URL block List for a China Company

1.  Introduction

To protect company network from malware, worm, virus, spam, etc in suspected malicious web sites, we need to define an URL block list (in next section), and setup to restrict those URLs in our network Firewall. This post will list out those suspected URLs, and we will submit this document to management review and approve.

2. URL Block List

2.1 Sports

2.1.1      General Suspected URL:

 

2.1.2 China Suspected URL:

http://sports.sina.com.cn/

http://sports.sohu.com/

http://sports.ifeng.com/

http://sports.163.com/

http://sports.qq.com/

http://sports.cntv.cn/

http://sports.pptv.com/

http://sports.youku.com/

http://sports.letv.com/

http://china.nba.com/

http://www.xinhuanet.com/sports/

 

  • Streaming Video:
    • General Suspected URL:

 

  • China Suspected URL:

http://player.baidu.com/yingyin.html

http://www.iqiyi.com/

http://tv.sohu.com/

http://www.tv189.com/

http://www.baofeng.com/

http://www.youku.com/

http://cbox.cntv.cn/

http://www.ku6.com/client_ku6speed/

http://tudouva.softonic.cn/

http://y.qq.com/player/

http://www.fun.tv/

http://www.kugou.com/

http://www.ppxyy.com/

http://www.kankan.com/

http://v.baidu.com/

http://www.uusee.com/

http://www.56.com/

http://www.pptv.com/

http://dl.xunlei.com/

http://v.qq.com/download.html

http://www.p2psearchers.com/

http://www.lmtw.com/

 

  • Social Media
    • General Suspected URL:

 

  • China Suspected URL:

http://wangwang.1688.com/

http://skype.gmw.cn/

http://popo.163.com/

https://messenger.yahoo.com/web/

http://cn.msn.com/

http://www.qq.com/

http://uc.sina.com.cn/

http://feixin.10086.cn/

http://webim.feixin.10086.cn/

http://im.baidu.com/

http://cc.163.com/

http://www.alicall.com/

http://www.gtalk.com.cn/

 

  • Software downloads
    • General Suspected URL:

 

 

  • China Suspected URL:

http://raysource.softonic.cn/

http://www.115.com/

http://xf.qq.com/

http://www.flashget.com/cn/

http://dl.xunlei.com/

 

  • P2P sharing
    • General Suspected URL:

 

  • China Suspected URL:

http://www.emule.org.cn/

http://soft.p2psearcher.org/

http://dl.xunlei.com/

http://www.bttiantang.com/

http://www.poco.cn/

http://www.btchina.net/
http://www.verycd.com/
http://www.btpig.com/
http://www.3e-online.com/
http://www.bbsmovie.com/
http://www.21ou.com/

http://www.jlpzj.com/
http://www.dream2008.cn/
http://www.cnxp.com/
http://www.btbbt.com/

 

 

  • Torrents
    • General Suspected URL:

 

  • China Suspected URL:

http://www.mininova.org/

http://thepiratebay.org/
http://isohunt.com/
http://torrentz.com/
http://btjunkie.org/
http://torrentportal.com/
http://www.gamestorrents.com/
http://www.torrentreactor.net/
http://www.sumotorrent.com/
http://www.seedpeer.com/

 

Reference Sites:

http://urlblacklist.com/?sec=download

http://www.squidguard.org/blacklists.html

http://www.business-in-site.com/webmaster-articles/huge-list-of-156-video-streaming-sites/

http://www.blogsdna.com/923/top-20-best-peer-2-peer-p2p-file-sharing-programs-applications-software.htm

https://torrentfreak.com/top-10-largest-file-sharing-sites-110828/

网络安全稽核工作(Network Security Auditing Work)

安全稽核工作

1.定期对公司系统软件进行渗透测试模拟攻击,及时发现系统安全漏洞,反馈给相关部门
2.利用自主开发的epa软件时行网络监控,对网络违规行为及时制止(如:私自安装与工作无关聊天软件等)
3.对外发邮件进行稽核,特别是外发apk是否含有公司机密文件
4.物理环境稽核,如:私自搭建wifi,各种网络设备规范连接等
5.权限与安全意识稽核,如:账号权限与使用,违规操作等
6.撰写公司各种安全条例规范及安全策略

网络维护,日常管理,调查安全事件,支持及参与公司系统开发,维护及应用;对系统/程序进行测试,以确保整体系统的高品质运作;支持系统的实施及支援;统整有关系统文档

"OWASP" 是什么?

OWASP is a (开放Web 应用安全项目组-OpenWebApplicationSecurityProject) 每隔数年会更新10个最关键的Web应用安全问题清单,即OWASPTOP10。

2013年OWASP TOP 10版本在2010年版本中新添加了一类风险,以涵盖更普遍、更重要的安全漏洞;并基于最新的流行程度数据,对一些风险重新排序。另外,该版本通过一类特定风险而引入了“组件安全”风险,并移除了2010年版中的A6“安全配置错误”风险。

OWASP

Title 21 CFR Part 11 Requirement

Title 21 CFR Part 11 is the part of Title 21 of the Code of Federal Regulations that establishes the United States Food and Drug Administration(FDA) regulations on electronic records and electronic signatures (ERES). Part 11, as it is commonly called, defines the criteria under which electronic records and electronic signatures are considered trustworthy, reliable, and equivalent to paper records (Title 21 CFR Part 11 Section 11.1 (a)).

