How to create a secure Intranet

Source: Internet
Author: User
Tags dedicated server

Intranet security construction is a system project that requires careful design and deployment. At the same time, Intranet security is also a long-term task, which includes both network security system construction and personnel security awareness training, it also includes the network security protection system construction layer.
In terms of system construction and awareness training, it mainly includes:

1. Network Security Management System Construction

The "three-point technology and seven-point management" in network security construction, which highlights the important position of "management" in network security construction. For a long time, network attacks have emerged as a result of imperfect management systems and poor personnel responsibility.

Despite all network security construction. The construction of the network security management system has been mentioned as an extremely important position. However, according to relevant standards, a comprehensive, feasible, and rational security system can be developed, there are not many projects strictly implemented by them.

This has to be paid attention to by users. During Intranet security construction, the good implementation and implementation of the security system can ensure network security to a great extent, it also provides rational guiding theories for network management and long-term monitoring. For example, the establishment of a sound data center management system, a sound network use system, a person-responsible equipment management system, a network security emergency plan and a regular network evaluation system.

2. Cultivation of security awareness of network users

Analysis of long-term security attack events proves that many attack events are caused by the weak security awareness of personnel, which inadvertently triggers the organization set by hackers and opens emails or webpages with malicious attack attempts. In response to this situation, the primary solution is to improve the security awareness of network users, conduct regular training on related network security knowledge, and comprehensively improve the security awareness of network users, is an effective way to improve network security.

At the network security protection system construction level, it mainly includes:

1. Reasonable Network Security Area Division

For a large local area network. Multiple regions with different security levels are usually divided according to actual needs. The security domains are reasonably divided and the VLAN division technology provided by network devices is used to provide preliminary security protection for the network.

2. Network Security Protection System Construction

Currently, common network security protection systems include firewalls, intrusion detection systems, vulnerability scanning systems, security audit systems, virus protection systems, illegal external systems, VPNs, vulnerability scanning systems, and comprehensive network security management. platforms.

Firewalls are usually used to protect network security boundaries. As it turns out, firewalls are used for security protection between security domains of different security levels in the Intranet, which not only ensures the relative security between security domains, at the same time, it provides convenient conditions for adjusting access permissions in various security domains during routine network operations.

The emergence of intrusion detection largely makes up for the firewall's internal and external protection features. At the same time, real-time monitoring and warning are implemented for the information inside the network. The association between the intrusion detection system and the Firewall creates a Dynamic Real-time protection barrier for important security domains in the intranet.

The record function of the security audit system is used to record operations and data in the network in detail, which provides a powerful original basis for analyzing attack events afterwards.

Use the anti-virus System of the gateway to intercept viruses from outside the network as much as possible, and use a full range of anti-virus clients inside the network for virus protection across the network, the dedicated server Anti-Virus Client is used for servers, and the whole network virus protection system is managed in a unified manner and the virus protection policy is unified.

The illegal extranet system can effectively ensure the legality of nodes connected to the Intranet, and provide real-time warning and blocking for nodes connected to insecure domains through abnormal links.

For important servers in the Intranet, in order to ensure the legitimacy of the identity of the visitor, the identity authentication system is used to confirm the legitimacy of the identity of the visitor, and the access control is carried out for the visitor.

Integrated Network Security Management Platform

Various security devices in the network work together to provide corresponding security data. The network security management platform provides a unified and comprehensive analysis of each data to generate a Security Analysis Report for the entire network, it provides guiding suggestions for policy formulation of network security devices and management of network security systems.

Related Links: secure and controllable Networks

When building a relatively closed internal network, enterprises must ensure full control over the network. The so-called full control includes the following layers:

1. Monitoring of nodes connected to the network. The internal network is a relatively closed environment. For node information in the network and nodes connected to the internal network, you must perform detailed monitoring and timely prevention.

2. Monitoring of illegal external access. Nodes in the internal network access the outside through improper channels. For example, the nodes are connected to the external network through Modem dial-up, so as to promptly discover and implement security measures.

3. Real-time monitoring and auditing of network data. For the data transmitted in the internal network, real-time monitoring is implemented through network devices, suspicious information is detected in real time and alarms are reported, and corresponding security audits are performed to provide a powerful basis for electronic forensics afterwards.

4. Real-Time Virus monitoring. Provides real-time virus prevention for internal networks, and monitors the protection status of viruses in the networks in real time, including important server, workstation, and work PC network security systems.

5. unified monitoring across the network. Unified management of security data across the network, unified issuance of security policies, unified analysis of security data, security conditions and risk levels across the network

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.