IT用户安全手册

IT运维管理系统-用户使用手册IT运维管理系统用户使用手册中国石油大学12月2017年页26 共页1 第IT运维管理系统-用户使用手册前言衷心感谢您选用该软件产品，我们将竭诚为您提供最优质的服务。

本用户手册旨在给予用户产品使用，故障处理方面的说明指导。

为了您使用方便并能充分利用本软件的功能，敬请仔细阅读本使用手册，并放于方便位置，以供日后参考。

本用户手册的内容仅供参考，本公司不断改善产品功能与质量，版本时有更新而手册未能及时修正，或有包含技术上不准确或疏漏之处，敬请凉解，也真诚地希望您能把宝贵的意见反馈给我们，在以后的版本中，我们会加以充实或改进。

页26 共页2 第IT运维管理系统-用户使用手册目录3............................................................................................................................................. 录.目41. ................................................................................................................................. 系统概述52. ..................................................................................................................... 软件和硬件环境53. ............................................................................................................. 系统访问与提报方法64. ................................................................................................................................. 操作说明6................................................................................................................................ 4.1.登录6................................................................................................................................ 4.2 .首页74.3.........................................................................................................................事件管理....................................................................................................................... 11变更管理4.48....................................................................................................................... 1问题管理4.53................................................................................................................... 24.6配置项管理4....................................................................................................................... 4.72系统管理页26 共页3 第IT运维管理系统-用户使用手册1.系统概述IT运维管理系统包括事件管理、变更管理、问题管理、配置管理、紧急变更管理和系统管理，共六个管理模块。

直流可编程电子负载IT8500+系列用户手册型号：IT8511+/IT8511A+/IT8511B+/IT8512+/IT8512A+/IT8512B+/IT8512C+/IT8512H+/IT8513C+/IT8514C+/IT8514B+/IT8516C+版本号：4.1声明© Itech Electronics, Co., Ltd. 2014根据国际版权法，未经Itech Electronics, Co., Ltd. 事先允许和书面同意，不得以任何形式（包括电子存储和检索或翻译为其他国家或地区语言）复制本手册中的任何内容。

手册部件号IT8500+-402008版本第4版，2015 年05月18日发布Itech Electronics, Co., Ltd.商标声明Pentium是Intel Corporation在美国的注册商标。

Microsoft、Visual Studio、Windows 和MS Windows是Microsoft Corporation 在美国和/或其他国家/地区的商标。

担保本文档中包含的材料“按现状”提供，在将来版本中如有更改，恕不另行通知。

此外，在适用法律允许的最大范围内，ITECH 不承诺与本手册及其包含的任何信息相关的任何明示或暗含的保证，包括但不限于对适销和适用于某种特定用途的暗含保证。

ITECH对提供、使用或应用本文档及其包含的任何信息所引起的错误或偶发或间接损失概不负责。

如ITECH与用户之间存在其他书面协议含有与本文档材料中所包含条款冲突的保证条款，以其他书面协议中的条款为准。

技术许可本文档中描述的硬件和／或软件仅在得到许可的情况下提供并且只能根据许可进行使用或复制。

限制性权限声明美国政府限制性权限。

授权美国政府使用的软件和技术数据权限仅包括那些定制提供给最终用户的权限。

ITECH 在软件和技术数据中提供本定制商业许可时遵循FAR 12.211（技术数据）和12.212（计算机软件）以及用于国防的DFARS252.227-7015（技术数据－商业制品）和DFARS 227.7202-3（商业计算机软件或计算机软件文档中的权限）。

