How to enhance the network information security guarantee

Sound network and information security safeguards With the popularization of enterprise networks and network openness, **** enjoyment, the expansion of the degree of interconnectivity, the network's information security issues are also increasingly attracting attention. A secure computer network should be characterized by reliability, availability, integrity, confidentiality and authenticity. Computer networks should not only protect computer network equipment security and computer network system security, but also data security. Network Security Risk Analysis The vulnerability of the computer system itself and the vulnerability of the communication facilities*** together constitute a potential threat to computer networks. Information networking makes information public and information utilization free, the result of which is the ****enjoyment and interaction of information resources, and anyone can publish information and obtain information on the Internet. In this way, the problem of network information security has become a core issue that jeopardizes the development of the network, and the Internet connection with the outside world makes the problem of information infringement particularly serious. At present, the insecurity of enterprise network information comes from several aspects such as virus, hacker, Trojan horse and spam. Computer virus is a destructive program that harms the security of computer systems and networks. It can directly damage the computer data and information, but also can occupy a large amount of disk space, seize system resources and thus interfere with the normal operation of the system. With the development of Internet technology, the maturity of the enterprise network environment and the increase of enterprise network applications, the virus infection, the ability to spread and the way from the original single, simple to become complex, hidden, especially the Internet environment and the enterprise network environment for the virus propagation and survival of the environment. Hacker attacks have become a frequent occurrence in recent years, and there have been numerous incidents of server attacks in the network. Hackers use computer systems, network protocols and databases and other aspects of the loopholes and defects, the use of cracked password (password cracking), skylight (trapdoor), backdoor (backdoor), Trojan horse (Trojan horse) and other means of invasion of the computer system, to carry out information damage or occupation of system resources, so that the user can not use the their own machines. Generally, the network of large-scale enterprises have Internet connection, and at the same time, they provide services such as WWW and EMAIL to the outside world. Therefore, the internal network of the enterprise connects to the outside through the Internet for a large number of information exchanges, and about 80% of the information is e-mail, and more than half of the e-mail is spam, and this proportion is still rising year by year. Information security within the enterprise LAN is not to be ignored. Network nodes within the network through the network *** enjoy network resources, it may be inadvertently important confidential information or personal privacy information stored in the *** enjoy directory, resulting in information leakage; and even the existence of insiders to write programs through the network for dissemination, or the use of hacking programs to invade the phenomenon of other hosts. Therefore, network security should not only guard against the external network, but also guard against the internal network. Network Security Measures It can be seen that there are numerous network security risks to be considered, therefore, enterprises must adopt a unified security strategy to ensure network security. A complete security technology and products include: authentication, access control, traffic monitoring, network encryption technology, firewall, intrusion detection, anti-virus, vulnerability scanning, etc.; while the causes of security incidents include technical factors, management factors, as well as security architecture design omissions and other issues. 1. Preventive measures against external intrusion (1) Network encryption (Ipsec) The IP layer is the most critical layer in the TCP/IP network. IP, as a network layer protocol, has a security mechanism that can provide transparent and overlaying security protection for various application services on its upper layer. Therefore, IP security is the foundation of the entire TCP/IP security, is the core of network security. IPSec is currently the only protocol that can provide security for any form of Internet communication. IPSec allows for the provision of stream-by-stream or connection-by-connection security, so it can achieve very detailed security control. For the user, it is possible to define different levels of security for different needs (i.e., IPSec channels with different protection strengths). IPSec provides data confidentiality, data integrity, data source authentication, anti-replay and other security services for the transmission of network data, so that the data is transmitted through the public **** network without fear of being monitored, tampered with and forged. IPSec achieves these purposes by using various encryption algorithms, authentication algorithms, encapsulation protocols, and some special security protection mechanisms, and these algorithms and their parameters are stored in the SA (Security Association) of the two ends of the two ends that carry out IPSec communication, and when the settings in the SA of the two ends are matched, the two ends can carry out IPSec communication. IPSec technology is mainly used in virtual private networks (VPNs). (2) Firewall Firewall is a network security means, is a network communication when the implementation of an access control scale, its main goal is to control access to and from a network by controlling the authority to establish a security control point between the internal and external networks, in and out of the internal network of services and access to control and audit, to prevent users of the external network by illegal means to enter the internal network through the external network, access, interference and damage to the internal network. to prevent external network users from accessing, interfering with, and destroying internal network resources through the external network by illegal means. Logically, a firewall is a separator, a limiter, and an analyzer that effectively monitors any activity between the internal network and the Internet to ensure the security of the internal network. There are software and hardware firewalls, and the software that implements the firewall function is called a software firewall. Software firewalls run on a specific computer, which requires the support of the computer operating system. Firewall systems based on specialized hardware platforms are called hardware firewalls. They are also based on the PC architecture, running some of the cut and simplified operating system, bearing firewall software. (3) Intrusion Detection Deploy intrusion detection products and link them with firewalls to monitor attacks from outside the LAN that bypass or pass through the firewall and trigger the linked firewall to close the connection in a timely manner; and to monitor abnormal behaviors on the main server network segment to prevent attacks from inside the LAN or unintentional misuse and abuse. Intrusion detection is a reasonable supplement to the firewall, helping the system to deal with network attacks and expanding the security management capabilities of system administrators. 