Design Institute Intranet Security Solution

User features of Intranet Security Cases

There are a large number of design documents, survey data and other value information that need to be protected with emphasis. In particular, the survey data has been included in the scope of national defense strategic information and needs to be protected with emphasis;

The design documents submitted for the customer are relatively large, and the editing software of each professional department of the Design Institute is highly professional, with a large number of documents;

In-hospital information systems have adopted some security measures and established certain security management systems. professional design departments are isolated from the Internet, and sensitive data is exchanged with dedicated personnel;

The design document itself is a product. After being sold to the user, you need to control the use of file circulation.

Requirements Analysis of Intranet Security Cases

From the analysis of the Design Institute's personnel composition, business processes and data transfer characteristics, the design institute's Intranet security system should focus on the following aspects:

1. Data outbound control. As a competitive intellectual product, design drawings and related documents formed by the design institute focus on how to effectively control access permissions and prevent malicious results plagiarism during the file transfer process between customers and partners.

2. Computer login authentication control and server access authorization; all design materials and design achievements shared by the design institute are stored on the shared server in a unified manner, and server access authorization must be managed in a unified security manner.

3. The storage of large-capacity professional computer data files is kept confidential. For design files stored on servers and various designer terminals, unified encryption is required and hierarchical access permissions are set.

4. Confidentiality of internal data transmission. In consideration of the need for Mobile Remote Access, data transmission channels must be kept confidential to prevent data listening and other leaks.

Solutions to Intranet Security Cases

The internal network security system of the Design Institute needs to highlight the key points, pay close attention to the confidentiality requirements of the file outband, and fully consider the various risks of active and passive leaks of sensitive data. At the same time, the impact scope of the system on the business of designers should be fully taken into account, and the system performance loss and application constraints caused by security behaviors should be minimized to maintain a reasonable balance between security and availability.

Chinasec provides an overall solution that focuses on the following features:

The user logs on to the computer using the hardware token. the token has a built-in digital certificate for two-factor authentication. Intranet servers are protected by security gateways and can only be accessed by authorized users;

Data stored in the hard disk of a computer is encrypted and transparent to users to prevent data encryption caused by hard disk data loss;

Internal data transmission channels are mainly network and mobile storage devices. The network is divided into different security levels according to the security level. normal communication can be performed between different levels, and access can only be performed between different levels, meanwhile, data in the network is encrypted to prevent illegal computer access;

Management of Mobile storage devices, authorization management of mobile storage devices, can be authorized to read-only, encryption, read/write, disable attributes;

The authorization of the out-of-band file is controlled. The file is encrypted. Only the token or authorization password can be used to open the file. The file can control the file usage time, opening times, editing, and other permissions.

Intranet security has been well applied in the internal network security management of the Design Institute. This solution is based on the Chinasec trusted network security platform and is highly modular and scalable. It can be based on the development needs of the design institute system, extended functions greatly improve the uniformity and efficiency of Intranet security management.

Edit recommendations]