Start with a notice to prevent phishing emails

1. There is nothing trivial about network fraud prevention

Surfing the Internet for a while ,
Overturn on the Internet and suffer a lot .
Network security is no small matter ,
Keep it in mind all the time .

In today's society , The Internet has turned the huge earth into a global village . While people enjoy the convenience brought by the Internet , We should also be on guard against online fraud at all times , Phishing site , Computer virus attack .
Personal computers can only be protected by installing various anti-virus software , But for some phishing emails , Phishing websites still need to be carefully identified by computer users , If you are not careful, you may fall into the trap of a liar . Search the Internet , It's all kinds of cases of being cheated by entering phishing websites by mistake .
When surfing the Internet these days , I happened to see one on the official website of Northwestern University Notice on preventing phishing emails

From this notice, we can know , Some teachers in the school received the title “ notice ”, Attached is “ Wage subsidies ” The mail . After checking , This email is phishing . This phishing email will steal the user's bank card information , Thus stealing account funds . The solution mentioned in the notice is also Just let teachers improve their awareness of fraud prevention , Delete phishing messages , Change the password to a more complex password . This way can only cure the symptoms, not the root cause . Next time, there may be a similar fishing situation .

Company computers can only rely on installing on employee computers VPN, Work on LAN for fire prevention , But this kind of protection is also fragile and time-consuming . There are often problems of one kind or another , such as ：

• There are always some inexplicable applications installed on employees' computers , Slow down the computer , Affect office efficiency ;
• There will always be some advertising pop ups on the computer desktop , It's annoying .
• Others always punch in the website that the Company expressly forbids to visit during work , Like web games , Gambling websites, etc ;
• The company server always restarts inexplicably in the middle of the night , Suspected of being " Mining in bad faith ", But I can't find the specific infected file .
• Employees of the company have been defrauded of salary subsidies, etc
  
  To make a long story short , Network security is no small matter , If it's light, the computer can't be used , Loss of major confidential data , The company was forced to go bankrupt .
  however , The protection of network security is another trivial matter . Take the medical industry for example , There are many pain points as follows ：

1. The network structure of medical institutions is complex , The boundary of network security is increasingly blurred ;
2. Medical information leakage occurs frequently , The network security situation is grim ;
3. The intranet carries the core business system of the hospital ,APT、 Extortion viruses and fishing attacks are prevalent ;
4. Private terminals are difficult to manage and handle in a unified way , Increase the risk of Intranet infection ;
5. Safety construction started late , Insufficient personnel and management resources , Difficult to deal with existing threats .

2. There are a lot of security needs , What do I do ？

The medical industry described in the previous chapter has many pain points in the construction of network security , These pain points also produce many network security needs .

• Urgent need for APT、 Blackmail virus 、 Comprehensive detection and protection capabilities of fishing and other new advanced threats .
  Medical institutions include HIS、PACS、EMR Wait for the core system , Information extranet also includes mobile payment 、 Registration system, etc , These systems carry many core businesses of medical institutions , Vulnerable to blackmail virus and fishing attacks . On the basis of traditional safety equipment , New security technologies need to be introduced , Can accurately identify and find blackmail virus 、 Phishing emails and APT attack 、 Remote Trojan 、 Backdoor program and other new 、 Complex unknown threats , And give a real-time alarm to inform the safety operation personnel .
  Traditional anti-virus software can only scan local viruses , Trojan horse , For remote Trojans , The backdoor program is basically not found , Can't kill . And for some relatively new extortion viruses , It often needs urgent patches to make up , If the patch is not made in time, it may be infected . Medical institutions have a large number of core systems , There are a large number of terminals , Every terminal is a security anti-virus software , Stand alone protection , Obviously, it is an unrealistic operation .
• There is an urgent need for new security measures to automatically block threat events .
  The automatic blocking action is realized in the early stage of the malicious program infecting the terminal , Avoid massive dissemination on the intranet or become a shift to attack internal systems or plagiarize important assets , And a lot of time is reserved for accurate troubleshooting, positioning and resetting of alarms .
  The main problem now is that after the terminal is covered , It is often not isolated from other hosts on the network in time , Thus causing a large area of infection . therefore , It is particularly necessary to realize automatic blocking action in the early stage of malicious program infection .
• There is an urgent need for accurate positioning and professional killing ability of the loss of risk host .
  Insufficient investment in safety construction in the medical industry , Personnel and professional resources are relatively scarce , Therefore, a set detection is urgently needed 、 block 、 location 、 Disposal in one solution , Finish processing closed loop 、 Help security operators quickly prompt threat detection efficiency and disposal ability .
  Medical institutions are essentially a medical system , It is a place to save the dying and heal the wounded , therefore , In terms of security construction, it is often inadequate , Not enough manpower , Not enough resources . The medical industry needs a complete set of safety solutions .
• Urgent need " Light deployment 、 Easy to use 、 Then operate " Safety protection solutions .
  The network construction of medical institutions has basically taken shape , The deployment and implementation of the product is not easy to change the existing network , Product access deployment 、 Ease of use and daily operation and maintenance should fully consider the issue of personnel costs , Reduce the threshold for safety personnel through intelligent analysis , Achieve zero threshold 、 Zero analysis 、 Zero operations .
• There is an urgent need to unify the security protection methods of accessing a large number of terminals .
  Without installing any software on the terminal , Through lightweight and simple configuration , Complete the medical institution staff 、 In patients with 、 The security protection of a large number of terminals of family members accessing the Internet .
  There is a lot of demand , But the main business of medical institutions is to save the dying and heal the wounded , It is difficult to invest a lot of human and material resources to maintain network security by oneself , What shall I do? ？

3. There are still plans

There are still many network security schemes on the market . There are things like Hua x Cloud network security solutions , It's amazing x The network security scheme of the letter . But these schemes are generally expensive , Deploy complex situations . And the solution support for specific industries is insufficient .

