Shulou(Shulou.com)06/01 Report--

A goal of information security

Information security involves the confidentiality (Confidentiality), integrity (Integrity) and availability (Availability) of information.

Based on the above requirement analysis, we believe that the network system can achieve the following security objectives:

Protect the availability of the network system

Protection of the continuity of network system services

Guard against illegal and unauthorized access to network resources

To guard against malicious vandalism and sabotage by those who are in trouble.

The confidentiality and integrity of information in the process of transmission through the Internet

Guard against the invasion of viruses

Realize the security management of the network

2. Information security guarantee system

2.1 basic framework of information security system

Through the three elements of human, management and technical means, the dynamic information and network security system framework WPDRR model is constructed to realize the security of the system. WPDRR refers to: early warning (Warning), protection (Protection), detection (Detection), response (Reaction), recovery (Recovery). The five links have time relationship and dynamic closed-loop feedback relationship.

Security is comprehensive and interrelated, which is not only a technical problem, but also a combination of human, management and technology.

The technology that supports system security is not a single technology, it includes many aspects. Under the control and guidance of the overall security policy, comprehensively use protection tools (such as firewall, × × encryption, etc.), use detection tools (such as security assessment, * detection, etc.) to understand and evaluate the security status of the system, adjust the system to the state of "highest security" and "lowest risk" through appropriate response, and ensure the rapid recovery of the system after damage through backup fault-tolerant means. Through the monitoring system to achieve the tracking of illegal network use.

Early warning: use the analog × × technology provided by the remote security assessment system to check the fragile links that may be used in the system, collect and test the security risks of the network and information, and report them in an intuitive way. provide recommendations on the solution, after analysis, understand the risk trends and serious risk points of the network, so as to effectively reduce the overall risk of the network and protect critical business and data.

Protection: protection is usually through the use of mature information security technologies and methods to achieve network and information security, including firewall, authorization, encryption, authentication and so on.

Detection: detect and monitor networks and systems to discover new threats and weaknesses and enforce security policies. In this process, some technologies such as * detection and malicious code filtering are used to form a dynamic detection system and establish a report coordination mechanism to improve the real-time performance of detection.

Response: after the detection of security vulnerabilities and security events, we must make a timely and correct response, so as to adjust the system to a secure state. For this reason, we need the corresponding alarm, tracking and processing system, which includes blocking, isolation, reporting and other subsystems.

Recovery: when the network, data, and services are destroyed or affected, the disaster recovery system returns the system to normal in the shortest possible time through necessary technical means (such as fault tolerance, redundancy, backup, replacement, repair, etc.).

2.2 Security Architecture Technology Model

The demand for security can not be solved by any single security technology, so a suitable security architecture model should be selected. the information and network security system consists of three levels: security service, protocol level and system unit. and each level contains the content of security management.

2.3 Security Zone Policy

According to the division of security areas, the competent department should formulate targeted security policies.

1. Audit and evaluate key areas regularly to establish a security risk baseline.

2. Install a distributed detection system for key areas

3. Deploy an antivirus system to prevent malicious scripts, × × and viruses

4. Establish a backup and disaster recovery system

5. Establish a single sign-on system for unified authorization and authentication.

6. Configure network equipment to prevent pre-denial of service.

7. Regularly scan the security vulnerabilities and network audit in the key areas, and strengthen the system according to the scanning results.

2.4 Unified configuration and management of antivirus systems

The competent department should establish an overall virus defense strategy to achieve unified configuration and management. The strategy of network antivirus should meet the requirements of comprehensiveness, ease of use, real-time and expandability.

The antivirus system used by the competent department shall provide a centralized management mechanism, establish a virus system management center, monitor the anti-killing status of each antivirus product, update and upgrade the virus code and antivirus engine, and collect logs of virus protection on each antivirus product, and carry on the analysis report.

Establish an update center, responsible for the whole virus upgrade work, regularly and automatically obtain the latest upgrade files (including virus definition codes, scanning engines, program files, etc.) on the virus provider website, and then through the virus system management center, the management center is distributed to the client and server, and the antivirus software is updated automatically.

