Abstract: With the popularization of computer network technology, it has become an urgent need to use the Internet to realize office automation and apply office automation to institutions with high security requirements such as the government and the military. The so-called office Automation refers to the use of microcomputers and related peripherals to effectively manage and transmit various information to achieve the purpose of improving work efficiency. The office automation network is a small and medium-sized local network. The office automation network system is an important part of the automated paperless office system. When implementing networked offices, due to the large coverage, mixed users, and different management levels, it is often impossible to ensure the safe transmission and management of official documents on the network. There are also some people who specialize in information sabotage activities on the Internet, causing huge losses to the country and enterprises. Therefore, strengthening network security and preventing information from being leaked, modified and illegally stolen has become an urgent problem that needs to be solved in the popularization and application of network office automation. . This article summarizes common security problems and their consequences in office automation networks, discusses methods to solve these security problems, and provides security strategies based on network internals.
1. Foreword
The internal office automation network of an enterprise is generally Intra-net based on the TcrilP protocol and adopts the Internet's communication standards and Web information circulation model. It is open and therefore Extremely easy to use. However, openness has brought about security issues such as system intrusion and virus intrusion. Once security issues are not properly resolved, serious consequences such as leakage of trade secrets, equipment damage, data loss, and system paralysis may occur, which will have a great negative impact on normal business activities. Therefore, enterprises need a more secure office automation network system.
The security of office automation systems includes the security of network equipment, supporting equipment, data security, communication security, and operating environment security. It also includes the security of each computer within the network and the normal functioning of computer functions, etc. part. The solution to office automation network security issues should mainly focus on three aspects: early warning, protection, and disaster recovery. The following aspects will be discussed separately in terms of security early warning, data security protection, intrusion prevention, virus prevention, and data recovery.
2. Common security issues in office automation networks
(1) The spread and infection of network viruses
With the advancement and popularization of computers and networks, computers Viruses are also constantly emerging. The total number has exceeded 20,000 types, and the number is increasing at a rate of 300 types per month. Their destructiveness is also increasing, and network viruses are even more destructive. Once the hard disk of the file server is infected by a virus, it may cause system damage and data loss, making the network server unable to start, applications and data unable to be used correctly, and even paralyzing the entire network, causing immeasurable losses. Internet viruses generally have a strong regeneration mechanism and can spread and infect through the Internet. Once a utility program is infected, the virus will quickly spread throughout the network and infect other programs. The losses caused by network paralysis caused by network viruses are difficult to estimate. Once a network server is infected, the time required to detoxify it will be dozens of times longer than that of a single machine.
(2) Intrusion of hacker network technology
Current office automation networks basically use Ethernet based on broadcast technology. In the same Ethernet, the communication data packets between any two nodes can not only be received by the network cards of the two nodes, but also intercepted by the network card of any node on the same Ethernet. In addition, for the convenience of work, office automation networks are equipped with ingress and egress ports that are interconnected with
the external network and the Internet. Therefore, hackers in the external network and the Internet only need to invade any part of the office automation network. When the node listens, it can capture all the data packets that occur on this Ethernet, unpack and analyze them, and steal key information; while hackers in this network may easily intercept any data packets, thereby creating information of theft.
(3) System data damage
In office automation network systems, there are many factors that may cause data damage. The first is hacker intrusion. Hackers intrude into the network for various reasons. Among them, malicious intrusion may cause many kinds of harm to the network. One of the hazards is data destruction, which may destroy server hard disk boot area data, delete or overwrite the original database, destroy application data, etc. The second is virus damage. Viruses may attack the system data area, including the hard disk master boot sector, Boot sector, FAT table, file directory, etc. Viruses may also attack the file data area, causing the file data to be deleted, renamed, replaced, or partially lost. Program code, lost data files; viruses may also attack CMOS and destroy data in the system CMOS. The third is disaster damage, which results in data damage due to natural disasters, sudden power outages, strong vibrations, misoperation, etc. The destruction and loss of important data will cause business difficulties and huge waste of manpower, material and financial resources.
3. Network security strategy
(1) Network security warning
The office automation network security warning system is divided into two parts: intrusion warning and virus warning. In the intrusion warning system, intrusion detection can analyze and determine whether the data packets transmitted in the network are authorized.
Once intrusion information is detected, a warning will be issued to reduce threats to the network. It integrates important security data generated by network scans, Internet scans, system scans, real-time monitoring and third-party firewalls to provide internal and external analysis and identify risk sources in the actual network and direct response. It provides enterprise security risk management reports, which focus on important risk management areas, such as real-time risks, attack conditions, security vulnerabilities, and attack analysis; it provides detailed intrusion alarm reports, displaying intrusion alarm information (such as intrusion IP addresses and Destination IP address, destination port, attack characteristics), and track and analyze intrusion trends to determine the security status of the network; the information can be sent to relevant databases as a basis for decision-making on network security. The virus early warning system implements uninterrupted and continuous scanning of all data packets entering and exiting the network, and monitors all files entering and exiting the network 24 hours a day. When a virus is found, it can immediately generate an alarm message to notify the administrator, and can locate and locate viruses by IP address. Port location tracks the source of viruses and generates powerful scanning logs and reports to record and track all virus activities on the network within a specified period of time.
