Through in-depth analysis of the Power Information Network in three aspects: security protection system, security policy system, and security management system, an appropriate power information network security solution is formed.
1 p2dr2 Security Protection Architecture
Traditional Computer Security Theory only applies certain security measures to information systems. However, as the network structure changes, operating system upgrades, application system changes, and other dynamic factors, this static security measure cannot adapt to the dynamic and multi-dimensional interconnected network environment, so it can adapt to the theoretical system of network security. P2dr2 is the main model that can adapt to the information security protection system (or dynamic information security theory. The p2dr2 model provides operational methods for network security management. The p2dr2 model consists of five main parts: Policy (Security Policy), protection (Protection), detection (Detection), response (response), and recovery (recovery ). Protection, detection, and response constitute a complete and dynamic security cycle. Ensure the security of information systems under the guidance of security policies. Different networks require different policies. Before formulating policies, you need to fully consider the various security problems that may exist in the network. To answer these questions in detail and determine the corresponding protection methods and implementation methods is a complete security policy for the enterprise network. Once the strategy is formulated, it should serve as a guideline for the overall security behavior of the enterprise.
In traditional security methods, protection measures such as access control, encryption, and authentication are taken into account, that is, the protection part of p2dr2 model. But why is such a network still under malicious attacks? According to the p2dr model, protection is an essential part, and the technologies used in protection have been widely used. However, the network with only basic protection is not secure. static security measures such as access control can only protect a certain part of the network system. A large number of security vulnerabilities exist in the network, and attackers can easily bypass the security to prevent network intrusion. Therefore, despite the large investment in static security protection, if you ignore the security risks and attacks that may occur at any time in the network system, you still cannot achieve the security goal. Only by detecting, responding, and recovering the hidden security risks in the system and solving the problems can the network's anti-attack capability be actively improved. Therefore, security cannot rely solely on static protection, but must be well integrated with technology and management to achieve better security protection.
2 solution design
To effectively protect enterprise information resource security applications, the information security solution must adhere to the principle of minimization, that is, to use only the required system services, and must be able to meet the functional requirements of p2dr2 security architecture, security requirements include policy (Security Policy), protection (Protection), detection (Detection), response (response), and recovery (recovery. Here we will explain from the following aspects.
2.1 network security factors
Factors Affecting Network Security include physical security, network isolation technology, encryption and authentication, network security vulnerability scanning, network anti-virus, network intrusion detection, and minimization, they must be considered in designing information security solutions and are the basis for formulating policies and technical implementation of information security solutions.
2.1.1 physical security
Physical security aims to protect hardware entities and communication links such as routers, switches, workstations, network servers, and printers from natural disasters, man-made damages, and eavesdropping attacks. Verify the user's identity and permissions to prevent unauthorized operations. Ensure that network devices have a sound electromagnetic compatibility environment, establish a complete data center security management system, and properly store backup tapes and documents; prevent Unauthorized personnel from entering the data center for theft and destruction. In addition, it is also the main physical security issue to suppress and prevent electromagnetic leakage. shielding measures and pseudo-noise technologies are often used to solve the problem.
2.1.2 network Isolation Technology
The network is segmented and isolated based on different functional, confidentiality, and security levels, which has many benefits to the security of the entire network. A more refined security control system can be implemented to limit the threats caused by attacks and intrusions to smaller subnets, improving the overall security level of the network. Routers, virtual LAN VLANs, and firewalls are currently the main network segmentation methods.
2.1.3 encryption and authentication
The purpose of information encryption is to protect data, files, passwords, and control information in the network and protect the integrity of network sessions. The encryption algorithms can be classified based on whether the keys of both the receiving and receiving sides are the same. They can be divided into symmetric (Private Key) and asymmetric (Public Key) cryptographic algorithms. Symmetric passwords use the same key for encryption and decryption. Common cryptographic algorithms include des, 3DES, idea, RC4, and RC5, symmetric passwords are highly confidential and fast, but must be transmitted through secure channels. Therefore, key management is crucial. In asymmetric passwords, the keys used for encryption and decryption are different, and it is almost impossible to export the decryption keys from the encryption keys. Common cryptographic algorithms include RSA and diffe-Hellman. The advantage of public key cryptography is that it can meet the open requirements of the network and facilitate key management, it is particularly convenient for digital signature and verification, but its algorithm is complex and the Data Encryption rate is low.
Verifying the user name and password of a network user is the first line of defense against illegal access. When a user registers, the server first enters the user name and password, if the verification is valid, the password will be verified again. Otherwise, the user will be rejected from outside the network. It can be seen that the user's password is the key for the user to log on to the network. Unfortunately, In ternet is designed to transmit plain text, including telnet, HTTP, FTP, POP3, and so on, so it is easy to use sniffer) class program listens to the plaintext user password on the network. Therefore, common methods such as SSH, SSL, S/key, and Pgp are used to transmit passwords and data to ensure security.
2.1.4 network security vulnerability scan
Security scanning is an important technology in network security defense. Its principle is to perform one-by-one checks on the possible known security vulnerabilities of the target in the form of simulated attacks. Targets can be workstations, servers, routers, switches, databases, and other objects. Then, the System Administrator submits the security analysis report based on the scan results, which provides an important basis for improving the overall level of network security.
