IT人在工廠日記 – CBL 電郵封鎖問題 (2014/06/18)

by Posted in Diary of IT Man(IT人在工廠日記) Tagged ,

最近兩個月,我公司的電郵系統地址經常被 http://www.spamhaus.org/ 列到 CBL 黑名單中,而限制了電郵的傳送,影響公司運作。CBL 黑名單的起因是網絡內某些電腦中了木馬病毒,例如:Conficker botnet,這會发送了大量的垃圾邮件给对方,因而被封鎖。我用過網絡掃描、更新殺毒軟件…等等方法,解決了問題,但是,一、兩星期後,又再被列到CBL 黑名单中,經常解決後又發生,是認真煩擾。

剛好收到雲盟公司郵件中繼轉發服務的廣告,此服務主要解決的是外發郵件退回問題,企業郵件服務器通過設置中繼轉發服務器地址,便可保證正常發送;而服務價錢不貴,唯有採用吧。

唉!我真懷疑制造問題和解決問題的是同一火伙人,我們越是倚賴某事,便越大機會被人利用來威脅,詐取好處,例如這次的電郵問題;所以最好便是充實自己,有能力自保,不受威脅。

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

參考資料: 

1. http://www.yienter.com/

2. http://cbl.abuseat.org/

3. http://www.spamhaus.org/lookup.lasso

4. How to find BOTs in a LAN

4.1 On Windows, use this in a dos command window:

在DOS 下跑 :   netstat 5

This will give you a list of all network connections your machine has open, much like *NIX netstat above every 5 seconds until you stop it. You’re looking for very much the same sort of things as *NIX netstat above. You’ll probably see Microsoft, Yahoo and other familiar names – they’re normal (from your browser, IM etc). “Akamai” perhaps won’t be familiar, but it’s normal too. Lots of port 25 connections is the usual sign of infection.

4.2 Port Scanners using Nmap tool

Detailed description of how to use nmap is well beyond the scope of this paper. For our purposes, the following command will do most of what you want and be non-destructive – won’t do any damage:

nmap -A [machine or network specification]

nmap-scan

文件编码指引

by Posted in 4. Others Tagged
  • 1. 区域编号:由两个字母组成,表示档案所属的代表处或附属机构:
区域编码 所属地区/附属机构
HK 香港xxx有限公司
CN 中国xxx有限公司
  • 2. 部门功能小组代号:由3个字母一个序号组成的代号,表示文件编制部门功能小组:

Read More

新入职员工保密协议 – 样板

by Posted in 2. IT Security (資訊保安), 2.1 IT Security Requirement (保安要求) Tagged

甲方(员工):××××身份证号码:×××××

乙方(企业):××××公司

鉴于甲方在乙方任职,并将获得乙方支付的相应报酬,双方当事人就甲方在任职期间及离职以后保守乙方技术秘密和其他商业秘密的有关事项,订定下列条款共同遵守: Read More

War-Dialing PROCEDURE

by Posted in 2. IT Security (資訊保安), 2.2 IT Security Operation (保安操作) Tagged

1.        INTRODUCTION

The presence of unsecured or mis-configured modems attached to computers on the network can undermine a well thought-out security plan. Persons unaware of the risks may set up modems on their computers that can be accessed with either non password or an easily guessed password. These modems are then vulnerable to computer criminals who “war dial,” or call numbers systematically until they find a phone number that connects to an unsecured dialup.

If a computer with an unsecured modem is connected to our network, anyone with a little computer skill and malicious intent can use that unsecured modem as a “back door” into our network. Firewalls don’t protect a network against this type of attack because the intruder comes in over phone lines, rather than over the Internet, bypassing firewalls. Read More

IDS Setup and Operations

by Posted in 2. IT Security (資訊保安), 2.2 IT Security Operation (保安操作) Tagged

1      Abstract

This document covers the operation of a distributed intrusion detection system.
This manual contains the following:
Chapter 2 Intrusion Detection Procedure
A short introduction to Intrusion detection technology, the procedure around the operations, and follow-up action regarding how to record and keep trace the incident.
Chapter 3 Intrusion Detection
This chapter describes the principles and working of an Intrusion Detection system.
Chapter 4 Component Description
This chapter describes the setup of the different components used in the secure setup.
The central management server will be responsible for the management of all the components.
Chapter 5 Network Setup
The network setup describes how the different components can be placed securely in a site’s network. This is done with centralized management, log consolidation and secure communications between the systems.
Chapter 6 Snort: -Installation, Configuration and Maintenance
This chapter describes the initial installation and configuration and the periodic maintenance.
Chapter 7 Analysis of the results
Analysis of the results obtained through the different IDS sensors have to be analyzed to be useful for the site. This chapter describes the usage of the Analysis Console for Intrusion Databases (ACID)
Chapter 8 Conclusion
This chapter contains the final conclusions of this paper. Read More

Information Security Plan

by Posted in 2. IT Security (資訊保安), 2.1 IT Security Requirement (保安要求) Tagged

1           Introduction

1.1             General

To realize the business strategy plan of Company, ICT will play, as enabler, an important role. As described hereafter ICT will contribute in the primary, secondary and managed operations processes by enabling global connectivity, integration of business systems and standardization of business processes. The changing business processes will have consequences for the ICT environment. The ICT programdescribes the steps, which are needed to support the business processes as they are being developed in the years to come. In this information plan an overview is given of the expected business processes and the required information architecture in a global environment. It is obvious that changes in the business strategy of Company will have to be reflected in this information plan. Read More

IT Security implementation within Factory

by Posted in 2. IT Security (資訊保安), 2.1 IT Security Requirement (保安要求) Tagged

1           Information

This document is a collection of standards, procedures, and ways of working as used at the present time within Company that are being used to uphold the level of security as far as this is implemented.

Security is necessary for everyone and everything that is working with confidential information and should therefore also be everyone’s responsibility.

This document has been written as an attempt to shed some light on these responsibilities and to point out to people what responsibility they have regarding security. Read More