Intranet Security Status Quo Analysis
The theory of Intranet security is relative to the traditional network security. In the traditional network security threat model, it is assumed that all the personnel and devices in the Intranet are secure and trusted, while the external network is insecure. Based on this assumption, Internet security solutions such as anti-virus software, firewall, and IDS are generated. This solution prevents external intrusion, but it is helpless for internal security protection from the network. With the increase in the informatization degree of each organization and the improvement in the user's computer usage level, the occurrence of security incidents starts from the Intranet, leading to the attention of Intranet security. The security risks faced by the Intranet are mainly manifested in the following aspects:
Intranet mobile storage and other devices are not under supervision
USB mobile storage media, laptops, and other devices are used repeatedly in the internal and external networks. They are confidential and copied at will. The hard disks of computer hosts are detached and moved at will, and the Intranet access and access monitoring are lax, damage and improper handling of Used storage devices and peripherals with storage functions may cause leakage of confidential information. At the same time, the virus is transmitted.
Illegal access to confidential computers
Internal computers use telephone lines, ISDN, ADSL, wireless network adapter, GPRS, CDMA, dual network adapter, proxy server, and other methods for Intranet and Internet interconnection, leading to internal leakage of important confidential information and difficulty in monitoring.
Internal attacks and illegal intrusion
TCP/IP protocol system defects and Password Authentication Vulnerabilities allow internal personnel to exploit system vulnerabilities to illegally intrude public or others' Computer Information Systems and steal administrator usernames and passwords, access the important business and application server of the Organization to obtain important internal data.
Management Mode lags behind and policies cannot be effectively implemented
Due to the lack of security awareness, security knowledge, and security skills, internal employees may pose unpredictable potential threats to information security. Managers can disable USB ports and perform regular checks on loose management methods, there is a lack of real-time and flexible means to ensure effective implementation of management measures.
Most Intranet security problems are not caused by malicious behaviors of internal personnel. To a greater extent, vulnerabilities are exposed to unintentional and nonstandard operations and network management negligence, which creates an opportunity for information leakage. If you relax the regulation on the Intranet system, internal personnel may intentionally or unintentionally cause security incidents at any time. Therefore, compared with Internet security, the Intranet security model is more comprehensive and meticulous and requires careful management of all nodes and participants in the internal network, implements a manageable, controllable, and trusted intranet.
Discussion on Intranet Security Management Solutions
Network Information Security is neither pure technology nor simple security product accumulation, but an organic combination of management, technology and strategy. As shown in framework 1 of the information system security system, it consists of a Technical System and a management system.
Figure 1: Information security architecture framework
The Technical System is a technical guarantee system that provides comprehensive information system security protection. The Technical Mechanism considers the implementation of Intranet security at different levels, while the technical management is from the technical perspective, management goals are achieved through implementation of policies and measures. The management system is a process of implementing management with security policies as the core. It consists of three parts: law, system, and training.
Establishment of information security level system
Take corresponding measures for security content at each layer from four aspects: physical layer security, network layer security, system layer security, and application layer security.
Physical Layer Security
It mainly includes communication line security, physical device security, and data center security. Its main goal is to achieve anti-theft, fire prevention, anti-static, and anti-electromagnetic leakage.
Network Layer Security
It is mainly embodied in the security of network devices and information, including network layer identity authentication, access control of network resources, and confidentiality and integrity of data transmission.
System layer security
It is mainly manifested in the security of the operating system and the security configuration of the operating system.
Application Layer Security
This level of security issues mainly consider the security of application software and business data, as well as the threat of viruses to the system.
Security Management Policy Implementation
Security management policy customization is a relatively detailed and complex process. Policy customization requires the ability to configure and control the entire network in multiple layers. If different technical methods have different functions, cannot support each other, and work collaboratively, it will be difficult to maintain and update. Therefore, it is best to use the Intranet security management software integrated with multiple management functions to achieve centralized monitoring of various network security resources, unified policy management, intelligent auditing, and interaction between various security function modules, this effectively simplifies network security management. Security management mainly involves the following aspects.
Access Control
Access control is the basis for authorization, management, and monitoring. authorization management is performed for different users through password authentication, PKI encryption algorithms, and other methods to differentiate users and user groups at different levels, provides multiple security technologies, methods, and means for different levels of security objects to resolve security risks at different levels to meet the actual needs of different layers of networks.
Information Confidentiality
It focuses on registration, authentication, and policy control of Mobile storage devices, and implements access authentication, read/write control, encryption management, and behavior audit for Mobile storage devices on the client.
Resource management
This includes control over computer systems, various peripherals, applications, ports, network connections, files, and other resources, and the combination of authorization and violation records, manage resource usage behaviors to ensure resource usage controllability.
Monitoring Audit
It provides centralized monitoring and audit functions for computer terminal access networks, application usage, system configuration, file operations, and peripheral usage, and generates various audit logs, effective forensics is achieved after an Intranet security event occurs.
Establishment of Management System
A strict and complete management system not only maximizes Information Resource Sharing while ensuring information security, but also makes up for some weaknesses of technical security risks. The establishment and implementation of management systems can provide rational guiding theories for network management and long-term monitoring. The management system consists of three parts: law, system, and training.
Laws
Security-related laws and regulations are the highest code of conduct for information system security and are the reference criteria for formulating management systems.
System
Formulate a series of internal rules and regulations in accordance with security requirements, and set out specific provisions on what needs to be protected, why it needs to be protected, and how to protect the security of classified information systems from various aspects such as responsibility, personnel, location, and behavior, it is fully implemented to make it run through daily work.
Training
Provides security training for all personnel related to Intranet security. The training covers laws and regulations, internal systems, security awareness, and key security defense skills related to positions.
Summary
In the Intranet Security Management System, there is always a conflict between the security, confidentiality, and sharing of intranet information, intranet Information Security Products should provide a convenient, effective, and advanced Intranet Information Security Management and Control Technology and solutions, in the implementation process, administrators often need to find a balance between information security, business efficiency, and structural functions, we strive to propose scientific and feasible solutions at the network business, network behavior, network resources, network security, and network service levels. The organic combination of management strategies and technologies can start from the whole process of network security construction, operation and maintenance, and truly ensure the secure and stable operation of the Intranet.