How to consolidate enterprise's network security

Almost all enterprises to network security attention to a sudden increase in the procurement of firewalls and other devices want to block from the Internet security factors. However, attacks and intrusions within the intranet are still rampant. It turns out that the insecurity inside the company is far more terrifying than outside harm.

Most enterprises attach importance to improve the security of the enterprise network border, aside from mentioning their investment in this aspect, but the core intranet of most enterprise network is still very fragile. Enterprises also implement the corresponding protection measures for the internal network, such as: installation of Diovan even hundreds of thousands of of the network firewall, intrusion detection software and so on, and hope to achieve the intranet and the Internet security isolation, however, this is not the case! In enterprises, people often use the modem dialing method, Mobile phone or wireless network card and other ways to surf the internet, and these machines are often placed in the intranet, the existence of the enterprise network has brought huge potential threat, in a sense, the enterprise spent heavily equipped with the firewall has lost its meaning.

The existence of this type of access, it is very likely that hackers bypass the firewall and the enterprise unknowingly intrusion into the internal network, resulting in sensitive data leaks, the spread of viruses and other serious consequences. Practice has proved that many successful technologies to guard against enterprise network boundary security have no effect on the protection of enterprise intranet. So the network defenders began a large-scale commitment to enhance the internal defense capabilities of the intranet.

Here are 10 strategies to deal with the security challenges of intranet. These 10 strategies are the defensive strategy of Intranet, and also a strategy to improve the network security of large enterprises.

1, pay attention to the difference between intranet security and network boundary security

The threat of intranet security is different from the threat of network boundary. Network boundary security technology to protect against attacks from the Internet, primarily from public network servers such as HTTP or SMTP attacks. Network boundary defenses (such as border firewall systems) reduce the chance that senior hackers can access the enterprise network simply by accessing the Internet and writing programs. Intranet security threat mainly originates from internal enterprise. Vicious hacking attacks typically control a server within a local network, and then use this as a base to launch vicious attacks on other hosts on the Internet. Therefore, the hacker protection measures should be carried out at the border, and the strategy of intranet prevention should be established and strengthened.

2. Restrict VPN access

The access of Virtual private network (VPN) users poses a great threat to the security of the intranet. Because they put a weakened desktop operating system outside the protection of the corporate firewall. It is obvious that VPN users can access enterprise intranet. Therefore, you should avoid giving each VPN user the full access to the intranet. This allows you to limit the level of logon permissions for VPN users by using the list of logon control permissions, which means they need to be given the level of access they require, such as access to mail servers or other network resources that can be selected.

3. Establish intranet-type border protection for cooperative Enterprise network

Back to the column page: http://www.bianceng.cnhttp://www.bianceng.cn/Network/Security/

Cooperative Enterprise Network is also a major cause of intranet security problems. For example, although security administrators know how to use the actual technology to end the firewall, protect Ms-sql, but the Slammer worm can still hack into the intranet, this is because the enterprise to their partners access to internal resources. Thus, since you cannot control the partner's network security policies and activities, you should create a DMZ for each cooperative enterprise and place the resources they need to access in the appropriate DMZ, and not allow them to access other resources on the intranet.

4, automatic tracking of security policy

The security strategy of intelligent automatic real-time tracking is the key to realize the network security practice effectively. It has brought about a major change in business activities that has greatly exceeded the effectiveness of the manual security Strategy. The current situation of business activities requires the enterprise to use an automatic detection method to detect various changes in the business activities, therefore, the security policy must be compatible with. For example, tracking the hiring and dismissal of employees in real time, tracking network utilization in real time, and recording a file server that talks to that computer. All in all, make sure that every day's activities follow a security policy.

5, turn off the useless network server

A large enterprise network may also support four to five servers to send e-mail, and some enterprise networks will also have dozens of other servers monitoring SMTP ports. There is likely to be an attack point for potential mail servers in these hosts. Therefore, the network server should be interrupted one by one for review. If a program (or a logical unit in a program) is running as a window file server but does not have a file server, turn off the shared protocol for that file.

6. Protect important Resources first

If a network of tens of millions of units (such as 30000) machine, it is very unrealistic to expect to keep each host in a locked state and patch status. The security considerations of large enterprise network generally have the merit problem. In this way, first of all to the server to do a benefit analysis and evaluation, and then the intranet of each network server for inspection, classification, repair and reinforcement work. Be sure to identify important network servers, such as real-time tracking of customers ' servers, and restrict their management. This can quickly and accurately determine the most important assets of the enterprise, and do a good job in the location of the network and restrictions.

7, establish a reliable wireless access

Review the network to establish a foundation for wireless access. Eliminate meaningless wireless access points, ensure that wireless network access is mandatory and available, and provide a secure wireless access interface. Place access points outside the border firewall and allow users to access through VPN technology.

8, the establishment of a safe passenger visit

For visitors do not have to give them the right to open the intranet. Many security technicians perform the "Internal no Internet access" strategy, which makes the employee give the customer some illegal access rights, which leads to the difficulty of real-time tracking in the intranet. Therefore, it is necessary to establish a passenger access network block outside the border firewall.

9. Create Virtual boundary protection

The host is the primary object of the attack. Rather than trying to keep all hosts from being attacked (which is not possible), it is better to try to make it impossible for an attacker to attack the intranet through an attacking host. Therefore, it is necessary to solve the problem of the use of enterprise network and the establishment of virtual boundary protection in business scope. Thus, if a market user's client is hacked, the attacker will not be able to enter the company's r&d. Therefore, we should realize the control of the access rights between the company R&d and the market. We all know how to build a perimeter firewall between the Internet and the intranet, and now we should also be aware of the border protection between the different business user groups on the Internet.

10. Reliable Security decision

The network user also has the security hidden danger. Some users may be very deficient in network security knowledge, such as not knowing the difference between radius and tacacs, or the difference between proxy gateways and packet filtering firewalls, and so on, but they are partners in the company and users of the network. Therefore, the enterprise network will make these users easy to use, so as to guide them to automatically respond to network security policies.

In addition, in the technology, the use of security switches, important data backup, the use of proxy gateways, to ensure the security of the operating system, the use of host protection system and intrusion detection system, etc.