["Protection-monitoring-trust" system: "Five Boundaries", "five control Points", "three verification"]
Intrusion is to be unexpected, appear in the angle and azimuth that you do not pay attention to, if you have not seen who the intruder is before the blind movement, often step by step passive, be led by the opponent to walk. "Space to win time" is the common idea of security design, space in exchange for you can respond and prepare response time. In real life this is easy to understand, but on the "virtual network", how to build the concept of cyberspace, how to design a security architecture?
Vase model (V2.0) is to interpret the information security architecture from the time dimension, the security incident is the main line, from the process of the occurrence of security incidents, the corresponding security measures are given: the deployment of protective strategies before the occurrence of monitoring anomalies and emergency treatment, after the occurrence of audit forensics and adjustment upgrades, this is a recyclable, Dynamic security protection system.
Establish the concept of network space, first understand the network function division. The diagram below shows a schematic diagram of the network function (non-public service network), a total of five major functional areas: The core is the network "bus" area, data center, Service center is the service delivery area, business Management Center, Operation and Maintenance center (network management and the combination of security), the third party maintenance area is the management area, User access area and remote user access area is the internal user area of the network, the Internet is an external area, the Internet users are not traceable, because even if found that there are outlaws, not the network management personnel can deal with, the need for public security in the field to be possible.