{Defense} 1-set up network security defense lines

Many people complain that there are too many Windows vulnerabilities, and some even worry about one vulnerability after another. To this end, this article briefly introduces how to build a network security defense line. Disable useless services Windows provides many services. In fact, many of them cannot be used at all. You may not know that some services are opening backdoors for people who are eager to test. There are many services in windows, so I will not introduce them too much here. You can disable certain services according to your actual situation. Disabling unnecessary services not only reduces security risks, but also increases the running speed of windows. Why not? Patch From time to time, Microsoft will provide free patches on the Internet, so you can patch them if you have time. In addition to enhancing compatibility, it is more important to block detected security vulnerabilities. It is recommended that you have the ability to patch your patch based on your actual situation. Firewall Choose a method to completely isolate viruses. The physical isolation FortiGate can prevent more than 10 hacker attacks. Distributed Denial of Service (DDoS) (distributed denial-of-service attacks) ※Syn attack ※icmp flood ※Udp flood IP fragmentation attacks) ※Ping of Death Attack ※Tear drop attack ※Land attack Port Scan attack (Port Scan attacks) IP source attacks) IP spoofing attacks address sweep attacks In winnuke attacks, you can configure FortiGate to send a warning email to the Administrator when being attacked. You can specify up to three Email recipients. The basic measure of the firewall is isolation. After the firewall is installed, necessary settings and time log tracking must be performed on it. In this way, we can exert its maximum power. Here we will focus on the concept of firewall and the connection with the access control list. Here I have integrated the definition of the firewall and access control table on the Internet. Firewall Concept The firewall contains a pair of contradictions (or machines ): On the one hand, it restricts data circulation, and on the other hand, it allows data circulation. Because the network management mechanism and security policy are different, the contradiction is presented in different forms. There are two extreme situations: The first method is to prohibit all non-permitted items, and the second is to allow all non-prohibited items. The first type is secure but not easy to use. The second type is easy to use but insecure, while most firewalls adopt a compromise between the two. Improving access efficiency while ensuring firewall security or security is currently a hot topic in firewall technology research and implementation. Protect vulnerable services By filtering insecure services, firewall can greatly improve network security and reduce the risks of hosts in the subnet. For example, firewall can disable the passing of NIS and NFS services, while firewall can reject both source routes and ICMP redirection packets. Control System Access Firewall can provide access control for the system. For example, allow external access to some hosts and prohibit access to other hosts. Centralized Security Management Firewall implements centralized security management on the enterprise intranet. The security rules defined in firewall can run on the entire internal network system, without setting security policies on each machine on the Intranet. Firewall can define different authentication methods without installing specific authentication software on each machine. External users only need to pass one authentication to access the Intranet. Enhanced confidentiality Using firewall can prevent attackers from obtaining useful information about the attack network system, such as figer and DNS. Record and count network utilization data and illegal use data Firewall can record and collect statistics about network usage through firewall's network communication. Firewall can also provide statistics to determine possible attacks and detection. Policy execution Firewall provides a way to develop and execute network security policies. When firewall is not set, network security depends on the user firewall function of each host. Firewall is a barrier for network security: A firewall (as a blocking point or Control Point) can greatly improve the security of an internal network and reduce risks by filtering insecure services. The firewall can enhance network security policies: All security software (such as passwords, encryption, identity authentication, and auditing) can be configured on the firewall through firewall-centered security solution configuration. Compared with spreading network security problems to various hosts, centralized security management of firewalls is more economical. Monitor and audit network access and access: If all accesses go through the firewall, the firewall can record these accesses and make log records, and also provide statistics on network usage. When a suspicious action occurs, the firewall can trigger an appropriate alarm and provide detailed information about whether the network is monitored and attacked. In addition, it is important to collect the usage and misuse of a network. The first reason is that the firewall can be clear about whether it can withstand the attacker's detection and attack, and whether the firewall has sufficient control. Network usage statistics are also very important for network demand analysis and threat analysis. Prevent internal information leakage: Privacy is a concern of internal networks. by using firewalls to divide internal networks, you can isolate key network segments on the Intranet, thus limiting the impact of local key or sensitive network security issues on the global network. In addition to security, the firewall also supports the Intranet Technical System VPN with Internet service features. Through VPN, enterprises and institutions in the region distributed around the world LAN or dedicated subnet, organically integrated into a whole. It not only saves private communication lines, but also provides technical support for information sharing.