Preliminary Exploration of Enterprise Information System Security Prevention Measures

With the popularization of Enterprise Networks and the openness, sharing, and interconnection of networks, network information security issues have become more and more important. Enterprises must adopt unified security policies to ensure network security. A complete security technology and product includes identity authentication, access control, traffic monitoring, network encryption technology, firewall, intrusion detection, anti-virus, vulnerability scanning, etc; security incidents are caused by technical factors, management factors, and omissions in security architecture design.

1. Network Security Measures

1.1 intrusion detection.

IETF divides intrusion detection into four components: Event database Event Data Bases, Event generator Event Generators, Response Unit Response Units, and Event Analyzers ). The event generator obtains the event from the entire system environment and provides the event to other components. The event analyzer analyzes the obtained data and generates analysis results. The Response Unit is a functional unit for processing the analysis results. It can be used to cut connections, change attributes, and perform other intense operations. It may also be a simple alarm. The event database stores intermediate data and final data. It may be a complex data warehouse or a simple text file.

Based on different detection objects, intrusion detection can be classified into network type and host type. Network data sources are from network data packets. Set the NIC of a machine to Promise Mode in hybrid Mode) to collect and judge all data packets in the current network segment. Generally, network intrusion detection is responsible for protecting the entire network segment. Host-Based Intrusion detection uses application logs, system logs, and other data sources. You can also use other methods such as monitoring system calls to collect and analyze information from the host. Host-Based Intrusion Detection mainly protects the local system, which often runs on the monitored system and is used to monitor the legitimacy of processes running in the system.

The core function of the intrusion detection system is to analyze events and discover behaviors that do not comply with security policies. Technically, intrusion detection is divided into two types: one is Based on the Mark C Signature-Based), and the other is Based on the exception situation Abnormally-Based ).

1.2 firewall.

Firewall is a security technology based on information security technology and communication network technology. It is increasingly used in Ding public network and private network environments, especially in Intemet network access.

A firewall is a combination of a series of security components set between different networks. It is the only portal for information transmission between different networks. It can control inbound and outbound network data streams according to enterprise security policies, it is highly attack-resistant. It is an infrastructure for enterprises to implement information and network security. Logically, the firewall is a limiter, separator, and analyzer. it effectively monitors any data activity between the Intranet and the Internet, providing effective guarantee for internal network security.

As a barrier for network security, the firewall can greatly improve internal network security and reduce risks by filtering insecure data. Because only well-filtered application data can pass the firewall, the network environment becomes more secure.

2. server security measures

In enterprise data center management, only by correctly installing the rain I and configuring the operating system can we improve its role in security. The following uses the specific settings of Windows 2003 SERVER as an example.

2.1. the partition and Logical Disk are indeed divided.

Microsoft's IIS service is often found to have the source code overflow/leakage vulnerability. If you put IIS and the operating system on the same drive, there will be System File leakage, attackers may even obtain administrator privileges remotely. Take the 1200 hard disk as an example. The correct operating system configuration is to create three logical partitions, with a drive C 30 GB for installing the operating system and important log files. Drive D 40 Gb for installing IIS services: 50 GB for installing FTP. In this way, the operating system directory and files will not be directly affected regardless of the FTP or IIS security issues. Because FTP and IIS often provide services on the Internet and are relatively vulnerable to attacks, the main purpose of separating FTP and IIS is to prevent intruders from uploading programs through FTP and running them in IIS.

2.2 correctly select the system installation sequence.

The system administrator should pay full attention to the operating system installation sequence, without leaving a good opportunity for network hackers. Pay attention to the sequence of Windows2003 installation.

First, select the network access time correctly. Windows has a system vulnerability during installation. After the installer enters the Administrator password, the system automatically creates an ADMIN $ share, but does not use the password just entered to protect it, this will continue until the system is started again. During this period, anyone on the network can access the server through ADMIN $. At the same time, various services in the operating system will run automatically when the installation process is complete, and the servers are completely exposed to the network without any protection, which is very easy to intrude. Therefore, do not connect the system to the network before installing and fully configuring the Windows2003 SERVER.

Next, pay attention to the patch installation sequence. Upgrade patches should be installed after all applications in the operating system are installed, because patches often need to modify/replace some system files, if you install and upgrade the patch before installing the application, the file may be overwritten, so that the patch cannot play its due role.

3. Operating System Security Configuration

The following uses the specific settings of Windows2003 SERVER as an example.

Configure port 3.1.

A port is a logical interface connecting a computer and an external network. From the perspective of system security, it is safer to open only the port to be used. The configuration method is as follows: Enable the firewall that comes with the operating system in the network connection, and add the port to be enabled on the "exceptions" tab. However, the port policy of Windows Firewall can only set open ports, but cannot specify closed ports. This is troublesome for users who need special settings and can use some dedicated firewalls.

3.2 IIS configuration.

IIS is one of the most vulnerable components on Microsoft servers. One vulnerability is detected on average in two or three months. Therefore, the configuration of IIS is the focus of our attention. We recommend that you set the following settings: first, delete the Metpub directory installed on drive C by default. Create a New lnetpub directory on drive D and set the main directory of IIs to D: \ I. netpub. Secondly, all virtual directories such as scripts created by default during IIs installation are deleted, which are easy targets of intruders. Finally, you need to set the permission positively, that is, the permission of the directory can be created as needed. Pay special attention to the permission and write permission for executing the program. do not grant it unless absolutely necessary.

3.3 configure the application.

The system administrator needs to delete any unnecessary mappings other than necessary programs in the IIS service. Only ASP and other types of files are retained. The specific method to delete useless mappings is: in the IIS Service Manager, select host properties and find the application ing in the home directory configuration edited by the www Service, then you can select to delete these mappings as needed, and let the Virtual Site inherit the set attributes.

Correct installation and configuration of Windows2003 Server can prevent operating system vulnerabilities. At the same time, the security of the operating system is greatly improved by adding patches and Application Service Security configurations.