Best practice to manage Information Technology System in Factory and Manufacturing Environment
Recently, I received an internet fraud email and phone call that my blockchain.com ewallet had profit and they could provide assistant to draw money. They used anydesk.com software to remote to my PC and shew that I had the following amount of money (as below diagram), then, asked my VISA card number and logon to on-line bank. Actually, that ID was not mine, so I stopped their assistance. It should be an internet fraud. Be careful.
Be careful any suspicious phone call asking for information, which called Social Engineering Attack). Attacker may impersonate others such as internal staff, technical support or government departments etc, to call victim and creating sense of urgency to pressure unsuspecting users into exposing information such as contact numbers, password or giving access to computer/systems etc. Attacker may use the gathered information to carry out further attack in future, so please remind the following items:
Because window update will impact to server operation, we should handle it carefully. According to the Microsoft paper of “Best Practices for Applying Service Packs, Hotfixes and Security Patches” as appendix in this document, we should apply the patch on needs base, and may not necessary to apply all patches. Moreover, we need to test the patch in testing server before applied to production server. Furthermore, because some application servers may have negative or unforeseen impact after patch update, we advise not to perform window update in application server. Let’s describe the window update procedure in following section for your reference.
Section 2: List of Servers to Window Update
The following servers will be included to perform the window update as below:
| Server | Name | Install ip | Machine Type & Usage |
Exclude list : We did not perform the window update in application servers, because it is difficult to evaluate the impact of patch to the application operation. However, if we decide a window update is critical and is necessary to apply, we have to test it in a testing server; then apply to production application servers after testing okay.
Normally, we will exclude the following servers from window update because we installed business application software in them.
| Server | Name | Install ip | Machine Type & Usage |
We plan to perform window update in servers monthly. In order not to affect the month-end operation, we plan to do it during non-office hours in second or third week of a month.
1. Backup a virtual testing server in PRC via VM snapshot function
2. Run the “Check for Updates” option as below diagram:
Update Patch List:
| Patch List | Plan to Update (yes/No) | Remark |
| KB4041083 | Yes | |
| KB4049016 | Yes | |
| KB4054518 | Yes | |
| KB4052978 | Yes | |
| KB4033342 | Yes | |
| KB2823180 | Yes | |
| KB890830 | Yes |
3. Perform the patch update in the testing server, and report the result as below green highlight column:
| Patch List | Plan to Update (yes/No) | Testing Result (Pass/Failure) |
| KB4041083 | Yes | |
| KB4049016 | Yes | |
| KB4054518 | Yes | |
| KB4052978 | Yes | |
| KB4033342 | Yes | |
| KB2823180 | Yes | |
| KB890830 | Yes |
4. Resolve any issue if necessary; or not plan to update any issue patch
Local-IT team will create VM snapshot for the following virtual servers:
| Server | name | Install ip | Machine Type & Usage | Server Backup |
2. Patch Update PRC Servers:
Local-IT team will perform Patch Update for virtual servers as below list. We will schedule to patch those servers during non-office hour (e.g. 7:00pm during week-day). If reboot require after patch update, we will also reboot during off-office hour.
| Server | Name | Install ip |
3. IT team will perform Patch Update for Hardware servers as below list.
We will schedule to patch those servers during non-office hour (e.g. 7:00pm during week-day). If reboot require after patch update, we will also reboot during off-office hour.
| Server | Name | Install ip |
4. Trouble-Shoot to solve any issue; maybe roll-back the server image or uninstall patch if necessary.
5. Update the “Patch ID and Date” in below two log tables as highlight in green columns:
| Server Patch Update Log | ||||||
| Server | name | Install ip | Machine Type & Usage | Server Backup | Patch ID & Date | |
Reference information from https://msdn.microsoft.com/en-us/library/cc750077.aspx as below:
Service packs, hotfixes and security patches are updates to products to resolve a known issue or workaround.
Moreover, service packs update systems to the most current code base. Being on the current code base is important because that’s where Microsoft focuses on fixing problems. For example, any work done on Windows 2000 is targeted at the next service pack and hotfixes are built against the existing available base.
Individual hotfixes and security patches on the other hand should be adopted on a case-by-case, “as-needed” basis. The majority of security updates released are for client side (often browser) issues. They may or may not be relevant to a server installation. Evaluate the update, if it’s needed, then apply it. If not, assess the risk of applying or not.
One of the common misconceptions about Microsoft updates is that they are mandatory and/or urgent.