2.5 Network Security Management

In network security, in addition to the above-mentioned technical measures, strengthening the security management of the network and formulating relevant rules and regulations will play a very effective role in ensuring the safe and reliable operation of the network. Safety management is a very important part in the construction of security system. Any safety and technical guarantee measures should eventually be implemented in the specific management rules and regulations and the specific responsibilities of managers, and be realized through the work of managers.

Safety management follows the international standard ISO17799, which emphasizes the effectiveness, economy, comprehensiveness, universality and openness of the management system. The purpose is to provide a high-quality and practical reference for organizations that want to achieve certain management results. Each unit takes this as a reference to establish its own information security management system, which can be designed and chosen according to their own actual situation on the basis of the experience of others, so as to achieve the purpose of good management of information. Information security is not only a technical problem, but also a management problem. The best way to protect an asset is to establish a complete and scientific management system for it. The establishment and implementation of information security management system (ISMS) is an important measure to ensure the information security of enterprises, institutions and government agencies. At present, the vast majority of governments in the world, including China, have signed agreements to support and recognize ISO17799 standards.

Its components are shown in the figure, and the functions of each module are as follows:

Management system diagram

1) overall strategy

Determine the overall goal of safety and the principles to be followed.

2) Organization

After determining the security policy, we must clarify the responsible department and implement the specific implementation department.

3) Classification and control of information assets, security of staff, security of physical environment, business continuity management

With goals and responsibility units, we must carefully consider the process and consider the specific content of security in terms of information assets, people, physical environment, business availability, and so on.

4) Communication and operation security, access control, system development and maintenance

These three aspects belong to the technical problem of solving security, that is, how to solve the problem? How to support the implementation of security objectives, security policies and security content through technology.

5) Inspection, monitoring and audit

It is used to check the effect of safety measures and evaluate the implementation and effect of safety measures.

2.5.1 safe operation organization

The safe operation management organization system is mainly composed of the supervisor, the information center and the relevant departments of the business application, in which the leader is the core, and the information center is the materialized organization of the system operation management system. the relevant departments of business application are the direct users of the system supporting platform.

Determine the internal management function department of the system, clear the responsible department, that is, to organize the safety operation management team, which is responsible for the security maintenance of the operation.

2.5.2 Safety management system

In the face of the fragility of network security, in addition to adding security service functions in the network design and improving the security measures of the system, it is also necessary to establish network security management. Define the safety responsibilities, formulate the safety management system, and implement the principles of safety management: the principle of multi-person responsibility, the principle of limited tenure, and the principle of separation of duties.

2.5.3 Emergency response mechanism

Set up an internal organization with the participation of managers and technicians, put forward emergency response plans and procedures, provide technical support and guidance for computer systems and network security incidents, and provide notification and analysis of security loopholes or hidden danger information; incident statistical analysis report; provide training related to security incident handling.

three。 Information security architecture

Through a comprehensive understanding of network applications, according to security risks, requirements analysis results, security policies and network security objectives. The specific security control system can be described from the following aspects: physical security, system security, network security, application security, management security.

3.1 physical Security

Ensuring the physical security of all kinds of equipment in the computer information system is the premise of ensuring the security of the whole network system. Physical security is a process to protect computer network equipment, facilities and other media from environmental accidents such as earthquakes, floods, fires, as well as human errors or errors and various computer crimes. It mainly includes three aspects:

3.1.1 Environmental security

The security protection of the environment where the system is located, such as area protection and disaster protection; (see national standard GB50173-93 "computer room design code", national standard GB2887-89 "computing station site technical conditions", GB9361-88 "computing station site safety requirements")

3.1.2 equipment security

Equipment safety mainly includes anti-theft, anti-destruction, anti-leakage of electromagnetic information, prevention of line interception, anti-electromagnetic interference and power protection, etc.; redundant backup of equipment; through strict management and improve the overall safety awareness of employees.

3.1.3 Media Security

Including the security of media data and the security of the media itself. Obviously, in order to ensure the physical security of the information network system, in addition to the requirements of network planning, site and environment, it is also necessary to prevent the diffusion of system information in space. There have been many cases in which computer systems intercept information and lose secrets through electromagnetic radiation. with the support of theory and technology, it is also proved that the recovery and display technology with interception distance of hundreds or even kilometers has brought great harm to the confidentiality of computer system information. In order to prevent the information in the system from spreading in space, some physical protective measures are usually taken to reduce or interfere with the diffused spatial signals.

