Bkjia.com exclusive Article]
Solution description
1. Problems to be Solved
L website security reinforcement.
L effectively blocks Network Vulnerability attacks.
L records attack logs.
Ii. device description required
A) the Eye of the Green Alliance ice is 600 P.
B) one firewall (Juniper SSG500.
C) One log storage server.
Iii. Solution deployment
4. What should I do for website security reinforcement?
A) Understand website security content
Website security refers to the damage, tampering, and leakage of hardware, Data, programs, and other resources in the website architecture, which are not caused by unintentional or malicious reasons, to prevent unauthorized use or access, the system can maintain service continuity and reliable operation.
B) understand common website attack methods
I. Reject server DDOS attacks)
Ii. ARP attacks
Iii. computer virus attacks
Iv. SQL injection attacks
V. Cross-Site attack
Vi. webpage Trojan
Vii. Vulnerability attacks
5. How to reinforce Website Security
A) The firewall sets an access policy and only opens the external service port. All other ports are disabled.
B) IPS sets intrusion protection rules, blocks attacks, and records attack logs that are detected and blocked.
C) install anti-virus software and arpfirewall on the server to monitor the status of each server in a timely manner.
Vi. Advantages of IPS deployment
1) through the operation on the ice eye console, we found that its control interface is very simple and there are not many menus and monitoring windows, making it easy to use.
2) The Ice eye provides a powerful and comprehensive rule repository. You can select rules based on your network environment and customize rules. Statistics show that the attack recognition rate exceeds 95%, meeting the needs of most users.
3) Multiple alarm methods of ice eye for different intrusion behaviors, the ice eye can display alarms based on different groups such as risk level, attack type, service type, and popularity, and identify the attack effect. In addition to traditional log recording, email prompts, and firewall Association, ice eye also supports TCP Killer disconnection and printer Association for each intrusion.
4) The Ice eye has powerful log analysis and report functions, and a good log analysis component, which can help management personnel from massive and unordered attack events, useful information can be extracted through browsing, searching, sorting, and other means to further analyze the attack behavior of intruders and adjust and reinforce the network accordingly.
5) lvmeng NIPS is connected to the network in a string. because it supports the hardware BYPASS function, you do not have to worry about setting faults to affect network communication.
VII. Summary
With the popularization of computers and the Internet, various worms, viruses, and application layer attack technologies are combined with Email and mobile code to form a composite attack means, making the threat more dangerous and difficult to resist. These composite threats directly attack the core servers and applications of the enterprise, causing significant losses to the enterprise.
Firewall alone cannot solve most network security problems. The development of IPS is a process of seeking to defend against attacks based on accurate detection, IDS functions are extended from pure audit tracking to audit tracking combined with access control. It enables the transition from passive defense to active defense, and closely integrates intrusion detection, virus detection, and firewall functions. IPS conforms to the trend of active defense, function integration, and centralized management in the security assurance system in a timely manner, and is attracting more and more attention. although the current IPS technology is not very mature, with the development of hardware technology and the improvement of data processing capabilities, IPS technology will be increasingly improved and will certainly play an increasingly important role in the information security system.