Is it safe for enterprises to have firewalls? Is the current enterprise network architecture secure? What are the current problems with enterprise network security infrastructure? The new generation of dedicated security agent devices will be an important part of the enterprise's network security architecture and an effective solution to the above problems faced by the enterprise network!
With the rapid development of the Internet, more and more enterprises are carrying out their services through the network. Many enterprises even feel that their services cannot run normally without the network. Therefore, the importance of network security is evident. Therefore, enterprises invest money in network security at any cost to buy firewalls, email anti-virus systems, or desktop anti-virus systems to prevent virus flooding and hacker attacks. In the view of many enterprises and even system integrators, such a network can be safely protected.
However, because the existing enterprise network security infrastructure is flawed, they cannot defend against new viruses and attacks. Virus Propagation and attack methods are not only transmitted via email, but hidden in complex application layer data and spread through web browsing, Webmail system, chat software, and P2P file sharing applications, however, the existing security facilities of enterprises cannot control these communication channels. Now IT managers have to review their network security systems.
New problems facing Enterprise Networks
At present, enterprise networks face the following problems: Poor processing will directly lead to a decline in productivity, and the ultimate loss is the profit of the enterprise.
Web abuse reduces enterprise productivityThe wide use of web greatly helps enterprises increase productivity and obtain information at an unprecedented speed. However, the Internet is a big dyeing tank, and all kinds of content are filled with news, shopping, sports, pornography, etc. A user's mouse may be taken to a site unrelated to work, this will inevitably lead to a reduction in employee productivity, which in turn leads to a decline in enterprise productivity. In severe cases, the virus may also be carried into the company's Intranet, or the attacker may implant a backdoor, resulting in disastrous consequences. Therefore, inappropriate content is filtered and maliciousCodeAnd virus force removal, management, monitoring and real-time supervision of employees to correctly use the Internet, is a top priority to improve enterprise profits.
Security issues of chat toolsThe chat tools mentioned here refer to real-time information exchange tools such as MSN Messenger. They are called for chatting between friends. Nowadays, such chat tools have become the main tools for enterprise information exchange. However, authoritative researchers have found that these chat systems are designed to focus on flexibility rather than security. The obvious fact is that almost all free chat tools have the function of bypassing the firewall, and the firewall cannot block it. In addition, information exchange between chat users is through the public network and forwarded through the chat server. The information is clearly visible on the network, which may easily lead to the theft of confidential information of enterprises. As mentioned above, chat tools have also become a way to spread a large number of viruses. However, online chat tools are highly efficient and convenient. They are quickly accepted by more and more people. It is inappropriate to simply block them, the key is to adopt an effective Chat control policy and monitor it.
Security issues of Point-to-Point file sharing applicationsPoint-to-Point file sharing application (P2P), known as BT download in China, has become a popular Internet file sharing application in recent years. In this application, each user is both a client and a server, and each user can download the data they need from other users, you can also share the downloaded data to other users who need the data. In this way, because this application eliminates the server bottleneck of traditional download methods, the higher the number of downloads, the faster the download speed. P2P files are usually copyrighted music, movies, and commercial software. However, in enterprise networks, such an application has no reason because it will not only seriously affect network availability, but also become a way to spread viruses, the copyright issues arising from file sharing may also bring potential legal liabilities to enterprises. Therefore, it is necessary to shield and control it from various aspects.
Proxy service solves problems
Why can't the firewall effectively solve the above problems? Because the main function of the firewall is to block external attacks. Most of the firewalls currently used by enterprises are packet filters or advanced status check firewalls. Their main function is to filter data packets according to the rules set by the Administrator, and block attackers from the outside of the network. Most of the attacks caused by access to external resources by internal personnel are helpless.
The firewall cannot check the application layer effectively. The new problems facing CEN have a common feature, that is, Control and Management at the application layer. However, the current Firewalls work at the network layer. Although some firewalls implement the application layer processing function for some protocols, their hardware and operating systems are designed for packet filtering and status check, A dedicated chip is used to quickly match IP addresses and port numbers. If the firewall is required to assemble network-layer data packets transmitted one by one, extract the application-layer data, and then perform complex mode matching, it cannot achieve satisfactory performance. In fact, most of the firewalls currently in use only perform network layer checks. Few users enable the application layer check function, mainly because of performance problems.
The best way to check the application layer is to use a new generation of dedicated security agent devices. A proxy dedicated device is a proxy user's access request. Because all user access traffic must pass through the proxy dedicated device, you can implement in-depth access policy control on proxy devices for users, network protocols, time, and other factors, and use the insert page to remind users of policy violations. At the same time, it provides complete access logs, virus scanning logs, chat logs, and other logs, and forms a report through statistical analysis to identify problems as soon as possible, so as to further improve the control policy.
Dedicated security agent equipment is an important supplement to the existing network security architecture, but it does not replace the firewall. The new concept of network security holds that the Firewall should be used to block attackers from testing intrusions and focus on filtering at the network layer. The Security Proxy dedicated equipment manages and controls external access by internal users, the focus is on the application layer content check. The two complement each other to achieve a comprehensive and optimal security defense architecture and redefine the enterprise's network security prospects.