into three levels: maintenance planning, maintenance processing and maintenance analysis. Based on the core business Line of plant maintenance management and equipment operation Management, EPMS system extends to equipment safety management, reliability management, employee performance appraisal, financial budget control and financial results analysis. Because of its high system complexity, and contains eight large subsystems, three levels. If one of the subsystems problems, to the Yangtze River Power EPMs system will bring the stagnation of the system, even the entire business has a greater impact. In addition to the EPMS system, the Changjiang electric Power also deploys the office automation system (EIIS), the comprehensive budget management Information System (CBMS), the large enterprise Business-to-business E-commerce procurement platform, multi-platform operation is increased security protection complexity.

At present, faced with complex and bad network environment, because of the high complexity of the Yangtze River Power information System, many subsystems, and interdependence is very high, if one of the subsystems of virus or hacker intrusion problem, the Yangtze River Power key business system will bring linkage stagnation.

In this connection, the director of the Yangtze Power Information Department said: "My company participated in many major scientific and technological innovation projects and power hub construction, the operation of these projects in the business system and data related to people's livelihood, so its safety level relative to other industries higher." If the external personnel theft, or internal personnel misoperation caused data loss, illegal modification and other issues, will give the company even our country's power industry caused irreparable losses. Therefore, we strive for the comprehensiveness, completeness and effectiveness of the information security architecture, and we must not tolerate the emergence of ' dead corners '. ”

The Changjiang Power's concern about information security is not groundless. Today, the power industry, which is automated and controlled by information systems, has become the target of "super hackers". In July 2014, thousands of European and American power and energy companies were attacked by a computer virus called the "Energy Bear", which resulted in hackers mastering the ability to remotely control power plants. The virus in the invasion of the factory's computer control system, not only allows hackers to remotely monitor real-time energy consumption everywhere, but also easily through the input command code to make the power generation system failure, or even total paralysis. Over the past 18 months, more than 1000 power stations in 84 countries have contracted the virus. and Gezhouba hydropower Station, the Three Gorges hydropower station are China's most important energy hub, is responsible for connecting things, North and south, once the network security intrusion accident, the impact of the regional power failure is not "trivial."

Host security is the "root causes"

Where is the core of information security? "The thing will rot first, then the worm shall be born," and the most rugged fortress is often breached from within. Information system security Likewise, the data of power informatization system such as Changjiang electric power EPMs are kept in the host system, and the host security is very important.

The traditional host security measures used by the Changjiang power used in the past are improved by manual reinforcement. To improve the security of the system by modifying the operating system or the security policies of the application software, such as modifying the system Group Policy, dividing the finer permissions, and reducing the operation rights of the application software. Although the safety of the system can be temporarily eliminated by the manual security reinforcement, the method has obvious weakness. For example: Strong professional, high cost, long cycle, time limitation and so on, can not be effective long-term solution to the security problems of the system. It is noteworthy that all manual reinforcement is based on the system administrator's base to configure, which means that the administrator can strengthen themselves can also be canceled, the effectiveness of security policy is not audited, once the hacker access to system administrator rights, all security policies will be invalidated, so the function of mandatory access control is not achieved.

Then, can the server and operating system to install a "shield" to achieve "automatic", "active" protection, hacker and Virus immunization, for EPMS and other key applications to form a safe and stable operating environment?

Through the system evaluation of the Changjiang electric power IT system, the Tide information security expert provides the Yangtze River Power Host security solution. The scheme covers advanced SSR operating system enhancements and is based on the wave Rost (kernel hardening) technology to strengthen the "automatic" operating system of the Changjiang power. The principle of SSR is to enforce access control of files, directories, processes, registries and services, effectively restrict and disperse the privileges of the original system administrators, synthesize the functions of integrality detection and buffer overflow of files and services, and can upgrade the normal operating system from the system. A level three standard to protect server operating system security in accordance with national information security level. And for the Oracle database and foreground web host files, processes, wave SSR through MD5 and RC2 algorithm, ensure the uniqueness of data validation results, blocking the illegal user or malicious program to change the contents of the data file.

This advantage can bring great value to the Changjiang electric power, can avoid the manpower, time, financial resources and so on which the traditional manual protection causes, reduce the TCO significantly.

Moreover, the wave of SSR as the core of the Host security solution can also be with the existing network layer of Yangtze River Power protection products to form a "complementary." Firewall and other traditional protection products belong to these network layer products, mainly by blocking the port or protocol packet to protect the host, the main direction of protection from the external network attacks. The Wave SSR is located in the system layer, through the mandatory access control strategy to protect the system, which makes the main engine of the Yangtze River power to achieve a "both against the external network, but also control the intranet" new protection framework.

Automatic, active protection

After the investigation of the critical business environment, the Changjiang electric power has deployed the Wave SSR Enterprise Edition on the server running the AIX operating system and the host of the Oracle RAC cluster node, and has carried out the security protection for the EPMS system on the host and the Oracle service process, registry and so on, realizes the virus immunity, Prevents all kinds of application lockout problems due to patch factors. At the same time, security protection of its portal files, through SSR file integrity check function, as well as real-time monitoring function, to ensure the security of the site system, the integrity of key documents.

"As an important area of national key security protection, the particularity of the Changjiang power industry determines that the information department needs to exert all its potentials, not only to analyze the causes of the problem, but also to find a solution to the problem," said the management of the Changjiang Power Information department. Therefore, in the cultivation of internal strength, the use of external forces indispensable. When we encounter the bottleneck of the manual operating system reinforcement technology, the wave of host security solutions to help us achieve the "automatic", "active" protection, immune to viruses, worms, hacker attacks and other attacks against the host, to a certain extent, to promote the Yangtze River power to complete the level of information security advanced and upgrade. ”