Seek technical advice to solve Intranet security problems

Intranet security background analysis

In the real world, there are indeed many internal network security dilemmas caused by technical factors, the most important of which is the hybrid platform issue. Even in some small enterprises, there may be more than one operating system environment. For example, advertising companies that require Windows operating systems to handle daily office business and iMac design work. Although some organizations only use the operating systems provided by one vendor, it is difficult to ensure that the operating systems of the same version are used due to different computer hardware configurations.

Novell's server systems are often used to support the operation of hotel business software, and matched terminals even include legacy dos systems. Generally, file services and Web services are controlled by Windows 2003 Server or a later version of the Server operating system, the office area is a mix of desktop operating systems from Windows 98 to Windows XP. Due to the variety of mixed operating systems, hotel administrators need to make a lot of extra efforts to deal with anti-virus, patch updates, data backup, and various internal application services.

When you see these problems, the security administrator will feel familiar. The problems in this list are quite common and popular. They can be used as a priority for Intranet security, or as a ing target when selecting Intranet security tools and technical solutions, the most important thing is that we need to correctly understand which technologies can be used to effectively handle these problems.

Currently, many CIOs in China choose TIPS Security Protection Platform to effectively manage the Intranet. Establish a level-4 protection system: first, establish a trusted and controllable Information System Based on hardware-level protection; second, establish a level-4 credibility authentication mechanism in-depth defense system; the next step is to implement a series of basic protection requirements, such as identity authentication, media management, data protection, security audit, and real-time monitoring. Finally, both security and management are important. The system highlights both security and manageability.

Automatic distribution of system security patches

Many administrators know that Microsoft has provided product patch update solutions for internal enterprise networks, but they have not all deployed and used such updates, after all, it is too convenient to download Secure updates over the Internet. However, in a real application environment, not all terminals can access the Internet without any control.

Windows Server Update Service (WSUS) is a common Patch Update Tool running on the server operating system, the ability to pass and deploy update files to various versions of the desktop Windows operating system that includes the update proxy mechanism. For users who need to restart the control, schedule, update the list, and enrich the management interface, the paid System Management Server (SMS) will be a good choice.

However, in the case of a hybrid platform environment, Microsoft products cannot meet their needs. Enterprises may need to resort to third-party commercial products such as CA's Unicenter to manage patch updates for different operating systems. For non-Microsoft operating systems such as Linux, the need for updating Distribution Tools for enterprise application environments seems less urgent. However, as the proportion of these operating systems increases, it is time to pay attention to it.

Encrypted electronic documents do not affect normal use

For data security, data encryption is one of the most basic measures. For business applications that are relatively open, the system based on public key encryption and certificate authentication is relatively mature and popular, while PKI is the most typical representative. The common CA architecture is relatively simple and has the functions required by most users.

From the computer nodes that store data, there are now a large number of free encryption tools and Data erasure tools available. However, it provides a low level of confidentiality, and encryption at the operating system layer and the application layer often leads to other security problems. For electronic documents with high confidentiality levels, we should try to apply BIOS protection cards and other hardware devices to restrict data access and protect hard disk data through chip-level encryption.

In addition, USB-based storage devices, such as USB flash drives and mobile hard disks, can also perform better data security management through smart judgment and permission control functions. In a higher-end field, users may need to strictly control the data flow, and even stipulate that certain data must be exchanged by means of a CD. Domestic vendors have already put forward a number of effective solutions to these problems.

For example, dingpu technology's one-way data import management system is quite innovative. This system uses the fiber-optic one-way transmission feature to ensure correct data flow at the physical layer. During use, dingpu technology's devices are connected to computer terminals that store classified data, and one end is connected to data sources such as USB flash drives to securely store data, this prevents the leakage of confidential data. It can be seen that, for domestic users who use document encryption as the starting point of Intranet security, only domestic vendors may truly understand the needs of domestic users.

Prevent diffuse wireless signals from leaking valuable data of the Organization

The wireless LAN technology, represented by Wi-Fi, seems to have become a classic example of mutual restrictions between convenience and security. Although the security of Wi-Fi has been relatively weak, providing wireless access in the internal network is still becoming the choice of more and more enterprises. Management of Wi-Fi wireless access points should have a relatively high security intensity and level, at least it cannot be equivalent to other common network nodes.

It is necessary to use WPA to encrypt Wireless Data Communication. Even if the attacker is patient enough, he or she may crack the key from the sniffed data, however, it is more difficult than the old encryption methods such as WEP. If you need a higher security level, you can consider adding token verification and VPN access control on the wireless link to provide strong security control capabilities.

Access Control for various mobile terminals

For laptops and more smart phone terminals, the security management that enterprises can do seems to be insufficient. In addition to controlling Wireless LAN access, this type of terminal may cause many problems. Bluetooth, as an extremely common and fashionable connection method, has some weaknesses in security.

To better connect to other Bluetooth devices, Bluetooth is usually set to a relatively low security authentication level. In fact, many devices are set to the lowest level by default at the factory, for example, this is true for most mobile products. Because only limited security control is provided at the link layer, Bluetooth Security relies more on upper-layer protocols and even application layers for security management.

To achieve Bluetooth Security, you must combine other security verification measures when transmitting data via Bluetooth. Although this is usually difficult to handle, it should not be ignored. For handheld devices, WAP site access is one of the methods for obtaining service processing and office information. Although the WTLS protocol has been simplified for performance consideration, it is still a solution with high security.

Another principle is to try to put the WAP Gateway after firewall protection, because the data is often decrypted when it reaches the WAP Gateway and the protection of WTLS is lost, it is often easy to be captured after it flows out of the WAP Gateway.

Intranet security not only requires enterprises to take appropriate protection measures, but also requires enterprises to use appropriate technologies to crack the attack.