Today many enterprises have built enterprise network and through a variety of channels to access the Internet, the operation of enterprises more and more integration of human computer network, but the resulting network security issues are increasingly clearly placed in front of the network administrator.
For network managers, the security management of the network is directly related to the stability and normal development of enterprise work. and the security requirements of enterprises have their own particularity, in addition to the traditional sense of information security, but also to improve the virus, malicious attacks and physical equipment security precautions.
Based on the practice of the network administrator in the enterprise for many years, this paper focuses on how to strengthen the security management of the Enterprise network. Mainly from the enterprise Internal network security management and virus prevention, Enterprise server security, VLAN based enterprise network security deployment of three angles of investigation and research.
First, enterprise internal network security management and virus prevention
In the network environment, virus spread fast, only stand-alone version of anti-virus products have been very difficult to completely prevent and eliminate network virus, must have a full range of anti-virus products suitable for the LAN.
In the enterprise network, you can configure a high-performance juice machine to install the network version of the anti-virus software control, responsible for the management of the terminal host virus prevention and control work, in each user host installed network version of anti-virus software client. Antivirus software through the console for the setting of timing anti-virus and automatic upgrade settings to ensure that the anti-virus and upgrade the timeliness, so that the network has a strong anti-virus capabilities.
(i) Use and configuration of firewalls
Firewall is the network's first line of defense, generally installed in the intranet and outside the junction of the network, such as all levels of routers. Using firewalls to perform an access control scale when communicating on the network, allow the firewall to agree to visit the user and data into their internal network, while not allowed to shut out users and data, to prevent hackers outside the network to access their own network, to prevent them from arbitrarily changing, moving or even delete important information on the network.
Firewall is a kind of effective and widely used network security mechanism, can effectively prevent the Internet insecurity factors spread to the internal enterprise. Therefore, the firewall is the Enterprise network security important link.
(ii) The introduction of the test system
Intrusion detection System (IDS) is a network security device which monitors the transmission of the network, alerts the suspicious transmission or takes the initiative response. It differs from other network security devices in that it is a kind of active security protection technology. Intrusion detection system is usually installed in the key point of the network, such as Internet access to the router after the first switch, in the intrusion detection system to use audit records, intrusion detection system can identify any activities do not want to limit these activities to protect the system security.
Three WEB, email Security monitoring System
In the network of WWW server, Email server and other links in the use of network security monitoring system, real-time tracking, monitoring network, interception of Internet transmission content, and restore it to the full www,email,ftp, Telnet application of the content, set up to save the corresponding records of the database. Timely find out the illegal content transmitted on the network and take effective measures in time.
(iv) Vulnerability scanning system
To solve the problem of network layer Security, first of all, we must know what security hidden and brittle weaknesses exist in the network. In the face of a large network of enterprises, relying solely on individual technology and experience to find security vulnerabilities, and make assessments. It is obviously unrealistic. We can look for a network security scanning tool that can look up network security vulnerabilities, evaluate and propose modifications, and make the most possible remedy for the latest security vulnerabilities and eliminate security risks by optimizing system configuration and installing security patches. can use a variety of hacker tools, regular network simulation attacks to expose the network vulnerabilities, in order to better detect and eliminate the network security risks.
Five The defense of ARP virus
ARP is the address Resolution protocol abbreviation, that is, addresses resolution Protocol, which is located in the TCP/IP protocol stack in the low-level protocol, is responsible for the resolution of an IP address to the corresponding MAC address. It is the basis of communication for the system. is based on trust, if the destruction of this trust, then the formation of ARP deception. The LAN is often attacked from all sides, cause can not work, which ARP attack is a frequent attack, as long as there is a computer infected with ARP, it may cause the entire LAN can not access the Internet, serious and even may bring the entire network paralysis, which caused great inconvenience to the network users, Therefore, understanding the principle of ARP attack, the defense of ARP attacks is to ensure that the normal work of the enterprise network should be paid attention to a problem. Currently, for ARP attack defense problems, the most is binding IP address and MAC address or using ARP protection software.
Bind with the binding IP address and MAC address, if hundreds of computers are in the network, This workload is very large. So this way is not recommended in large networks, the enterprise is more suitable for the use of ARP protection software, the current ARP protection software A lot of more commonly used ARP tool software is mainly 360ARP firewall, antiarp, color shadow ARP firewall. Can be in such software binding IP address and gateway, in addition to this kind of software will appear in the Hint box virus host MAC address, convenient for us to quickly find the source of the attack, and then clear. According to the actual network environment, we take the corresponding defense methods, or very effective.
(vi) Backup operating system using ghost software
Ghost (is the general hardware oriented Software transfer abbreviation for "General-purpose hardware system transmitter") software is the United States Symantec Company launched an excellent HDD backup Restore tool, can be implemented FAT16, FAT32, Ntfs,os2 and other hard disk partition format partitions and backup of the hard disk restore. The application of the technology effectively solves the crash of computer systems, and it takes a lot of time to reinstall the operating system and subsequent applications. Provides a convenient and efficient way.
