Shanghai Jiaotong University played the "mining" governance group boxing
Author:China Education Network Time:2022.07.18
Since 11 departments such as the National Development and Reform Commission in September 2021 jointly issued the "Notice on Rectifying the" Mining "Campaign of Virtual Currency", all walks of life are accelerating the "mining" activities of virtual currency. Due to the large number of computers of colleges and universities, large users, and uneven user security awareness, they are deeply plagued by "mining".
Incorporate the "mining" governance into the campus safety overall consideration
The governance of the "mining" activity of colleges and universities is not a completely independent special action. It is closely related to the construction of the school's network security system mechanism, monitoring and early warning notification system, network security publicity education, and network security team construction. Mining "" must be included in the school's campus safety comprehensive governance system for overall consideration, and a combination of "mining" governance is made.
In the construction of the network security system and mechanism, the school's high attention will be conducive to the smooth development of the "mining" activity governance. Internal improvement of "mining" high incidence.
In the construction of monitoring and early warning reporting system, upgrade technical protection methods, strengthen the normalized monitoring capabilities of "mining" activities, and achieve monitoring, notification, rectification, and feedback closed -loop management (as shown in Figure 1). On the one hand, find out in advance, deal with timely, and try to avoid reporting; on the other hand, discover it together to achieve dynamic clearing.
Figure 1 "Mining" activity monitoring and early warning notice disposal of closed -loop management
In network security propaganda education, education teachers and students have a certain network security skills in the digital age. Although attackers can find and use all available channels to successfully invade "mining", "flies do not bite seamless eggs" are mainly because we have loopholes or weak links. For example, the computer operating system has not been updated in time, the common weak password is used, the fishing email is infected with Trojan horses, the software downloaded in the inner wood horse from the non -official website, and using a U disk with a virus. In this regard, the school can be used as an opportunity for cyber security publicity week, focusing on publicity and normalization of propaganda, through online and offline lectures, multimedia push, situation education ideological and political courses, and carrying out various forms of security drills. Risk hazards, policy situation, and security protection skills are taught to the majority of teachers and students, so that they "refuse to take the initiative 'mining' and prevent passive 'mining'". The "mining" Trojan invasion transmission approach is shown in Figure 2.
Figure 2 "Mining" Trojan horses invading the spread of spread
In terms of network security team construction, in addition to professional security personnel, the school's network operation and maintenance personnel, information system development and operation and maintenance personnel, and secondary units informatization liaison officers are also the backbone of the school's network security guarantee work. Staff can improve the network security awareness and personal disposal ability of campus teachers and students through various special lectures, training certifications, and safety drills.
At the same time, the governance of the "mining" activity also requires cooperation and exchanges, sharing of information such as the regulatory authorities, colleges, school itself, and safety manufacturers, and to create a united front to improve the governance of the "mining" activity as a whole ability.
Create a high -efficiency closed -loop disposal system
Through the independent development of the "mining" monitoring platform, Shanghai Jiaotong University improves the monitoring and early warning capabilities of the "mining" activities, and establishes a set of high -efficiency closed -loop working mechanisms from discovery, disposal to prevention, and controls the negative impact within the minimum range. Figure 3 shows the deployment of the "mining" monitoring platform.
Figure 3 "Mining" monitoring platform deployment signaling
Prful, one is to configure the "mining pool" related domain name blacklist in the campus network domain name analysis system (DNS) and update regularly to block the communication channels of the host and the "mining pool" in a timely manner; the second is to provide users with three terminals with three terminals Anti -virus software is used for users to choose to download and install themselves to resist the "mining" Trojan horse infringement; the third is to strengthen the publicity and education of cyber security and improve the safety awareness of teachers and students. In addition, professional skills training needs to be carried out to enhance the security ability of the school's network information team.
In the incident, use the "mining" monitoring platform to track and deal with it in time to achieve dynamic clearing. According to the characteristics of the "mining" program that is mostly connected to the agent of public mining pools or mining pools, the "mining" monitoring platform is developed. By collecting DNS related log information such as request time, client IP address, request domain name, etc., compare with the collection of "mining pool" domain name information, check whether the request hits, and conduct relevant statistics and early warning to achieve "mining" Real -time monitoring of the event.
The blacklist of the "Mining Pond" domain name plays an important role in the accuracy and timelyness of the detection. At present, the platform reports according to the relevant malicious domain names, the "mining" domain name list and active tool collection of the "mining pool" domain name information on the Internet. For example, many of the current "mining pool" domain names and "mining pools" agents use Stratum+TCP or Stratum+SSL formats. "The content of the" mining pool "domain name can be extracted and sorted out.
Like vulnerability threat disposal, "mining" disposal should pay attention to timeliness. On the one hand, we must take measures as soon as possible to block the "mining" Trojan horses further spread within the Internet. On the other hand, it is necessary to completely clean up the "mining" program to avoid the "mining" Trojan horses re -ignited. In addition to checking abnormal processes, abnormal network connections, and positioning the "mining" program, you must also check the remote login configuration files, boot start items, timing tasks, hidden permissions, system user settings, etc. Measures such as strong passwords, security configuration systems and applications further strengthen the system. It is worth mentioning that during the "mining" processing process, avoid one -size -fits knife. There is no shortage of scientific research activities for research blockchain technology, which may produce similar "mining" behaviors. Safety work should serve the development of various undertakings such as school teaching and research. Therefore This also puts forward higher requirements for the ability of school network security personnel.
日 Afterwards, through the unified log analysis and other means, summarize the common problems of the "mining" activity. It is believed that as long as colleges and universities are continuously managed, the "mining" activities on the campus will not have a climate, and the goal of dynamic clearance will eventually come true.
Author: Wu Fang (Information Technology Promotion Office of Shanghai Jiaotong University)
- END -
Symposium on New Engineering Education Integration Symposium was held at Shandong University of Science and Technology
Recently, Shandong University of Science and Technology and Qingsoft Innovation Te...
Join Zhaojue Education to revitalize the community of the nation
Since helping Zhaojue County in Facheng District, Zhaojue County has always active...