Internal Network hazards cannot be ignored. An enterprise internal network must have a three-dimensional defense system.

Bkjia.com integrated message: the current network boundary security protection cannot effectively protect network security. Only border security and Intranet Security Management three-dimensional control can effectively protect network security. However, Intranet security focuses on internal network users, application environments, application environment boundaries, and Intranet Communication Security that cause information security threats, intranet security analyzes, processes, and controls information security threats from a more comprehensive and complete perspective, making information security a complete system.

How to build an organic and unified security control system on the Enterprise Intranet to implement three-dimensional real-time supervision and reduce security risks. How to Strengthen technical inspection and management measures to prevent leakage of sensitive information and ensure secure network operation. It is a difficult problem for network administrators.

Level 4 Certification for trusted Protection

Intranet security is not only a stack of security products, but also a simple deployment of security products at the current stage. It is upgraded to a credible and controllable three-dimensional protection system. The four-level trusted authentication mechanism can ensure that the system not only highlights security, but also focuses on management.

Level 1 Certification: hardware-level security protection and access control

Implements physical security reinforcement for computer terminals at the lowest level. For example, you can use the dingpu Computer Security Protection card to implement logon authentication and full disk data protection at the BIOS level, on the one hand, it can prevent unauthorized users from starting from bypassing software protection to steal data. At the same time, it can also prevent users from installing the operating system and detaching installed software systems to change the existing security environment.

Level 2 authentication: operating system-based identity authentication and file protection

Using USB-KEY-based two-factor authentication technology to achieve trusted and controllable operating system login-that is, after the computer hardware is started, you can restrict user permissions, such as whether you can further log on to the operating system, and what permissions can be used for file operations, how to securely store and delete files. How to perform system backup and disaster recovery in the event of a system disaster on the computer terminal.

Level 3 authentication: Implement Authorization Control for Program Installation and Operation

Black/white list control of applications: Only programs signed and authorized by the administrator can run and use on a single terminal to further regulate the use of software programs of end users, it can prevent the spread and spread of viruses and Trojans caused by arbitrary installation and use of programs to the greatest extent.

Level 4 Certification: implement authentication management for trusted computers to access the Intranet

Security and control of network boundaries is a basic problem of Intranet security. It passes the 802.1X authentication protocol-based trusted terminal authentication subsystem, achieve secure network access-only trusted, controllable, and healthy computers with authorized permissions can access the Intranet, and monitor the operation and health status of the incoming terminals in real time, through innovative technical concepts, we can build a trustworthy, trustworthy, and controllable internal network. If it is unhealthy, the protection system will take further measures, such as alarms and network disconnection.

Ignored Intranet risks

Intranet security should also reflect the value of a system. Security Products should complement each other, network Channel security, terminal source security, server protection, and mobile storage media control are important aspects of Intranet security protection.

The use and management of USB flash drives is the most vulnerable to information security incidents in the enterprise intranet, and is also the most easy to be ignored. The core purpose of USB flash drives management is to prevent cross-use of media between internal and external layers and different confidentiality levels, and to ensure centralized, unified, and efficient media management.

Some experts believe that the goal of "one full and two operation cycles" is to fully control the media usage status and configuration information; strictly control the running cycle of media from registration, issuance, use, unified account monitoring, status query after purchase to collection and cancellation; strictly control the running cycle of media from insertion, various operations to removal, tracking and recording, and real-time alarm.

It is reported that ding Pu technology provides the "ding Pu data one-way transmission U disk system", through the U disk Integrated self-contained identity authentication, network connection intelligent judgment module function, it effectively solves the problem that external data is directly imported to the Intranet host of the enterprise through the mobile storage media. At the same time, it ensures that data cannot be written to the USB flash disk in reverse direction, resulting in leakage of Intranet sensitive information.

In addition, the security of the Internet lies in preventing risks before they occur. The security of the Intranet is more focused on monitoring and auditing on the basis of preventing risks. At present, the more advanced practices in the world are based on the terminal host and desktop security, using the C/S, B/S structure of the system design, integrated Monitoring and Audit Management is achieved through the use of driver interception, network-driven filtering, file-driven filtering, encrypted transmission, identity authentication, and access control technologies.

1. How terminal auditing can better serve Intranet Security (figure)
2. Chinasec's intrinsic Intranet security market advances to the petrochemical energy field
3. Expert discussion on Intranet Security Technology Analysis and standards