Design of Enterprise Cyber Security Solution. With the rapid development of information technology, many far-sighted enterprises have realized that relying on advanced IT technologies to build their own business and operation platforms will greatly enhance their core competitiveness so that they can stand out in a harsh competitive environment. The dependence of management on computer application system is enhanced, and the dependence of computer application system on the network is enhanced. The scale of computer networks is constantly expanding, and the network structure is increasingly complicated. The normal operation of computer network and computer application system puts forward higher requirements on network security. Information security should be considered as a whole, comprehensive coverage of all levels of information systems, network, systems, applications, data to make a comprehensive defense. The model of information security precaution system shows that security precaution is a dynamic process. The technical measures should be complete beforehand, during the incident and afterwards. Security management should run through the precautionary activities.
1 Introduction
With the advent of computer networks and the rapid development of the Internet, the application of network-based computer enterprises is also rapidly increasing. Based on the network information system, it has brought greater economic benefits to the operation and management of enterprises. However, the ensuing security problems In troubled users, after 2003, the spread of Trojan horses and worms further deteriorated the information security status of enterprises. This puts forward higher requirements for enterprise information security.
With the rapid development of information technology, many far-sighted enterprises have realized that relying on advanced IT technologies to build their own business and operation platforms will greatly enhance their core competitiveness so that they can stand out in a harsh competitive environment. In the face of this rapidly changing market, enterprises are faced with the problem of how to improve their own core competitiveness. However, their internal management problems, efficiency problems, assessment problems, information transmission problems and information security problems are always restricting themselves and their enterprises The use of PKI technology to solve these problems has become an important means for many enterprises to enhance their own competitiveness.
In the following description, a company as an example to illustrate.
2 information system status
2.1 The overall status of information
1) computer network
A company has more than 500 computers, interconnected through intranet, according to the company unified planning, through the firewall and external network interconnection. In the internal network, each computer in the same network segment, through the switch connection.
2) application system
After many years of accumulation, a company's computer application has basically covered all aspects of operation and management, including various application systems and office automation systems. With the further improvement of computer networks, computer applications are also shifting from data-dispersed application models to increasingly centralized data models.
2.2 Information Security Status
In order to protect the safety of computer networks, a company implemented a computer network security project. Based on the current understanding of information security and the status of security products, the main contents of information security include network security, deployment of network security products such as firewalls and anti-virus servers, This greatly enhances the security of the company's computer networks. These products have played a significant role in preventing network attacks, shockwaves and other virus attacks as well as daily network and desktop security.
3 risk and demand analysis
3.1 Risk Analysis
Through the analysis of the current status of our information system, we can draw the following conclusions:
(1) The dependence of management on computer application system is enhanced, and the dependence of computer application system on the network is enhanced. The scale of computer networks is constantly expanding, and the network structure is increasingly complicated. The normal operation of computer network and computer application system puts forward higher requirements on network security.
(2) The computer application system involves more and more enterprise key data. Most of these data are concentrated in the data center of the company's headquarters. Therefore, it is necessary to strengthen the user management and identity authentication of each computer application system, strengthen the data backup and use Technical means to improve data confidentiality, integrity and availability.
Through the analysis of the existing information security system, it can also be seen that with the development of computer technology and the increasing variety of security threats, the information security of a certain company does not only exist in the overall composition but also the function and performance of the information security product Defects, specifically in:
(1) Systematic is not strong, safety protection is limited to network security, there is a big risk to the safety of system, application and data.
The current implementation of the security program is based on the understanding of the time, the main focus of work on network security, security and system and application of the lack of technical and management tools. Such as the lack of effective authentication, access to servers, network devices and applications are stuck in the simple user name / password authentication phase, it is easy to be pretentious; and lack of data backup overall program and system specifications, easily lead to important data Lost and leaked.
The basic concept of cybersecurity at the time was a concept of external cybersecurity based on the trust model that users inside the network were trustworthy. Under this model of trust, it is assumed that all possible attackers threatening information security come from outside the organization and enter the internal network information system from outside through various attacks using the network.
