Resolve six Intranet security threats

The Enterprise Network Security Administrator pays great attention to the harm to the Internet. Whether it is to deploy a security gateway or other protection products, the ultimate goal is to prevent the enterprise from being compromised by network security. However, administrators should pay attention to Enterprise Intranet security protection while enhancing Internet protection. This article analyzes six internal network security threats through some disadvantages in the internal network design. It is hoped that the majority of security administrators will pay more attention to the internal network security.

Intranet security threat 1: client patch upgrade relies on employees' awareness

Most enterprise users now use Windows clients. This client has many patches, including IE patches and Offcie office software patches. If the Patch Is Not Installed in time, the virus is easily exploited and becomes a convenient channel for its transmission. Unfortunately, many IT owners do not pay attention to patch management and control. For example, some administrators rely solely on user consciousness to manage patches. For example, patch the system by automatically updating the service on the client. This operation requires manual operation by the client user. If you need to manually confirm whether the patch upgrade is required, you may need to restart after the upgrade is complete. The reality is that some users think this operation is troublesome and they will not consciously upgrade the patch. In this case, the security of the Intranet is more likely to cause than necessary security risks.

For this reason, I suggest that you adopt a unified solution for Patch Management. For example, Microsoft has a patch management tool that can be used on servers to forcibly patch the client system. For example, the system is automatically patched before the next start. This design ensures the security of the internal network and minimizes the adverse impact on users. In short, I believe that it is best not to give the patch update rights to users. Most users do not exercise this right correctly.

Intranet security threat 2: Incompatibility of Self-signed certificates

Internet Explorer has always been the biggest security hit for Microsoft operating systems and servers. Incorrect user settings are one of the main reasons. To improve this situation, Microsoft has added self-signed certificates to some Microsoft products, such as Exchange. Simply put, when enterprise users do not take any security measures, the system will automatically enable self-signed certificates to enable certain security encryption mechanisms, such as SSL encryption.

This default security measure improves the security of system applications to a certain extent. Especially for users who do not have the security concept, it can help a lot. However, until now, this self-signed certificate has only been used by Microsoft products. For example, if an enterprise uses an Exchange server and then uses the IE browser to access this mailbox, there is no problem. However, if other browsers are used for access, incompatibility may occur. If the browser prompts that the user system does not trust this type of certificate. To reduce this problem, some administrators simply disable the self-signed certificate function. This undoubtedly weakens the security of the enterprise's internal network servers.

Intranet security threat 3: do not focus on follow-up

Many enterprises are very concerned about the security of their internal networks when designing and establishing networks. Such as disabling unnecessary services or using mobile devices. However, they also have some misunderstandings in this regard. That is, the early design and configuration are very important, but there is no follow-up mechanism.

For example, for file servers, enterprises may have relatively secure access permissions and other security measures. However, there is a lack of access review mechanisms. That is to say, it is impossible to determine whether this security measure is in place or whether there is unauthorized access to the user. In this case, you may be able to find this deficiency only when the problem occurs. The author suggests that it is important to do a good job of security design and related configuration in the early stage, but it is also best to track and analyze the work in subsequent daily work. When you find that the original configuration cannot meet your enterprise security requirements, you need to make timely adjustments. For file servers, the audit function can be enabled. Record users' unauthorized access. Then, analyze the data to determine possible attacks.

Intranet security threat 4: no reverse proxy is used to reduce port overhead

With the popularization of enterprise information management, enterprises are increasingly unable to meet the needs of internal users to use enterprise information systems. Some enterprises may open offices in other places. Enterprises want staff in these offices to access internal servers. For the convenience of employees on business trips, they are also allowed to connect servers in the enterprise from the public network.

To allow internal enterprise servers to be accessed by external users over the internet, you must enable multiple ports on the firewall. In this case, security risks inside the enterprise are increased. The principle is simple. It is like opening a house and opening multiple doors. The Administrator cannot take into account the security of Multiple doors. For example, an enterprise deploys Microsoft's instant messaging suite. If you want to allow external users to use this instant messaging server, you need to enable more than a dozen ports on the firewall. This undoubtedly greatly reduces the security of the enterprise's internal network. In this case, I suggest using the reverse proxy mechanism. The reverse proxy server is usually located between the Internet and the server that needs to develop multiple ports locally, basically in parallel with the firewall server. If reverse proxy is used, the server can be hidden before it enters the internet, and external malicious requests can be prevented from reaching the server. In terms of security, it is similar to NAT technology. However, management costs and performance overhead are much lower than those of NAT servers.

Intranet security threat 5: deploy too many applications on the same server

Deploying multiple applications on the same server is also common in enterprises. Although this can reduce the cost of enterprise information deployment to a certain extent, it also increases the security risks of servers. Assume that three applications are deployed on one server of an enterprise, including the operating system, there are actually four kinds of information systems. If an information system has two security vulnerabilities, this server now has eight vulnerabilities. If no strict security measures are taken, attackers can exploit any of these vulnerabilities to steal content from the server or even control the server.

This is like a chain. If there are more loops on the chain, the worse the security performance is. If any ring is broken, the entire chain will be discarded. If there are more loops, the possibility of disconnection increases. In general, it is not impossible for an enterprise to deploy multiple applications on one server, but the number of applications must be limited. Generally, no more than three instances are allowed. At the same time, for some important applications, such as database functions, it is best to adopt a separate application server to ensure its security. In addition, some necessary measures, such as virtual CPU technology, need to be taken to provide a relatively independent working environment for multiple applications.

Intranet security threat 6: No SSL encryption mechanism is used for authorized access to emails.

Many of the enterprise's information systems must be authorized for access. For example, in the mail system, users can only access their mailboxes. For file servers, only authorized files can be accessed. These controls are basically restricted by the user name and password.

In the internal network, HTTP and HTTPS are the primary access mechanisms. The former HTTP is characterized by no encryption measures for transmitted data. That is, the user name and password are transmitted in plain text on the network. In this case, the user name and password can be easily stolen through tools such as network sniffer. To carry out destructive activities. If the user name and password information are disclosed, the best security measures will not help. I suggest using HTTPS protocol for important applications, such as emails and file servers. This protocol uses an SSL encryption mechanism to encrypt data during data transmission to ensure the security of user names and passwords.

The six disadvantages mentioned above cannot contain all the content of Intranet security management. But it is definitely a classic problem. You can perform self-check based on your actual situation. For internal network security, prevention should be emphasized.