The "mining" governance of Sun Yat -sen University has entered the "dynamic clear zero" stage

Since the rectification of the "mining" activity of the virtual currency at the end of last year, after nearly four months of efforts, the "mining" activity of the virtual currency of Sun Yat -sen University has finally been effectively curbed. At the same time, the rectification work has also shifted from the concentrated annihilation stage to the normal "dynamic clear zero" stage.

During the rectification of the "mining" activity, Sun Yat -sen University actively responded to the national call, and the departments assisted the assistance to jointly rectify the "mining" activity. Among them, the information department continues to maintain a high -voltage trend of the supervision of "mining" activities, continuously strengthen publicity and education, comprehensively improve the level of computer terminal security protection, and focus on rectifying the "mining" behavior of virtual currencies caused by computer terminal infections. Although it has achieved certain results, the subsequent rectification work is still far away.

"Mining" governance is difficult to govern

Universities bear a number of functions such as talent training, scientific research, and social services. Tens of thousands of teachers and students and employees work on campus, which brings a lot of challenges to the "mining" rectification.

1. Campus network management is difficult. The campus network is uniformly exported. It not only connects the computer equipment of the school's property rights reserved, but also connects the personal computer terminal carried by teachers and students, so it also increases the difficulty of campus network management to some extent. Taking Sun Yat -sen University as an example, Sun Yat -sen University runs across Guangzhou, Zhuhai, and Shenzhen. The campus network covers 3 campuses and 5 campuses, connecting 10 affiliated hospitals, with a large scale and wide coverage. More than 3,000 wired network equipment, more than 36,000 wireless access points, more than 100,000 wired network information points. According to the situation of the situation platform, the total number of online online terminals of the school campus has accumulated more than 300,000 units.

2. The school network structure is complex and there are many terminal types. Many schools have multi -operator exports. Not only did I have an IP address conversion on the Internet export, but also a large number of NAT network devices in the campus network, resulting in the "mining" behavior difficult to track traceability. There are many types of computers, including desktop computers, portable computers, routers, virtual machines, etc., as well as self -service equipment, campus card recharge equipment, etc.; assets. And the level of safety management and safety protection of related equipment is also uneven.

During the "Thirteenth Five -Year Plan" period, the focus of network security protection work in Sun Yat -sen University is in the protection of important systems and important data, and there are shortcomings in computer terminal protection. Therefore, at the beginning of November last year, when the local Development and Reform Commission was notified, the school's "mining" rectification work started like a "encounter" that was not prepared.

The "mining" governance system combined with management techniques

The target of "mining" is miner nodes, and miner nodes are divided into independent miner nodes and non -independent miner nodes. For the former, we must first cut off the communication between the node and the virtual currency network; for the latter, first cut off the communication between the node and the mining pool server. Next, we must remove the "mining" procedure on the node, and finally depending on the investigation and evidence collection, and further dispose of the manager and unit where the node equipment is located. Sun Yat -sen University explored a set of rectification work systems that combine tube techniques and double -pronged rectification in the rectification of virtual currency "mining".

From top to bottom, mobilize

1. From top to bottom, open up the rectification channel. Sun Yat -sen University attaches great importance to rectification work: the secretary of the school party committee hosted the meeting many times and arranged the rectification work; the leaders in charge of the school regularly listen to the report, guide the rectification work, and solve the blocking point in the rectification work; Special class, the person in charge of the center and the backbone of the central departments of the central department, clarify the timetable, roadmap, establish work ledger, and linked chart operations.

2. Strengthen publicity and education and strengthen awareness of prevention. The school has set up a special website of "mining" rectification work to send reminders to the school's teachers and students group, and use WeChat public account tweets to prevent "mining" propaganda, popularize the knowledge of end security protection, enhance the awareness of network security prevention of teachers and students, Personal disposal ability.

3. Strengthen supervision and improve the accountability mechanism. During the "mining" rectification process, a comprehensive inspection and accountability mechanism can not only ensure the orderly implementation of the rectification work, but also efficiently promote the process of rectification. Sun Yat -sen University has established a "mining" inspection and accountability mechanism, strengthened discipline inspection and supervision, and strictly implemented the "mining" rectification related work.

