Abstract: China, as the largest developing country in the world, is also the country with the largest number of Internet users in the world. Facing the increasingly complicated network security situation in the international community, it is urgent to maintain our cyberspace security. Among them, how to properly prevent malicious network attacks faced by a large number of government websites and effectively and ensure the safe operation of various government application platforms is even more important. We have legally authorized Infiltration of a provinciallevel GovernmentNetwork data exchange platform in both directions of entry and exit. Through the prevention issues found in the infiltration process, combined with our many years of network security work experience, we have proposed a closedloop security management and protection network technology in place. In order to be different from the general model of general cyber security type technical articles, we try to restore the actual penetration scenarios in the text, and from the point of view of the attacker, express important protection ideas in the most concise language and conclude 6 types of typical network protection work. I hope to be able to help network security attack and defense technology enthusiasts and government website administrators.

Key words: network sovereignty, network security, government platform, attacker, protective thought

摘要： 我国作为世界上最大的发展中国家，同时也是目前世界上网民人数最多的国家，面对国际社会日益复杂的网络安全形势，维护好我们的网络空间安全刻不容缓.这其中，如何正确防范大量政府网站所面临的恶意网络攻击行为，有效保证各类政务应用平台的安全运行，就显得更为重要.我们经合法授权，双向渗透了国内某省级政务外网数据交换平台，通过在渗透过程中发现的防范问题，结合我们多年的网络安全工作经验，提出了安全管理闭环、防护技术到位的网络防护主导思想.为了有别于一般网络安全防范类技术文章的通用模式，我们在文中尽可能还原真实的渗透场景，并从攻击者视角出发，以最简洁的语言表述出重要的防护思想，并归纳总结出6类典型的网络防护工作抓手.希望能够对网络安全攻防技术爱好者和政府网站的管理者有所帮助.

关键词: 网络主权, 网络安全, 政务平台, 攻击者, 防护思想