2. Preventive Measures against Internal Illegal Activities (1) Identity Authentication Network Security Identity Authentication refers to the technology that confirms the user's identity by the system when logging into the computer network. It is the first and most important line of defense for network security. Before a user accesses the security system, he or she first goes through the authentication system to identify his or her identity, and then the access monitor decides whether or not the user can access a certain resource based on the user's identity and authorization database. The authorization database is configured by the security administrator as needed. The auditing system records the user's request and behavior based on the audit settings, while the intrusion detection system detects whether there is an intrusion in real time or non-real time. Both access control and auditing systems rely on the identity of the user provided by the authentication system. Authentication is extremely important in the security system and is the most basic security service on which all other security services depend. Once the authentication system has been breached, then all the system's security measures will be virtually null and void. Hacker attacks are often the target of the authentication system, so authentication is really the key to network security. (2) Access Control Access control determines the scope of the network that users can access, the protocols used, ports; what kind of resources can access the system and how to use these resources. An access control list can be established on the router, which is a list of commands applied to the router interface, and these lists of commands are used to tell the router which packets can be received and which packets need to be rejected. As to whether a packet is received or rejected, it can be determined by specific instruction conditions similar to source address, destination address, port number, protocol, and so on. With the establishment of access control lists, it is possible to limit network traffic, improve network performance, and provide a means of controlling communication traffic, which is also a basic means of security for network access. As the access control list ACL (Access Control List) table entries can be flexibly increased, so the ACL can be used as a powerful tool for network control, used to filter the inflow and? The ACL can be used as a powerful tool for network control to filter the inflow of and? To? In application systems, means of access control include user identification codes, passwords, login controls, resource authorization (e.g., user profiles, resource profiles, and control lists), authorization verification, logging, and auditing. Proper access control can prevent unauthorized users from accessing data intentionally or unintentionally, and limit the scope and extent of their utilization of resources based on the permissions granted. (3) Traffic monitoring Currently there are many factors that cause traffic anomalies in the network, such as denial-of-service attacks (DoS), the spread of network worms, and a large number of TCP connection requests generated by some network scanning tools, which can easily paralyze network equipment. These network attacks, all of which take advantage of the vulnerability of system services or use the limited nature of network resources, launch large-scale network attacks in a short period of time to consume specific resources, resulting in network or computer system paralysis. Therefore it is very important to monitor the abnormal traffic of the network. Traffic monitoring techniques mainly include SNMP-based traffic monitoring and Netflow-based traffic monitoring. SNMP-based traffic information collection is by extracting the MIB (Management Object Information Base) provided by the network device Agent to collect some specific devices and traffic information related variables. The network traffic information collected based on SNMP includes: number of input bytes, number of input non-broadcast packets, number of input broadcast packets, number of input packet drops, number of input packet errors, number of input unknown protocol packets, number of output bytes, number of output non-broadcast packets, number of output broadcast packets, number of output packet drops, number of output packet errors, and number of output captains. Netflow-based traffic information collection is based on the network traffic information collection realized by the Netflow mechanism provided by the network equipment, and the efficiency and effect of traffic information collection realized on this basis can meet the needs of network traffic anomaly monitoring. Based on the above traffic detection technology, there are many traffic monitoring management software, such software is an effective tool for determining the direction of abnormal traffic flow, through the monitoring of changes in the size of the traffic can help network administrators to find out the direction of abnormal traffic, especially the flow of high volume abnormal traffic, so as to further find out the source and destination addresses of the abnormal traffic. The most direct solution to deal with abnormal traffic is to cut off the physical connection to the source device of the abnormal traffic, you can also use access control lists for packet filtering or traffic qualification on the router to control abnormal traffic. (4) Vulnerability Scanning For a network system, the existence of insecurity, will be the key factor for hackers to attack. As far as the current network system is concerned, in terms of hardware, software, specific implementation of protocols or system security policies may exist certain security flaws that security vulnerabilities. It is crucial to detect the security vulnerabilities of every system in the network in time. Security scanning is one of the important measures to enhance system security, which can effectively assess and analyze the security problems in the system