Practically speaking, Part 11 applies to drug makers, medical device manufacturers, biotech companies, biologics developers, CROs, and other FDA-regulated industries, with some specific exceptions. It requires that they implement controls, including audits, system validations, audit trails, electronic signatures, and documentation for software and systems involved in processing the electronic data that FDA predicate rules require them to maintain. A predicate rule is any requirement set forth in the Federal Food, Drug and Cosmetic Act, the Public Health Service Act, or any FDA regulation other than Part 11. [1]

The rule also applies to submissions made to the FDA in electronic format (e.g., a New Drug Application) but not to paper submissions by electronic methods (i.e., faxes). It specifically does not require the 21CFR11 requirement for record retention for tracebacks by food manufacturers. Most food manufacturers are not otherwise explicitly required to keep detailed records, but electronic documentation kept for HACCP and similar requirements must meet these requirements.

As of 2007, broad sections of the regulation have been challenged as excessive[who?], and the FDA has stated in guidance that it will exercise enforcement discretion on many parts of the rule. This has led to confusion on exactly what is required, and the rule is being revised. In practice, the requirements on access controls are the only part routinely enforced.[citation needed] The “predicate rules” that required organizations to keep records the first place are still in effect. If electronic records are illegible, inaccessible, or corrupted, manufacturers are still subject to those requirements.

If a regulated firm keeps “hard copies” of all required records, those paper documents can be considered the authoritative document for regulatory purposes, and the computer system is not in scope for electronic records requirements—though systems that control processes subject to predicate rules still require validation.[citation needed] Firms should be careful to make a claim that “hard copies” of required records are authoritative document. For the “hard copy” produced from electronic source to be the authoritative document, the “hard copy” must be a complete and accurate copy of the electronic source. The manufacturer must use the hard copy (rather than electronic versions stored in the system) of the records for regulated activities. The current technical architecture of computer systems increasingly makes the burden of proof for the complete and accurate copy requirement extremely high.[2]

Information Source: https://en.wikipedia.org/wiki/Title_21_CFR_Part_11

IT Routine Work Highlight

IT Routine Work

  • Check Daily Backup
  • Perform Monthly Backup for permanent storage at least 3 years
  • Check the archive and life email client database (.pst file which should not bigger too big, especially outlook 2003 or lower version .pst file should not larger than 2G size)
  • Perform Monthly Email Archive in outlook server
  • Check Backup of ERP system, and clean-up log file if necessary
  • Handle ERP, HR, Email, Share File System, CCTV, Printer, network and phone line routine support
  • Backup machine O/S, VMWare Machine Databases at least quarterly
  • Perform Off-Site Backup Storage
  • Reboot servers at least quarterly
  • New Staff computer preparation for email account creation, share-drive access right, printer, door access card, phone
  • Staff Exist Preparation for email transfer/deletion, backup computer data
  • Handle Ad-Hoc IT project

IT Critical Document:

  • password list
  • Inventory list
  • Internet/External Support contact list

Network Monitoring Software Review

Networks are becoming critical components of business success – irrespective of
whether you are small or BIG. When network fails, customers and employees cannot
communicate, employees cannot access critical information or use basic print or email
services, resulting in productivity loss and revenue loss. Network monitoring software
tools reduce network outages and allow businesses to operate more fluently, cut costs,
and prevent revenue loss. And for those who are small and are not allowed to think of a
budget for network monitoring software, a better alternative is to start with open source
and freeware network monitoring software that reduce the time and money spent on
network administration and management. This paper talks about the top freeware and
open source network monitoring software available today.

Network-Monitoring-Software

IT人在工廠日記 – CBL 電郵封鎖問題 (2014/06/18)

最近兩個月,我公司的電郵系統地址經常被 http://www.spamhaus.org/ 列到 CBL 黑名單中,而限制了電郵的傳送,影響公司運作。CBL 黑名單的起因是網絡內某些電腦中了木馬病毒,例如:Conficker botnet,這會发送了大量的垃圾邮件给对方,因而被封鎖。我用過網絡掃描、更新殺毒軟件…等等方法,解決了問題,但是,一、兩星期後,又再被列到CBL 黑名单中,經常解決後又發生,是認真煩擾。

剛好收到雲盟公司郵件中繼轉發服務的廣告,此服務主要解決的是外發郵件退回問題,企業郵件服務器通過設置中繼轉發服務器地址,便可保證正常發送;而服務價錢不貴,唯有採用吧。

唉!我真懷疑制造問題和解決問題的是同一火伙人,我們越是倚賴某事,便越大機會被人利用來威脅,詐取好處,例如這次的電郵問題;所以最好便是充實自己,有能力自保,不受威脅。

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

參考資料: 

1. http://www.yienter.com/

2. http://cbl.abuseat.org/

3. http://www.spamhaus.org/lookup.lasso

4. How to find BOTs in a LAN

4.1 On Windows, use this in a dos command window:

在DOS 下跑 :   netstat 5

This will give you a list of all network connections your machine has open, much like *NIX netstat above every 5 seconds until you stop it. You’re looking for very much the same sort of things as *NIX netstat above. You’ll probably see Microsoft, Yahoo and other familiar names – they’re normal (from your browser, IM etc). “Akamai” perhaps won’t be familiar, but it’s normal too. Lots of port 25 connections is the usual sign of infection.

4.2 Port Scanners using Nmap tool

Detailed description of how to use nmap is well beyond the scope of this paper. For our purposes, the following command will do most of what you want and be non-destructive – won’t do any damage:

nmap -A [machine or network specification]

nmap-scan

文件编码指引

  • 1. 区域编号:由两个字母组成,表示档案所属的代表处或附属机构:
区域编码 所属地区/附属机构
HK 香港xxx有限公司
CN 中国xxx有限公司
  • 2. 部门功能小组代号:由3个字母一个序号组成的代号,表示文件编制部门功能小组:

Read More