In the face of internal and external network isolation, the boundary is fuzzy , Internet security protection is weak , blackmail 、 Data theft and various malicious programs are prevalent in the network , In addition, the medical institutions themselves lack the ability to respond to threats and attacks , Weibo online provides a service based on DNS Analysis and new threat protection OneDNS Internet security access scheme .

When various terminals access the Internet ,OneDNS Will fully resolve its domain name , Through the collision with Threat Intelligence , Identify and block ransomware 、 Phishing site 、APT attack 、 Backdoor Trojan horse and other malicious programs 、 And access insecurity 、 Non conforming content 、 Prevent the terminal from further infecting the medical intranet after infecting malicious programs , Provide accurate detection 、 block 、 location 、 Handle one-stop services .

The overall architecture is as follows ：

It can be seen from the composition on the shelf ：
It is divided into ： Internet business area , Wailian medical association area , Core system area , Terminal access area . Each business area has its own firewall and DNS The server .
OneDNS As a unified export , Monitor various requests of various systems .
This has the following advantages .

1. Comprehensive Threat Protection ： Based on micro step online professional Threat Intelligence Data ,OneDNS It can identify all remote control addresses of malware in the world 、 Fishing address and mine pool address , And identify the associated malware 、 Attack gang 、 Severity level and other information , Real time synchronization of threat intelligence data from Weibo online cloud , Provide high-precision detection and real-time interception capabilities , Make the last layer of protection for the network boundary of medical institutions .
2. Real time automatic interception ：OneDNS The cloud intelligence base collides domain names in real time , Stable and fast response security domain name resolution service , Highly accurate detection and automatic interception of malicious requests , Once there is corresponding malware running inside the medical institution ,OneDNS It will block the communication between these malware and the remote control end , Effectively reduce the risk of malware .
3. Threat host location ：OneDNS After intercepting the communication of malware , If the security team needs to further locate and analyze the internal machine 、 Tracing and cleaning up , The positioning tool of internal threat host can be used to realize the positioning of the fallen machine .
4. Light deployment and full access ： Just put the inside of the medical institution DNS Recursive parsing points to the cloud OneDNS, There is no need to install any software on the terminal , Staff of medical institutions 、 In patients with 、 A large number of terminals of family members can be fully covered , Unified access internet security protection system .
5. Unified online behavior management ： Big data capture capability and domain name classification capability based on Weibo online security cloud , It can accurately capture any new domain name in the world , And accurately identify its corresponding website classification , More than... Are currently recognized 80 Kinds of classification , Including but not limited to sexual violence 、 Illegal content 、 gambling 、 File sharing 、 game 、 Sensitive categories such as advertisements , Medical institutions can choose whether to block these types of sites .

4. It's not just easy to use

Tradition DNS The service simply combines the domain name and IP Addresses are simply mapped to each other , Only provide according to the host name （ domain name ） Find the corresponding IP Address and according to IP Address search corresponds to two basic resolution services of the host domain name . This leads to tradition DNS Service for phishing websites , Phishing email is powerless .

OneDNS It not only provides basic domain name resolution function , It also provides a comprehensive and accurate identification of new threats , testing 、 block 、 location 、 Handle one-stop services . Simply put, new threats can be identified , Automatically detect and block Trojan viruses . It can also intercept malware , And trace the source .

OneDNS Now there is Forever free public service Edition , The public service version is not only free , There will also be major updates in the near future , such as ：

• On a national scale OneDNS Node expansion , Provide better parsing services with higher performance , In particular, the number of service nodes in Beijing, Shanghai and Guangzhou has more than doubled ;
• Full support IPv6, And support dynamic lines DDNS distinguish , Give Way OneDNS The public service version has a more comprehensive network access capability , Serve a broader group of enterprise users ;
• Lighter and quieter Agent.OneDNS To optimize the Agent, Support silent installation 、 Silent operation , Make it easier for enterprises to manage remote office terminals , At the same time, it does not compete for terminal resources , Does not affect the end user experience ;
• Make the switch between public service version and enterprise version more smooth , Provide more flexible choices for enterprise office network security .

The good news is OneDSN It's not just about Forever free public service Edition , The enterprise application can be used for free 30 God . Compared with the public service version , The enterprise version is more comprehensive and powerful . There are many features in the enterprise version , Here are a few ：

1. Threat interception function ： Massive high-value Threat Intelligence Based on micro step online , Be able to 99.9% The accuracy of identifying and blocking links to malware remote control addresses 、 Fishing address 、 The location of the mine .
2. Workplace and strategy management ： Provide convenient management ability for multi workplace users , It can realize the decentralized management of workplace administrators , The head office administrator has unified control , The group's safe operation is highly efficient and coordinated 、 Lightweight and worry free .
3. Internal threat host location ： Be able to access DNS journal 、DNS Accurately locate the failed intranet host in case of traffic . With the forensics terminal, you can directly capture the malicious process of the terminal .
4. Local situation awareness platform docking API： The platform has a variety of API, It can be provided to the user situation awareness platform for calling , It can pull threat protection data , Address list configuration and other operations .

Are the partners eager to try ！！！！ It would be Come and experience it ！