MARCH 16, ACCORDING TO A RECENT MONITORING BY THE MINISTRY OF INDUSTRY AND INFORMATION TECHNOLOGY ' S WEB SECURITY THREATS AND GAPS INFORMATION SHARING PLATFORM (NVDB) FOUND THAT THE FIRE WAS ON THE INTERNET OpenClaw There are high security risks in the case of default or inappropriate configuration, which are highly likely to trigger security problems such as cyberattacks and information leaks。
A lot of themColleges and universitiesIn order to ensure the security of personal information, campus network and data assets throughout the school, early warning notices have been issued on risks related to OpenClaw:
(a) Anhui Teacher ' s College: the use of this tool in the workplace, such as the processing of teaching and scientific data, administrative office information, student information, etc., is strictly prohibited in all units and staff of the school, so as to prevent the leakage of school work data, attacks on the system, etc., and to secure the floor of school data
Beijing University: Put OpenClaw on a server or personal computer and make sure that the service is not exposed to the campus or public network. The computing centre will regularly scan the OpenClaw-related ports that are open on the campus network and will notify the relevant units of any unconfirmed cases
Guangdong University of Pharmacy: Teachers and students deployed using OpenClaw, closing unnecessary port mapping and Internet access, setting up a white list of documents and Http access, and making it clear that the binding model should not consider external content to be enforceable. (b) Checking from time to time whether the equipment has an abnormal process, a strange network connection, etc., and changing the relevant account codes in a timely manner to remove security hazards
South China Teacher Training University: The installation of production equipment in the production environment and office computers, including office computers, servers, smart terminals, etc. of the school, is strictly forbidden and OpenClaw is absolutely impossible to install. It is strictly prohibited to provide them with any sensitive information and not to enter the office system account code, server administration privileges, personal sensitive information, etc。
Shandong University: Deployment of OpenClaw on test machines, Docker sandboxes to avoid direct installation on PHCs or office computers; installation of firewalls without exposure of OpenClaw gateway (default port 18789) to the Internet. (b) Use OpenClaw to the extent possible to connect to local deployment models, and carefully to use cloud-based large models to "discover data"
China Teacher Training University: Should it be necessary to use it, it should immediately close unnecessary public Internet access, improve security mechanisms such as identification, access control, data encryption and security audits, and strictly limit the scope of its authority. OpenClaw is prohibited from being installed on the server assigned by the Information Office。