Nowadays, the Internet is becoming more and more frequent, and enterprises have more and more demands on their own network security. Each major security manufacturers have issued their own security products, firewall has become an essential product of enterprises. However, for enterprise security protection, not only the external network needs protection, enterprise Intranet protection is also very important.
Most enterprises pay attention to improve the security of the border of enterprise network, but do not mention how much they invest in this aspect, but the core intranet of most enterprise network is still very fragile. Enterprises also implement the corresponding protection measures in the internal network, such as : installation of Tens or even hundreds of thousands of of network firewalls, intrusion detection software, and hope to achieve the security of the Intranet and the Internet isolation, however, this is not the case !
There are often people in the enterprise who privately Modem dialing method, mobile phone or wireless network card and other ways to surf the internet, and these machines are usually placed in the enterprise intranet, this situation has brought huge potential threat to the enterprise network, in a sense, the enterprise spent heavily equipped with the firewall has lost meaning.
The presence of such access, most likely to allow hackers to bypass the firewall and without the knowledge of the enterprise intrusion into the internal network, resulting in data leaks, spread the virus and other serious consequences. Practice has proved that many successful technology to prevent enterprise network border security has no effect on protecting enterprise intranet. Therefore, the network maintainer began a large-scale commitment to enhance the defense capabilities of the intranet.
Establish reliable wireless access
Review the network to establish the basis for wireless access. Eliminate meaningless wireless access points, ensure the mandatory and accessible wireless network access, and provide secure wireless access to the interface. Places access points outside the perimeter firewall and allows users to access them through VPN technology.
Establish secure passer-by visits
for passers-by do not have to give their public access to the intranet. Many security technicians perform the " internal no Internet access " policy, which allows employees to give customers some illegal access, resulting in real-time intranet tracking difficulties. Therefore, a passer-by access network block must be established outside the perimeter firewall.
Create a virtual Border guard
the host is the primary object that is being attacked. Instead of trying to keep all hosts from being attacked ( which is not possible ), it might be better to try to make it impossible for an attacker toattack the intranet by attacking the host. Therefore, it is necessary to solve the problem of the use of enterprise network and the establishment of virtual boundary protection in enterprise business scope. Thus, if a market user's client is compromised, the attacker will not enter the company. Therefore, to achieve the control of access rights between the company and the market. Everyone knows how to establish a perimeter firewall between the Internet and the intranet, and should now be aware of the border protection between different business user groups on the web.
Reliable Security Decisions
The network user also has the security hidden danger. Some users may be very lack of knowledge of network security, for example, do not know the difference between RADIUS and TACACS , or do not know the difference between proxy gateway and packet filtering firewall, etc., but they as the company's collaborators, but also the users of the network. So the enterprise network will make these users also easy to use, so as to guide them to automatically respond to network security policy.
Technically, security switches, backup of important data, use of proxy gateways, secure operating systems, use of host protection systems, and Password Detection systems and so on are indispensable.
Reliable security decisions for network protection