Ghos, a backup restore is done in the sector of the hard disk, which means that the physical information on one hard disk can be copied completely, not just the simple replication of the data. Ghost supports backing up a partition or hard disk directly to a. gho extension. Files (Symantec companies refer to such files as mirrored files) and also support direct backups to another partition or hard drive.
Network administrators can complete the operating system and a variety of driver installation, will be commonly used software (such as anti-virus, media playback software, office. Office software, etc.) installed to the system on the disk, and then install the operating system and a variety of common software upgrades, and then optimize the system, and finally do the system disk clone backup, so that the next time the system failure to remove the installation system and related application software trouble, improve efficiency, save a lot of time
Second, the security of Enterprise network server
The security of enterprise network server can be divided into hardware system security and software system security generally.
(i) Security protection of hardware system
The security of the hardware system is mainly to prevent accidental incidents or man-made destruction of equipment. The key of the engine room and cabinet must be managed well, do not let irrelevant personnel enter the computer room at will, put the server room should do a good lightning protection, protection against electricity, fire, waterproof, high temperature and other routine protective work.
(ii) Security protection of software systems
Compared with hardware system, the security problem of server software system is the most.
1, install the patch program
A patch is a program that fixes a system vulnerability. Generally in a software development process, at first there are many factors are not considered, but with the passage of time, the software problems will be found slowly. This time. In order to fix the problems of the software itself, the software developer will release the corresponding patches, most of the enterprise servers are currently using Microsoft's Windows Server operating system, because of the use of more people, the vulnerability is constantly found, so Microsoft also often has a new patch release. We should install the new patches in time, configure the automatic upgrade function, in case the vulnerability is not authorized personnel to use.
2, install the firewall and antivirus software
In the enterprise network, the important data is usually kept on the server of the whole central node, so it is an important task to ensure the security of the enterprise network that the server is protected from virus attack. We can install the latest anti-virus software and firewall on the server, through reasonable configuration to protect against virus damage, to resist the purpose of illegal human invasion.
3, strengthen the operating system Authority management and password management
Delete all illegal users; The guest user is forbidden because the hacker often has system control over the guest, and the administrator should rename the operation and set the password to be complex enough, the password at least 8 characters, including at least three of the four classes of characters, that is, uppercase, lowercase letters, numbers, and symbols on the keyboard.
4, shut down the server does not have the necessary network service
The biggest flaw in system security is the network service, which we should shut down if there is no necessary service in the system, often the more streamlined the more secure the system.
5. Monitoring System Log
The system log records information about hardware, software, and system problems in the system, while also monitoring events that occur in the system. It can be used to check the cause of the error, or to look for traces left by the attacker in the event of an attack, and to resolve the problem in a timely manner.
6. Regular backup and maintenance of server files
To prevent unpredictable system failures or careless user actions, system administrators need to regularly back up important files on the server. Servers are best backed up by raid, and important data should be kept on other servers or backed up on a CD. Monitor the use of resources on the server, delete expired and unwanted files, and ensure that the server runs efficiently.
Three, VLAN-based enterprise network security deployment
VLAN (virtual local area network) that is, "virtualized LAN." Ulan is a kind of data exchange technology which divides LAN devices into network segments logically and realizes virtual workgroup. This technology is mainly used in switches and routers. But mainstream applications are still in the switch. But not all switches have this capability, and only the third-tier switches of the VLAN protocol have this capability.
By dividing the enterprise network into VLAN segment of virtual network, the network management and network security can be enhanced, and the unnecessary data broadcasting is controlled. In a shared network, a physical network segment is a broadcast domain. In a switched network, a broadcast domain can be a virtual network segment consisting of a set of arbitrarily selected second-tier network addresses (MAC addresses). In this way, the division of workgroup in the network can break through the geographical limitation in the shared network, and it is divided completely according to the management function.
VLAN technology is the core of network segmentation, according to different applications and different security levels, the network segmentation and isolation, to achieve mutual access control to limit the purpose of illegal access. In order to improve the security of the network, the different departments of the enterprise should be avoided in the same network segment, and different departments can be divided into different VLAN. Setting up VLANs can also reduce the scope of the ARP virus, the effective scope of the ARP virus is the host with the virus broadcast domain.
Setting up multiple broadcast domains in the enterprise network as needed can effectively inhibit the broadcast storm caused by ARP virus attack. Ulan Technology solves the problem of network management well and improves the security of the network.
Enterprise network security is a systematic project, not only rely on technology, but also need to establish a corresponding management system, all kinds of technology and management means together, can generate an efficient, universal, secure network system.