Most enterprises pay attention to improve the security of the border of enterprise network, but do not mention how much they invest in this aspect, but the core intranet of most enterprise network is still very fragile. The following is a few strategies to address the security challenges of the enterprise intranet. These strategies are the defense strategy of the Intranet, and also a strategy to improve the security of the large enterprise network.
Enterprise Intranet protection strategy: Pay attention to the difference between intranet security and network boundary security
The threat of intranet security is different from the threat of network boundaries. Network border security technology to protect against attacks from the Internet , mainly to protect from public network servers such as HTTP or SMTP attacks. Network Perimeter protection ( such as border Firewall system ) reduces the chance that experienced hackers can access the enterprise network simply by accessing the Internet and writing programs. Intranet security threat mainly originates from inside the enterprise. A vicious hacker attack typically takes control of a server inside a local area network andthen bases itself on a vicious attack on other hosts on the Internet.
Enterprise Intranet protection policy: Restrict VPN the Access
Virtual Private Network (VPN) The security of the user's access to the intranet poses a huge threat. Because they place the weakened desktop operating system outside the protection of the corporate firewall. It is clear that VPN users can access the enterprise intranet. So avoid giving every VPN user access to the intranet. This allows you to limit the level of logon permissions for VPN users by using the Login CONTROL permission list, which is to give them the level of access they need, such as access to a mail server or other selectable network resources.
Enterprise Intranet Protection strategy: establishing Intranet-type border protection for cooperative Enterprise network
Cooperative Enterprise Network is also a major cause of intranet security problems. For example, security administrators know how to use the actual technology to complete the firewall, protect the Ms-sql, but the Slammer worm can still invade the intranet, this is because the enterprise gives their partners access to internal resources. Thus, since you cannot control the network security policies and activities of the collaborators, you should create a DMZ for each partner ,and place the resources they need to access in the appropriate DMZ , without allowing them access to other resources on the intranet.
Enterprise Intranet protection Strategy: Security policy of automatic tracking
Intelligent automatic implementation of real-time tracking security policy is the key to effectively implement network security practices. It has led to a major overhaul of business activities, vastly exceeding the effectiveness of manual security strategies. The current situation of commercial activities requires enterprises to use an automatic detection method to detect various changes in business activities, therefore, security policies must also be adapted. For example, real-time tracking of employee hiring and dismissal, tracking network utilization in real time, and documenting file servers that talk to the computer. In short, make sure that all activities on a daily basis follow security policies.
Enterprise Intranet protection strategy: Turn off useless Web servers
A large enterprise network may support up to four to five servers to deliver e-mail, and some enterprises will have dozens of other servers monitoring SMTP ports. These hosts are likely to have a potential mail server attack point. Therefore, the network server should be interrupted one by one for review. If a program ( or a logical unit in a program ) acts as a window file server but does not have a file server, turn off the sharing protocol for the file.
Enterprise Intranet Protection strategy: protecting important resources first
If you have tens of thousands of stations on the intranet ( e.g. 30000 station ) , it is very unrealistic to expect to keep each host locked and patched state. Security considerations for large enterprise networks generally have merit issues. In this way, first of all, the server to do benefit analysis and evaluation, and then each network server in the intranet for inspection, classification, patching and hardening work. Be sure to identify important Web servers ( such as tracking customers ' servers in real time ) and limit them to management. This will be able to quickly and accurately determine the most important assets of the enterprise, and do a good job of positioning and restricting access to the network.
Computer Clinics remind the user should be at the border to expand the hacker protection measures, and establish and strengthen the network prevention strategy.
Network protection strategy: Pay attention to network security