IT维护手册一、引言IT维护是保障信息系统正常运行不可或缺的环节。

本手册旨在提供清晰的指导，帮助维护人员了解和执行IT维护任务。

通过正确的维护措施，确保系统的稳定性和安全性，提高整体运行效率。

二、重要提示1. 在进行任何维护操作之前，务必备份系统数据，以防意外情况发生。

2. 确定维护时间，在用户使用较少的时段进行操作，以避免影响正常工作。

3. 严格遵守公司的安全规定和政策，确保在授权的范围内进行维护操作。

三、硬件维护1. 定期检查服务器和网络设备的物理连接，确保连接稳定可靠。

2. 清洁服务器和网络设备的内部和外部，防止灰尘和杂物对其正常工作的影响。

3. 定期更换电池、风扇等易损件，以确保设备的长期稳定运行。

4. 检查电源和UPS供应电源，确保供电正常，以避免因电力不稳定而导致的故障。

四、软件维护1. 及时升级操作系统和软件补丁，修复安全漏洞和BUG，提高系统安全性和稳定性。

2. 清理临时文件和无用文件，释放磁盘空间，提高系统性能。

3. 定期进行病毒和恶意软件扫描，确保系统的安全性。

4. 定期备份系统和重要数据，保证数据的可恢复性。

五、网络维护1. 监控网络流量和带宽使用情况，及时调整网络资源分配，以满足各部门的需求。

2. 定期检查网络设备的配置和性能，及时发现并解决潜在的故障点。

3. 限制不必要的网络访问和流量，确保网络资源的安全和稳定。

六、安全维护1. 定期更新防火墙和入侵检测系统的规则，防止未授权访问和攻击。

2. 配置强密码策略，确保用户账户的安全性。

3. 定期对用户的权限进行审查和更新，避免权限滥用。

4. 实施数据备份和恢复策略，以应对数据丢失或故障的情况。

七、故障处理1. 建立故障处理队列，及时响应用户的故障报告。

2. 根据故障的类型和紧急程度，分配优先级和处理时限，确保故障及时解决。

3. 记录故障处理过程和解决方案，以便未来参考和总结经验。

八、总结本维护手册提供了IT维护的基本指导和要点，但在实际操作中，需根据具体情况灵活应用。

用户使用手册三路可编程直流电源IT6300B系列型号IT6322B/IT6332B/IT6333B© 版权归属于艾德克斯电子有限公司目录第一章验货与安装 (6)1.1验货 (6)1.2清洁 (6)1.3安装位臵 (6)第二章快速入门 (9)2.1前面板及后面板描述 (9)2.2键盘按键介绍 (10)2.3VFD指示灯功能描述 (11)第三章通电检查 (12)3.1开机预先检查 (12)3.2输出检查 (14)第四章技术规格 (15)4.1主要技术参数 (15)4.2补充特性 (18)第五章面板操作 (19)5.1前面板操作介绍 (19)5.2通道切换操作 (20)5.3OUT ON/OFF输出设定 (20)5.4定时器操作 (20)5.5电压操作 (20)5.6电流操作 (21)5.7数据保存/读取设臵 (21)5.8过电压操作 (21)5.9键盘锁定功能 (21)5.10过热保护 (22)5.11菜单描述 (22)5.12菜单功能描述 (24)5.13后面板远端补偿端子功能 (29)第六章电源与PC间的通讯 (30)6.1RS-232接口 (30)6.2USB接口 (31)6.3GPIB接口 (32)6.4标准软件及SCPI指令 (32)IT6300B系列三路直流可编程电源供应器设备及材料污染控制声明O:表示该有毒有害物质在该部件所有均质材料中的含量在SJ/T11363-2006与EU 2005/618/EC 规定的限量要求以下。

