Information system boundary is the boundary area between enterprise information system and external data, and it is the first barrier to ensure data security. In order to ensure the data security of the information system boundary, the following security devices and measures need to be deployed: First, an efficient and safe firewall device is set on the network side to filter the two-way traffic passing through the boundary through access policies and blocking policies to prevent unidentified hackers from accessing the information system. The second is to deploy advanced IPS active anti-attack equipment. By configuring common network attack matching packages, two-way traffic can be detected at the application layer, which can effectively reduce the attack risk of viruses, worms and Trojans. Third, mainstream flow control equipment should be equipped to protect the normal use of the border exit bandwidth by checking the abnormal flow. The fourth is to deploy border equipment audit system and log analysis system, regularly collect operation logs and operation logs of network equipment and security equipment, and issue log reports. Through the analysis of log reports, information security managers can evaluate the attacks suffered by information systems, the effectiveness of network boundary rules and the running state of equipment, so as to make corresponding security plans for the next work.
2. Desktop Terminal Domain
Desktop terminal domain is composed of employee desktop work terminals, which is a hotbed of confidential information security incidents. Desktop terminal domain security protection is the second barrier of security defense, which mainly includes the following three aspects:
The first is the security of the desktop terminal operating system. The operating system used by most personal computers in the company is Microsoft WindowsXP or WindowsVista. In response to hacker attacks, Microsoft will regularly release system security patches. A set of Microsoft WSUS patch server should be deployed in the information intranet and intranet, and operating system security patches should be downloaded regularly.
The second is the system anti-virus strategy. Computer virus is the chief culprit of computer system paralysis. The anti-virus strategy is realized by anti-virus servers deployed in the information intranet and extranet. Anti-virus servers are deployed in the information intranet and the information intranet respectively, anti-virus clients are installed in PC devices in the information intranet and the information intranet, and the anti-virus database is automatically updated from the anti-virus servers regularly.
The third is the security of mobile storage media. Mobile phone media without effective protection is an effective carrier for spreading viruses, and it is also the chief culprit for leaking company secrets and state secrets. The company should deploy a secure mobile storage system to encrypt the USB flash drive. All employees use secure USB flash drives to avoid the risk of moving media.
3. Application system domain
The application system domain consists of a server running enterprise application system and a database storing enterprise application data. Application system domain security protection is the third barrier of security defense. Firewall devices need to be deployed between application system domains and system boundaries, between desktop terminals, and between application system domains with different security protection levels. Application system maintainers need to carefully count the application of the system, provide detailed port applications, and formulate feasible access and blocking strategies.
On the Internet, many people are unaware of safety or danger. They all think that everything will be fine with a layer of security system. In fact, the first floor can't stop the invasion of viruses and hackers. So let's talk about some practices and management methods about network security now!
First, personal safety.
In addition to ensuring computer locks, we should pay more attention to fire prevention and put wires and networks in relatively hidden places. We also need to prepare UPS to ensure that the network can run under continuous voltage. Peak voltage is a very important concept in electronics. When the peak voltage is high, it can burn out electrical appliances and force the network to be paralyzed. When the peak voltage is the lowest, the network can't run at all. These accidents can be eliminated by using UPS. In addition, it is necessary to do a good job of preventing rats from biting the network cable.
Second, the system security (password security)
We should try our best to use passwords mixed with uppercase and lowercase letters, numbers and special symbols, but remember that I have seen many such webmasters. His password setting is really complicated and safe, but he often can't remember it, and he has to look through his notebook every time. In addition, we'd better not use empty passwords or blank passwords, which are easily seen by some hackers.
We can also add passwords to screen savers and important applications to ensure double security.
Third, patching.
We need to update the system patch in time. Most viruses and hackers come in through system vulnerabilities. For example, the notorious oscillation wave that swept the world on May 1 this year took advantage of the Microsoft vulnerability MS04-01. And slammer, a virus that can't be killed all the time on SQLSERVER, also came in through a loophole in SQL. Therefore, it is necessary to patch the system and applications in time, such as IE, OUTLOOK, SQL, OFFICE and other applications.
In addition, we need to shut down unnecessary services, such as TELNET, and close the Guset account.
Fourth, install antivirus software.
Virus scanning is to scan all files, e-mail content and executable files. Exe file. Scan results include removing viruses, deleting infected files or putting infected files and viruses in quarantine folders. Therefore, we should know that all the machines in the whole network, from the website server to the mail server to the file server, should install anti-virus software and keep the latest virus definition code. As we know, once the virus enters the computer, it will copy itself wildly and spread all over the network, causing great harm and even causing the system to crash and lose all important information. Therefore, at least once a week, the computers on the whole network should be centralized for antivirus, and the folders of isolated viruses should be cleared regularly.
At present, many gateway products, such as firewalls, have anti-virus functions. For example, Xie Qing, president of Netscreen, owns the Fortigate firewall of American Flying Tower, which has anti-virus function.
V. Application Procedures
We all know that more than half of the viruses come in by mail, so besides installing anti-virus software on the mail server, we should also protect outlook on the PC. We should be vigilant. When you receive those untitled emails, emails from people you don't know, or emails that are all in English, such as happy99 and money, and then there are attachments, I suggest you delete them directly, because more than 90% of them are viruses. Some time ago, I encountered this situation in a government department. Three people in their unit kept receiving emails, and miraculously received more than 2000 emails in an hour, which led to the explosion of mailboxes. At first, they suspected that hackers had entered their network. Finally, when asked about these people, they all said that they had received emails and attachments. When they opened the attachment, they received the mail until the mailbox broke. Finally, it was found that it was caused by a virus.
