Technical Analysis and standard discussion on Intranet Security (1)

1. Overview of Intranet Security

After the 21st century, with the rapid increase of information technology in China, the Intranet Information security has received more and more attention. In just a few years, Intranet security products and vendors have emerged. However, it is worrying that although many products and vendors provide services with the concept of Intranet security, the actual technology and content are very different. In this situation, on the one hand, it is misleading to the market and users, which is not conducive to solving users' actual Intranet security problems, resulting in a waste of investment; on the other hand, it is not conducive to creating a benign competitive environment, the development of the Intranet security market is blocked.

In view of this, it is necessary to establish a systematic theoretical discussion of Intranet security to form a unified consensus and standards so that Intranet security products and vendors can truly meet user needs, solve users' actual problems and promote the development of national informatization.

2. Exploring the nature of Intranet security issues

2.1. Causes of Intranet security problems

The proposal of Intranet security issues is closely related to the national informatization process. The improvement of Informatization makes the internal information network have the following three features:

1) with the popularization of ERP, OA, CAD, and other production and office systems, the calendar operation of the Organization is increasingly dependent on the internal information network, and the Intranet Information Network has become the lifeline of each organization, high requirements on Intranet stability, reliability, and controllability.

2) The internal information network is composed of a large number of terminals, servers and network devices, forming a unified and organic whole. Any part of the security vulnerabilities or problems may lead to paralysis of the entire network, it puts forward unprecedented requirements on the controllability and reliability of each specific part of the Intranet, especially a large number of terminals.

3) Because of the Electronic Production and office systems, the internal network becomes the main carrier of organization information and intellectual property rights, and the traditional methods of information control and management are no longer used, new information management and control methods have become the focus of attention.

The above three problems depend on the Intranet and are closely connected to the Intranet security. Therefore, the Intranet security is widely valued.

2.2. Threat Model for Intranet security issues

Compared with the concept of Intranet security, network security in the traditional sense is more well-known and understood. In fact, in essence, traditional network security is concerned with preventing attacks from the Internet to the Intranet, that is to say, Internet security, including traditional firewalls, intrusion detection systems, and VPN, are designed and considered based on this idea. The Internet security threat model assumes that the internal network is safe and trustworthy, and all threats come from the external network. The approach is primarily through the Intranet and Internet border egress. Therefore, under the assumption of the internet security threat model, security control measures at the network boundary can be taken to ensure the security of the entire network.

The threat model of Intranet security is more comprehensive and meticulous than the Internet security model. It assumes that any terminal, user, and network in the Intranet network is insecure and untrusted, threats may come from both the Internet and any node on the Intranet. Therefore, in the threat model of Intranet security, you need to carefully manage all nodes and participants in the internal network to implement a manageable, controllable, and trusted intranet. Therefore, compared with Internet security, Intranet Security has the following features:

1) A more comprehensive, objective and strict trust and security system is required;

2) It is required to establish more fine-grained security control measures and perform more targeted management on computer terminals, servers, networks and users;

3) complete lifecycle management of information.

3. Existing Intranet security products and technical analysis

Since the introduction of the concept of Intranet security, many vendors have released their own intranet security solutions. Due to the lack of standards, these products and technologies are different, but in summary, it should include audit monitoring, desktop management, document encryption, file encryption, and disk encryption. The following describes the features of these products and technologies.

3.1. monitoring and auditing

Monitoring and auditing products are the first internal network security products. More than 50% of internal network security products launched by internal network security vendors are classified as monitoring and auditing products. Monitoring and Audit products provide centralized monitoring and audit functions for computer terminal access networks, application usage, system configuration, file operations, and peripherals, and generate various types of reports.

Monitoring and Audit products are generally based on protocol analysis, registry monitoring, file monitoring, and other technologies. They are easy to implement and have a short development cycle. They can provide effective evidence in the event of an Intranet security event, achieve the goal of post-event auditing. The disadvantage of monitoring and auditing products is that they cannot prevent problems and fundamentally improve the controllability and manageability of the Intranet.

3.2. Desktop Management

Desktop Management Products implement certain centralized management and control policies for computer terminals, including peripheral management, application management, network management, asset management, patch management, and other functions, this type of product is generally similar to the monitoring and auditing product, and also provides a wealth of audit functions,

In addition to the technology of monitoring and auditing products, desktop monitoring and auditing products may also need to use Hook Technology for Windows systems to control resources. In general, the technology is not very difficult. Desktop monitoring audit products effectively manage and authorize computer terminal resources. However, they cannot effectively control Intranet information data.

3.3. document encryption

Document encryption products are also a relatively large number of internal network security product types developed by internal network security products. They mainly solve the permission management and anti-leak problems of mainstream documents in specific formats, may partially solve the patent information, financial information, design data and drawing data leakage issues.

Document encryption is generally based on the combination of file drivers and application API hooks, which features flexible deployment. However, because the file encryption technology is based on file drive hooks, temporary files, and API hooks, it also has the disadvantages of poor software compatibility, poor adaptability of application systems, low security, and heavy maintenance and upgrade workload.