In view of the external network security, people put forward the concept of internal network security, which is based on the trust model that all users are untrustworthy. In this trust model, it is assumed that all users may pose a threat to information security and may pose a threat to information security by a variety of more convenient means, such as catching coots, stupid catastrophes,倏 卮 Maid enemy enemy ⅲ 蛘 grumble 诓 guest cousin dream history 衿 鳎 slightly 刂 plaque man ⒉ ⒌ few] 诓 ァ D 诓 guest 绨 annoying 中 中 Pai Wen P transparent side Quality 淖 pure 觥 �
Research by authorities such as the FBI and CSI also shows that more than 80% of information security vulnerabilities come from within organizations, which directly lead to theft and destruction of information by internal staff .
Information system security is a dynamic process, a company's lack of relevant rules and regulations, technical specifications, nor the selection of the security services. Can not give full play to the effectiveness of safety products.
(2) The original network security products can not adapt to the new situation in function and performance, and have certain network security risks and the products need to be upgraded urgently.
Many of the cyber security products that have been purchased can not meet the requirements of further improving information security in terms of functionality and performance. For example, to further improve the security of the entire network, the system intends to strictly limit the Internet exports. The original firewall will become the bottleneck between the intranet and the public network. At the same time the virus prevention, new means of attack on the firewall also made more functional requirements, the existing firewall does not have these features.
The construction of network information system is based on the risk assessment. This is the inherent requirement of information construction. The system administration department, operation and application unit must do well the information security risk assessment of this system. Only in the early stages of construction can we avoid the waste of duplication and investment by using risk assessment and risk management in the planning process.
3.2 Requirements Analysis
As mentioned earlier, there is a big risk for a company's information system. The demand for information security is mainly reflected in the following points:
(1) A company's information system not only needs a safe and reliable computer network, but also need to make every aspect of system, application and data safe. To this end, we must strengthen the overall layout of security and protection, expand the coverage of security and increase new security measures.
(2) The expansion of network scale and the increase of complexity, as well as the continuous emergence of new attack means make the computer network security of a company face more challenges and the original products are upgraded or redeployed.
(3) The increasing importance and complexity of information security work put forward higher requirements on safety management. Therefore, it is necessary to speed up the construction of rules and regulations and technical specifications so that all the work on security prevention can be ordered in an orderly manner get on.
(4) Information security precaution is a dynamic cyclic process. How to make use of the security services of professional companies to do all precautionary, expeditious, and ex-post precautionary measures to deal with emerging security threats is also an important issue facing a company Question.
4 design principles
The construction of a safety system should be conducted in accordance with the principle of "unified planning, overall arrangement, uniform standards and step-by-step implementation" so as to avoid duplication of effort and redundant construction and give full consideration to overall and local interests.
4.1 standardization principle
The plan refers to the national laws and standards concerning information security and the standards and regulations already drafted or being drafted within the company to standardize and standardize the construction of safety technology system so as to lay a solid foundation for expanding, upgrading and centralized management.
4.2 Systematic principles
Information security is a complicated systematic project. Considering all levels of information system and security precautions, information security not only pays attention to the realization of technology but also intensifies the management to form a systematic solution.
4.3 avoid the risk principle
The construction of safety technology system involves all aspects of the network, system and application. Any modification, addition or even movement may affect the smooth operation of the existing network or the continuous and stable operation of the system. This is the maximum that the safety technology system must face risk. In particular, this plan considers the problem of avoiding operational risks and gives priority to ensuring transparency when planning and applying basic safety measures. From the requirements of providing general safety-based services, this plan designs and implements a smooth connection between safety and application systems.