In addition to not checking these emails, you should also use the blacklist function and email filtering function in outlook.
When you visit a webpage, many hackers come in. Do you often encounter this situation? When you open a web page, many windows will pop up, and you can't close them. This means that hackers have entered your computer and tried to control it.
So we need to improve the security of IE, often delete some cookies and offline files, and disable those ActiveX controls.
Sixth, the proxy server.
The proxy server was originally used to speed up the access to the websites we often watch, because the proxy server has the function of buffering, and some corresponding relationships between websites and IP addresses can be saved here.
To understand the proxy server, we must first understand its working principle:
Environment: In the local area network, there is a machine with dual network cards, which acts as a proxy server and other computers access the network through it.
1. A machine in the intranet wants to access Sina, so it sends a request to the proxy server.
2. The proxy server checks the sent request, including header and content, and then deletes unnecessary or illegal content.
3. The proxy server reassembles the data packet and then sends the request to the next gateway.
Sina replied to the request and found the corresponding IP address.
5. The proxy server still checks whether the title and content are legal and deletes inappropriate content.
6. Reorganize the request and then send the result to the machine in the intranet.
It can be seen that the advantage of proxy server is that it can hide the machine in the intranet, prevent the direct attack of hackers and save public IP. The disadvantage is that you have to go through the server every time, which will slow down the access speed. In addition, when the proxy server is attacked or damaged, other computers will not be able to access the network.
Seventh, the firewall
When it comes to firewalls, as the name implies, they are firewalls. The most basic working principle of firewall is packet filtering. In fact, before packet filtering was put forward, firewalls had already appeared.
Packet filtering is to check whether the header packet contains illegal data, and we will block it.
For a simple example, if there is a Andy Lau concert in the sports center and the ticket inspector sits at the door, he will first check whether your ticket corresponds to today's ticket, then tear off the one on the right and tell you where the concert is and how to get there. This is basically the workflow of packet filtering.
You may often hear the boss say: Add a machine, it can ban websites we don't want, and it can ban some emails. It often sends us spam and viruses, but no boss will say: adding a machine can block packets we don't want to access. That's actually what it means. Next, I recommend several commonly used packet filtering tools.
The most common packet filtering tool is the router.
In addition, there are packet filtering tools in the system, such as ipchain in LinuxTCP/IP.
Windows2000 comes with TCP/IPFiltering filter, etc. Through it, we can filter out unwanted packages.
Firewall is probably the most commonly used packet filtering tool. Now both software firewall and hardware firewall have the function of packet filtering. Next, we will focus on the firewall.
The firewall strengthens the security of the network through the following aspects:
1, policy settings
Policy settings include permission and prohibition. For example, allow our customers to send and receive emails and allow them to visit some necessary websites. For example, firewalls are usually set to allow intranet machines to access websites, send and receive emails, download materials from FTP, and so on. In this way, we will open ports 80, 25,1/kloc-0, 2 1, open HTTP, SMTP, POP3, FTP and so on.
Prohibition is to prohibit our customers from accessing which services. For example, we forbid email customers to visit the website, so we give him 25, 1 10, and close 80.
2、NAT
NAT, that is, network address translation, is used when machines in our intranet want to visit websites without public IP addresses. The working process is like this. A machine in the intranet192.168.0.10 wants to visit Sina. When it reaches the firewall, the firewall changes it to a public IP address and goes out. Usually, we assign a public IP address to each workstation.
The aforementioned packet filtering and proxy server should be used in firewalls, and both have their own advantages and disadvantages. Packet filtering only checks the contents of the header, while the proxy server checks the contents in addition to the header. When the packet filtering tool is closed, all packets will enter the intranet, and when the proxy server is closed, the machines in the intranet will not be able to access the network.
In addition, the firewall also provides encryption, authentication and other functions. It can also provide VPN functions for external users.
Eighth, the demilitarized zone
The demilitarized zone was originally a cease-fire zone proposed during the Korean Civil War. But in our network security, DMZ is used to place websites, mail servers, DNS servers, FTP servers and so on.
We can go out through DMZ, which provides a channel for hackers to come in, so it is necessary for us to add a second firewall to strengthen our network security.
The trouble brought by this is to download from the internet, first of all, we must verify the security, and we have to wait for a while when downloading.
Ninth, IDS.
After using firewall and antivirus, we use IDS to prevent hacker attacks.
IDS is to analyze attack events, attack targets and attack sources. We can use these to resist attacks and minimize the damage.
At present, IDS is not as common as firewall, but it will be the trend in the next few years, and now some governments have begun to use it.
Jin Nuo Netan, Zhonglian Lumeng, Venus Star and other well-known IDS manufacturers in China.
Tenth, VPN.
In the past, we always contacted foreign branches by telephone and email. The branch company looks for some files from the head office through dial-up internet access, that is, using point-to-point protocol, which is safe, but expensive. VPN can solve this problem.
Eleventh, analyze time logs and records.
We should always check firewall logs and intrusion detection logs, and check whether the updated components of anti-virus software are up to date.