As an enterprise's network security designer, before thinking about security assurance, we should stand at a higher level and examine what security models should be used, this will greatly affect the formulation of subsequent security policies. It sets a tone for the network security infrastructure of the entire enterprise.
Based on your actual work experience, you also feel that the higher your standing height, the more you grasp your knowledge. This article takes a moment to introduce the overall network security model. It can be classified based on different security methods (boundaries and layers), or by system initiative.
1. Border Security (Perimeter Security) Model
The boundary security model focuses on the network boundary and does not care about the security protection of the Network. Including firewalls, application gateways, password policies, and various network access authorization technologies are based on the concept of border security. The boundary security method protects the security of network boundaries, but many internal network systems are also vulnerable.
So this model is obviously not comprehensive, but why are many companies still using it? Small companies usually choose to use the Border Security Model Due to budget shortage or lack of experienced network administrators. Generally, they just buy a firewall. This may be okay for small companies without sensitive information, but it is far from enough for large companies. Recently, customer information of some well-known companies has been stolen, and some have not been stolen for two years. This is not a high level of security protection.
2. Layered Security)
The layered security model not only takes into account the security of network boundaries, but also protects personal systems within the network. All servers, workstations, routers, hubs, and other network devices are protected. To achieve this goal, a common method is to take network partition protection and each slice as an independent network, so that even if the border security measures are broken, the internal system will not be completely affected. Hierarchical security models are the first choice at any time.
3. Active and passive security models
The security model can also be measured by the initiative and response speed. Let's take a look at which system security devices and policies can take the initiative to adjust to prevent attacks, and which ones only respond appropriately after the attacks. Passive Security methods do not act before an attack occurs, while dynamic or active defense begins to respond before the attack occurs. An example of active defense is IDS, which can detect attempts to bypass security protection measures and notify the system administrator when the intrusion is not completed. In addition, IDS can detect various attack technologies used by intruders, and even notify administrators when the attacks have not been implemented.
|
| [Content navigation] | |
| Page 1: computer network security policy experience | Page 1: computer network security policy experience |
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