4.4 Protection of investment principles
Due to the historical reasons for the development of information security theory and technology and its own financial capability, a company built some overall or regional security technology systems in phases and in batches, and configured corresponding facilities. Therefore, based on the basic principle of protecting the efficiency of investment in information security, this plan takes a sound and integrated approach to the existing safety system while reasonably planning and constructing a new safety subsystem or introducing new safety facilities The overall safety technology system, to play a better performance, rather than reject or abandon.
4.5 multiple protection principles
Any security measures are not absolutely safe, may be compromised. However, the establishment of a multiple protection system, protection of each layer complement each other, when a layer of protection is compromised, the other layer of protection can still protect the safety of information.
4.6 step-by-step implementation of the principle
Due to the wide range of application expansion of a certain company, as the size of the network expands and the application increases, the system vulnerability will also continue to increase. It is unrealistic to solve the security problem once and for all. In view of the characteristics of the security system, seek the balance of security, risks and expenses and adopt the principle of "unified planning and step-by-step implementation." To meet the basic needs of a company's security, but also save costs.
5 design ideas and the selection and deployment of security products
Information security should be considered as a whole, comprehensive coverage of all levels of information systems, network, systems, applications, data to make a comprehensive defense. The model of information security precaution system shows that security precaution is a dynamic process. The technical measures should be complete beforehand, during the incident and afterwards. Security management should run through the precautionary activities.
Information security is relative and needs to be balanced between risk, safety and investment. Through the analysis of a company's informationization and information security status quo, a survey of existing information security products and solutions is conducted with the computer professional Contact with the company, initially identified the content of this security project. Through the implementation of this safety project, a more complete information security prevention system has basically been established.
5.1 Network Security Infrastructure
Certificate certification system, whether it is internal information network or external network platform, must be built on a safe and reliable network. At present, the best solution to these security problems is to apply PKI / CA digital authentication service. Public Key Infrastructure (PKI) is a security system that provides online identity authentication based on public key theory and technology. It resolves the security issues such as online identity authentication, information integrity and non-repudiation, For network applications to provide reliable security, to provide users with a complete digital PKI / CA certification services. Through the construction of certification certification center system, to establish a sound network security certification platform, through this security platform to achieve the following goals:
Authentication: Confirm the identity of both communication parties, the identity of both communication parties can not be fake or disguised, in this system through the digital certificate to confirm each other's identity.
Confidentiality of data: Encryption of sensitive information to ensure that information is not compromised is done using digital certificate encryption in this system.
Integrity of data: Ensuring communication information is not corrupted (truncated or tampered with) by hash functions and digital signatures.
Non-Repudiation: Preventing each other from denying their actions, ensuring that the communicating parties recognize and take charge of their actions through digital signatures, and digital signatures serve as legal evidence.
5.2 border protection and network isolation
VPN (Virtual Private Network) Virtual Private Network (VPN) is a logical virtual private network that connects networks that are physically distributed in different locations through a common backbone network (such as the Internet). Compared with the traditional physical methods, it has the advantages of low cost and maintenance cost, easy expansion and high data transmission security.
By installing and deploying a VPN system, enterprises can build a virtual private network provides a complete set of security solutions. It uses an open network as the media for information transmission and opens up a tunnel on the public network by means of encryption, authentication, encapsulation and key exchange so that legitimate users can securely access private data of an enterprise instead of leased lines to realize mobile User, remote LAN secure connection.
The integrated firewall function module adopts state-detection packet filtering technology to effectively monitor and control various network objects and provide efficient and stable network security.
Centralized Security Policy Management Centrally manages and configures security policies across the entire VPN network.
5.3 Secure E-mail
E-mail is one of the earliest applications on the Internet. With the rapid development of the Internet, the use of e-mail is becoming more and more widespread and has become an important tool for people to communicate with each other. A large amount of sensitive information is subsequently disseminated on the Internet. However, due to the openness of the network and the shortcomings of the e-mail protocol itself, e-mail has a big security risk.
