Security Practice: library network maintenance case

Talking about network cabling, network security, and issues that every enterprise is very concerned about, is even more eye-catching in the face of computer network security issues in public places of many small and medium enterprises. It is well known that people accessing the Internet in such a public place are very complicated, with extraordinary malicious damage. So how can we ensure the normal operation of the networks in these public places and ensure the security of hosts at all times? This is the topic to be discussed today.

Library Network Environment

The library is located in bustling downtown with 110 computers, including three cash register computers and a membership charging system. The network is connected to 10 m optical fiber through China Telecom, using four switches, one wireless router, and one hardware firewall. The overall network is operated by a wireless network and a wired network. The wired network is mainly used to face non-mobile hosts, while the wireless network is used to allow laptop users to access the Internet conveniently.

 

Figure 1 network extensions

After the Library's network is connected from a computer device, it uses a hardware firewall to access a wireless route to spread wireless signals. Five connection lines are separated from each other to access the switch, and then the switches are connected to each host.

The Internet administrator of the host device selects a password-lock chassis to prevent hardware loss caused by the opening of the chassis.

Library computer settings

In the face of the network administrator who just took over the library, the computer was first cleared of internal dust to improve the heat dissipation of the Cpu and achieve rapid system operation. Then reinstall the computer system. After the system is installed, security settings are started.

Cashier host Security

This host is related to money posting, so pay special attention to security issues. The following is a security setting method. First, enable the built-in firewall in the system (this is very simple, not detailed here). Then, a port security policy is set up, which causes many harmful virus ports.

 

Figure 2 Port Security Policy

To create an IP Security Policy, choose "start"> "Control Panel"> "Administrative Tools"> "Local Security Policy"> "Local Security Settings"> "IP Security Policy" and create an IP Security Policy on the local computer. IP Filter list-add-pop-up-IP Filter wizard-IP Source-source address (my IP address-target address (any IP address ).

The closed port in the filter attribute. Select protocol type-TCP (UDP)-to this port-text box and enter (port number, for example: 3389). At this time, a port blocking policy is completed, repeat this step to implement multi-port blocking.

(Note: you can find the latest virus attack port number in the search engines)

After completing the above two points of security, the ESET NOD32 antivirus software is installed in the system, and the strict protection mode in the antivirus software is enabled, so that the Cashier host cannot be found on the network, it avoids attacks and access from the Intranet and reduces the harm of data loss and destruction.
 

Figure 3 NOD32 strict protection mode

The simple protection of a cash register is complete. Although only firewall, anti-virus software, and port security policies are used, hackers, attacks, and viruses and Trojans are blocked in a large sense. (The other cash register machines are the same as above)

Reader Internet Security

It is normal for a public machine like a library to access the Internet. To ensure the smooth and secure network connection, we can perform this step in two steps.

First, disable the firewall and automatic update in the security center of the control panel, and then view the virtual memory of the local machine. Generally, the virtual memory settings can be determined based on the memory size of the current computer.

 

Figure 4 control panel Security Center
 

Figure 5 virtual memory settings

After completing the above system acceleration settings, install the system restoration software to restore the system to the performance after the system is restarted. Here, I installed the software: Ice restore, the setting is completely silly, as long as you follow the next step to complete the settings, you can complete the full protection.

 

Figure 6 restoration wizard

For the freezing point interface, you only need to press Shift and double-click the ice point restoration icon in the lower right corner to bring up the page settings. To prevent customers from arbitrarily setting and changing the freezing point settings, the administrator can add the freezing point password to it. If you need to install alternative software in the computer during the protection process, you can set the effect of restoring the software once or several times after restarting in the ice recovery software, in this way, the freezing point restart is formed to protect computer security.