X:表示该有毒有害物质至少在该部件的某一均质材料中的含量超出SJ/T11363-2006与EU 2005/618/EC 规定的限量要求。

1. ITECH无铅焊锡已全面完成，外壳材料尚未全面完成转换，故部品含铅量未全面符合限量要求。

2. 产品在使用手册所定义之使用环境条件下，可确保其环保使用期限。

处臵切勿将本设备处理为未分类的废弃物，本设备需做分类回收。

有关废弃物收集系统的讯息，请联络贵公司所在地的相关政府机关。

Hunting the huntersLearn more on #bringonthefuture A systemic approach to protectionIntroductionAs corporate processes undergo extensive, across-the-board automation, businesses are becoming increasingly dependent on information technologies. This, in turn, means the risks associated with disruption to core business processes are steadily shiftingto the IT field. The developers of automation tools are aware of this and, in an attempt to address possible risks, are increasingly investing in IT security – a key characteristic of any IT system along with reliability, flexibility and cost. The last couple of decades have seen a dramatic improvement in the security of software products - virtuallyall global software manufacturers now publish documents dedicated to safety configurations and the secure use of their products, while the information security market is flooded with offers to ensure protection in one form or another.On the flipside, the more a company’s business is dependent on IT, the more attractive the idea of hacking its information systems, justifying any additional investmentin resources required to carry out a successful attack in the face of increased IT security levels.A systemic approach to protectionIncreased software security levels and constantly evolving protection technologies make mounting a successful attack more challenging. So cybercriminals, having invested in penetrating multiple layers of defenses, want to spend plenty of time inside the target infrastructure, maximizing their profits by doing as much damage as possible. Hencethe emergence of targeted attacks.These attacks are carefully planned and implemented - along with automated tools, they require the direct and deep involvement of professional attackers to penetrate the systems. Counteracting these professional attackers can only be undertaken effectively by professionals who are no less qualified and who are equippedwith the latest tools for detecting and preventing computer attacks.From a risk management standpoint, an organization’s security goals are considered achieved when the cost to the attacker of compromising the system exceeds the value to that attacker of the information assets gained. And, as we’ve said, penetrating multiple security layers is expensive and challenging. But there is a way of dramatically cutting the costs of an advanced attack, while almost certainly remaining undetected by built-in security software. You simply incorporate a combination of widely known legitimate tools and techniques into your advanced attack armory.Today’s operating systems actually contain everything needed to attack them, without having to resort to malicious tools, dramatically cutting the cost of hacking. This ‘dual functionality’ of OS built-in tools is what system administrators work with, so distinguishing their legitimate activities from those of a threat actor is very difficult, and virtually impossible through automation alone. The only way to counter such threats is to adopt a systemic approach to protection (Figure 1). This implies prompt detection if a threat is impossible to prevent, and if automatic detection is impossible, then having proactiveHiding in plain sightAt Kaspersky, we can say with a degree of confidence that the list of threat detection and prevention technologies we’ve developed over the years, including the latest research on big data and machine learning, means our security products can neutralize any attack that can be detected and prevented automatically. But automatic detection and prevention is just the beginning. More than 20 years of researching and preventing computer attacks have given us an even more powerful tool to tackle those areas when automation just isn’t enough – unequalled human expertise.Targeted attacks take the protection tools available to their victims into consideration and are developed accordingly, bypassing automatic detection and prevention systems. These kinds of attack are often carried out without any software being used, and the attackers’ actions are barely distinguishable from those that an ITor information security officer would normally perform.The following are just some of the techniques applied in today’s attacks:• The use of tools to hamper digital forensics, e.g. by securely deleting artefactson the hard drive or by implementing attacks solely within a computer’s memory• The use of legitimate tools that IT and information security departments routinely use • Multi-stage attacks, when traces of preceding stages are securely deleted• Interactive work by a professional team (similar to that used during penetration testing)Such attacks can only be identified after the target asset has been compromised,as only then can suspicious behavior indicative of malicious activity be detected. A key element here is the involvement of a professional analyst. A human presence withinthe event analysis chain helps compensate for weaknesses inherent in automated threat detection logic. And when pentest-like attacks involve an active human attacker, that human undoubtedly has an advantage when it comes to bypassing automated technologies. The opposing presence of a suitable armed human analyst then becomes the only sure way to counter the attack.IT security talent crunchMeanwhile, IT security personnel recruitment is at crisis levels. The number of unfilled positions globally stands at 4.07 million, up from 2.93 million this time last year.The growing demand for IT security expertise also means that it’s tough not justto find skilled professionals, but also to justify the high costs involved in hiring them. So if you don’t currently have a full complement of security specialists for threat hunting, investigation and response, it’s no good banking on being able to attract more. You need to find another way.Managed Detection and Response (MDR) products and services can be an effective solution for organizations seeking to establish and to improve their early, effective threat detection and response but lacking sufficient internal expert IT security resources (Figure 2). Outsourcing skills-hungry security tasks, e.g. threat hunting, to an experiencedThe needle in the haystackThe Kaspersky SOC continuously monitors more than 250k endpoints worldwide, and this number is constantly growing. We collect and process a huge amount of telemetry from each of these sensors. While the majority of threats are detected and prevented automatically, and only a small number of them go to human validation, the amount of raw telemetry requiring additional review is still enormous, and analyzing all this manually to provide threat hunting to customers in the form of an operational service would be impossible. The answer is to single out for further review by the SOC analyst those raw events which are in some way related to known (or even just theoretically possible) malicious activity.In our SOC, we call these types of event ‘hunts’, officially known as ‘Indicators of Attack’ or IoAs, as they help to automate the threat hunting process. IoA creation is an art, and like most art forms there’s more to it than just systematic performance. Questions need to be asked and answered, like ‘Which techniques need detecting as a priority, and which can wait a little?’ or ‘Which techniques would a real attacker be most likely to use’? This is where a knowledge of adversary methods is of so much value.Kaspersky identifies almost half of all incidents through the analysis of malicious actions or objects detected using IoAs, demonstrating the general efficiency of this approach in detecting advanced threats and sophisticated malware-less attacks. However, the more a malicious behavior mimics the normal behavior of users and administrators, the higher the potential rate of false positives and, consequently, the lower the conversion rate from alerts. So this is something that needs to be addressed.Jumping the queueAdvanced attackers often use the same tools, from the same workstations, addressing the same systems, and at the same time intervals as a real system administrator would – with no anomalies, no outliers - nothing. Faced with this, only a human analyst can make the final decision, attributing observed activity as malicious or legitimate, or even doing something as simple as asking the IT staff if they really performed these actions.However, SOC analysts can only work with finite throughput. As a human analyst is needed to verify and prioritize automatic detections for further investigation and response, it’s very important to determine as soon as possible whether the observed behavior is normal for a particular IT infrastructure. Having a baseline for what’s normal activity will help reduce the number of false alerts and raise the effectiveness of threat detection.High false positive rates and significant alert flows requiring verification and investigation can significantly affect the mean-time-to-respond to real incidents. This is where Machine Learning (ML) comes in. ML models can be trained on alerts previously validated and labeled by SOC analysts. By providing alerts with specific scoring ML model can assist with prioritization, filtering, queuing and so on. Kaspersky’s proprietary ML model enables the automation of the initial incident triage and minimizes the mean-time-to-respond by significantly increasing analyst throughput.IoA-based detection is applied to post-exploitation activity, where the tools used by attackers are not explicitly malicious, but their hostile usage is. Standard but suspicious functionality is identified in legitimate utilities, where classifying the observed behavior as malicious through automation would be impossible.Examples of IoAs:• Start command line (or bat/PowerShell) script within a browser, office application or server application (such as SQL server, SQL server agent, nginx, JBoss, Tomcat, etc.);• Suspicious use of certutil for file download (example command: certutil -verifyctl -f -split https[:]///wce.exe);• File upload with BITS (Background Intelligent Transfer Service);• whoami command from SYSTEM account, and many others.The devil is in the detailAlerts from protected assets require correlation as attackers move laterally from host to host. To define the most effective response strategy, it’s important to identify all affected hosts and gain complete visibility into their actions. In some cases, additional investigation may be required. Analysts gather as much context as possible to determine the severity of an incident. Incident severity is based on a combination of factors, including threat actor, attack stage at the time of incident detection (e.g. cyber kill chain), the number and types of assets affected, details about the threat and how it may be relevant to a customer’s business, the identified impact on infrastructure, complexity of remediation measures and more. To understand what’s actually going on, you need to maintain access to continuously updated knowledge about your attackers, their motivation, their methods and tools, and the potential damage they could inflict. Generating this intelligence requires constant dedication and high levels of expertise.Kaspersky SOC analyzes the received data utilizing all our knowledge about tactics, techniques and procedures used by adversaries worldwide (Figure 3). We gather information from constant threat research, the MITRE ATT&CK knowledge base, dozens Pulling the switchOnce the response strategy is defined, it’s time to take action. Usually, MDR services end here. Customers receive incident reports with response recommendations – then it’s their responsibility to apply them to their systems. Considering that a lack of IT security expertise may have caused the customer to opt for MDR in the first place, and the fact that such recommendations can be highly technical and not always clear and actionable, timely and effective response may be jeopardized. Absence of a centralized automated response capability adds to the problem significantly, compromising the potential benefits gained from such engagements.Kaspersky MDR relies on leading-edge security technologies based on unique ongoing threat intelligence and advanced machine learning. It automatically prevents the majority of threats while validating all product alerts to ensure the effectiveness of automatic prevention, and proactively analyzes system activity metadata for any signs of an active or impending attack. Our MDR shares the same agent with Kaspersky Endpoint Detection and Response and Kaspersky Sandbox, providing extended functionality once activated. The agent allows infected hosts to be isolated, unauthorized processes to be terminated, and malicious files to be quarantined and deleted – all done remotely at a single click.Depending on your requirements, the service offers a completely managed or guided disruption and containment of threats, while keeping all response actions under your full control. Incident response guidelines are actionable and delivered in plain English allowing for quick and effective execution. Kaspersky MDR customers can use the functionality of the EDR agent to centrally initiate recommended response actions themselves, or authorize Kaspersky to automatically launch remote incident response for certain types of incidents.KASPERSKYAnalysis workflow:•Situational awareness •Investigation of borderline cases•Overall process improvement Macro correlation, hypotheses:All TTP knowledge:•MITRE ATT&CK •Internal research •Security assessment/red teaming •Incident response practice•Security monitoring practiceCUSTOMERMicro correlation:•All EPP and network detection technologies •Reputation (through cloud)AUTOMATED AND GUIDED INCIDENTRESPONSEFigure 3. Incident analysis flow in Kaspersky MDRConclusionNeither automated threat detection and prevention tools nor cyberthreat hunting alone is a silver bullet for the entire spectrum of today’s threats. However, a combinationof traditional detection and prevention tools activated before a compromise occurs, plus a post-compromise iterative process of searching for new threats missed by automated tools, can be highly effective. Kaspersky Managed Detection and Response maximizes the value of your Kaspersky security solutions by delivering fully managed, individually tailored ongoing detection, prioritization, investigation and response.Countering targeted attacks requires extensive experience as well as constant learning. As the first vendor to establish, almost a decade ago, a dedicated center for investigating complex threats, Kaspersky has detected more sophisticated targeted attacks than any other security solution provider. Leveraging this unique expertise, you can gain allthe major benefits from having your own Security Operations Center without havingto actually establish one. 2021 A O K A S P E R S K Y L A B . R E G I S T E R E D T R A D E M A R K S A N D S E R V I C E M A R K S A R E T H E P R O P E R T Y O F T H E I R R E S P E C T I V E O W N E R S .Cyber Threats News: IT Security News: /。

