Information Security Review 2 Network Security

Two objects of Network Security Protection:

1) Service Security: ensures the safe operation of network devices and provides effective network services.

2) Data Security: ensures the confidentiality, integrity, and availability of data transmitted online;

3) the network environment is the first line of defense against internal and external attacks. A total of seven control points are arranged.
:

Structure Security

Access Control (network access control and dial-up access control)

Network Security Audit

Border integrity check

Network Intrusion Prevention

Malicious Code prevention

Network device protection

What is the content of level-3 structure security?

1. network resources are required to provide basic protection for the normal operation of the network (level 1)

2. network resources are required to meet the needs of business peaks, and systems of different departments should be separated in the form of network segments (level 2)

3. compared with level 1 and level 2, "processing priority" is added. "main network devices" and "Bandwidth of each part of the Network" are required, which not only meets basic business needs, it should also meet the normal network operation during business peaks to ensure the normal operation of important hosts (level 3)

What is the significance of network access control?

For the network, the most important security line of defense is the boundary. The boundary aggregates all the data streams flowing through the network, which must be effectively monitored and controlled.

What is boundary?

The so-called boundary is the two network connections using different security policies, for example, the connection between the user network and the Internet, the network connection with other business units, and the connection between different departments of the user's internal network. There is a connection and data flows between them. Therefore, at the boundary, it is important to strictly control the access to streaming data (or access to the network. Allow or deny inbound and outbound data according to certain rules.

What is dial-up access control?

If network access control controls the flow of data in the network from the data perspective, then dial-up access control controls users who access the network remotely from the user's perspective. User Access Control should also be permitted or denied according to certain control rules.

What content does Level 3 Access Control contain?

Filters packet header information at the network boundary to control the number of packets.
The inbound and outbound network of data, and basic access control for users
(Level 1)

Data filtering is enhanced to filtering based on session information and improving user access granularity.
Step-by-Step refinement, from user groups to individual users, while limiting the number of users for dial-up access
(Level 2)

Extend the filtering strength to the application layer, that is, filter devices based on different applications.
Access Network restrictions
(Level 3)

How do you understand network security audit?

If security audit is understood as a "logging" function, most of
Operating systems and network devices all have different levels of log functions. But actually only
Logs cannot guarantee the security of the system, nor can they be used for tracking and collecting evidence afterwards. Security
Audit is not a simple improvement of the log function, nor is it equivalent to intrusion detection.

Network security audit focuses on network traffic monitoring and abnormal traffic
And network device operation monitoring. Record the above
Recording and analysis, forming reports, and sending alarms, blocking, and other actions under certain circumstances. Its
Management of security audit records is also one aspect. Various network products
The format of the generated security event records is not uniform, so it is difficult to conduct comprehensive analysis. Therefore, Set
Audit has become an inevitable trend in the development of network security audit.

Why do we still need network intrusion prevention with access control?

Network Access Control plays a major role as a guard in network security.
Line rule matching is the first gate of network security. However, it also has limitations.
The data in and out of the network is analyzed, and there is nothing to do with the internal events of the network.

Network-based intrusion detection is considered as the second security gate after the firewall. It monitors various data packets in the network segment and analyzes each data packet or suspicious data packet, if the data packet matches the built-in rules, the intrusion detection system will record various event information and issue an alarm.

What are the measures to prevent malicious code on the Internet?

Currently, protection against malicious code is a comprehensive and three-dimensional concept. Against evil
By analyzing the source of code introduction, we can see that with the continuous development of the Internet
Malicious Code introduced locally on the network accounts for the vast majority. Therefore, the network boundary is evil.
Prevention of malicious code is the focus of the entire prevention work. The corresponding network anti-virus product is deployed.
After the product, it does not mean "Everything is good". According to statistics, there are an average of 300 types per month (?)
The new virus is detected. If the malicious code library of the product cannot keep up with this speed, the actual detection
The efficiency may be greatly reduced. Therefore, malicious generation in the product must be updated in a timely and automatic manner.
Code definition. This update MUST be frequent and transparent to users.

Why do I need network device protection?
What is protection?

In addition to deploying security measures on network structures and network boundaries
Another important aspect is the protection of network devices that meet these control requirements.
Protection. By logging on to a network device to configure and modify various parameters, the network is directly affected.
Full-featured security functions. Therefore, the protection of network devices is mainly for users before and after logon.
Behavior Control.

 

Not complete, to be continued ..