All updates, regardless of their type (whether they are service packs, hotfixes or security patches), are to be applied on an “as-needed” basis. They need to be evaluated individually and treated as important optional updates.
Especially with security patches, the expectation is that it must be an urgent issue and must be deployed quickly. Without trying to detract from the urgency, security patches are very much a relative update; for example, customers using solely Windows NT4 can ignore a patch for a security vulnerability in Windows 2000. However, if the issue is relevant and does plug a security hole, then it should be evaluated urgently.
Only when it addresses or fixes an issue being experienced by the customer should it be considered. Of course, it still needs to be evaluated before being installed.
The prior points really assist in giving you a feel (before installing) for the potential impact, however, testing allows for the “test driving” and eventual signing off of the update.
Service packs and hotfixes must be tested on a representative non-production environment prior to being deployed to production. This will help to gauge the impact of such changes.
-END-
冬春季节,天干物燥,发生火灾机率高,要求做好以下5点及十项必查内容:
1、严禁擅自装修、装饰。如使用圣诞树,应摆放室外,不可通电拉灯;
2、进行一次消防设施维护保养;
3、安全出口及疏散通道保持畅通;
4、内部员工宿舍全面检查(不可私拉电线,使用大功率电器);
5、进行一次员工消防宣传培训;
十项必查内容:
(一)各类建筑(场所)供用电线路均应安装漏电保护开关。开关应选用合格电气产品。
(二)各类建筑(场所)供用电线路均应根据国家电气技术标准,采取穿金属管、封闭式金属线槽或者绝缘阻燃PVC电工套管保护措施。
(三)各类建筑(场所)均应保持楼梯间、疏散通道、安全出口等紧急逃生通道畅通。外墙设置防盗铁栅栏一律拆除,居住类场所确需安装的,应设置长宽净尺寸不小于1米、0.8米且向外开启的紧急逃生口,并设置缓降器、逃生软梯等辅助疏散设施。
(四)住宿场所与其他生产经营性场所合一设置的,必须实施实体墙物理防火分隔。
(五)各类建筑(场所)均不得违规住人,一经发现必须彻底搬离。
(六)各类建筑(场所)内部均严禁电动自行车违规停放或充电,一经发现必须立即清理。
(七)各类建筑(场所)内部均严禁采用木质材料搭建阁楼,一经发现必须强制拆除。
(八)各类建筑(场所)内部均严禁使用彩钢板、聚氨酯泡沫等易燃材料,一经发现必须强制拆除。
(九)群租房必须明确消防安全管理责任。严格《降低群租房火灾风险十项措施》要求,所在建筑应配备消防安全楼长,楼长应由物业服务企业人员或出租人担任,组织建立健全消防安全管理制度,履行日常消防安全管理职责,实施专职管理员夜间巡查措施。住宿3人以上的场所,一律加装独立式火灾报警探测器。住宿30人以上的场所,一律按照标准安装自动灭火、火灾报警等消防设施,明确专人实施24小时值守看护。
(十)建设工程施工现场应落实消防安全保障。严格按照《建设工程施工现场消防技术规范》(GB50720-2011)要求,建立健全消防安全管理制度,明确专人实施现场看护,配置临时消防设施和足够灭火器材,保障临时用水,依法依规实施动火作业,确保施工用电安全。
近日熱門的網络安全話題是WannaCry勒索病毒,所以我也搜索一些相關文章和解決方法,分享出來。
Microsoft掌握到這個勒索軟件 “WannaCrypt” 和網路攻擊已經影響數個區域的不同行業。我們的安全團隊已迅速採取行動來保護我們的客戶,並已經增修最新偵測與防護功能以避免新的勒索軟件威脅(例如: 知名病毒軟件:Win32.WannaCrypt.) 。
今年3月份,我們已經發布了一個安全更新 (security updates),堵塞了這些攻擊所利用的漏洞。啟用Windows Update的用戶可以防止對此漏洞的攻擊。對於尚未應用安全更新的組織,我們建議您立即部署Microsoft安全公告MS17-010。對於已經安裝我們免費提供的防毒軟件,對該勒索軟件應可以有效偵測並清除,我們強烈建議用戶執行Windows Update 並持續更新,以降低被惡意攻擊的風險。
對於使用Windows Defender的客戶,我們今天稍早時間發布了一個檢測到Ransom:Win32 / WannaCrypt的威脅的更新。作為額外的“深度防禦”措施,請保持安裝最新反惡意軟件軟件。目前Windows Defender已經可以針對發作中的惡意程式,有效的偵測並清除;使用者可以從下列位置下載 Windows Defender: https://support.microsoft.com/zh-hk/help/14210/security-essentials-download
此外,我們正為所有客戶提供額外安全更新,以保護適用於早期Windows 軟件包括Windows Windows XP,Windows 8和Windows Server 2003的Windows平台。請使用以下連結下載安全更新: Windows Server 2003 SP2 x64, Windows Server 2003 SP2 x86,Windows XP SP2 x64, Windows XP SP3 x86, Windows XP Embedded SP3 x86,Windows 8 x86, Windows 8 x64
據我們瞭解,這個勒索軟件攻擊並沒有針對Windows 10,只要有下載3月份安全更新已能夠有效地防禦這次攻擊。我們藉此再次呼籲客户盡快升級Windows 10 ,並積極考慮落實部署Microsoft 企業級雲端服務,以時刻確保保安措施是最新版本,為客户提供最強大的防禦。企業用戶可以隨時聯繫Microsoft的客戶經理查詢。
客戶如有任何查詢,可致電Microsoft 香港客戶服務中心電話:+852 2388 9600
Step 0 :
甚麼都不用說,先斷網絡進行備份!
