Two-Step Protection against intrusion

How far is your network from security?

Take two steps.

If Step 1 passes, I believe you have taken step 1-98: You have bought the firewall, IDS/IPS, and anti-virus software, and you have used the VPN, the switch is also upgraded to a security switch. You ask the security vendor experts to plan the security deployment for you and associate various devices. You also ask these security experts to train their employees, teach them how to develop good habits ...... If you have not completed these steps, the network will not be enough to resist medium and low-end "hackers". If you have done these steps seriously, you will try your best to take the next step, suppose security is really important to you, such as a bank.

Remember one sentence: Hacker attacks protected!

Last step: Security Audit

In fact, after the last three steps, you know exactly what defenses the network can defend against, but the problem is that no one tells you what network defects are, do we count on those security product vendors? Snort, a well-known open-source IDS software that can be freely downloaded from the Internet, will give you a clear picture of the situations in which it will report false positives and false positives. For those commercial products, the random manual is a piece of praise, although some products are to install Snort into a hard box that users are not allowed to open.

Even if many equipment vendors provide great products, security is integrated security, rather than local security. Who knows security?

You need a third party outside Party A to objectively evaluate your network. Instead of asking people to study new attacks, security audit collects existing attack methods to traverse your network, traversal is based on the simulation of various possible traffic models, in order to find the unreasonable security topology and the weakness of the device.

Unfortunately, this security audit organization is too hard to find. With such software, you can take part of the auditing work. It takes several hours to scan hosts and network devices on the network, and then give you a report, tell you about vulnerabilities in the operating system and applications. Someone like this has successfully intruded into a large website (I believe it provides security protection) and told the website about the vulnerability, at last, the person became the security consultant for the website. Of course, this involved legal issues. Can we bring together a number of familiar attack techniques and secure deployment "Hermit" to defend network security? It is said that the "engineers" who can open the anti-theft door within half an hour without a key need to register at the police station, but are there yet professional unlocking companies that have collected a bunch of talents to help the public solve the problem?

The legality and industrial specifications of security audit institutions should be addressed first. In this way, security audit can be switched from the current underground to open, from passive audit to active audit by Party. Will Security Auditors become potential attackers? I believe that only when everything is clearly put can we gradually eliminate the fear and distrust of Security Auditors. At the same time, the emergence of security audit will also stimulate security solution providers to improve service levels. On the one hand, it also enables medium and high-end "hackers" to shorten their sleep time or "Slave Liang ".

The qualification of security audit is relatively easy to assess. In view of the current security deployment level, auditing without any vulnerabilities is definitely not a good audit!

Security Auditing has the problems of legalization and standardization around the world. Of course, once security auditing becomes popular, some people will become audit experts for their dreams. From "Primary School Students" to "graduate students, I don't know how many "Meat bots" I have used to train my hands. In this case, I still need to follow the rules required by the law!

Last step, misson impossible!

There are always a few talented computer enthusiasts who ignore the law and create billions of dollars of losses each year, so that Party A can spend more money on security deployment, security vendors are constantly patching their products. How can we suppress them?

Not long ago, I heard that an IPS vendor in the United States has the "digital vaccine, real-time vaccination" capability, and its vulnerability collection Department cooperates with vulnerability research institutions such as top security forums, discover undiscovered vulnerabilities and send software updates to users every week to avoid "zero-day" attacks. I also heard that this vendor has been acquired at a high price by a famous international network equipment provider.

If this vendor is really doing well, it's just a little bit forward. This can be regarded as a contest between top-level "Hongke" and top-level "hacker, however, the comparison of power is never as easy as "being" able to suppress "evil!

What is the difference in security? Actually, I don't know. However, the most important thing to say is that since auditing can be performed in the dark, you may want to think about whether it can be operable, usable, and controllable.