摘要
随着我国信息化建设的不断推进,信息化技术被各行业广泛应用于办公和生产中,信息化的快速普及促进了企业经济发展、科技创新,同时也带来了十分突出的网络安全问题.网络安全威胁正逐渐由企业互联网侧转向影响并破坏企业内部办公网、科研生产网及工控系统,其中,病毒、木马的危害程度在近几年呈几何倍数增长.企业如何能够快速有效抵御清除内部局域网病毒、木马的传播感染.将以企业局域网发现"永恒之蓝"变种挖矿蠕虫WannaMine为例,通过阐述该病毒的传播、感染方式,分析其攻击路径及攻击特点,利用操作系统安全加固的技术手段,结合工作实际,提出一种脚本半自动化的查杀方法.通过验证该方法的有效性,为安全运维人员进行查杀工作提供借鉴,并对今后企业应对内部局域网安全威胁采取的防御措施提出一些建议.
With the continuous advancement of information construction in China, information technology has been widely used in various fields of office and production. The rapid spread of information technology has promoted the economic development and technological innovation of enterprises as well as the outstanding network security issues. The network security threat is gradually being affected by the enterprise’s Internet side and destroying the internal office network, scieLtific research production network and industrial control system. Among them, the degree of harm of viruses and Trojans has increased geometrically in recent years. This article will use the enterprise LAN to find the "Eternal Blue" variant mining worm WannaMine as an example,by expounding the spread and infection of the virus,analyzing its attack path and attack characteristics,using the technical means of operating system security reinfurcement;combined with the actual work, a semi-automatic killing method for scripts is proposed. By verifying the effectiveness of the method, it provides reference for the safe operation and maintenance personnel to carry out the killing work, and puts forward some suggestions for the defense measures taken by the enterprise in response to the internal LAN security threat.
作者
张德政
王娜娜
Zhang Dezheng;Wang Nana(Security Operation Center,Computer Application Institute of Nuclear Industry,Beijing 100048;Collaborative Support Center,Computer Application Institute of Nuclear Industry,Beijing 100048)
出处
《信息安全研究》
2019年第2期135-144,共10页
Journal of Information Security Research
关键词
网络安全
永恒之蓝
挖矿病毒
防御措施
安全加固
network security
Eternal Blue
mining virus
defense measures
security reinforce
