LAN security details

I. Review common attack methods

[Vulnerability scanning and exploitation ]:

Attackers can intrude into the system or obtain special permissions by exploiting vulnerabilities in existing operating systems and applications through specific procedures or special vulnerability attacks. For example, webpage Trojans use web browser vulnerabilities such as IE, and SQL injection use web code vulnerabilities.

[Virus Trojan seeding ]:

By inserting viruses or Trojans into the user system, attackers can destroy user data, steal user information, or secretly control the user system. For example, you can install viruses or Trojans on your system by sending an email with viruses or website Trojans.

[DDoS attack ]:

DDoS (Distributed Denial of Service) is a Distributed Denial of Service. The most basic DoS attack is to use reasonable Service requests to occupy too many Service resources, so that the server cannot process legitimate user requests. Many DoS attack sources attack a server together to form a DDoS attack.

[Phishing ]:

Attackers use fraudulent emails, text messages, or QQ messages to lure users into accessing fake websites for cyber fraud. victims often leak their private information, such as bank card numbers, passwords, and ID card numbers. In terms of appearance, attackers can forge almost identical websites and domain names. For example, if the real website of China Merchants Bank is wwwNaNbchina.com, the attacker forged a similar wwwNaNdchina.com site and sent a message to the victim, for example, "your online banking account failed to log on more than 15 times on the xx-xth day, to improve account security, it is recommended to log on to the http://wwwNaNdchina.com site to reset the password ......" To lure them into accessing forged sites to steal users' online banking accounts, passwords, and other information.

In addition, there are also attacks such as password cracking, network listening, and email attacks.

Ii. Lan Security Protection

(1) physical security

Storage location: stores key devices in a separate data center and provides good ventilation and fire fighting.

Electrical facility Conditions

Personnel Management: strictly manage the personnel entering the IDC to minimize direct access to physical devices

Number of people

Hardware redundancy: provides hardware redundancy for key hardware, such as RAID disk arrays, Hot Backup routes, and UPS

Intermittent power supply, etc.

(2) Network Security

Port Management: disable unnecessary open ports. If possible, try to use non-default ports for network services,

For example, you 'd better change the port 3389 used for Remote Desktop Connection to another port.

Encrypted transmission: Try to use encrypted communication methods to transmit data, such as HTTPS, VPN, IPsec ...,

Generally, only TCP ports are encrypted. UDP ports are not encrypted.

Intrusion Detection: Enable intrusion detection to identify all access requests and discard or block attacks in a timely manner.

Click the request and send a warning.

(3) System Security

System/software vulnerabilities: use genuine application software and install various vulnerabilities and fix patches in a timely manner.

Account/permission management: set high-intensity complex passwords for system accounts and change the passwords periodically.

Minimum permissions required by personnel

Software/service management: uninstall irrelevant software and disable unnecessary system services

Virus/Trojan protection: uniformly deploy anti-virus software and enable real-time monitoring

(4) Data Security

Data Encryption: encrypts data with high confidentiality requirements. For example, you can use Microsoft's EFS

(Encrypting File System) to encrypt the File System

User Management: strictly controls users' access to key data and records users' access logs

Data backup: backs up key data and works out a proper backup solution. You can back up the data to a remote device.

Servers, or storage to optical disks, tapes, and other physical media, and ensure the availability of backup

3. Deploy the online anti-virus software

The greatest threat to LAN security is not from external attacks, but from internal LAN attacks.

Due to the lack of security awareness and skills of end users, Internet viruses and Trojans, users may browse the Web page, it is easy to bring viruses and Trojans into the LAN without knowing them.

(1) Introduction to online anti-virus software (features)

You can remotely install or uninstall the client anti-virus software.

Users are prohibited from uninstalling the client anti-virus software.

Unified formulation, distribution and implementation of disease prevention policies across the network

Remote monitoring of the System Health Status of the Client

Provides remote alerts to automatically send virus information to network administrators.

Allow clients to customize anti-virus policies

(2) Deploy Symantec online antivirus software

Symantec Endpoint Protection Enterprise Edition is an online antivirus software launched by Symantec. It consists of a management platform and a client.

It integrates anti-virus, anti-spyware, firewall and intrusion defense, and device and application control functions. Centralized management helps physical and virtual systems Defend against various types of attacks

Deploy Symantec components:

This software requires support for IIS functions. Therefore, IIS7.0 and related ASP. NET, CGI, and IIS6.0 management compatibility role services must be installed on Server 2008.

Iv. Firewall Introduction

(1) concept of Firewall

To prevent hacker intrusion, an enterprise intranet must build a safe "Moat" when accessing the Internet, and use the "Moat" to protect the Intranet. This "Moat" is a firewall.

Ø the firewall name "Fire Wall" is one of the most important network protection devices currently.

All Windows systems have their own firewalls. by enabling the Windows Firewall, attackers can effectively intercept illegal access and intrusion to the system and improve the security of computer systems, for example:

(2) Main Functions of the firewall

V. Strengthen security policies

§ Restrict users' internal and external access

V. record users' online activities

Monitor the Internet access behavior of LAN users

V hidden network topology

§ Hide internal networks

§ Alleviate public IP address shortage

V check security policy

§ Filtering insecure services to improve network security

(3) classification of firewalls

1. Classification by firewall functions

Pack Filter Firewall

Ø hardware firewalls and packet filtering are the most traditional and basic firewall technologies.

It works at the OSI (Open System Interconnection) Reference Model Network Layer

It determines whether to allow data packets to pass through based on the source address, Destination Address, port number, and protocol type of the data packet header.

Application proxy firewall

The software firewall works at the highest level of OSI, that is, the application layer.

Use this firewall to implement strong data flow monitoring, filtering, recording and reporting functions

Status detection Firewall

Ø hardware firewall, which is developed by the packet filter firewall

It can dynamically generate or delete corresponding packet filtering rules based on actual application requirements without manual intervention by the Administrator.

This firewall not only controls packets such as the package's source address, target address, protocol type, source port, and target port, but also records the connection status through the firewall, directly process the data in the package

2. Classification by firewall hardware and software forms

Software Firewall

The Software Firewall runs on a specific computer and requires support from a pre-installed operating system. Generally, this computer is the gateway of the entire network.

The software firewall is similar to other software production ports. It must be installed and run on the computer before it can be used, such as Microsoft's TMG firewall.

Hardware firewall

Ø the hardware firewall uses a dedicated chip to process network packets, and the CPU is only used for management

Using a dedicated operating system platform to avoid security vulnerabilities in general operating systems, such as Cisco Asa firewall

(4) Common Risk firewalls

1. NetScreen series firewalls

Integrates firewall, VPN, intrusion detection, and traffic management functions ()

2. Cisco ASA 5500 Series firewalls

Provides a wide range of functions such as application security, network control, and VPN ()

3. tianrongxin Firewall

Integrates functions such as firewall, anti-virus, intrusion detection, and VPN ()

4. TMG firewall (software firewall)

TMG is one of Microsoft's Forefront product series. It is mainly responsible for the security prevention and protection of network edge areas and can be perfectly integrated with activity directories and NAP, provides comprehensive and convenient security control.

In addition to the main features of the traditional firewall, it also has the following features.

Perfect support for 64-Bit Memory addressing

It is not limited by the addressing of 4G memory and greatly improves the memory read/write and management performance.

Web anti-virus and filtering

Checks Web access through URL filtering, malware check, and HTTS check to prevent viruses and spyware.

Cache

For enterprises that need to handle a large amount of Web traffic, the cache function can greatly improve users' Internet access speed and reduce bandwidth costs.