Currently, all kinds of illegal attacks on the Internet are hard to prevent. To stay away from malicious attacks, we must reinforce the network layer by layer to effectively improve the network security protection capability.
Defends against hacker intrusion
Hacker attacks are emerging in an endless stream. illegal attacks mainly focusing on commercial and economic interests are becoming increasingly popular. The attack technologies they use are also dazzling. For example: malicious users use network listening technology to intercept login account information of Intranet users, impersonate valid Intranet users for malicious login, and obtain important data information in the Intranet; malicious users use network sniffing tools to scan and test the security vulnerabilities and key information of internal network client systems and network devices, such as open TCP ports, network IP addresses, operating system types, saving system files of Logon accounts, and using such information to try Intranet attacks; malicious users continuously ping important servers on the Intranet, causing excessive consumption of system resources of the target server system. In the end, the server system may not work properly or even paralyze.
Because the internal network of an organization often involves a lot of private information of the Organization and even major commercial secrets, it is more important and urgent to prevent malicious attacks and protect the security of important data:
1. Border Security Protection
Data exchange and transmission between the internal network and the external network is an inevitable requirement for the daily office of the Organization. Therefore, it is difficult for any strict security measures to ensure that no security vulnerabilities exist in the intranet, therefore, it is necessary to set up an information security island at the boundary of the Intranet. Information Security Island is used to physically isolate the intranet information of an organization from the Internet, ensuring that the Intranet and Internet information can be securely exchanged and transmitted.
The so-called information security Island is actually an independent transitional network. It neither belongs to the internal network of the Organization nor to the external network. It is located at the junction of the Intranet and Internet, its function is to physically isolate the Intranet and Internet of the Organization to prevent hackers from intruding into the Intranet system of the Organization, and ensure that the data information of the Intranet and Internet can be exchanged and transmitted normally. During work, information security island extracts information from the Internet through certain technologies, and then sends the extracted information to the Intranet of the Organization through the data ferry technology, data exchange and transmission are completed. In this process, the Intranet and the Internet are physically isolated and disconnected, so as to prevent the hacker's long drive.
In addition, to further protect the security of network boundaries, we can use other technical means for security protection, for example, access control, intrusion detection, authentication and authorization, address translation, data filtering, malicious code protection, and virus intrusion testing.
2. Protect server security
In the internal network of an organization, the server system usually plays a very important role, because it is the basis for the stable operation of the entire intranet and the storage center of important intranet data, therefore, protecting the operating environment of the server system should be the focus of Intranet security protection. Based on the importance of servers, we can adopt hierarchical protection to build a secure running environment for servers. The highest security protection level should be professional server systems, the second is the encrypted server system in the Intranet, followed by the common Server System in the Intranet, and finally the public server system.
For professional server systems that are very important and have special requirements, we can use professional security devices to work with the hardware firewall at the boundary of the subnet where the system is located, to prohibit unknown users from accessing the server at will, and automatically encrypt any data that comes in or out of the server system. For encryption server systems that are relatively important, we can connect them to layer-3 switches and divide them into independent virtual working subnets, make sure that the encryption server system is logically isolated from other subnets. At the same time, access control technology is used to allow authorized users to access the server, and unauthorized users are prohibited to access the server. For common server systems that are important, we only need to set appropriate permission rules on layer-3 switches to control the random access of users from the Internet. What we can do for server systems that are directly released to the outside is to use the general intrusion protection technology and network firewall or anti-virus software to protect them.
Defends against virus propagation
Nowadays, network viruses are rampant and spread illegally through network transmission channels. The infected objects are some important executable files in the network. These viruses usually cause great damage, highly contagious. They often use vulnerabilities in various systems on the network to launch illegal attacks to steal control of important systems on the network. Therefore, the Enterprise Intranet security protection system is a very important task to reject cybervirus attacks.
1. Use anti-virus Gateway
Anti-Virus gateway is a hardware device with anti-virus function at the gateway based on the secure operating system platform. This device can analyze and filter data information in and out of the Intranet, prevent virus code from penetrating the device into the internal network of the organization, and effectively prevent worm attacks and spam interference to the normal office of the Intranet. In the internal network of the organization, anti-virus Gateway is an important security line that can prevent viruses from intruding into the Intranet. For example, the author uses the anti-virus gateway of tianrongxin network guard. This device uses stream scanning technology to achieve high performance, while greatly reducing network latency and timeout. Stream scanning starts scanning when a part of a file is received, greatly reducing the total processing time. In traditional anti-virus systems that use random access algorithms, scanning is started only when the entire file is received. The total scanning time is long and the performance is low. The anti-virus gateway implements real plug-and-play without modifying any settings of the existing network. After the anti-virus gateway is deployed on the Intranet of the organization, you only need to connect to the network cable, turn on the power, and perform the appropriate configuration to scan and test the data information in and out of the Intranet, in addition, this is the only bridge between the Intranet and the Internet, which can greatly suppress the crazy intrusion of Internet viruses.
