Block Intranet security vulnerabilities and clear internal concerns to ensure enterprise security

Intranet SecurityEnterprises need to pay attention to this issue. However, CIOs of enterprises have a good understanding of Intranet security. To what extent do they need to improve Intranet security deployment, what are the development trends of Intranet security in terms of product technology. Let's take a look at the article analysis.

Over half of enterprises pay attention to Intranet Security

Network security threats emerge one after another, and network security problems are everywhere. However, there are always priorities. Which of the following areas of security issues must be solved by enterprise users? According to the survey, "Intranet Security" occupies the first place in 54.9%. Second, 25.7% of users choose Internet security, 10.6% choose terminal security, and 8.8% choose Web security.

Apparently, more than half of the users have set "Intranet Security" as the first issue to be solved. At the same time, this also shows that the user's awareness of the importance of Intranet security has reached a considerable level.

Huang Yi, Consultant of the Product Project Department of Beijing Unicom Network Technology Co., Ltd., made it clear that Intranet security management is often more important than internet security management, the leakage of confidential information and intrusion of business systems are often caused by unauthorized internal access and the proliferation of Trojans. Therefore, it is imperative to ensure Intranet security.

As an expert in the field of Intranet security construction, Wan Jun, manager of the strategic marketing department of Beijing dingpu Technology Co., Ltd., told reporters that the concept of enterprise security defense has been more limited to conventional network management-level firewalls), network border vulnerability scanning, security audit, anti-virus, IDS, and other aspects, the main security facilities are mostly concentrated in the machine room, network entrance. It should be said that, under the close monitoring of these security devices, security threats from outside the network have been significantly mitigated. However, with the continuous development of enterprise informatization, security threats from inside the network are gradually highlighted, and the internal security problems of the network become the industry consensus.

In this regard, we can confirm the current security details of enterprise users. In the question "which security details are important to your company currently", 83.2% of users choose virus detection and removal, 69.0% choose database security, and 46.9% choose network device security, 31.9% of users choose patch upgrade management, 31.0% of users choose website O & M security, 27.4% of users choose identity authentication, and 22.1% of users choose information encryption. As you can see, whether it is common virus detection or removal, identity authentication or information encryption, users are quite concerned about this.

"Improving awareness management in place" is the first priority

Why do we need to manage intranet security? We can see from the daily affairs of enterprise employees. Today, many employees occasionally talk about QQ or MSN when they are at work, or they want to play "steal food" or watch online movies on kaixin.com, or simply download software such as BT e-ass to download large-capacity files. These common phenomena in large and small enterprises not only affect the work efficiency of employees, but also occupy the network traffic of enterprises, thus affecting the development of other normal businesses.

Of course, this is not the case. According to the feedback from this survey, 70.8% of enterprises have "employees can log on to MSN, QQ, BT, etc ", 37.2% of enterprises often change their IP addresses to cause conflicts. 62.8% of enterprises often see that a computer is not patched or the patch is incomplete ", 31.0% of enterprises often suffer from illegal intrusion, and 48.7% of enterprises do not completely restrict the storage of Intranet devices and important information ".

It can be seen that nearly of enterprises have the following phenomena: "employees can log on to MSN, QQ, BT, and other content at will" and "a computer is often not patched or not completely patched, in addition, nearly of enterprises suffered from these three troubles.

In addition, according to the survey feedback, among the major security threats currently faced by the enterprise network, 76.1% of users choose Trojan viruses, 14.2% of users choose worms, and 8.8% choose email attacks, 0.9% of users choose phishing/spoofing. It can be seen that the flood of Trojans has reached the point where people are shouting.

It should be pointed out that apart from following Web applications into the Intranet from the Internet, Trojan viruses also have an important channel for transmission, that is, they spread directly on the Intranet terminal through mobile USB flash drives. In this regard, the internal network security products of many security vendors have more or less functions to prevent mobile terminals from spreading viruses. For example, dingpu technology's secure USB flash drive system uses intelligent judgment and permission access control technology to enable data information access control on USB flash drives, it also provides functions such as identity authentication for USB flash drives and protection against unauthorized access and virus theft when carrying out sensitive information. Currently, most users in the finance, telecom, and other industries have applied similar systems to eliminate terminal risks.

Aside from the special nature of the industry and the absence of a single Intranet security product or function, what is the current deployment status of enterprise users for network security. According to the survey feedback, 96.5% of users select anti-virus software, 78.8% of users select the firewall, and 24.8% of users choose VPN secure transmission.) 20.4% of users select the Identity Authentication System, 27.4% of users choose Intranet security management, and 8.8% of users choose IDS/IPS.

Obviously, although nearly of enterprises have deployed anti-virus software and firewalls, this shows that internet security is a preferred stage in the network security construction process, the following focuses on Intranet security.

So where should we start with Intranet security construction? First of all, we can see from the investigation results of the problem "What are the common causes of security incidents in enterprise networks, 48.7% of users choose "network or software configuration error", 28.3% of users choose "weak administrator password", and 62.8% choose "system vulnerabilities ", 74.3% of users choose "employees with weak security awareness and inadequate management", and 15.0% choose "DDoS attacks ".

Obviously, "employee security awareness is weak and management is not in place" is the most common cause of network security incidents in enterprises. This is consistent with the opinions of many CIOs.

Hangjun, webmaster of the feed and pasture management station of Yanggao County animal husbandry service center in Datong City, Shanxi Province, said there are many factors that affect Intranet security management. Among them, the user's level of understanding, importance, and usage habits, this is especially important for the security awareness of ordinary users and the management level of relevant management personnel.

