Current Situation and Countermeasures of Computer Network Security

Source: Internet
Author: User

The current situation of computer network security and the Countermeasures take the main factors affecting the computer network security as a breakthrough, and focus on the Analysis and Prevention of various measures that are not conducive to the normal operation of computer networks, we have a comprehensive understanding of the situation affecting computer network security from different perspectives, so that we can be aware of it, solve the unfavorable factors in the bud, and ensure the security management and effective operation of computer networks.

1. Main factors affecting computer network security

(1) the network system has problems in stability and scalability. The design of the system is not standardized, unreasonable, and lack of security considerations, thus affecting it.

(2) The network hardware configuration is not coordinated. First, the file server. It is the hub of the network, and its operation stability and functional integrity directly affect the quality of the network system. Network Application requirements have not been paid enough attention, and the design and selection considerations are not well-designed, so that network functions are blocked, affecting network reliability, scalability, and upgrading. Second, the network instability is caused by improper Nic workstation selection.

(3) Lack of security policies. Many sites unconsciously expand access permissions on the firewall configuration. Ignoring these permissions may be abused by others.

(4) The complexity of access control configurations can easily lead to configuration errors, giving others a chance to take advantage of them. (5) The management system is not sound, and network management and maintenance are natural.

2. Preventive Measures to Ensure Computer Network Security 2.1 rational structure design of the network system is the key to safe operation of the network. An all-round analysis of the network system design is the primary task of establishing a secure and reliable computer network project.. On the basis of careful research, efforts should be made to design the network operation quality scheme. During the overall design, pay attention to the following issues: Because the LAN uses a broadcast-based Ethernet, the communication data packets between any two nodes are not only received by the NICS of the two nodes, it is also intercepted by the NIC of any node on the same Ethernet. Therefore, as long as any node on the Ethernet is connected for listening, it can capture all data packets that occur on the Ethernet and analyze the packets to steal key information. To remove the inherent security risks of the network system, the following measures can be taken:

(1) the application of network segmentation technology will eliminate network security risks from the source. Because the LAN uses a vswitch-centered and vro-bounded network transmission pattern, coupled with the access control function and layer-3 switching function based on the central switch, therefore, physical segmentation and logical segmentation are used to implement security control over the LAN. The purpose is to isolate illegal users from sensitive network resources and prevent unauthorized listening, secure and smooth information.

(2) replacing a shared hub with an exchange hub is another way to remove potential risks.

2.2 Strengthening Computer Management ensures the security of network systems

(1) Strengthen facility management to ensure the physical security of computer network systems. Establish and improve security management systems to prevent illegal users from entering the computer control room and various illegal behaviors. Focus on protecting computer systems, network servers, printers, and other external devices, and making efforts on the reliable link, inspect, test, and maintain the operating environment (temperature, humidity, cleanliness, three defense measures, power supply joints, cables, and equipment) from time to time; efforts should be made to improve the ability to suppress and prevent electromagnetic leaks, and ensure that computer systems have a sound working environment for electromagnetic compatibility.

(2) Strengthen access control to promote normal operation of the computer network system. Access control is the main measure for network security prevention and protection. Its task is to ensure that network resources are not used and accessed by illegal users. It is one of the most important core policies for network security. First, set up the inbound access function module. Inbound Access Control provides the first layer of access control for the network. It allows users to log on to the network server and obtain network resources, and controls the time when users are allowed to access the network and the workstation on which they are allowed to access the network. Http://www.studa.net user access control can be divided into three processes: User Name identification and verification; user password identification and verification; user account check. If one of the three processes cannot be established, the system is deemed as an illegal user and cannot access the network. Verifying the user name and password of a network user is the first line of defense to prevent unauthorized access. When registering a network user, enter the user name and password. The remote server will verify that the entered user name is valid. If the user name is valid, the password can be further verified. Otherwise, the user will be rejected. The Network Administrator manages the account usage, network access time, and methods of common users, and controls the sites that users log on to and the number of workstations that users access. Second, establish the network permission control module. Network permission control is a security protection measure proposed for illegal network operations. Users and user groups are granted certain permissions. Users can be divided into three types based on access permissions: special users (System Administrators); general users, system administrators assign them operation permissions based on their actual needs; audit users, responsible for network security control and resource usage audit. Third, set up the attribute security service module. Attribute security control can associate a specified attribute with the files, directories, and network devices of the network server. Attribute Security provides further security based on permission security. Network attributes can control the following permissions: writing data to a file, copying a file, deleting viewing, executing, hiding, sharing, and system attributes of a directory or file, it can also protect important directories and files and Prevent Users From accidentally deleting directories and files, performing modifications and displaying. Fourth, establish the network server security settings module. Security Control for network servers includes setting passwords to lock the server console, setting server logon time limits, interval between detecting and disabling illegal visitors, and installing illegal anti-ask devices. The most effective facility for installing an illegal anti-virus device is to install a firewall. It is a barrier used to prevent unauthorized users from accessing a network, and it also controls inbound and outbound communication. Currently, there are three types of firewalls: firewalls with dual Host Architecture, firewalls with Host Architecture shielded, and firewalls with Host Architecture shielded. Popular software include Kingsoft drug overlord, kv3000 +, rising star, and kill. Fifth, establish a file information encryption system. Confidentiality is an important aspect of computer system security. It mainly uses password information to process encrypted data to prevent unauthorized data leakage. Using computers for data processing can greatly improve work efficiency, but it also increases the possibility of leaks while collecting, processing, using, and transmitting confidential information. Therefore, encryption of the information to be transmitted and data stored on various media is one of the effective protection measures. Sixth, establish an intelligent network log system. The log system supports comprehensive data logging and automatic classification and retrieval. In this system, logs will record all operations performed by a user starting from the time a user logs on to the system and ending when the user logs off the system, including logon Failure operations, database Operations and system functions. The log records the operation objects and operation execution time of the machine IP address operated by the user who performs an operation. 7. Establish a sound backup and recovery mechanism. To Prevent Abnormal Damage to storage devices, a disk Fault-Tolerant array consisting of hot swapping SCSI hard disks can be used to perform real-time hot backup of the system in RAID 5 mode. At the same time, a powerful database trigger and important data recovery operations and update tasks are established to ensure that important data can be restored to the maximum extent under any circumstances. Eighth, establish security management institutions. The soundness of security management institutions is directly related to the security of a computer system. Its management organization is composed of security, audit, system analysis, software and hardware, communication, security, and other personnel.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.