2. Deploy patch servers
The most important thing to prevent network viruses is to prevent worms, which are often spread and spread by exploiting vulnerabilities in the Intranet system, to this end, we need to strengthen the management of vulnerability patches for various application systems in the internal network to ensure that vulnerabilities can be blocked in a timely manner. In view of this, it is necessary to install and deploy the patch distribution server in the internal network so that the application systems in the internal network can directly connect to the server to download the patch, which greatly shortens the Patch Update Time and improves security. In addition, application systems that do not connect to the Internet can access this patch server in the internal network as long as they can install the latest patch at any time, which can effectively prevent the spread of vulnerability-type viruses over the Intranet.
3. Deploy the anti-virus server
In addition to the above security measures, we also need to install and deploy anti-virus servers in the Intranet to force all client systems in the Intranet to automatically update the virus database online, at the same time, we also need to regularly update the virus database for the anti-virus server through the Internet, at least once a week, by constantly upgrading the virus database, to ensure that the anti-virus program can detect new viruses in the Intranet in a timely manner. With the protection of the anti-virus system, virus intrusion across the Intranet can be effectively monitored and managed, and network viruses that appear in the Intranet can be tested and eliminated in a timely manner.
Defends against internal attacks
The so-called "easy to hide, difficult to defend against" is relatively easy to guard against external attacks, and it is very difficult to guard against malicious attacks from the internal network of the Organization. First, some important data information is easily leaked during shared access in the Intranet. Secondly, the network administrator in the Intranet may inadvertently expose the Logon account information with super permissions, or the storage location where important resources in the Intranet are leaked externally, or the Intranet network structure may be leaked. In addition, such a possibility exists, that is, Intranet users intentionally place hacker programs in shared folders for traps. Therefore, to improve network security capabilities, we should not only prevent security threats from the Internet, but also prevent security risks from the Intranet.
To prevent leakage of important information in the Intranet or prevent malicious attacks from the Intranet, we can install and deploy a security risk scanning and monitoring system on the Intranet, host monitoring system, intranet user management system, and Event Analysis and Response System. For important server systems in the Intranet, we also need to separately install and deploy the identity authentication system, resource management system, VPN connection system, content filtering system, firewall system, and IP Address binding. In addition to taking these technical measures, a more important task is to establish an effective Intranet security management system to constrain the Internet access behavior of Intranet users, and regularly supervise the implementation of the Intranet security system. We believe that this will allow you to manage intranet security more effectively.
Defends Terminal Systems
While deploying the key security prevention and control forces on the Intranet server system, we also need to strengthen security prevention for the Intranet common client system, because many illegal attacks are often indirectly implemented through the client system. To protect the security of common terminal systems, you can take the following measures:
1. Update Patches
You must promptly download and install the latest system vulnerability patches from Microsoft's official website to ensure that vulnerabilities in the terminal system can be properly blocked.
2. Security Publicity
It is necessary to regularly publicize the security of Intranet users to improve their awareness of Internet security, these include the failure to run some unknown applications, the need to promptly update the antivirus software virus database, the installation and use of the latest version of the personal firewall, regular vulnerability scanning and virus detection and removal operations, to be from the regular official website download information, and do not easily open the content nearby the unfamiliar mail.
3. Set correctly
Security Settings of IE browser, including hierarchical review, Cookie settings, local security settings, and script settings. To prevent script attacks, open the IE browser window and Click Tools, Internet Options, security, and custom levels ", change the security level to "Security Level-high", and set the script item to "disabled" at the "ActiveX Control and plug-in" location ". After this setting, when the client system users use IE to browse the Web page, they can effectively avoid malicious code attacks on the malicious web page.
4. Cancel sharing
Many times, trojan programs are implanted into the internal network client system through a shared access channel. Therefore, we must cancel all sharing settings for local resources. If shared access is required, you must set the shared resource to "read-only" and the shared access password. To disable sharing, you just need to right-click "Network Neighbor", execute the "attribute" command, and then deselect the selected state of the "file and print share" component.
5. disable Guest
Many illegal intrusions indirectly obtain the superuser's password or permissions through the Guest account. If you do not want to give the client system of the Intranet to others as a toy, it is better to disable this account. Open the control panel, double-click "User Account" and "manage other accounts", and then click the Guest account. Then, close the Guest account.