Server security: From "palliative" to "permanent cure"

For a long time, network security has paid more attention to the external prevention technology based on network application, but the protection of confidentiality, integrality and reliability of users ' information through the system kernel is becoming an effective technical means after the application Layer network security products.

Network security has limitations: The server is a hidden danger

The existing mainstream server operating system administrator rights, with the supremacy of power, can be described as omnipotent. He can manipulate the entire system, arbitrarily modify the system resources, such as browsing, modify all data files, format the hard disk, terminate the important process, terminate the process, modify the registry, and so on.

And this kind of authority in the existing operating system is very easy to be illegally stolen, once into the hands of illegal users or network attackers, the entire system security threat, the consequences of unimaginable. So the security of the server operating system has attracted more and more attention.

Beijing Avic Ka Xin Computer Information Technology Co., Ltd. introduced the core reinforcement technology, through the server's super user rights to reasonable decentralization and appropriate restrictions, can make in case of the super user "protest" risk and destruction degree greatly reduced. Ai Qiwei, deputy general manager of Catic Company, said that the realization of core reinforcement technology is of great significance, especially in the reality that many information leaks on the internet come from inside the enterprise.

For attacks from external networks, the current network security technologies and tools are mainly: firewall technology, intrusion detection system technology (IDS), vulnerability scanning technology, VPN technology and anti-virus technology. Ai Qiwei that these tools have some limitations on server security.

For example, the so-called "Yiffang, Fumo opens" firewall, to some extent simplifies the security management of the network, but the network intruders may find some firewalls behind the open door, for such intruders may be within the firewall inside the network internal attacks are basically unable to guard against.

"It is because of the limitations of the common network security technology and tools, so it is a developing trend of network security protection technology to construct a three-dimensional network system protection system combining the application layer network security product and the kernel reinforcement technology." Ai Qiwei said, "the core reinforcement technology as the application Layer network security technology is a strong back-up and complement, so that the security technology application of the server in the enterprise network from the ' symptom ' to ' root cause ' become possible. ”

Live interview

Ai Qiwei, deputy general manager of China Airlines, senior network security engineers, national "Information systems Security level" related technical standard documents written by participants.

Reporter: Why does your company set the solution in the national Information system security level protection of the third level?

Ai Qiwei: National Information System security level protection is divided into five levels, 第一、二、三级 put forward the entire level of protection of all technical requirements. The technical requirements are no longer increased from the fourth level, but are more stringent in terms of the implementation design methods of these technical requirements.

Therefore, the third level is a watershed, it includes the technical requirements of all levels of protection, and it is not too demanding in the design method, so it is the current government, enterprises, including finance, telecommunications and other industries, the most suitable for the security level, and its impact on the application is relatively small.

Safe operating system: Play the role of "Connecting link"

At present, the network security market to the firewall, IDs and other application layer of network security products, China Aviation Jia Xin, in the field of network security technology to introduce the security of the core operating system to strengthen the concept, and successfully developed the core Security module products.

The security operating system structure is as follows:

Safe operating system = Operating system reinforcement technology + ordinary operating system

This is a secure operating system based on the operating system hardening Technology (ROST). Rost is a technology that uses a security kernel to enhance the security level of the operating system. The core of this technology is to reconstruct the access model of the operating system at the core of the operating system, to realize the real compulsory access control, and to make the operating system reach the third level security technical requirement in the national Information System security level protection standard system.

Rost is the system level of national information system security standards System solution, play a "Connecting link" role, that is, can well support a variety of operating systems and hardware platforms, but also to the upper operating system of the various existing large-scale applications have a good security supporting role.

"Of course, there are other concepts of safe operating systems, such as implementing secure operating systems by refactoring the operating system's source code." "Ai Qiwei further elaborated," and our safe operating system concept is to provide a variety of applications of the common operating system and Rost technology combined, Rost technology is just a security module, will not affect the original operating system of the upper application. This is the essence of our secure operating system that is different from the traditional concept of secure operating systems. ”

The kernel module technology based on Rost is to install the Security kernel module on the drive layer, intercept all the kernel access paths, and achieve the technical standard of level Three, the security effect is similar to the reconfiguration of the operating system source code technology. However, it has the advantage of not affecting the user's business continuity, support for all applications on the top, support for all systems and devices on the lower level, and ensure the security of the upper application, which is the basis of the server security standard.

Secure Server: Secure system security through trusted interfaces

So what does server security mean? Ai Qiwei explains: "Server security is all levels of security, that is, secure physical devices, safe operating systems, secure applications, and professional management systems." When we add them up, we call them a secure server. ”

The security server structure is as follows:

Secure Server = Secure operating system + Secure application + Normal server

"But this addition is not piling up!" "AI Kiwi changed a turn," is not said to install a set of safe physical equipment, a set of safe operating system, a set of security application system, and then a professional management system, is the security server. What we call the network security plan, is not the firewall, IDS, anti-virus and so on all heap in, is the network security plan? Certainly not, it is conditional to add them up! ”

The condition of Ai Qiwei is that it is necessary to establish a connection between each layer of the system and the layer, which is the trusted interface in the national level protection standard. The basic idea of national level protection can be understood as all problems of network security are to solve the problem of access control. Therefore, the system security of the server itself is the security of access control.

The so-called security server, that is, each level of the system has a trusted interface, through the trusted interface interconnection, interoperability, interoperation. Users will accept the management of trusted products management, unified configuration strategy, inquiries, audits and so on. With a secure server, users can take care of all aspects of server-wide security in one interface.