Reinforce a weak link in the Intranet

As the infrastructure of the information system, the security and stability of the network system directly affects the normal operation of the company's production operations and business management. To cope with the increasing information security risks from inside and outside the system, security reinforcement of the system must be continuously carried out to continuously improve the security defense capability of the network system, to ensure the security of the company's information assets.

Our company's information system is built on a centralized data model. The information and data volume transmitted over the Internet are large. Due to the company's budget and leadership awareness, the company's network security vulnerabilities have not been improved for some time, information data security is always faced with external and internal threats from the system.

　　Highlights simple protection Vulnerabilities

I still clearly remember the "disaster" that happened a year ago: all the company's computers could not access the Internet, important office documents could not be approved, and the financial report system could not handle statistics, all services were interrupted for about five hours, resulting in loss of material and reputation of the company.

The final reason is that our company only has a simple access firewall at the internet exit. The company's website and email server are located in the external interface area of the firewall and use public IP addresses. Because the website is attacked and implanted with ARP spoofing Trojans, all office and business PC gateways are spoofed and direct to the website server. The correct gateway should be the firewall's Internet port address, this prevents all clients from accessing the internet and business servers. It takes a lot of time to determine the failure, unplug the website server network cable, contact the firewall supplier to update the version, and adjust the relevant policies to temporarily recover some important services. The huge loss made the leaders deeply aware of the importance of the company's Intranet security construction, and made up their minds to comprehensively reinforce the company's Intranet to avoid similar incidents from happening again.

Our office building is divided into 18 VLANs based on business and department categories, and the systems and departments are isolated from each other. Deploy a firewall at the Internet portal of the office building to control office network access to the Internet, as shown in figure 1. The network access control technology is used throughout the network to control all staff of the company's access to the Internet and business systems.

　　

Figure 1 Office Building Network Structure

However, the company only deploys a firewall in terms of security protection, and the firewall can only check the layer-4 data packets and cannot manage network applications, there is no necessary technical means to manage and audit highly risky behaviors such as network virus protection, Internet access content control, user Internet access behavior, and PC application installation. There are no necessary control and protection measures for the user's desktop computer. The protection effects of anti-virus software are uneven, and the virus database cannot be upgraded. In addition, due to improper application management, uneven use of personnel, arbitrary installation of illegal software on PCs, and the failure to upgrade the security patch in a timely manner, there is a large risk of vulnerabilities in all users' PCs of the company, attackers often suffer from network viruses, Trojans, and other malicious attacks. Both business data and personal information pose great risks and pose potential risks to the stable operation of the entire company's network.

　Collaborative consolidation in multiple aspects

Intranet security management is a comprehensive system problem involving network management, computer hardware, computer application software, computer operators, computer user organization management specifications, and many other factors, the goal can be achieved only through management systems and technical means. To achieve the goal of building the network security management system, we deploy security devices and security policies on networks and desktops from multiple layers, such as Internet access transformation, virus protection, intrusion prevention, and desktop management, to implement multi-angle and multi-level security defense.

　　Internet entry boundary reinforcement

Based on the current network architecture, adjust the company's Internet access policy and deploy two heterogeneous firewalls and IPS intrusion protection devices at the Internet egress, as shown in figure 2. The functions of the firewall and IPS complement and cooperate with each other to effectively prevent hacker attacks, Block network viruses such as worms, DOS/DDoS, and Trojans, and control the occupation of network bandwidth by P2P and network video applications.

　　

Figure 2 network structure of the transformed Office Building

After the Internet transformation, RG firewall and Juniper firewall form a back-to-back firewall deployment mode. The RG firewall is deployed in transparent mode, allowing Intranet access to penetrate the firewall, rejecting all access from the Internet, and protecting the security of the internal network. Because the application server is stored in the network, we filter the source address during deployment and allow the DMZ (Demilitarized, isolation zone) ISA proxy server to access the internal application server. The addresses are divided into ISA proxy server address, SER Intranet address group, and desktop pc user group. The specific address distribution is shown in table 1.

　　

Table 1 address ranges of each group

The security policy defines three security policies for ISA to access the internal application server.

1. Allow the desktop USER (12.0.0.0/8) to access the ISA Server for DNS resolution and proxy access.

2. Allow the ISA proxy server to access SER (11.0.0.20 ~ 11.0.0.253/24 ).

3. Access to desktop USER (12.0.0.0/8) from the Internet is denied.

　Internet Transformation

Change the company's Web, Mail, and DNS servers to the DMZ zone, and deploy Proxy Cache servers and email security gateway devices. Users can control and manage internet behavior and access content in different regions and regions, Audit Access Content and transmission information, and reasonably restrict access traffic, in this way, a secure, efficient and unified Internet access platform is established to provide Internet access services for the company's business development and daily office work of internal employees.

　　Anti-Virus System

Deploy unified network anti-virus software throughout the company and complement IPS and email security gateways deployed on the Internet portal. Through the mandatory compliance and upgrade policies of the desktop management system, the client anti-virus software management and unified virus Database Upgrade are implemented for users' desktop computers and Windows servers, and the company's unified anti-virus system is established, prevents viruses from spreading over the Intranet between the Intranet and the Internet.

　　User desktop computer management system

Deploy a desktop security management system on all users' computers of the company, and enforce Enterprise Security Policies on desktop users. By implementing functional modules and security policies for users' computers, such as forced authentication, application software installation control, External Device Control, non-managed computer access control, and operating system patch upgrade management, strengthen the management, monitoring and audit of software usage, security policy execution, security software deployment, and system vulnerabilities of desktop computers. Strengthen the security management of mobile office and mobile storage devices, and adopt technical means to reject network access for computers that violate security policies. Distribution of operating system patches in a timely manner to improve the level of virus prevention and attack prevention for Windows system clients, improve the security management capability for desktop computers, and ensure the security and rational use of the company's information assets.

The construction of the network security management system has targeted the necessary security reinforcement for the weak links in our company's current network. By deploying IPS, Email Security Gateway, proxy servers, and other security devices on the Internet access boundaries, you can deploy network-wide anti-virus software and user desktop management software, it implements effective virus protection, application management, and Internet access control for computers across the network.

In particular, by strengthening the management of users' online behaviors and computer usage behaviors, as well as the deployment of security devices and the implementation of security management tools, we have established a security system that can implement authentication management for internal users, effectively control the Internet entry, actively prevent viruses, effectively manage and audit the software used by users and access the internet. management System, this effectively protects the company's information assets.