News
CNOOC’s "network protection 2019" action test, Exxon’s excellent defense was praised
In recent years, the "network protection action" has become a new "online sensation" in the network security industry, and it is one of the important layouts made by the state to deal with the network security problems. After the promulgation of the network security law in 2016, relevant regulations on network security drills were issued: operators of key information infrastructure should "develop emergency plans for network security incidents and conduct drills on a regular basis". Since then, the "network protection" has become a common practice. In 2016, only the Ministry of public security, Civil Aviation Administration and State Grid of home appliances participated in "network protection 2016", and in 2019, industry and information technology, security, armed police, transportation, railway, civil aviation, energy, news, radio and television, telecommunications operators and other units joined in "network protection 2019", fully demonstrating the national attention to network security. As a large-scale state-owned oil company in China, China National Offshore Oil Corporation (CNOOC) has carried out a full range of special operations of attack and defense drill and network protection from the group headquarters to all levels of units, from home to abroad. As an overseas network integration and it operation and maintenance service provider of CNOOC, Livecom has the honor to participate in the special drill and assist CNOOC to successfully complete the defense task of "network protection 2019".
The whole "net protection 2019" attack and defense safety drill has gone through more than two months from the beginning of the protection preparation stage to the formal completion of the defense task.
On April 9, 2019, at the invitation of customers, Livecom participated in the first "network protection action - network attack and defense drill" meeting organized by the information center of CNOOC. When the meeting mentioned that the overseas regional data centers and branches will be an important part of the whole protection drill, I knew that it was time to test us! We must make every effort to ensure that CNOOC's overseas network of "protection network 2019" does not present any risks. After returning to the company after the meeting, the project team immediately held an internal discussion meeting under the organization of Tan Zhihong, the department head. After more than two hours of intense discussion, the scope of overseas network security protection work, work content, responsibility distribution and the next step of work plan are clarified.
The protection scope includes network, server, storage, firewall and other hardware and software equipment; MPLS VPN, IPSec VPN, SSL VPN, local Internet, wireless LAN and other network links; VOIP voice system, video conference system, mail system, overseas cloud computing service platform and other application systems and business platforms.
The work mainly focuses on weak password adjustment, security vulnerability detection and repair, access control policy adjustment, port range reduction, black and white list setting, management and access authority division, major link encryption and other necessary security protection means.
As for the responsibilities of personnel, Tan Zhihong, Zhang Xiaoyang, Wang Xinghan and Sun Peng are responsible for the demand analysis of the offensive and defensive drill and the backstage support response in a timely manner, and Zhang Xiaoyang is responsible for the coordination of safety protection equipment. On site guard in attack and defense stage: Hu Tianwen and I are responsible for on-site communication and guard with customers.
After a round of sorting out the overseas regional network construction of CNOOC that needs to be maintained, we find that the workload is very "big". In short: time is tight and task is heavy.
Then, after two rounds of missed scanning, troubleshooting, and a month of continuous policy adjustment and security reinforcement, we finally submitted a satisfactory result.
However, it is not the end of the work, but the key time to truly test the results of our work for more than a month.
On June 10, 2019, CNOOC's "protection network 2019" operation officially started. Hu Tianwen and I, as on-site watchmen, entered the special protection network drill Office of CNOOC, and other personnel, as backstage support personnel, carried out the whole process of tracking protection and troubleshooting.
After entering the office, I really felt the importance of customers in this operation. Almost all the top ranked network and security companies in China have sent technical personnel to participate in this operation. Looking at it, CNOOC's internal and external personnel together are expected to be more than 50. Since the Ministry of public security hasn't launched a centralized security attack in the morning, the atmosphere is not tense. It also gives us enough time to understand and be familiar with the security drill methods and incident reporting process. In the afternoon, it's not the same. I hear that there are external personnel reporting that an address has been attacked, a vulnerability has been found, and so on. There are also constantly updated attack information in the group, and we are constantly monitoring and paying attention to the overseas network security situation. Fortunately, after the end of the first day, we have no news of any attacks overseas.
In the following period of time, there are a lot of security events happening every day. But almost all of them are domestic addresses. Occasionally, one or two addresses in overseas areas are about to be attacked, and they are also found and stopped by our security monitoring equipment in time. This is no doubt a credit to our on-site personnel. It also proves that our safety protection work in the previous month was very effective.