Similarly, in the view of Zhou Junli, Director of the information center of Jilin jiennickel Industry Co., Ltd., to ensure Intranet security, we must first formulate a scientific and sound Intranet security management system to regulate Internet access behavior of employees, second, we should increase the implementation and assessment of the system so that employees can consciously establish information security awareness. Finally, we should use advanced Intranet security management products to technically ensure Intranet security.

From "partial Security" to "partial management"

From a technical point of view, Intranet security actually contains a lot of content, such as how to discover system vulnerabilities on client devices and automatically distribute patches, how to prevent mobile storage devices from interfering with the Intranet at will, how to prevent illegal external connections from Intranet devices, how to control abnormal client operations point-to-point, and how to prevent internal leakage of confidential information.

In other words, unlike the prevention of Internet Security, which focuses on border deployment, the protection of Intranet security involves many links and the corresponding product deployment is more diverse. For example, some focus on Intranet terminal protection, some focus on traffic and internet behavior control, some focus on monitoring and auditing, and some focus on identity authentication or information encryption.

According to Wan Jun, over the past few years, the management of Intranet security is mainly aimed at preventing information leaks. Therefore, strict control over peripherals and ports of computer terminals has become a key demand for product solutions of major manufacturers.

However, as the network security situation evolves, enterprise users not only want to monitor computer terminals, but also want to protect Intranet security from the management perspective. For example, the shipyard mentioned at the beginning of this article locks illegal operations through the Intranet audit system, such as statistics on network traffic, patch distribution, and system software and hardware upgrade management.

This is also reflected in this survey. "In terms of Intranet security management, which part of your company is expected to be enhanced", 51.3% of users choose "monitoring audit" and 26.5% choose "Desktop Management ", 14.2% of users select "document encryption", and 8.0% of users choose "disk encryption ".

In fact, in order to meet user requirements, the vendor's product strategy is also followed up. "Of course, our product policy has also shifted from the initial pure monitoring audit to the current combination of monitoring audit and management, focusing on management ." Wan Jun said, "After all, the focus of Intranet security has shifted from focusing on security to focusing on management. The concept of Intranet is not only focused on security-related, many non-classified enterprises and non-classified businesses also begin to implement Intranet security from the management perspective."

In practical applications, focusing on management requires enterprises not to remedy the problem after the event, but to prevent the occurrence of risks, on the other hand, some concepts and cultures of the company can be reflected in computer Intranet monitoring. For example, Ding Pu's newest network information monitoring system, which parses the content of all networks, can prevent internal computers from leaking sensitive information over the Internet in a timely manner, quickly locate the tracing source to prevent violations. It can also monitor the internet behavior and network traffic of the entire network and computer users, help the network to operate efficiently, stably and securely, and provide effective technical support for information construction and management.

Build a three-dimensional Defense System

"Whether your company has formulated a plan to further strengthen Intranet security management in the next year," the results show that 41.6% of enterprises have, 32.7% of users have not yet, and 25.7% of users are not sure. It can be seen that more than four users intend to enhance Intranet security deployment.

However, there are many factors related to Intranet security, and there are various product forms. It is very important to deploy them in what stages. In general, Intranet security focuses on Intranet users, application environments, application environment boundaries, and Intranet Communication Security that cause information security threats. Therefore, how to build an organic and unified security control system on the Enterprise Intranet to implement three-dimensional real-time supervision is the key to implementing Intranet security deployment.

In Wan Jun's view, ensuring Intranet security cannot rely solely on the stacking of various functional security products. Instead, the deployment of simple security products should go up to how to implement a credible and controllable three-dimensional protection system. For example, a four-level trusted authentication mechanism can enable the system to emphasize both security and management.

Level 1 Certification: hardware-level security protection and access control. Implements physical security reinforcement for computer terminals at the lowest level. For example, you can use the dingpu Computer Security Protection card to implement logon authentication and full disk data protection at the BIOS level, on the one hand, it can prevent unauthorized users from starting from bypassing software protection to steal data. At the same time, it can also prevent users from installing the operating system and detaching installed software systems to change the existing security environment.

Level 2 authentication: operating system-based identity authentication and file protection. The USB-KEY-based two-factor authentication technology is used to achieve trusted and controllable login of the operating system, that is, after the computer hardware is started, user permissions can be restricted, such as whether to further log on to the operating system, and what permissions can be used for file operations, how to securely store and delete files.

Level 3 authentication: Implement Authorization Control for program installation and operation. Black/white list control of applications. Only programs signed and authorized by the administrator can run and use on a single terminal to further regulate the use of software programs of end users, it can prevent the spread of viruses and Trojans caused by arbitrary installation and use of programs to the greatest extent.

Level 4 Certification: Implements authentication management for trusted computers to access the Intranet. Security and control of network boundaries is a basic problem of Intranet security. It passes the 802.1X authentication protocol-based trusted terminal authentication subsystem, achieve secure network access-only trusted, controllable, and healthy computers with authorized permissions can access the Intranet, and monitor the operation and health status of the incoming terminals in real time, through innovative technical concepts, we can build a trustworthy, trustworthy, and controllable internal network. If it is unhealthy, the protection system will take further measures, such as alarms and network disconnection.

Based on the in-depth defense system established by the above four levels of trusted authentication mechanisms, enterprise users must implement protection requirements such as identity authentication, media management, data protection, security audit, and real-time monitoring, in this way, solid and effective security effects can be achieved.

Intranet security management has a great impact on the development of enterprises, and it is hoped that managers of enterprises can pay enough attention to it.