Nine technical measures for Intranet Communication Security

Intranet is a major component of network applications, and its security has been paid more and more attention. According to incomplete statistics, 15% of the investment in building an intranet outside China is used to enhance the network security of the Intranet. Security vendors maintain a strong growth momentum in China's IT market. The proportion of investment in Intranet security by operators is not as high as that in other countries, but it continues to grow. There are many ways to improve Intranet security. This article will discuss this.
Use a Security Switch
Because intranet information transmission uses broadcast technology, data packets are easily monitored and intercepted in the broadcast domain. Therefore, a security switch is required, network segments and VLANs are used to physically or logically isolate network resources to enhance Intranet security.
Operating System Security
Many technologies, from end-user programs to server application services and network security, run on the operating system. Therefore, ensuring the security of the operating system is the foundation of the entire security system. In addition to increasing security patches, we also need to establish a monitoring system for the system and establish and implement effective user passwords and access control systems.
Back up important data
In the Intranet system, data becomes more and more important to users. In fact, the factors that cause computer data loss, damage, and tampering are far greater than known viruses or malicious attacks, A wrong operation by the user, an unexpected power failure by the system, and other targeted disasters may cause greater losses to the user than direct viruses and hacker attacks.
To maintain enterprise intranet security, important data must be backed up to prevent system crashes due to various software and hardware faults, virus attacks, and hacker damages, resulting in significant losses.
For data protection, it is essential to select well-functional and Flexible backup software. Currently, many backup software are used in applications. Combined with various disaster recovery software, data security can be fully protected.
Use Proxy Gateway
The advantage of using Proxy gateway is that Network Packet Exchange is not directly performed between internal and external networks. The internal computer can access the Internet only through the Proxy gateway, so that the operator can easily restrict the access of the computer inside the network to the external network on the proxy server.
Different protocol standards can be used at both ends of the proxy server to prevent external intrusions from illegal access. In addition, the gateway of the proxy service can perform security control such as data packets verification and Password confirmation.
Set firewall
The firewall should be appropriate. For small and medium-sized enterprise networks, you can select a personal firewall suitable for small and medium-sized enterprises from products such as Norton Internet Security, PCcillin, and Skynet personal firewall.
For enterprises with internal networks, you can choose to set up or buy more powerful Firewall Products on the vro. For almost all router products, some attacks can be prevented through the built-in firewall, and the application of the hardware firewall can further enhance the security.
Information Confidentiality prevention
To ensure network security, you can also use the confidentiality measures provided by the network operating system. Take Windows as an example to register a user name, set the logon password, set the Directory and file access permissions and password, to control what directories and files the user can only operate on, or set user-level access control, and access the Internet through the host.
At the same time, it can enhance the confidentiality protection of database information. Data in the network can be organized into files and databases. Due to the lack of data sharing in the form of file organization, the database has become the main form of network storage data. Because the operating system does not have special confidentiality measures for the database, and the data in the database is stored in a readable form, the confidentiality of the database should also adopt appropriate methods. E-mail is the main way for enterprises to transmit information. The transmission of E-mail should be encrypted. Leakage channels of computers, their external devices and network components, such as electromagnetic leaks, illegal terminals, wire theft, and the residual magnetic effect of the media, can also be kept confidential.
Starting from the attack perspective
At present, a large part of the security threats of computer network systems come from denial of service (DoS) attacks and computer virus attacks. To protect network security, you can also perform these operations.
An effective way to deal with "Denial of Service" attacks is to prevent such hacker attacks by allowing only the network traffic related to the entire Web platform to enter, especially for ICMP packets, such as ping commands, should be blocked.
By installing an illegal intrusion detection system, you can improve the performance of the firewall, monitor the network, immediately intercept the action, and analyze the action of filtering packets and content. When the hacker invades, the service can be immediately terminated, in order to effectively prevent the theft of confidential enterprise information. Meanwhile, illegal user access to the network should be restricted. It is required that workstations with IP addresses have access permissions to local network devices to prevent unauthorized modification of network device configurations from outside.
Computer virus prevention
According to the virus development trend, the current virus has changed from a single spread, a single behavior, to relying on the Internet to spread, collecting email, file transmission, and other transmission methods, hackers, Trojans, and other attack methods are integrated into a broad sense of "new virus ". Computer viruses present the following features: they work more closely with the Internet and Intranet, and use all available methods (such as email, lan, remote management, and instant messaging tools) spread; all viruses have a hybrid feature, which combines the characteristics of file transmission, worms, Trojans, and hacker programs, and greatly enhances the destructiveness. Because of its extremely fast spread, it no longer pursues concealment, more attention is paid to deception; exploitation of system vulnerabilities will become a powerful way to spread viruses.
Therefore, when considering anti-virus in the Intranet, you need to consider the following points: the anti-virus method must be fully integrated with the Internet, not only traditional manual detection and removal and file monitoring, the network layer and mail client must also be monitored in real time to prevent virus intrusion. The product should have comprehensive Online upgrade services so that users can have the latest anti-virus capabilities at any time; provides key protection for applications that are frequently attacked by viruses. product vendors should have a fast-response virus detection network to provide solutions immediately after a virus outbreak; vendors can provide complete and real-time anti-virus consultation to improve users' awareness and vigilance, so that users can learn about the features and Solutions of new viruses as soon as possible.
Key Management
In reality, when intruders attack an Intranet target, 90% will take deciphering the password of a common user as the first step. Take a Unix or Linux system as an example. First, use the "finger remote host name" to find the user account on the host, and then use the dictionary to crack the attack. This deciphering process is completed by a program. The words in the dictionary can be completed in about 10 hours.
If this method does not work, intruders will carefully find the weak links and vulnerabilities in the target, and wait for the server to seize the file shadow or passwd that stores the passwords in the target. Then, use a dedicated program to crack the DES encryption algorithm to parse the password.
System administrators in the internal network must pay attention to the management of all passwords, such as the maximum length of the number of passwords; do not select the obvious information as the password; do not use the same password on different systems; password should be entered without any one. It is best to have uppercase/lowercase letters, characters, and numbers in the password; change your password regularly; and periodically use the password cracking program to check whether the shadow file is secure. Irregular passwords provide better security.
Conclusion
The preceding nine aspects are only part of a variety of measures to ensure Intranet security. To better solve Intranet security problems, you need to have a broader perspective on Intranet security. In terms of security, in order to cope with the more severe "security" challenges than ever before, security should not just stay stuck in "blocking", "Killing", or "preventing ", we should actively apply security challenges in a dynamic manner. Therefore, a sound Intranet security management system and measures are essential to ensure Intranet security.