2.1.5 Network Anti-Virus
In traditional enterprise security solutions, network security considerations often only focus on network systems, while ignoring the importance of anti-virus. Although anti-virus software was purchased later, however, because the anti-virus policy is not taken into account during the design, the anti-virus effect is compromised. As a matter of fact, with the development of new technologies, the concept of viruses has gradually evolved from the previous simple infection of boot areas and system files to automatic transmission through the network, in addition, some do not host system files, but are directly parasitic on the operating system. Web pages, e-mails, and shared directories have become the channels for spreading Network viruses, most of the security events that have occurred in recent years are caused by network viruses. Therefore, anti-virus technology has evolved from scanning and killing to real-time monitoring, in addition, there are anti-virus systems for special application services, such as gateway-type virus firewalls and email anti-virus systems.
This paper designs a network security solution for power enterprises from www.66wen. com
2.1.6 Network Intrusion Detection
The purpose of network intrusion detection is to monitor all events on the host and network system, once an attack is detected or other abnormal phenomena are detected, the system takes the truncation, alarm, and other methods to handle the attack and notify the Administrator. At the same time, the relevant event logs are recorded in detail for analysis and evidence collection. Its real-time monitoring and response greatly enhance the security of the network system. Intrusion detection systems are generally classified into host and network models. The former monitors Attack Characteristics on host systems, and the latter monitors packets that meet intrusion characteristics on the network, most of the current intrusion detection systems can be connected with firewalls and anti-virus software to effectively block hacker or virus intrusion.
2.1.7 minimization principle
From the perspective of network security, the more services you open, the more security problems you may encounter. The "minimization principle" refers to the minimum required for normal network operation, such as account settings, service configurations, and inter-host trust relationship configurations in the network. Disabling network services that are not defined in the network security policy and configuring user permissions as the minimum defined by the policy, and deleting unnecessary accounts in a timely manner can greatly reduce the risk of the system. In a network environment without clear security policies, network administrators can reduce the intrusion risk by more than half by simply disabling unnecessary or Unknown network services, deleting trust relationships between hosts, and deleting unnecessary accounts in a timely manner.
2.2 security solution design
The quality of the security solution is directly related to whether the enterprise's information security can be solved. an inappropriate solution not only wastes the enterprise's valuable financial resources, material resources and manpower, in addition, it cannot achieve the effect of protecting enterprise information resources, and a good security solution can bring the best security return with appropriate investment. Therefore, the Design of Security Solutions is crucial. From the perspective of system engineering, it is necessary to carry out specific design in terms of strategy, management and technology to organically integrate information security measures, cooperate with each other, and complement each other, defends against network security at different levels.
2.2.1 Security Analysis
The analysis here refers not to the empty content such as security threat source analysis and network layer security analysis, but to the security analysis specific to the enterprise network, first, you need to determine the assets and information data of the enterprise to be protected, and then analyze the network structure and application, and find potential security risks, so as to solve them in the security policy. A reasonable security solution must implement the design of requirements analysis, risk analysis, security function analysis, and evaluation criteria. Most enterprises generally need to assess the following aspects.
Security requirements for data centers, host environments, network devices, and communication lines;
Security requirements for In ternet access servers; security requirements for Intranet users to securely access In ternet;
Access to intranet users
In ternet monitoring and bandwidth control requirements;
Security requirements for Intranet servers and external website systems;
Security requirements of the email system;
Security requirements for Intranet and Internet data transmission;
Demands for computer virus prevention;
Security requirements for user identity authentication and authentication;
Data confidentiality requirements.
2.2.2 Develop security policies
Security policies play an important role in guiding the overall security solution. For enterprises, the top priority for security is to clarify the business positioning of the website, the types of services provided, and the objects of services provided. This data directly affects the security policy formulation and implementation process. Through a thorough understanding of the overall network topology and system application services, the security objectives, technical and engineering specifications of the system are formulated to ensure the continuity of network security policies from beginning to end. For most enterprises, professional Network Security Services, such as network security risk assessment and network design security assessment, are required to achieve a better level of security. The enterprise's security policy should at least limit the following content after full investigation and research.
Physical security policy;
Access Control Policy;
Open Network Service and operation level policies;
Network topology, isolation methods, dependencies, and trust relationships;
Physical security and protection of equipment and data in the data room;
Division of network management functions and sharing of responsibilities;
User Rights classification and responsibility;
Attack and intrusion emergency handling process and disaster recovery plan;
Password Security;
Network security management;
Update policies for operating systems, applications, and security products;
System Security Configuration Policy.
2.2.3 Security Products and Services
The best security policies must be implemented through technologies and services. Security products and services are equally important. Only by combining the two can they be well combined, to truly implement the security policy. Enterprises can implement security policies by selecting different security products and services based on their system security policies, it should be noted that you must select products that meet the requirements of the enterprise's information network architecture and security protection system to truly achieve network protection and prevent products with vulnerabilities from causing greater harm to system security.
Security products mainly include:
Network Security: scanners, firewalls, intrusion detection systems, and website recovery systems;
Anti-virus: Anti-Virus systems involving servers, gateways, emails, and dedicated systems;
Commercial passwords: virtual private networks, public key systems, key management systems, Encryptors, etc;
Identity Authentication: dynamic passwords, smart cards, certificates, fingerprints, Iris, etc.
Security services mainly include: security demand analysis;
Security policy formulation;
System Vulnerability audit;
System Security reinforcement;
System Vulnerability repair;
Penetration attack test;
Database Security Management and reinforcement;
Security product configuration;
Emergency response;
Network security training.
3 Summary
Because power enterprises have their own numerous network resources, network applications have already involved all aspects of power system work, and information security problems exist, system Analysis and system security solution design of the entire power network resources can meet enterprises' demands for secure network system operation and data security and confidentiality, ensure the safe and stable operation of various power application systems and control systems.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