星期一上班,我可以開電腦嗎 ?
先切斷網絡,移除 lan 線 /關掉 wifi ,用你的方法停止電腦接上網絡。開機後立即備份重要檔案,緊記別備份在本機或網絡磁碟上。
(免責聲明 : 修改 Windows 有風險請先備份,如因以下方法導致任何損失,本網恕不負責)
透過路由器 / 防火牆封鎖 139 及 445 埠
A)路由器 :
B) Windows 防火牆
如果你無法更改公司伺服器設定可以設定 Windows 防火牆,安全的話可以考慮先移除 LAN 線 / 關閉 Wifi
Step 1:
按 WIN + R 鍵 ,鍵入 firewall.cpl 按 enter
Step 1:
如果你 Firewall 未開啟,請按「請用建議的設定」去開啟
Step 2:
如已開啟了(綠色),請按左邊進階設定
Step 3:
左側按 輸入規則 > 右側按 新增規則
Step 4 :
選擇 通訊協定及連接埠,選 連接埠
Step 5 :
如下圖選擇 TCP , 特定本機連接埠選 445 ,139 ,下一步
Step 6:
選擇封鎖連線,下一步
Step 7:
套用所有規則,下一步
Step 8 :
隨意命名,完成
Step 9
重覆 Step 3 至 4 , 今次我們選擇 UDP , 特定本機連接埠選 445 ,139 ,下一步。重覆 Step 6 至 8
XP 用家可參考這個方法
改成阻檔 TCP 及 UDP 445 , 139
Windows 10
去 Windows 更新便可
Windows 8.1 64:
==
如何你無法修改路由器設定,你可以通用系統管理員權限修改以下設定
Windows 7/Sever 2008 / Vista 用家:
Step 1
以系統管理員登入,執行regedit
Step 2
HKEY_LOCAL_MACHINESystemCurrentControlSetServicesLanmanServerParameters
找空白處按右鍵新增 DWORD key SMB1, 其數值為 0 (日後成功執行修正檔的話,可把數值由 0 改回 1 )
Windows 8 或以上 :
Step 1
右按以管理員執行 CMD
Step 2
鍵入powershell (Enter)
set-ExecutionPolicy Unrestricted (Enter)
set-SmbServerConfiguration -EnableSMB1Protocol $false (Enter)
看到提示後選 Y
成功後重新開機便成功
(日後成功執行修正檔的話,照以上方法,最後一次由 $false 改為 $true )
因為資料顯示此病毒有潛伏期,設定為 5 月 12 附近的日子爆發 ! 因此有可能在你電腦自動更新前已中招潛服在內,以下圖片顯示就算你電腦無連網絡,潛伏於電腦內的病毒照樣爆發。
由於加密的過程是這樣的 :
1. 從原檔產生新的加密檔
2. 把原檔刪除
理論上,我們可以利用平時「undelete」的軟件把刪除的檔案救回來,只要那個區域未被新資料覆寫上去就有機會救回。如發現你的硬碟已被感染,請即關機。把硬碟取出搬到「無毒」的電腦上進行修復,方法可以參考 <這裡>的「救 DATA 篇」,不過有心理準備,只有部份檔案可 100% 救回來。
Twitter 瘋傳 WNcry@2ol7 是解鎖密碼 ,但其實只是病毒一部份既解壓碼,用來解壓自己其中的 module繼續攻擊,有部份防毒軟件掃瞄不到有密碼的 zip 檔,所以部份病毒會用法方法加密自己的文件。
由於今次 BITCOIN 收款的地址是統一的,因此開發者無法證明支付者身份,任何人都可以冒認你跟病毒開發者說已付了帳,理論上會提供解密密碼機會很低。話雖如此,Bitcoin 追蹤資料顯示直到現時為止已有 23 單個交易,開發者收取了4.26616859 BITCOIN (現價計算的話,總值 7,210 美元)
Wanna Decrytor 暫時未有任何通用解密方法,可是中國網上已有很多所謂的破解工具,但其實檔案被加密後,那隨機密碼不可能用你自家電腦的運算力於短時間內破解,因此這類破解檔很多時是木馬程式,安裝後找尋 PC 內銀行或信用咭密碼,讓你受二次傷害
1. Introduction
To protect company network from malware, worm, virus, spam, etc in suspected malicious web sites, we need to define an URL block list (in next section), and setup to restrict those URLs in our network Firewall. This post will list out those suspected URLs, and we will submit this document to management review and approve.
2. URL Block List
2.1 Sports
2.1.1 General Suspected URL:
2.1.2 China Suspected URL:
http://www.xinhuanet.com/sports/
http://player.baidu.com/yingyin.html
http://www.ku6.com/client_ku6speed/
https://messenger.yahoo.com/web/
http://www.btchina.net/
http://www.verycd.com/
http://www.btpig.com/
http://www.3e-online.com/
http://www.bbsmovie.com/
http://www.21ou.com/。
http://www.jlpzj.com/
http://www.dream2008.cn/
http://www.cnxp.com/
http://www.btbbt.com/
http://thepiratebay.org/
http://isohunt.com/
http://torrentz.com/
http://btjunkie.org/
http://torrentportal.com/
http://www.gamestorrents.com/
http://www.torrentreactor.net/
http://www.sumotorrent.com/
http://www.seedpeer.com/
Reference Sites:
http://urlblacklist.com/?sec=download
