In some places, Intranet security is people-oriented.

Bkjia.com exclusive interview] The intranet is the most core and confidential platform of the enterprise network. The security of the Intranet not only affects the security of enterprise information, but also is a key issue to ensure business continuity.

Different industries have different requirements for Intranet security. All aspects of enterprise network architecture are related to intranet reliability and security. So how can we effectively manage intranet security? In this regard, we interviewed Mr. Lin Peng, Senior Project Manager of cool 6 Information Department, to see how he planned the Intranet security policies and management.

Lin Peng, Senior Project Manager of cool 6 Network Information Department

BKJIA:We know that Intranet security is a very complicated problem, and there are different Intranet security problems for small, medium, large enterprises or different industries. So what are the internal network security problems of your enterprise?

Lin Peng:At present, the company has a specific security policy, which is being implemented step by step and accompanied by some changes to the enterprise network. However, at this stage, the problem is mainly due to identity authentication, abnormal Behavior Monitoring, access control, Intranet management, and implementation of policies. For example, how to prevent and control targeted Intranet detection and manage VPN login.

BKJIA:What management methods or solutions does your company use to address these Intranet security problems?

Lin Peng:We have just completed 802.1x-related deployment for wired and wireless networks, mainly using Microsoft and H3C devices, 802.1x and domain control authentication are used to meet the authentication requirements of a company.

In addition, I also set up a monitoring server to monitor the company's login and traffic, and to alert abnormal behavior. For example, someone may make some user password guesses, and through abnormal behavior monitoring) can be reflected to me in a timely manner, so as to be able to perform a quick process.

During the implementation of these policies, some issues that were not noticed at ordinary times were also exposed. For example, when an employee logs on with an account, when a vlan authentication fails, this employee uses a VPN to bypass authentication login and access the Intranet. This was a problem that I did not think of at the time. Later, I disabled VPN login through other means. At that time, I used the Microsoft VPN system and later changed it to the Cisco SSL VPN system.

In addition, we have also protected against some specific Intranet attacks, such as ARP attacks and DHCP attacks. Currently, the main operation is to block unnecessary ARP traffic and limit the ARP sending rate. If the transmission rate exceeds the specified rate, it will automatically drop the sending port and send an alarm message. On the other hand, DHCP-snooping technology is used to prevent DHCP attacks and man-in-the-middle attacks.

BKJIA:So in the current situation, which of the following aspects do you think there are deficiencies and you want to improve Intranet security?

Lin Peng:Intranet security includes management, technology, and basic information construction. I think it is particularly important to construct basic information.

For example, we divide the entire security event into three parts: ex-in-process-ex-post. We will deploy the security event beforehand. In this case, if an IP address is found to be faulty, the IP address is intruded into the Intranet during the detection process. How long do you need to locate the IP address and the machine on which it is located, who is it? If you want to quickly lock the person in the incident, you need to record some basic information in advance, this requires our security personnel to quickly associate the relevant information with the MAC address, IP address, person name, or computer name to locate the target.

To achieve this goal, we need to establish a database with basic information, which should be updated and maintained frequently. Therefore, we need to constantly improve the basic information.

BKJIA:Many people say that Intranet security is not only a matter of network monitoring, but also a matter of administrator. What do you think of this?

Lin Peng:I am also deeply touched by this aspect. The most fundamental thing about Intranet security is "people", because people are the least controllable. If every employee in an enterprise has a good security awareness, the security work of this enterprise will certainly be very complete. For security management personnel, the whole company is here to help you improve your work. You are not isolated and everyone is consciously cooperating with you.

Of course, you should also work with everyone to do a good job of security. First, we need to know that the administrator of Intranet security is not a blocking person. If you take too many security measures, employees may be bored. From the employee's point of view, tell them what benefits they will get by following your security measures, if you stand on the employee's side, telling them that such operations are beneficial to them may help you, at least better than standing on the opposite side.

In addition, I will regularly provide security training to employees, such as giving lectures and sending technical operation emails. In addition, the help of leaders is also essential. The promotion of leaders is often the most critical to the effective implementation of security systems.

BKJIA:With your understanding, can the technical management systems provided by some Intranet security products on the market be combined with the Intranet security systems of enterprises? What are the problems?

Lin Peng:I personally think that the current security products are similar, and they are more humane than others. However, these things are operated by people, and they also depend on the importance that leaders place on their security policies. If leaders and management personnel do not pay attention to these issues, these devices and products are just furnishings.

Conclusion:

During the interview, Lin Peng also said, "when someone is there, there are rivers and lakes." He described Intranet security management in this way. It can be seen that the root cause of Intranet security is "people ". Only by organically combining technologies, management, and people can we build a three-dimensional Intranet security barrier.

Choose Intranet Security>

Bkjia.com exclusive translation. Unauthorized reprinting is not declined! For reprinted by the partner media, please indicate the source and source of the original article !]