Almost all enterprises have paid more attention to network security. They have successively purchased firewalls and other devices to block security factors from the Internet. However, Intranet attacks and intrusions are still rampant. Facts have proved that the company's internal insecurity is far more terrible than the external harm.
Most enterprises pay attention to improving the border security of enterprise networks, but do not mention their investment in this area, but the core intranet of most enterprise networks is still very fragile. Enterprises have also implemented corresponding protection measures for internal networks, such as installing network firewalls and intrusion detection software that may easily reach tens of thousands or even hundreds of thousands, and want to implement security isolation between the Intranet and the Internet.
However, this is not the case! In enterprises, users often access the Internet through Modem dialing, mobile phones, or wireless network cards without permission. These machines are usually placed in the intranet of enterprises, the existence of this situation poses a huge potential threat to the enterprise network. In a sense, the firewall that enterprises spend heavily on has lost its significance.
This access method is very likely to cause hackers to intrude into the internal network without any knowledge of the firewall, resulting in leakage of sensitive data and virus spreading. Practice has proved that many technologies that successfully prevent enterprise network border security have no effect on protecting the enterprise intranet. As a result, network maintainers began to expand their efforts to enhance their internal network defense capabilities.
The following 10 strategies are provided to address the challenges of Enterprise Intranet security. These 10 policies are both internal network defense policies and a policy to improve the network security of large enterprises.
1. Pay attention to the differences between Intranet security and network boundary security
Intranet security threats are different from those of network boundaries. Network Boundary security technology prevents attacks from the Internet, mainly preventing attacks from public network servers such as HTTP or SMTP. Network Boundary prevention (such as the border Firewall System) reduces the chance that senior hackers only need to access the Internet and write programs to access the enterprise network.
Intranet security threats mainly come from within the enterprise. A malicious hacker attack generally takes control of a Server inside the local area network, and then initiates a vicious attack on other hosts on the Internet. Therefore, hacker protection measures should be carried out at the boundary while establishing and strengthening Intranet protection policies.
2. Restrict VPN access
The access of Virtual Private Network (VPN) users poses a huge threat to the security of the Intranet. They place the weakened desktop operating systems outside the protection of the Enterprise Firewall. Obviously, VPN users can access the enterprise intranet.
Therefore, avoid giving each VPN user full access to the Intranet. In this way, you can use the logon control permission list to limit the logon permission level of VPN users, that is, you only need to grant them the required access permission level, for example, you can access the email server or other selectable network resources.
3. Establish Intranet border protection for the CEN
CEN is also a major cause of Intranet security problems. For example, although the security administrator knows how to use the actual technology to complete the firewall, protect the MS-SQL, but the Slammer Worm can still intrude into the Intranet, this is because the enterprise gives their partners access to internal resources. Therefore, since the network security policies and activities of partners cannot be controlled, a DMZ should be created for each partner and the resources they need to access should be placed in the corresponding DMZ, they are not allowed to access other intranet resources.
4. Automatic Tracking of security policies
Intelligent security policies that automatically execute real-time tracking are the key to effectively implementing network security practices. It brings about a major reform in business activities, greatly surpassing the effectiveness of manual security policies. The current situation of business activities requires enterprises to use an automatic detection method to detect various changes in business activities. Therefore, security policies must also be adapted. Such as real-time tracking of employment and dismissal of enterprise employees, real-time tracking of network utilization, and recording of file servers that talk to the computer. In short, we need to ensure that every day's activities follow the security policy.
5. Disable useless network servers
A large enterprise network may support sending e-mail to four to five servers at the same time. Some enterprise networks may also have dozens of other servers to monitor SMTP ports. These hosts may have potential email server attack points. Therefore, the network servers should be interrupted one by one for review. If a program (or a logical unit in a program) runs as a window file server but does not act as a file server, disable the file sharing protocol.
6. protect important resources first
It is unrealistic to expect that each host will be locked and patched if it is connected to more than 10 million hosts (for example, 30000 hosts. Security considerations for large enterprise networks are generally preferred. In this way, you must first analyze and evaluate the server's benefits, and then inspect, classify, patch, and strengthen each network server on the Intranet. Find important network servers (such as servers that track customers in real time) and manage them with restrictions. In this way, the most important assets of an enterprise can be quickly and accurately identified, and the Intranet positioning and permission restriction work can be done well.
7. Establish reliable wireless access
Review networks to build the foundation for wireless access. Eliminate meaningless wireless access points, ensure the mandatory and available wireless network access, and provide secure wireless access interfaces. Place access points outside the border firewall and allow users to access them through VPN technology.
8. Establish secure access
No public access to the Intranet is required. Many security technicians execute the "no Internet access internally" policy, which makes it difficult for employees to provide illegal access permissions to customers and track the Intranet in real time. Therefore, a passthrough access network block must be created outside the border firewall.
9. create virtual border protection
The host is the main target of the attack. Rather than trying to prevent all hosts from being attacked (this is not possible), it is better to try to prevent attackers from attacking the Intranet through the attacked host. Therefore, the use of the enterprise network and the establishment of Virtual border protection within the enterprise's business scope must be solved. In this way, if a client of a market user is intruded, attackers will not access the company's R & D. Therefore, access control between company R & D and the market must be implemented. We all know how to establish border firewall protection between the Internet and the Intranet, and now we should be aware of establishing border protection between different business users on the Internet.
10. Reliable security decisions
Network users also have security risks. Some users may lack network security knowledge, such as the difference between RADIUS and TACACS, or the difference between proxy gateway and group filter firewall, however, as partners of the company, they are also users of the network. Therefore, enterprise networks must make these users easy to use so that they can automatically respond to network security policies.
In addition, technically, security switches, backup of important data, use of proxy gateways, ensure operating system security, use of host protection systems and intrusion detection systems are also indispensable.