http://www.squidguard.org/blacklists.html
http://www.business-in-site.com/webmaster-articles/huge-list-of-156-video-streaming-sites/
http://www.blogsdna.com/923/top-20-best-peer-2-peer-p2p-file-sharing-programs-applications-software.htm
https://torrentfreak.com/top-10-largest-file-sharing-sites-110828/
Open source configuration management tools make managing servers at scale easier, less time-consuming and more repeatable.
Configuration management tools provide automation, cloud orchestration, and remote management and execution that give IT greater control over its entire infrastructure. Beyond standardizing configuration on servers, the tools can install and maintain packages, upgrade or deploy new servers and manage a cloud infrastructure.
Without configuration management tools, IT administrators would manually deploy each VM needed in an OpenStack, Amazon Web Services, VMware ESXi or other environment. Instead of logging into each server to manually patch it, a systems administrator can remotely patch thousands of servers at the same time. The same goes for removing a user from servers.
“All of your server configuration is going to stay the same and consistent across your environment,” said Nitin Madhok, a systems developer and programmer on the infrastructure code team at Clemson University. “So, if you installed an application on one server, you could install that application on a dev, production, test or whatever environment it is in the same way, following the same steps.”
Companies can immediately fix security vulnerabilities such as Heartbleed on thousands of user-facing servers in under five minutes. LinkedIn manages more than 70,000 servers and can make a change on all of them in under a minute.
Chef, Puppet, Ansible and Salt are four major open source configuration management tools — each with distinct differences. Puppet and Chef are coded in Ruby, a less commonly known programming language among IT professionals. Salt and Ansible use the more common language, Python, and users only have to be familiar with YAML (yet another markup language) to operate them. Salt and Chef also use ZeroMQ protocol, which allows users to create complex communication systems with little effort.
Salt and Puppet use a daemon approach and must be installed on every server. This allows for a master-slave control architecture. Chef and Ansible are daemonless, so no software takes up resources on the VM to manage it. The open source tools do require open Port 22 on each VM, which could leave servers vulnerable to attack. Salt also has a Secure Socket Shell tool, called Salt SSH, which allows the user to configure it similarly to Ansible. Each of these open source configuration management tools also come in supported, purchased enterprise versions that offer additional modules or features.
