Terminal security network access and active defense-terminal security overview

Text
/
Zhang tingwei

With the development and integration of computer and network communication technologies, the "terminal" we understand has changed in the traditional sense, it is not only the desktop and notebook Power connected to the network cable in the Network
Brain, including mobile phones,
PDA
,
PSP
Game
New mobile devices such as playbooks and e-readers. These terminals pose a huge challenge to network security: they have many types and are connected in various ways; and they are a large part of the network.
Source and start point
--
Yes
The starting point for users to log on to and access the network is the starting point for users to access the application system and obtain data. It is also the starting point for virus propagation, malicious attacks initiated from the inside, and theft or theft of internal confidential data. Therefore, terminal security management
Management is very important for every enterprise. Good terminal security control technology can ensure that enterprise security policies are truly implemented, effectively control various illegal security events, and curb endless malicious attacks on the network.
And damage.

 

Optimal Choice of terminal security control technology

In terminal security management, the control and implementation of security policies are the basis for implementing all terminal management functions. Security Policy Control Technology
It is enough to authenticate the identity of end users and check the security status. It isolates and forcibly repairs unqualified terminals, so as to effectively promote the construction of Intranet compliance and reduce network accidents.

According to the implementation of security policies, there are currently four main terminal security management technologies used in the industry:

1.

Export Access Control
System

Egress access control is the most easily implemented terminal security management technology in deployment. The idea is to first access and then control, allow users to use the network, and deploy security control devices (such as firewalls and Behavior Control) at the exit.
Gateway ). When you access the Internet, you must perform identity authentication and security check on the security device at the exit before you can access the Internet.

The advantage of exit access control is that it is easy to deploy and does not need to install clients. It also has functions such as traffic control and Internet content audit.
Widely used. Its disadvantage is that it cannot identify whether a user's identity is fake (for example
IP
,
Mac
, Accounts, etc.), cannot control the spread of viruses over the Intranet, and cannot control the behavior of external users secretly accessing the Intranet (such
U
Disk copy, etc.), the terminal security cannot be performed from the source
Control, must be combined with other terminal security control technology to provide a complete terminal security management solution.

2.

Client Access Control

Client Access control is the most common terminal security management technology, which is often combined with anti-virus software and personal firewalls. The principle of client access control is that access to users is not reliable, so
The client security software must be installed on the terminal, and its security status (such as process, registry, boot area, network connection status, and webpage access status) should be monitored at all times. Once an exception occurs, prompt the user or press
Set a policy for processing.

The advantage of client access control is that it has strong control capability and can check
Operating system, network, and application layer security issues. The disadvantage is that users often need to judge by themselves, which requires high security knowledge and occupies a large amount of system resources. At the same time, it cannot guarantee the running status of the client, such as the client access ).

When used within an enterprise, the client cannot be uninstalled, reinstalled, or not running.

3.

Server Access Control

The principle of server access control technology is to install the access control software on the application server.
DHCP
Server,
DNS
Server or proxy server. When a computer terminal accesses the server, the access control software displays a page asking the user to log on and check the security
Full status. Access is allowed if the policy is met. If the policy is not met, access from the other party is rejected and a prompt is given.

Server access control is easy to deploy and has no requirements on the network device environment, but is vulnerable to security attacks (such
DHCP
Attack), and spread the virus to the source client.
It is difficult to control and cannot solve the problem of unauthorized access by external users.

4.

Network Access Control

The principle of network access control technology is to control the network entry and enforce security policies at the access port through network devices. When a user accesses the network, the client software must be run and authenticated.
And security check. The network can be used only after the authentication is passed. As network devices cannot be bypassed, once the client is detached or the operating system is reinstalled, users cannot access the client.

The advantage of network access control is that it works closely with network devices based on user identities, and security policies can be enforced. Its disadvantage is the implementation cost.
High requirements on the network environment and technical personnel, which is widely used in large and medium-sized enterprises.

 

The above four control technologies have their own advantages and disadvantages. However, from the implementation of security policies, the network-based access control technology is difficult due to the difficulties of network equipment.
This ensures that security policies are enforced and that terminal security management is non-repudiation and non-repudiation, at the same time, the problem of external users connecting to the Intranet is solved.
And can be integrated with the traditional security technology and desktop management technology, it can be said that it is the best choice of terminal security technology.

 

Principles and implementation processes of network access control

Currently, common network access control technologies include:
802.1x
,
Portal
,
VPN
Are applied to Lan, Wan,
WLAN
,
VPN
Users connected to various network environments.

To
802.1x
The technology is used as an example. The Administrator has enabled
802.1x
Function, only permitted packets (such as authentication packets,
DHCP
Packets) can pass, pass authentication and security check
The device port is fully enabled and the user is allowed to access the Internet.
Radius
The server sends upstream and downstream messages to the device for execution. The specific process is as follows:

Figure
1

Based on
802.1x
Technical Network Access Control Process

802.1x
The technology can implement access control on the access layer switch, or work with wireless devices and the Ethernet module of the router
Network, wireless users, Wan users, etc. Because
802.1x
Applications are close to user terminals and are generally considered safe. However
802.1x
The technical protocol standards were developed earlier, and there were deficiencies in user authorization.
Hub
It is difficult for users to manage, and there are some problems for switches and other devices.
Required. To this end, each vendor has made a lot of improvements on the basis of the standard agreement.
802.1x
Security, while improving the implementation compatibility and ease of use. For example
H3C EAD
(Terminal Access Control) solution pair
802.1x
And
Radius
Extended, you can set
VLAN
And
ACL
Delivered to network devices or clients, and supported at the same time
Hub
Environment
802.1x
Access and multi-vendor
802.1x
Hybrid networking in the device environment.

Based on the actual deployment and management results, two layers
802.1x
Access methods, while the environment is more complex
Three layers can be used for network boundaries (wireless networks, Wan branches, etc.)
Portal
The Gateway access method combines both security and ease of use. It is a recommended Deployment Solution.

 

Implement active security defense starting from network access

Although the network access-based terminal security solution ensures the implementation of security policies, there is still a problem of passive defense.
Security devices and security software are linked. They cannot actively collect network information and security information, quickly locate attack events, and automatically handle security issues.

Many manufacturers in the industry have also noticed this problem and put forward corresponding technical models, such
TCG
(Trusted computing Alliance)
TNC
In the latest version of trusted network connection technology
And other security devices (firewalls,
IPS
Security Management Center), traffic analysis software, and behavior audit software are linked to achieve collaborative work of network access control,
Through comprehensive security information collection, end-to-end event analysis and Path Tracking, smart
Provides timely and coordinated responses to integrate network components and security components in different fields into a seamless network security defense system.

Figure
2

Yes
TNC
Model
EAD
Terminal security defense system

The core of the active security defense system is the security control center and event management center. The security control center can receive network devices and terminals.
The user's security information can also be used with the Security Event Center device to receive security device information, so as to complete collection and analysis of security events across the network. The security control center can also track abnormal events,
Find the root cause of an event and flexibly send SMS notifications to important events to be responded,
Email
Respond to notifications, switch port closures, user deprecation, blacklist, online reminders, and other operations, and specify the operation execution sequence to achieve
Proactive and systematic security management.

 

Conclusion

Terminal Management is a massive problem. However, as long as the key point of network access is grasped, the terminal security system can be implemented so that every user can
They both develop good habits, integrate other security technologies and management technologies, establish an active defense security system, and continuously improve in practice. This is a feasible approach to terminal security management.

Terminal security management, starting from network access.