The hottest wave SSR helps Lu'an tobacco avoid

2022-08-03
  • Detail

Inspur SSR helps Lu'an tobacco "immunize" on the basis of level protection recently, Lu'an Tobacco Monopoly Bureau of Anhui Province and Lu'an company of Anhui Tobacco Company (hereinafter referred to as "Lu'an tobacco") chose the SSR operating system security enhancement system independently developed by Inspur to inject immune function into key hosts and core servers. While meeting the level III requirements of level protection, Effectively deal with known and unknown vulnerabilities

in terms of policy, Lu'an tobacco, established in 1985, is located at the intersection of Wanxi Avenue and jingsan road in Lu'an economic and Technological Development Zone. It is a government enterprise integrated unit integrating cigarette sales, operation and monopoly law enforcement management. It mainly performs the monopoly management function for the production and sales of tobacco monopoly goods according to law, undertakes the allocation, wholesale and tobacco planting business of the cigarette industry in Lu'an City, and implements centralized and unified management for the supply and marketing of cigarettes, people and property

in order to improve the monopoly supervision ability and give full play to the advantages of unified management of tobacco monopoly, Lu'an tobacco has taken the information construction as the starting point. After the Grenfell tower fire incident, the high-speed network and major business systems have comprehensively improved the supervision efficiency and continuously improved the new supervision mechanism of the two tobacco markets. In terms of information security construction, in order to ensure the reliable operation of the city's tobacco business system, Lu'an tobacco has uniformly deployed border firewalls, anti-virus software and intrusion prevention systems throughout the city, so that the city's cigarette business system has a preliminary network security capability. However, with the gradual deterioration of the global plastic processing machinery market of the Internet ecological environment, which will grow at a rate of 6.9% per year, viruses and their variants breed more rapidly in the black industry chain. Lu'an tobacco hopes to further improve the level of safety protection on the basis of the grade protection requirements already achieved

it is understood that in order to standardize China's information security construction, in 2003, the opinions of the National Informatization Leading Group on strengthening information security guarantee clearly pointed out the requirements for implementing classified protection of information security. According to the requirements of the notice on the security classification protection and classification of the information system of the tobacco industry (Guo Yan ban Zong [2008] No. 358) issued by the state, the tobacco monopoly bureaus of all provinces have completed the corresponding classification protection and classification

however, during the actual level protection evaluation and rectification, the security of the computing environment, especially the security of the computing environment involving the operating system, has confused many users. For example, common commercial operating systems such as windows, Linux and UNIX provide some security policies, but their functions are very limited, and there are often various vulnerabilities. Therefore, how to ensure the host security through reasonable security measures and prevent the attacks of internal and external illegal users has become a crucial issue in the current hierarchical construction of information system, which is also a key step for Lu'an tobacco to improve its information security capability

the overall environment is not optimistic, seeking more professional security

it is reported that the key hosts used in the internal network of Lu'an tobacco include various database servers and application servers. Once the vulnerability is exploited by hackers, it will have a great impact on the city's data and business transactions:

on the one hand, the operating systems used in its information systems are mainstream product series, such as AIX and Windows Server 2003, Its security vulnerabilities are widespread. Moreover, as all application systems run on a specific operating system, once the operating system is controlled by dangerous people, the application system will lose its security foundation

on the other hand, because some it operation and maintenance personnel do not understand the complex operating system and its own security mechanism, it is easy to have the problem of improper configuration. Test4.0 is an IC dedicated to automatic control, which will also cause security risks. Once these security risks appear, they will leave an opportunity for criminals. For example, the password authentication mechanism for operating system access and the problem of setting the read and write permissions for special directory access will cause unauthorized access and operation if they are not set properly

based on the above considerations, Lu'an tobacco hopes to adopt a more professional server security system to strengthen the security of important key hosts and core server operating systems. Through the mandatory access control of files, directories, processes, registries and services, it restricts and disperses the permissions of the original system administrators, upgrades the common operating system from the system, and makes the key hosts of tobacco, The core server conforms to the three-level standard of the national information security classification to protect the security of the server operating system

Inspur's SSR reinforcement products can be fundamentally immune to malicious attacks against the server operating system, and keep away from Trojans, backdoors, shock waves, oscillation waves and other worm viruses as well as internal and external hacker attacks, which exactly meet the specific requirements of Lu'an tobacco

reconstruct the operating system to make it more secure

Inspur SSR kernel reinforcement technology is based on the kernel level security reinforcement protection of the host. When unauthorized illegal users break through the firewall and other network security products to enter the internal host through various means, and even steal the highest authority of the operating system administrator, Inspur kernel reinforcement technology will become the last line of defense. It disperses the unlimited power of the original system administrator of the operating system, namely administrator/root, so that it no longer has the ability to pose a threat to the security of the system itself, so as to fundamentally ensure the security of the operating system. That is to say, even if the illegal intruder has the highest authority of the system administrator, he cannot destroy or operate the system core or important content protected by Inspur kernel reinforcement technology

implementation principle of Inspur SSR Rost kernel reinforcement technology

it is the best way to use a stabilized voltage power supply that can filter interference. For sensitive data such as logistics and finance of Lu'an tobacco information system, Inspur SSR upgrades the ordinary operating system from the system, and can be fundamentally immune to vulnerabilities and man-made attacks against the server operating system. Make it conform to the three-level standard of the national information security classification to protect the security of the server operating system

referring to the operating experience of SSR, the relevant person in charge of Lu'an tobacco said: Inspur SSR Rost technology actually adds a security kernel module to the driver layer to intercept all kernel access paths, so as to meet the technical requirements of level III security. The final security effect is similar to that of reconstructing the original code of the operating system. The advantage is that it will not affect our business continuity. Without restarting the system, it can well support all applications on the upper layer and all systems and machine equipment on the lower layer, and ensure the security of the upper application on the granularity of the operating system

Copyright © 2011 JIN SHI