Information Source: http://searchitoperations.techtarget.com/photostory/450299435/Modern-open-source-systems-management/4/Open-source-configuration-management-tools-offer-ease-at-scale
Recently, I browsed a useful web blog about IT management, called “Capterra IT Management Blog” from link –> http://blog.capterra.com/the-top-3-free-and-open-source-itam-software-solutions/ . It listed out three open source IT asset management software. They are useful, so I copy and share in it for your reference.
This free IT asset management solution has been around since 2002 and is available for both cloud and on-premise (Windows and Linux)
With SysAid’s asset management solution, users have access to all the standard features of licensed ITAM software, including the ability to view all software and hardware, as well as the manufacturer details of computers, printers, and other networked devices. Other benefits include automatic notifications of asset changes and the ability to create management reports.
SysAid’s IT Asset Management edition also offers a free, fully functioning IT Service Desk with ITSM capabilities for those interested.
This solution supports up to two administrators, 100 assets, and 100 end users, with an international online community for support.
Some reviews noted a lacking user-interface that may run too slow for some.
This ITAM free and open source option is written in PHP and has been downloaded 77 times since its creation in early 2013.
This ITAM software solution offers a streamlined user experience with a dynamic dashboard for users to search through, add, update, and delete vendor details or categories. Users occupy two roles (lab operator and administrator), where they can add, update, delete stocks and assign any hardware or software to labs. Assets can also be assigned to others users for delegation.
This option is available for both Windows and Linux.
The last time Asset Management Software was updated was back in 2013 and there isn’t an active support community posting tickets or patches to improve potential flaws.
This free IT and asset management software uses a variety of languages, developed using PHP, and uses MySQL/MariaDB for the database, HTML for the Web pages, CSS for style sheets, and XML for report generation. In 2011, 1.2 million computers reported using this solution.
GLPI includes more than just a management system, also offering a service desk ITIL, license tracking, and software auditing. Through its asset management feature, users can collect an inventory of computers, printers, and other networked devices, as well as track equipment bookings, check equipment status, and manage contracts and documents related to inventory. GLPI can also generate reports for hardware, software, and networked items.
GLPI is also a multilingual solution, with more than 45 operating languages available.
Some reviews have noted installation difficulties, though users can also find support through the software’s forum.
1.定期对公司系统软件进行渗透测试模拟攻击,及时发现系统安全漏洞,反馈给相关部门
2.利用自主开发的epa软件时行网络监控,对网络违规行为及时制止(如:私自安装与工作无关聊天软件等)
3.对外发邮件进行稽核,特别是外发apk是否含有公司机密文件
4.物理环境稽核,如:私自搭建wifi,各种网络设备规范连接等
5.权限与安全意识稽核,如:账号权限与使用,违规操作等
6.撰写公司各种安全条例规范及安全策略
网络维护,日常管理,调查安全事件,支持及参与公司系统开发,维护及应用;对系统/程序进行测试,以确保整体系统的高品质运作;支持系统的实施及支援;统整有关系统文档
I would like to conduct a range of ip network address ping using python 3.5 script. It is easy. I will show you the python script and its screen dump result as below.
# network ping program run for python3
# Import modules
import subprocess
import ipaddress
# Prompt the user to input a network address
net_addr = input(“Enter a network address in CIDR format(ex.192.168.1.0/24): “)
# Create the network
ip_net = ipaddress.ip_network(net_addr)
# Get all hosts on that network
all_hosts = list(ip_net.hosts())
# Configure subprocess to hide the console window
info = subprocess.STARTUPINFO()
info.dwFlags |= subprocess.STARTF_USESHOWWINDOW
info.wShowWindow = subprocess.SW_HIDE
# For each IP address in the subnet,
# run the ping command with subprocess.popen interface
for i in range(len(all_hosts)):
output = subprocess.Popen([‘ping’, ‘-n’, ‘1’, ‘-w’, ‘500’, str(all_hosts[i])], stdout=subprocess.PIPE, startupinfo=info).communicate()[0]
if “Destination host unreachable” in output.decode(‘utf-8’):
print(str(all_hosts[i]), “is Offline”)
elif “Request timed out” in output.decode(‘utf-8’):
print(str(all_hosts[i]), “is Offline”)
else:
print(str(all_hosts[i]), “is Online”)