in advance. Vulnerability scanning system is a program used to automatically detect security vulnerabilities in remote or local hosts, which can be divided into: operating system vulnerability scanning, network vulnerability scanning and database vulnerability scanning according to their functions. Network Vulnerability Scanning System, a program to remotely detect vulnerabilities in target networks and host systems over a network, detects and analyzes security vulnerabilities in network systems and devices so as to discover vulnerabilities that may be illegally exploited by intruders. Regular vulnerability scanning of network systems can proactively detect security problems and complete effective protection at the first time, so that attackers have no gap to drill. (5) Anti-virus Enterprise anti-virus system should be systematic and proactive features, to achieve a full range of multi-level protection. Taking into account the virus in the network storage, dissemination, infection of different ways and a variety of ways, accordingly, in the construction of network antivirus system, should make use of a full range of enterprise anti-virus products, the implementation of centralized control, prevention-oriented, anti-kill combination of strategies. Specifically, it is for all possible virus attacks in the network to set up the corresponding anti-virus software, through a full range of multi-level anti-virus system configuration, so that the network does not have a weak link to become a virus invasion gap. Example analysis Daqing Petrochemical LAN is an enterprise network, covering Daqing Petrochemical organs, production plants and other secondary units, the network runs a variety of information management systems, saving a large amount of important data. In order to ensure the security of the network, for the security problems that may exist in the computer network itself, we have taken the following technical measures in network security management: 1. Login to the LAN by using PPPOE dial-up We have implemented identity authentication technology management for network users. Users use PPPOE dial-up to access the LAN, which means that users need to obtain an IP address through dial-up to access the LAN when the physical lines of the network are connected. We choose Huawei ISN8850 Intelligent IP Service Switch as the broadband access server (BAS) and RADIUS server as the user authentication system, and each user registers with a real name so that we can manage the online behavior of users and realize the management of Ethernet access users. 2. Setting Access Control Lists There are dozens of routing switches in our network. On the switches, we configure access control lists to use allow or deny lists based on the source and destination IP addresses or network segments of the information flow to more accurately control the direction of the traffic and to ensure that the IP network is protected from network intrusion. 3. Divide Virtual Subnet In the LAN, we divide different units into different virtual subnets (VLANs). For applications that require particularly high network security, such as medical insurance and finance, we divide separate virtual subnets and isolate them from the LAN, restricting access to other VLAN members and ensuring the confidentiality and security of information. 4. Setting up firewalls at the exit of the network At the exit of the LAN, we set up firewall devices and formulate security policies for firewalls to restrict some unsafe ports and protocols, so that all servers, workstations and network devices are under the protection of firewalls, and at the same time, we configure a logging server to record and save firewall logs, which records in detail the activities into and out of the network. 5.Deployment of Symantec antivirus system We deployed Symantec antivirus system in Daqing Petrochemical LAN, Symantec system has cross-platform technology and powerful functions, the center of the system is the central management console. This management console centralizes the management of servers and clients running Symantec AntiVirus Enterprise Edition; it allows you to start and schedule scans, as well as set up real-time protection, so that you can establish and implement virus protection policies, manage the updating of virus definition files, control active viruses, manage the virus protection of groups of computers, and view the history of scans, virus detections, and events, among other functions. 6. Using efficient network management software to manage the whole network Daqing Petrochemical LAN network environment is relatively complex, containing a variety of cisco switching equipment, Huawei switching equipment, routing equipment and some other access devices, in order to be able to effectively network, we used the BT_NM network resource management system. The system is based on SNMP management protocol, which can realize cross-vendor, cross-platform management. The system adopts the physical topology method to automatically generate the topology map of the network, which can accurately and intuitively reflect the actual connection of the network, including redundant connection between devices, backup connection, balanced load connection, etc., and carry out hierarchical management of the topology structure. The IP address location function of the network software can locate the port of the switch where the IP address is located, effectively solving the problems of IP address theft and finding virus host network hackers. Through the network software can also be realized on the network failure monitoring, traffic detection and management, so that network administrators can be on the fault warning, in order to take timely measures to ensure that the entire network can adhere to a long period of safe and trouble-free operation. 7. VPN system has been established Virtual private network is an extension of the corporate intranet. It can help remote users, company branches, business partners and suppliers with the company's intranet to establish a reliable and secure connection, and to ensure the safe transmission of data. VPNs can be used to realize virtual private lines for secure communications between corporate sites, and virtual private networks for cost-effective secure extranet connections to business partners and users. In order to meet the needs of enterprise users for remote office work, and at the same time to meet the requirements of network security, we have established a VPN system in the petrochemical LAN. the core equipment of the VPN is Cisco's 3825 router, the remote subsidiary adopts Cisco's 2621 router, and the dynamic access equipment adopts Cisco's 1700 router. 8. Start the audit function of the application server in the LAN applications we have enabled the audit function, the user's operation audit and record, to ensure the security of the system.