Seven problems of security protection configuration for enterprise firewall

Because hacker technology is becoming more and more public, professional, various attacks increasingly frequent, the virus is becoming more and more rampant, major network security incidents are increasing. As the first gate of enterprise security protection, Firewall has become an important part of enterprise network security protection.

However, when we examine the security situation of our country's enterprise network, we still find that there are a considerable number of networks, although the installation of hardware firewall protection equipment, but because the level of the administrator is limited, in the use and configuration of firewalls there are some problems, and can not maximize the role of firewall security. Below, in Datang Long company engaged in network security front-line work of the author to enumerate some of the actual work occurred in the phenomenon, the problem to help our network administrator to better protect the network of enterprises.

Question one:

A State organ, after the firewall put into operation, implemented a set of more stringent security rules, prohibit internal staff use QQ Chat, but not long before employees with PC dial-up Internet access, resulting in infected with Trojan and worm shock waves and other viruses, and immediately spread in the internal LAN, resulting in a large area of the internal network paralysis.

In this case, we need to be clear that the firewall as a type of border protection network security device, must be deployed at the boundary of the protected network, only in this way, the firewall can control all access to the network data communications, to the intruder shut out the purpose. If the perimeter of the protected network is yardsticks and there is an additional entry and exit, the intruder will invade our host in other ways and then attack our entire network further.

We set the firewall strategy, in fact, with the establishment of the Internet Management system strictly related, in the configuration of firewall control strategy, we generally need to first set up the Enterprise Security Network Management system, and thoroughly implement. In the above case, first of all, the unit system should explicitly prohibit the unauthorized dial-up Internet behavior, in order to prevent the occurrence of multiple exports. At the same time, in the formulation of strategies, but also to consider the needs of employees, can be added to the time period of firewall rules, such as in the part-time hours to open the staff QQ online chat and other permissions.