(2) Data security protection
① Security protection against intrusion: For a database, its physical integrity, logical integrity, and data element integrity are all very important. . The data in the database can be divided into two categories: pure information data and functional file data. Intrusion protection should mainly consider the following principles: physical equipment and security protection, including security protection of servers, wired and wireless communication lines; server security protection, different Data of different types and importance should be implemented on different servers as much as possible. Important data should be managed in a distributed manner. The server should be protected by reasonable access control and identity authentication measures, and access logs should be recorded. Important data in the system should have encryption and verification measures in the database. Users should have clear authorization policies for data access to ensure that users can only open files within their own permissions; use auditing and trace technology to prevent illegal parties from obtaining system data from outside the system or legitimate users to evade system warning reports Obtain data from the system under supervision; client security protection, client security mainly requires the ability to cooperate with the server's security measures to provide identity authentication, encryption, decryption, digital signature and information integrity verification functions, and to enforce various functions through software Regularly change client passwords to prevent possible losses caused by password leaks.
②Security protection against virus damage and disaster damage: For data protection against viruses and disaster damage, there are two main categories of effective protection methods: physical protection and data backup. To prevent viruses and disasters from destroying data, we must first set up physical protection measures on the core network equipment, including setting up power redundancy modules and redundant backup of switch ports; secondly, use disk mirroring or disk arrays to store data to avoid physical disk failures. causing data loss; in addition, other physical media must be used to back up important data, including real-time data backup and regular data backup, so that timely and effective recovery after data loss can be achieved.
(3) Intrusion prevention
To effectively prevent illegal intrusion, internal and external network isolation, access control, internal network isolation and segmentation management should be implemented.
① Internal and external network isolation: Setting up physical isolation between the internal office automation network and the external network to achieve isolation of the internal and external networks is the most important, most effective and economical way to protect the security of the office automation network. one of the measures. The first layer of isolation protection is the router. The router filters out blocked IP addresses and services. You can first block all IP addresses, and then selectively allow some addresses to enter the office automation network.
The second layer of isolation protection is the firewall. Most firewalls have an authentication mechanism. Regardless of the type of firewall, overall, it should have the following five basic functions: filtering data entering and leaving the network; managing access behaviors entering and leaving the network; blocking certain prohibited Business; record information content and activities passing through the firewall; detect and alert network attacks.
②Access control: Public automated networks should adopt access control security measures and divide the entire network structure into three parts, the internal network, the quarantine area and the external network. Set different access control methods for each part. Among them: the internal network is an area that is not open to the outside world. It does not provide any services to the outside world, so external users cannot detect its IP address and it is difficult to attack it. The quarantine area provides services to the outside world, and all system open information is placed in this area. Because of its openness, it becomes the target of hackers' attacks. However, because it is isolated from the internal network, it cannot be attacked even if it is attacked. It will endanger the internal network. This double protects the resources of the internal network from infringement and also facilitates administrators to monitor and diagnose network faults.
③ Internal network isolation and segmentation management: Internal network segmentation is an important measure to ensure security, and it is also a basic measure. Its guiding ideology is to isolate illegal users from network resources. In order to achieve the purpose of restricting illegal access by users. The office automation network can be segmented according to department or business needs. Network segmentation can be done in two ways: physical segmentation or logical segmentation: Physical segmentation usually refers to dividing the network into several network segments from the physical layer and data link layer. , each network segment cannot communicate directly with each other; logical segmentation refers to segmenting the entire system at the network layer.
And can achieve subnet isolation. In actual applications, isolation is usually achieved by combining physical segmentation with logical segmentation. After taking appropriate security measures, subnets can access each other. For TCP/IP networks, the network can be divided into several IP subnets. Each subnet must be connected through devices such as routers, routing switches, gateways, or firewalls. The security mechanisms of these intermediate devices (including software and hardware) are used to control each subnet. Access between subnets. Here, firewalls are used to isolate one network segment of the internal network from another network segment, which can limit the impact of local network security issues on the global network.
(4) Virus prevention
Compared with the protection of stand-alone viruses, the prevention and control of network viruses is more difficult. Network virus prevention and control should be closely integrated with network management. The biggest feature of network anti-virus lies in the network management function. Without management function, it will be difficult to complete the task of network anti-virus. Only the combination of management and prevention can ensure the normal operation of the system. The prevention of computer viruses lies in improving the security mechanisms of operating systems and application software. In the network environment, viruses spread quickly, and it is difficult to remove network viruses with only stand-alone anti-virus products. It is necessary to have comprehensive anti-virus products suitable for local area networks and wide area networks. In order to prevent and control computer viruses, a network virus prevention server can be installed on the office automation network system, network virus prevention software can be installed on the internal network server, and anti-virus software for a stand-alone environment can be installed on a single machine. The goal of installing a network virus protection server is to scan all files entering and exiting the network in real-time. Data exchange between the local network and other networks, data exchange between local network workstations and servers, and data exchange between local network workstations must be detected and filtered by the network virus prevention server, thus ensuring real-time detection of network viruses. Kill and prevent.
(5) Data recovery
After the office automation system data is damaged, the degree of data recovery depends on the data backup plan. The purpose of data backup is to fully restore the data and system information required to run the computer system as quickly as possible. The backup mechanisms that can be selected according to the system security requirements include: real-time high-speed, large-capacity automatic data storage, backup and recovery; regular data storage, backup and recovery; backup of system equipment. Backup not only plays a protective role in the event of network system hardware failure or human error, but also plays a protective role in the event of unauthorized access by intruders or network attacks and damage to data integrity. It is also one of the prerequisites for system disaster recovery.
With the increasingly frequent exchange of information between various departments of the enterprise, between enterprises, and internationally, the security issue of office automation networks has been put on the important agenda. A technically feasible and designed A security strategy that is reasonable in terms of technology and balanced in terms of investment has become an important part of a successful office automation network.