With the continuous development of science and technology, computers have become an important information tool in people's daily lives, so you know the network security measures? The following is some of my compilation of network security measures for your reference.
Network security measures a network system structure design is reasonable or not is the key to safe operation of the network
Comprehensively analyze the design of the network system of each link is the establishment of a safe and reliable computer network engineering the first task. Should be based on careful study of the next big effort to grasp the quality of network operation of the design program. In order to lift the inherent security risks of this network system, the following measures can be taken.
1, the application of network segmentation technology will be the source of the network to eliminate the problem of security risks. Because the LAN adopts the switch as the center and the router as the boundary of the network transmission pattern, coupled with the access control function based on the central switch and the three-layer switching function, so take the physical segmentation and logical segmentation of the two methods to realize the security control of the LAN, the purpose of which is to isolate the illegal users and sensitive network resources from each other, so as to prevent illegal listening to ensure that the information is safe and smooth.
2. A switched hub instead of a ****-enabled hub would be another way to remove the potential for hidden threats.
Network security measures to protect the second, strengthen the computer management is the network system security assurance1, strengthen the management of facilities, the establishment of a sound security management system, to prevent illegal users to enter the computer control room and a variety of illegal behavior; focus on in the protection of the computer system, network servers, printers and other hardware entities and communication lines from Natural disasters, man-made destruction and hitchhiking attacks; verify the identity of the user and the use of permissions to prevent users from overstepping their authority to operate, to ensure that the computer network system entity security.
2, strengthen the access control strategy. Access control is the main strategy for network security prevention and protection, its main task is to ensure that network resources are not illegal to use and illegal access. Various security strategies must cooperate with each other to truly play a protective role, but access control is one of the most important core strategies to ensure network security.
(1) Access control policy. It provides the first layer of access control. This layer allows which users can log on to the network server and access network resources, controls the time when users are allowed to enter the network and at which workstations they are allowed to enter the network. Access control can be implemented in three steps: identification and verification of user names; identification and verification of user passwords; and checking of user accounts. As long as there is any step in the three-step operation has not passed, the user will be denied access. Network administrators will be ordinary users of the account use, access to the network time, the way to manage, but also to control the user to log into the network of sites and limit the number of users into the network of workstations.
(2) network access control policy. It is a security measure proposed for illegal network operations. Users and user groups are given certain privileges.
*** divided into three types: special users (such as system administrators); general users, the system administrator according to their actual needs for them to assign operating privileges; audit users, responsible for the network security control and audit of resource use.
(3) Establish network server security settings. Network server security control includes setting up password locking server console; setting up server login time limit, illegal visitor detection and closing time interval; installation of illegal access devices and so on. Firewall technology is based on modern communications network technology and information security technology based on applied security technology, more and more used in private networks and public networks in the interconnection environment, especially to access the INTERNET network for more. Logically, the firewall is a separator, a limiter, and an analyzer, effectively monitoring any activity between the intranet and the INTERNET to ensure the security of the internal network.
(4) Information encryption strategy. The purpose of information encryption is to protect the data, files, passwords and control information within the network and to protect the data transmitted over the network. The three commonly used methods for network encryption are line encryption, endpoint encryption, and node encryption. The purpose of line encryption is to protect the line information security between network nodes; the purpose of endpoint encryption is to provide protection for the data from the source user to the destination user; the purpose of node encryption is to provide protection for the transmission line between the source node and the destination node. Users can choose the above encryption methods according to the network conditions as appropriate.
(5) Attribute security control policy. When using files, directories and network devices, network system administrators should assign access attributes to files, directories and so on. Attribute security control can associate the given attributes with files, directories, and network devices on the network server. Attribute security provides further security on top of privilege security. Resources on the network should all be pre-labeled with a set of security attributes. A user's access to a network resource corresponds to an access control table that indicates the user's ability to access the network resource. Attribute settings can override any trustee assignments and valid permissions that have been specified. Attributes of the network can protect important directories and files from accidental deletion, execution modification, display, and so on, by users.
(6) Create a network-intelligent logging system. The log system has a comprehensive data recording function and automatic classification and retrieval capabilities. In this system, the log will be recorded since a user login, to its exit from the system when the end of the execution of all operations, including login failure operation, the operation of the database and the use of system functions. The logs record the IP address of the machine where the user performs the operation, the type of operation, the object of the operation, and the time at which the operation is performed, for later audit verification.
Network security measures, the establishment of a perfect backup and recovery mechanismIn order to prevent abnormal damage to the storage device, can be used by the hot-swappable SCSI hard disk composed of fault-tolerant arrays, RAID5 way to the system's real-time hot backup. At the same time, the establishment of powerful database triggers and recovery of important data operations and update tasks to ensure that in any case so that important data can be maximized recovery.
Network security protection measures four, the establishment of security management organizationThe soundness of the security management organization is directly related to the security of a computer system. Its management body consists of security, audit, system analysis, hardware and software, communications, security and other relevant personnel.
?
Related articles on network security:
1. What is the importance of network security
2. What is the significance of strengthening network security
3. What are the network attacks and precautions
4. Common network security threats and precautions
5. Cases on network security
6. 6. what are the network security precautions in brief