回馈式直流电子负载IT8000系列用户手册型号:IT8000系列版本:V1.1/11,2019声明©Itech Electronic,Co.,Ltd. 2019根据国际版权法，未经Itech Electronic,Co.,Ltd.事先允许和书面同意，不得以任何形式（包括电子存储和检索或翻译为其他国家或地区语言）复制本手册中的任何内容。

手册部件号商标声明Pentium是Intel Corporation 在美国的注册商标。

Microsoft、Visual Studio、Windows和MS Windows是Microsoft Corporation在美国和/或其他国家/地区的商标。

担保本文档中包含的材料“按现状”提供，在将来版本中如有更改，恕不另行通知。

此外，在适用法律允许的最大范围内，ITECH不承诺与本手册及其包含的任何信息相关的任何明示或暗含的保证，包括但不限于对适销和适用于某种特定用途的暗含保证。

ITECH对提供、使用或应用本文档及其包含的任何信息所引起的错误或偶发或间接损失概不负责。

如ITECH与用户之间存在其他书面协议含有与本文档材料中所包含条款冲突的保证条款，以其他书面协议中的条款为准。

技术许可本文档中描述的硬件和／或软件仅在得到许可的情况下提供并且只能根据许可进行使用或复制。

限制性权限声明美国政府限制性权限。

授权美国政府使用的软件和技术数据权限仅包括那些定制提供给最终用户的权限。

ITECH在软件和技术数据中提供本定制商业许可时遵循FAR12.211（技术数据）和12.212（计算机软件）以及用于国防的DFARS252.227-7015（技术数据－商业制品）和DFARS227.7202-3（商业计算机软件或计算机软件文档中的权限）。

安全声明“小心”标志表示有危险。

它要求在执行操作步骤时必须加以注意，如果不正确地执行或不遵守操作步骤，则可能导致产品损坏或重要数据丢失。

在没有完全理解指定的条件且不满足这些条件的情况下，请勿继续执行小心标志所指示的任何不当操作。