Technical rectification "three steps"

The behavior of "mining" is difficult to prevent, so it is necessary to use the premise of unprepared prevention, and use the ideas and methods of safe operations to establish a technical system composed of some composers such as premature monitoring and early warning, interception and blocking in the event, and rectification afterwards.

The first step is to monitor and early warning beforehand. Products and services such as campus network security situation perception platform, security DNS cloud service and campus network export flow manager using campus network security situation, and services and services have established virtual currency "mining" activity monitoring and early warning systems. The computer terminal network traffic is collected and analyzed through this system, and the communication between the miner nodes and the virtual currency network, mining pool server or remote control server in time; it is found that the computer terminal querys the domain name of the known mining pool server or remote control server, and then then Monitor the "mining" activity of virtual currency.

The second step is to intercept and block. Sun Yat -sen University sets up strategies and rules on campus export firewalls, campus export traffic managers, campus network export link balance equipment, and campus DNS server. To prevent the computer terminal from querying the domain name of the known mining pool server or remote control server to curb the "mining" activities of virtual currencies. The third step is to deal with rectification afterwards. According to the clues discovered by monitoring and warning, the computer terminal involved is determined; the computer terminal use manager is notified by mail, corporate WeChat, telephone and other methods, and the internet function of the computer terminal is limited at the same time; then the staff will be arranged to investigate and obtain evidence for further disposal. For active "mining" behavior, the network center will be transferred to the school's disciplinary inspection and supervision department to dispose. For other types of "mining" behaviors, after the manager completes the "mining" program clearance and computer security reinforcement, the computer terminal access function is restored. For those who have not rectified or repeatedly occurred in a period of time, the center also notifys its unit.

"Mining" governance is a long -term job

With the experience of Sun Yat -sen University, the "mining" governance of colleges and universities can generally be divided into two stages.

The first stage is the concentrated annihilation stage. The goal of this stage is to curb group "mining" activities in a short period of time, and remove the hat from the superior department's notification list. At this stage, it can be "sports". The information department takes the lead to set up a special class to study and judge daily, and schedule daily. At the research and judgment scheduling meeting, first interpreted the operation data of the previous day, and then the staff of various departments reported the work of the day before, discussed the problems and difficulties encountered in the work, and clarified the specific arrangements for the next step. At this stage, the information department should explore and form a set of "mining" activities that adapt to the situation of their respective schools and sustainable "mining" activities.

The second stage is the dynamic zero stage. The goal of this stage is to prevent the "mining" activity from rebounding and avoid being informed by the superior department. For the "mining" activity that occurred sporadic, it was discovered and handled together. This stage is long -term, and the complete interception and blocking of the "mining" activity cannot be realized. Moreover, there is also a time difference between discovery and interception. Since April, the network regulatory department of Sun Yat -sen University has been sampled. The school still has a small amount of "mining" behavior. The traceability of the aftermath is the act of discovery and blocking the next day.

If for example, the "mining" rectification work of colleges and universities is first an unexpected encounter, and then evolved into a concentrated and high -strength war, and will eventually form a long -term continuous and lasting war. When the person in charge of Sun Yat -sen University's Information Center summarizes the post -school rectification work, he emphasizes:

1. The "mining" remediation pursuit of absolute zero is unrealistic. The focus of dynamic clearance is mainly to prevent active "mining", curb passive "mining", and standardize scientific research "mining".

2. "Mining" rectification is a long -term work. After a brief concentration of annihilation, it will inevitably enter the long -term dynamic clearance stage. At this stage, school network security operation capabilities are crucial.

3. Human factors are the key. Teachers and students understand or not, and they do not cooperate, which largely determines the effect of "mining" rectification.

4. Governance work is not just the work of the information department. Leaders do not pay attention to, the hospital is not active, and the teachers and students are not cooperated, and the rectification work cannot be continued and long -term.

Today, the remediation of "mining" has entered a period of tackling. Only based on themselves and specific analysis of specific problems can various universities realize the "mining" activity "dynamic clearing", create a new environment of green and secure campus network, build network security governance governance governance The new ecology helps my country's industrial structure optimization, promote energy conservation and emission reduction, and achieve the ultimate goal of carbon peaks and carbon neutrality as soon as possible.

Author: Zhang Yongqiang (Sakyama University Network and Information Center)

- END -