I originally thought that after four days, my stiff neck would be a little better, so I didn't take ibuprofen. However, after the ibuprofen effect wore off, I found that the pain was still the same as before, and I took the new ibuprofen.

It will take another hour or two to take effect, so I will update it later today, probably around one or two in the morning, and then just refresh this chapter.

…………

Abstract: The situation of organized and purposeful network attacks using network security vulnerabilities is becoming more and more obvious. On the one hand, the time window left for emergency response is getting smaller and smaller. On the other hand, the threat knowledge, professional skills, proficiency, etc. required for emergency response are getting smaller and smaller.

But it continues to increase. This article proposes a concise process and response steps for network operators to carry out emergency response as a defender, providing practical reference for relevant units.

Keywords: network security critical information infrastructure attack and defense drills

1 Introduction

With the increasing importance of information technology in social development, cyberspace has become a new battlefield for great power competition. Cybersecurity attack and defense drills are key to testing the cyber security protection of critical information infrastructure and improving the emergency response level of network operators.

As an important means of work, it is of great significance to promote the improvement of network security capabilities through actual combat and confrontation. From the perspective of network operators, this article takes the actual attack and defense drill process of a government website that participated in the organization as an example to briefly describe the defense in the attack and defense drill.

How to carry out the work and provide relevant units with organizational response experience.

2Drill content

A certain unit organized network security professionals to form several attack teams to conduct security attack tests on the official websites and business systems of secondary institutions within the jurisdiction for 5 days to verify the effectiveness of the target system's security protection capabilities.

The exercise platform submits the defender's report. As the target website and business system operating unit, the author's unit needs to ensure the physical security, operational security and data security of the target information system to minimize the harm of network security emergencies.

3Organizational structure

A defense headquarters was established, with the network security leader as the overall commander, and its members composed of leaders from the network security and business system operation departments. The headquarters consists of a defense working group, a monitoring analysis group, and a research and judgment group, with a total of 20 people.

3.1Defense Command

Coordinate the overall exercise defense work, and be responsible for the command, organization, coordination and process control of the information system attack defense exercise; issue authorization instructions for system shutdown, restoration of key operations and external information submission; report on the progress of the exercise and summary report to ensure that the exercise work meets expectations

Purpose.

3.2 Defense Working Group

Responsible for the specific work of information system emergency drills; building a centralized monitoring and disposal environment for maintenance drills; analyzing and evaluating the impact of information system emergencies on business; collecting and analyzing data information and records during the information system emergency response process; reporting to

The headquarters reports on the progress of the exercise and the development of the situation; is responsible for taking the lead in conducting daily summary and analysis of security incidents; statistics, screening, and submission of reports to the defenders.

3.3Monitoring analysis group

Responsible for business system access monitoring and network security situation monitoring during offensive and defensive drills, discovering and identifying network attacks, recording the monitoring process, and issuing attack warnings to the research and disposition team; timely patching vulnerabilities in the business system and shutting down the business system

and resume work.

3.4 Research and disposition team

In the preparation stage of the drill, they are responsible for rectifying the discovered network security risks and implementing various security protection measures. In the actual stage of the drill, they clean the network attack traffic to ensure the availability of the business system; they flexibly allocate technical resources as needed to complete technical analysis and

Research and judgment, real-time attack confrontation, emergency response, etc.

4Drill implementation

According to past drill experience, small-scale defense should carry out relevant work in three stages: before the drill, during the drill, and after the drill.

4.1 Before offensive and defensive drills

Attack and defense

�

Establish a complete support team before training

�

�

�

�

From safety

�

Technique

�

Establish a comprehensive monitoring and early warning system

�

�

�In the safety system�

�

area construction

�

Warning and handling feedback mechanism

�

�

�

Information within the scope of this guarantee

�

�Relationship�

�

Conduct a detailed risk assessment

�

� and security hardening

�

�

�Formulate

�

�

�Network Security Attack and Defense�

�

Practice implementation plan

�

�

�

�

�

and inform relevant personnel.

�

�Safety awareness publicity and implementation

�

�

�

4.1.1 Asset sorting

�

�

�

�

�

�

Exhibition information

�

Organizing assets
To be continued...