Network analyst Feng zhiliang's Technical Analysis on network security issues

In today's society, the network is becoming more and more important. The dependence of the information society on the network makes the reliability of the computer network itself become crucial, and it also puts forward higher requirements for network management. To ensure network performance, you must use the network management system to monitor and control the network, that is, to configure the network, obtain information, monitor network performance, manage faults, and perform security control. Network security issues have become increasingly prominent while connection information and circulation capabilities have been improved.
Network openness brings security problems
The openness of the network and other factors lead to many security problems in computer systems in the network environment. These security risks can be attributed to the following aspects:
First, as long as there is a program, there may be vulnerabilities. New vulnerabilities are discovered and published almost every day. When a program designer modifies a known vulnerability, it may generate a new vulnerability. In addition, system vulnerabilities are often attacked by hackers, and such attacks usually do not generate logs and Are Barely traceable.
Second, the hacker's attack methods are constantly updated. The update speed of security tools is too slow. In most cases, human intervention is required to discover unknown security problems, which leads to slow response to new security problems. Therefore, hackers can always find vulnerabilities to launch attacks.
Third, traditional security tools are difficult to protect system backdoors. It is difficult for the firewall to consider such security issues. In most cases, such intrusions can bypass the firewall and are hard to detect.
Fourth, the use of security tools is affected by human factors. Whether a security tool can achieve the expected results depends largely on users, including system administrators and common users.
Fifth, each security mechanism has a certain scope of application and environment. A firewall is an effective security tool that can conceal the internal network structure and restrict access from external networks to internal networks. However, access from internal networks is often powerless.
Enhanced protection for network security
The first is the internal network, that is, the personal computer of enterprise employees. We cannot ensure that every operation performed by computer users is correct and secure. Because the popular operating systems are more or less prone to vulnerabilities and defects, new vulnerabilities and worms that exploit various vulnerabilities are emerging. Generally, anti-virus software can be installed to defend against virus threats. However, in the face of worms, Trojans, and Backdoor programs, anti-virus software cannot play a significant role. Once a personal computer is attacked, it is likely to threaten the entire internal network and core area.
The second is the security of the network structure. Deploying a multi-layer switch to achieve multiple VLANs and fast convergence routing is the best way to ensure the reliability and robustness of the network structure. While dividing multiple Logical Networks and establishing application-compliant ACLs, we hope to collect and summarize more security information for the entire network, it includes traffic management, intrusion behavior, and user access information. Only logs and SNMP management provided by network devices are far from enough. The current method is to deploy IDS/IPS. Deploy IDS/IPS probes on core nodes to collect and summarize the complete information of data packets, and then provide them to network administrators for analysis.
Network Security Technology Discussion
At this stage, the following methods can be used to ensure the normal operation of the network:
First, prevent network viruses. The spread of Network viruses is fast. It is difficult to completely clear Network Viruses by using stand-alone Anti-Virus products only. There must be comprehensive Anti-Virus products suitable for LAN. Tobacco network is an internal LAN, which requires an anti-virus software based on the server operating system platform and anti-virus software for various desktop operating systems. Therefore, it is best to use All-Round Anti-Virus products to set the corresponding anti-virus software for all possible virus attack points on the network, through comprehensive, multi-level anti-virus system configuration, the network is protected from viruses by regular or irregular automatic upgrades.
Second, set up a firewall. The firewall is used to implement an access control scale during network communication, allowing the firewall to allow access by people and data to access its internal network, and rejecting unauthorized users and data, prevent hackers from accessing their networks to the maximum extent, and prevent them from arbitrarily changing, moving, or even deleting important information on the network.
Third, the intrusion detection system is used. The intrusion detection system can identify and restrict activities to protect system security. The internal LAN adopts intrusion detection technology. It is best to adopt hybrid intrusion detection. in the Network, a network-based and host-based intrusion detection system is used to construct a complete active defense system.
4. Establish a network security monitoring system. The network security monitoring system is used in www servers and e-mail servers to track and monitor networks in real time and intercept content transmitted online, it is restored to the complete www, e-mail, FTP, Telnet application content, and a database for storing the corresponding records. illegal content transmitted over the network is found, report to the superior safety network management center in a timely manner and resolve the issue.
5. Solve the IP address theft problem. Bind the IP address and MAC address on the vro。. When an IP address accesses the Internet through the vro, The vro must check whether the MAC address of the workstation that sends the IP broadcast packet matches the MAC address table on the vro. If the IP address matches, the IP address is allowed. Otherwise, the router is not allowed, and a warning message is returned to the workstation that issues the IP address broadcast package.
Sixth, use the network to monitor and maintain the security of the subnet system. For attacks inside the network, you can create a filter file with certain functions for each subnet to provide a basis for managers to analyze their network operation status. A subnet-specific listener is designed. The main function of the software is to monitor the connection between computers in the subnetwork for a long time and provide backup for the filter files of each server in the system.
In short, network security is a system project. instead of relying solely on a single system such as a firewall, you must fully consider the security requirements of the system and combine various security technologies such as password technology, form an efficient, universal, and secure network system.