Difficulties and Countermeasures for network security management of confidential organizations

Difficulties and Countermeasures for network security management of confidential organizations

Currently, the internal network security status of the security-related units of science and technology information is generally divided into two parts: Intranet and Internet. The Internet includes the Internet and other networks associated with the unit.
Intranet and Internet are physically isolated. Security Detection programs and resident memory are installed on the Intranet. the interconnection between Intranet computers and other networks will trigger internal network alarms. The Internet anti-virus software is installed on the Intranet.
If an intranet computer is connected to the Internet, an alarm is triggered. Difficulties in internal network management of confidential organizations: Internal Personnel evade monitoring and delete security detection programs without permission; internal personnel uninstall the online anti-virus software without permission and replace other anti-virus software; internal personnel copy files at will to cause leaks; leaks caused by unauthorized use of the organization's network printers and mobile storage devices by internal personnel; unauthorized use of others' authentication passwords; internal staff can modify their host configurations, install illegal software, and use illegal software to damage the network of the Organization; internal staff can change the IP address at will; internal staff may copy or violate regulations to infect other network hosts or servers.
Security Vulnerabilities exist in the network system of the confidential organization. First, security of the computer operating system of the confidential organization. Currently, operating systems that are frequently used by security-related organizations generally have such network security vulnerabilities. Second, the security of the firewall of the security-related organizations. Whether the network firewall products currently used by the security-related organizations comply with the relevant national regulations and whether they can effectively prevent security issues requires further inspection and confirmation.
Third, the internal network security management department of the confidential organization lacks necessary effective technical means to monitor the network system in real time. Fourth, the illegal operations and spread of computer viruses by dedicated personnel and network-related personnel in the security-related organizations.
Strengthen rules and regulations and administrative departments of Network Information Equipment Management should organize personnel to intensify education and strengthen the internal network security management of confidential units. So that everyone can understand the importance of information network security management, consciously regulate online behavior, and fundamentally prevent all kinds of violations.
It is necessary to focus on "security and confidentiality" eight disciplines "and" four prohibitions "," Information System Security protection provision "," Interim Provisions on administrative punishment for violations of internal information networks ", and" confidentiality work "20 mandatory 20 prohibitions", computer information network security management provision, and other confidential education materials.
Security authorities conduct regular network security inspections. 1. Check whether the connected computers of the involved organizations are equipped with wireless network devices such as wireless NICs and Bluetooth devices. Once discovered, unauthorized installation is immediately removed; if the computer cannot be removed, Immediately disable the relevant hardware devices. After the Information and Communications Department has defended the computer against leaks, the computer should be replaced.
The second is to clean up the wireless network applications in the security-related units. check whether there are wireless networks (including Intranet and Internet networks of the security-related units) established by using wireless access devices in the field ), if you find that you have already created a wireless network without permission, you need to fill in the wireless network filing form for the responsible person to clarify the network usage path, the transmitting and receiving devices used, how the security owner manages and the Security Management contact number.
The third is to check whether all the security labels of the Intranet computer of the confidential organization have been pasted. If there are any unpasted labels, they must be immediately pasted to the specified location as required. 4. Check the implementation of security management systems for computers and systems connected to the confidential entities. The maintenance and change of all networked computers and systems must be approved by the communications department of the network access point, and take appropriate security measures, otherwise the connection to the Intranet is not allowed.
Measures should be taken to eliminate hidden security risks in the internal network system of an organization. The network management department of a confidential organization must take necessary measures to prevent the existence of network security from the technical source.
The internal LAN of the confidential organization must adopt the network architecture of switches and routers as the main network transmission equipment, give full play to the switching control function of layer-3 switching, and adopt VLAN Division and other means, further strengthen security control over the internal LAN. If necessary, block all ports except for business needs, and isolate non-working and illegal users from internal network resources as much as possible to strictly prevent illegal intrusion technically, ensures the security of internal network information.
Vigorously implement PKI applications within the security-related organizations. Public KeyInfrastructure (PKI) is a common Public key encryption technology. At present, it has mature security basic platform technologies and specifications. PKI/PMI is used inside the security-related organization to provide encryption and digital signature digital certificate systems for all network applications, and PKI/PMI platform is used for secure data access applications.
The digital certificate must be prepared in strict accordance with the Organization. The actual use of the digital certificate must be recorded accurately by the personnel. Personnel must submit digital certificates immediately after leaving their posts.
Establishes a data information encryption system within a confidential organization. To further enhance the security and reliability of unit data, you can use password information to encrypt sensitive data, change passive defense to active fortification, and strictly manage data. Making full use of the high-speed computing capability of existing computers for data processing further improves the confidentiality and reliability of work technology. It is necessary to formulate detailed feasible solutions for storing and transmitting important sensitive information, adopt different technical preventive measures based on different confidentiality levels, and adopt different storage media, strictly use and keep mobile storage media.
Establish strict firewall measures within the security-related organization. Create intelligent network security logs on the hardware firewall. Security logs automatically record all logon records and operation actions of each user, and the resources and certificates accessed by the server, detailed records of copied information are required. In particular, each step of operations performed by the user must contain Operation Records, focusing on monitoring the operations that access the database.
The security administrator should view the contents recorded in the security log on a daily basis, and focus on reviewing the IP addresses, access types, illegal objects, and execution time of illegal operations of the machines frequently logged on to the database, in order to detect security risks as soon as possible. Further strengthen management and maintenance of internal data servers of confidential organizations. Strict management systems must be established for internal data centers, and personnel access must be strictly controlled. Non-data center staff are strictly prohibited from entering the data center, so that access is recorded and maintained with records.
Fundamentally cut off the hidden channels of data center servers for leaks. Strengthen the Backup recovery mechanism and regularly back up data on a daily basis. Ensures rapid data recovery in extreme situations.