Prevention of information leakage in enterprise intranet

In the internet age, the internet has brought great convenience to people's life. However, people enjoy the convenience of the network at the same time, it is often easy to ignore the hidden security hidden in the network. The continuous development of information technology makes the double-edged sword effect of internet become more and more obvious. Many criminals, illegal organizations or spy agencies also make full use of the network hidden resources of the "darkroom", the evil tentacles to others, the personal privacy of other countries, strategic secrets, wanton theft or illegal dissemination of this information to achieve a specific purpose. Especially for enterprises, the State of financial expenditure, project application and research and development documents, salary status, etc. are confidential materials, unscrupulous competitors often through a lot of means to steal secrets, so that victims suffered huge economic losses, so network administrators, especially information security workers in the network protection and management, while doing Should pay attention to do a good job of network secrecy, and do a good job of relevant response to local conditions.
In a number of security incidents, such as CSDN account leaks, Sony confidential data leaks, intranet leaks become an important way to reveal the current leaks. This is mainly rooted in the enterprise in the continuous improvement of firewalls, intrusion detection and external threat protection mechanism, often neglect the security of the intranet. Therefore, this article introduces the enterprise security workers in the daily work, should pay particular attention to the following aspects of the leak path, and in advance or in real-time cut off:
Physical level leak prevention: a complete computer network in the work, is the presence of electromagnetic radiation, as long as there is a special receiving device, you can receive radiation information to cause leaks, its radiation mainly has four links: connection line radiation; monitor radiation; host radiation; output device radiation. Some of the existing detection equipment can collect the electromagnetic radiation information of computer station from one kilometer, and can distinguish the information of different computer terminals. For example, "hackers" use electromagnetic leakage and other means can intercept confidential information, or through the flow of information, traffic, communication frequency and length of the analysis of parameters, such as user password, account and other important information. In this way of information leakage, the company room is a very important point of prevention, network equipment is placed in a relatively centralized place, is to place important data exchange equipment and server equipment, most of the network data will be pooled into these devices for data exchange. Therefore, the building of the computer room infrastructure for the protection of internal equipment and data has a pivotal role. According to the electromagnetic principle, we know that as a communication line of data transmission, the work will be around the online cable to form a different intensity of the magnetic field, and to the four sides of the transmission, we can use the relevant equipment and instruments to detect it, and further processing, you can get the data transmitted in the cable information. The whole process we can call electromagnetic leaks. Therefore, network and data room as the center of Network information aggregation, should have good security measures to ensure the security of all kinds of information.
Can be used in the way of information shielding, "shielding" is a metal mesh or metal plate to surround the source of the signal, the use of metal layer to prevent the internal signal outward emission, but also can prevent the external signal into the metal layer inside. The "shielding" effect applied to the network and data room, there is now the shielding room. Depending on the shielding performance of the engine room, the shielding room can be divided into different levels.
Network Level leak prevention: the establishment of computer local area network and its three-level network, two-level network, the gradual completion of a network, is the direction of the current development of Web applications, the application of these networks to distribute in different locations of the computer has a channel of information transmission, expand the scope of the application of computers, improve work efficiency and reduce administrative costs. Each user terminal, can take advantage of the files stored in each computer, data, in the sharing of information at the same time, the host and users, between the user and the user has a lot of leaks, and even those unauthorized illegal users or spy through the imposter, long-term temptation or other means to enter the network system for spy. In addition, after the network, the Line channel branch more, the area of conveying information is more extensive, interception of information sent to the conditions is more convenient, spy in any of the network on a branch line or a node, the terminal interception, you can obtain the entire network of transmission information.
In theory, the networks that are bugged usually include the following, which can be tapped in different ways:
1, Ethernet is widely used in practice, it is easy to be tapped. Ethernet works by sending packets to all the hosts connected together, and the package contains the correct address of the host that should receive the packet. Therefore, only the host that is consistent with the destination address in the packet can receive the envelope. However, when the host is working in eavesdropping mode, the host is received regardless of the destination physical address in the packet. Moreover, most of the 2 most common cables used in the transmission of corporate communications networks include twisted-pair and optical cables, in which the cables are used for high-bandwidth and long-distance transmission, mainly for high-speed network interconnection between the company's branches and headquarters, and twisted pair are used for inter-company network interconnection and building Ethernet. In detail, from the characteristics of the physical medium, the twisted pair is easy to be tapped by wire, and it is difficult to detect this behavior, in contrast, the optical fiber cable does not radiate energy, so it can effectively prevent eavesdropping. In addition, cables are more difficult to wire-tap than twisted pair or coaxial cables. Because there is no good way to directly separate the optical signal transmitted in the optical fiber, only professionals use professional equipment to do, and before the interception of light signal before the preparation work will certainly cause signal interruption, so that fiber communication is the most secure communication. Some tools are used to measure the attenuation of a cable, sometimes to detect the problem of a hitch. An OTDR (optical time domain reflectometer) tool can often be used to detect optical cables. These devices are primarily used to measure the attenuation rate of the signal and the length of the installed cable base, but are occasionally able to detect illegal wire tapping.
2, FDDI, Token-ring is not a broadcast network, but the packet in the transmission process is transmitted along the ring, high transmission rate makes eavesdropping difficult.
3, the use of telephone line is the possibility of eavesdropping is moderate, the telephone line can be some with the telephone company or some people who have the opportunity to physically access the line to wire tapping, the information on the microwave line will be intercepted. In practice, the high-speed modem is more difficult than the low-speed modem wiring.
4, through the cable channel transmission IP is more likely to be tapped, can be intercepted by some people who can physically access the TV cable.
5, microwave and radio is the possibility of eavesdropping is relatively high, radio is a broadcast-type transmission medium, any one of the radio receiving machine can intercept those transmission of information.

Article Source: Shenzhen Information Security Engineer School Information http://www.91goodschool.com/infolist/002315/

Prevention of information leakage in enterprise intranet