In the past 48 hours, a round of ransomware has been raging around the world. Britain, Russia and Italy fell one after another. On the British side,
On May 12th, the national medical service system in Britain was hit by a large-scale network, and the computer systems of many public hospitals were almost paralyzed at the same time, and the telephone lines were cut off, resulting in many emergency patients being forced to transfer. In China, major colleges and universities have become the hardest hit areas, many colleges and universities have been infected by viruses, and a large number of graduate papers have been encrypted and blackmailed; Even some gas stations have been infected.
It is worth noting that up to now, there is no effective killing method for ransomware, which spreads quickly and is harmful. It has attracted the attention of the National Network and Information Security Information Notification Center and issued a notice at around 20: 00 on May 12, 2017:
"The new" worm "ransomware broke out. At present, tens of thousands of computers in more than 100 countries and regions have been infected by this ransomware, and some users of Windows series operating systems in China have been infected. Computer users are requested to upgrade and install the patch as soon as possible, and the address is: https://TechNet.microsoft.com/zh-cn/library/security/ms17-010.aspx. Windows
There is no official patch for 2003 and XP. Relevant users can open and enable Windows firewall, enter "Advanced Settings" and disable the setting of "file and printer sharing". Or enable personal firewall to close high-risk ports such as 445 and 135, 137, 138 and 139. Please disconnect the infected machine immediately to avoid further infection. "
Viruses are threatening. As information departments and network management technicians, what should we do to ensure the security of local area networks? We suggest you do this:
1. Prohibit the connection between the external network and the internal network port 445 on the firewall of the exit router.
2. Port mapping, DMZ host, you need to close ports 445, 135, 137, 138 and 139 on the windows firewall.
3. On the core switch of the intranet, access to port 445 between vlan is prohibited.
4. The above steps can only start a certain defense and isolation function, or we should hurry to patch it!
In addition, WFilter’s "network health detection" plug-in has a "suspicious host" detection function. Once the infected host starts the extranet, it can also be detected.