Currently widely used e-mail client software such as OUTLOOK S / MIME (Secure Multipurpose Internet Mail Extensions), it is from PEM (Privacy Enhanced Mail) and MIME (Internet mail attachment standards) evolved. First of all, its authentication mechanism relies on a hierarchical certificate authority. All lower-level organizations and individuals are certified by a higher-level organization and the highest-level organization (root certificate) is mutually authenticated. The entire The relationship of trust is basically a tree. Second, S / MIME encrypts the contents of the letter and signs it as a special attachment. Ensure the safety of the contents of the letter.
5.4 desktop security
The threat to corporate information security comes not only from the outside of the enterprise network, but also from a large number of internal security threats. A long time ago there is data in the security community that shows that nearly 80% of cyber-security incidents come from within the enterprise. At the same time, due to the internal staff, such crimes often have a clear purpose, such as theft of corporate secrets and patent information, financial fraud, etc. Therefore, the threat to the enterprises is even more serious. The management and monitoring of desktop computers is an effective way to reduce and eliminate internal threats.
Desktop security systems integrate electronic signatures, file encryption applications, secure logins, and the appropriate smart card management tools into a single unit that is a total solution for client-side security.
1) electronic signature system
The use of asymmetric key system to ensure the integrity of the document and non-repudiation. With component technology, it seamlessly embeds OFFICE systems, users can sign documents after editing them, or verify the integrity of the documents when they open the document and view the author of the document.
2) secure login system
Secure Login System provides authentication of system and network logins. After use, only people with the specified smart key can log in to the computer and the network. Users need to leave the computer, simply unplug the smart key, you can lock the computer.
3) file encryption system
File encryption application system to ensure the safe storage of data. Because the key is stored in the key of the intelligent password, the encryption algorithm adopts the international standard security algorithm or the national password management agency to designate the security algorithm, thereby ensuring the security of the stored data.
5.5 Authentication
Identity authentication refers to the computer and network system to confirm the identity of the operator. PKI-based authentication is a convenient and secure authentication technology developed in recent years. It uses a combination of hardware and software, a dense two-factor authentication mode, a good solution to the conflict between safety and ease of use. USB Key is a USB interface hardware device, which built-in microcontroller or smart card chip, you can store the user's key or digital certificate, the use of USB Key built-in password algorithm for user authentication.
The PKI-based USB Key solution not only provides authentication capabilities, but also builds a comprehensive user management and authentication system, application security components, client-side security components and certificate management system through a series of hierarchical and logical connections Security technology system in order to achieve the above identity authentication, authorization and access control, security audit, data confidentiality, integrity, non-repudiation of the overall requirements.
6 program organization and implementation
Network and information security prevention system process consists of three major components: Pre-attack defense, attack prevention and post-attack response. Safety management throughout the entire process. Network and information security prevention system model process not only describes the dynamic process of security, but also for the implementation of this program provides a reference.
Therefore, in the organization and implementation of this program, in addition to the implementation of the project, we should also attach importance to the following tasks:
(1) On the basis of preliminary risk analysis, the project implementers should carry out further risk assessment, clarify the needs and aim to ensure the pertinence of technical solutions and return on investment.
(2) Take emergency response and accident recovery as part of the technical solution, and if necessary, make use of the security services of professional companies to improve their ability to deal with major security incidents.
(3) The scheme has a large investment and a wide coverage. According to the actual situation, the scheme can be implemented in different regions and phases.
(4) At the same time of implementing the plan, the construction of rules and regulations and technical specifications should be strengthened so that the daily work of information security should be further institutionalized and standardized.
7 Conclusion
Taking a certain company as an example, this paper analyzes the current situation of network security, points out the existing risks and then proposes a set of complete solutions covering all aspects, from the improvement of technical means to the improvement of rules and regulations. From the stand-alone system Security reinforcement, to the overall network security management. The program from the technical means, from the operability are easy to implement, easy to deploy, for many industries to provide a means of network security.
It is also hoped that through the implementation of this program, a sound information security system can be established to effectively prevent attacks and threats from all aspects of the information system and minimize the risks.