After 19 days of defense work, on the afternoon of June 30, 2019, "net protection 2019" officially ended. CNOOC has successfully completed the defense task, and we have successfully completed the defense task. After finishing the report, we also returned to our daily work.
More than a month later, it's a surprise! We have received the thank-you letter from CNOOC to our company, as well as the honorary certificate for our on-site personnel. When I saw the thank-you letter, I was still a little excited.
A thank-you letter is enough to prove the customer's recognition of our company's professional ability and service ability; a thank-you letter also urges us to guard against arrogance and impetuosity and make further efforts! To provide our customers with professional and better service!
The whole "net protection 2019" attack and defense safety drill has gone through more than two months from the beginning of the protection preparation stage to the formal completion of the defense task.
On April 9, 2019, at the invitation of customers, Livecom participated in the first "network protection action - network attack and defense drill" meeting organized by the information center of CNOOC. When the meeting mentioned that the overseas regional data centers and branches will be an important part of the whole protection drill, I knew that it was time to test us! We must make every effort to ensure that CNOOC's overseas network of "protection network 2019" does not present any risks. After returning to the company after the meeting, the project team immediately held an internal discussion meeting under the organization of Tan Zhihong, the department head. After more than two hours of intense discussion, the scope of overseas network security protection work, work content, responsibility distribution and the next step of work plan are clarified.
The protection scope includes network, server, storage, firewall and other hardware and software equipment; MPLS VPN, IPSec VPN, SSL VPN, local Internet, wireless LAN and other network links; VOIP voice system, video conference system, mail system, overseas cloud computing service platform and other application systems and business platforms.
The work mainly focuses on weak password adjustment, security vulnerability detection and repair, access control policy adjustment, port range reduction, black and white list setting, management and access authority division, major link encryption and other necessary security protection means.
As for the responsibilities of personnel, Tan Zhihong, Zhang Xiaoyang, Wang Xinghan and Sun Peng are responsible for the demand analysis of the offensive and defensive drill and the backstage support response in a timely manner, and Zhang Xiaoyang is responsible for the coordination of safety protection equipment. On site guard in attack and defense stage: Hu Tianwen and I are responsible for on-site communication and guard with customers.
After a round of sorting out the overseas regional network construction of CNOOC that needs to be maintained, we find that the workload is very "big". In short: time is tight and task is heavy.
Then, after two rounds of missed scanning, troubleshooting, and a month of continuous policy adjustment and security reinforcement, we finally submitted a satisfactory result.
However, it is not the end of the work, but the key time to truly test the results of our work for more than a month.
On June 10, 2019, CNOOC's "protection network 2019" operation officially started. Hu Tianwen and I, as on-site watchmen, entered the special protection network drill Office of CNOOC, and other personnel, as backstage support personnel, carried out the whole process of tracking protection and troubleshooting.
After entering the office, I really felt the importance of customers in this operation. Almost all the top ranked network and security companies in China have sent technical personnel to participate in this operation. Looking at it, CNOOC's internal and external personnel together are expected to be more than 50. Since the Ministry of public security hasn't launched a centralized security attack in the morning, the atmosphere is not tense. It also gives us enough time to understand and be familiar with the security drill methods and incident reporting process. In the afternoon, it's not the same. I hear that there are external personnel reporting that an address has been attacked, a vulnerability has been found, and so on. There are also constantly updated attack information in the group, and we are constantly monitoring and paying attention to the overseas network security situation. Fortunately, after the end of the first day, we have no news of any attacks overseas.
In the following period of time, there are a lot of security events happening every day. But almost all of them are domestic addresses. Occasionally, one or two addresses in overseas areas are about to be attacked, and they are also found and stopped by our security monitoring equipment in time. This is no doubt a credit to our on-site personnel. It also proves that our safety protection work in the previous month was very effective.
After 19 days of defense work, on the afternoon of June 30, 2019, "net protection 2019" officially ended. CNOOC has successfully completed the defense task, and we have successfully completed the defense task. After finishing the report, we also returned to our daily work.
More than a month later, it's a surprise! We have received the thank-you letter from CNOOC to our company, as well as the honorary certificate for our on-site personnel. When I saw the thank-you letter, I was still a little excited.
Image and text: Liu Yufei