3.2 system security

3.2.1 Network structure security

The security of the network structure mainly refers to whether the network topology is reasonable, whether the lines are redundant, whether the routes are redundant, preventing single point of failure and so on.

3.2.2 operating system security

For the security prevention of the operating system, the following strategies can be adopted: try to adopt a highly secure network operating system and make the necessary security configuration, close some applications that are not commonly used but have security risks, and strictly restrict the access to some key files with user information and their passwords (such as LMHOST, SAM, etc.) under Windows NT. Strengthen the use of passwords (increase the complexity of passwords, do not use user identity-related, easy-to-guess information as passwords), patch the system in time, and the mutual calls within the system are not disclosed to the public. By equipped with the operating system security scanning system to scan the security of the operating system, find the security loopholes, and pertinently reconfigure or upgrade the network equipment.

3.2.3 Application system security

In terms of application system security, application servers should try not to open some protocols and protocol port numbers that are not often used. Such as file service, e-mail server and other application systems, you can turn off the server services such as HTTP, FTP, TELNET, RLOGIN and so on. There is also to strengthen login authentication. Ensure the legitimacy of the user's use; and strictly restrict the operation rights of the loggers, and limit their completed operations to a minimum. Make full use of the log function of the operating system and the application system to record the information accessed by users, so as to provide a basis for post-examination.

3.3 Network Security

Network security is the key to the whole security solution, which is described respectively from access control, communication security, * detection, network security scanning system and anti-virus.

3.3.1 isolation and access control

Strict management system

The systems that can be formulated are: "detailed rules for the implementation of user authorization", "password and account management norms", "authority management system", "security responsibility system" and so on.

Firewall is equipped with.

Firewall is one of the most basic, economical and effective security measures to realize network security. The firewall realizes the isolation and access control between different trust domains of internal and external networks or internal networks by formulating strict security policies. And the firewall can achieve one-way or two-way control, and achieve fine-grained access control for some high-level protocols.

3.3.2 please detect

By using the firewall and strictly configured, all kinds of unsafe access can be prevented from passing through the firewall, thus reducing the security risk. However, network security can not be achieved entirely by a single firewall product, network security is a whole, must be equipped with corresponding security products, as a necessary supplement to the firewall. * the detection system is the best security product. * the detection system monitors and records all operations in and out of the network segment in real time according to the existing and up-to-date information codes of × × means, and responds according to the established policies (blocking, alarming, sending E-mail). So as to prevent criminal acts against the network. The detection system generally includes a console and a detector (network engine). The console is used to develop and manage all probes (network engines). The probe (network engine) is used to listen for access behavior in and out of the network and perform the corresponding behavior according to the instructions of the console. Because the detector monitors rather than filters data packets, the application of the detection system will not have much impact on the performance of the network system.

3.3.3 virus protection

Because in the network environment, computer viruses have inestimable threat and destructive power. As we all know, the operating system used in the network system is generally the WINDOWS system, which is easy to be infected with the virus. Therefore, the prevention of computer virus is also one of the important links that should be considered in the construction of network security. Antivirus technology includes three technologies: virus prevention, virus detection and antivirus.

3.4 Application security

3.4.1 Resource sharing

Strictly control the use of network shared resources by internal employees. Do not easily open the shared directory in the internal subnet, otherwise it is easier to leak important information when exchanging information with employees because of carelessness. For users who need to exchange information frequently, the necessary password authentication mechanism must be added when sharing, that is, access to data is allowed only through password authentication. Although the mechanism of user name plus password is not very secure, it still has a certain degree of security protection for ordinary users, even if there are deliberate crackers, as long as the password is more complex, it will take a long time.

3.4.2 Information storage

For user hosts involving secret information, users should try their best to open less commonly used network services in the process of application. You must make a secure backup of the database in the data server. Through the network backup system, the database can be stored remotely.

3.5 Safety Management

3.5.1 develop a sound safety management system

The establishment of a sound security management system will be an important guarantee for the realization of network security. According to their own actual situation, we can formulate the safety operation process, the reward and punishment system of safety accidents and the examination of the appointment of safety management personnel.

3.5.2 build a security management platform

Building a security management platform will reduce a lot of risks caused by unintentional human factors. To build a security management platform, for example, to form a security management subnet and install centralized and unified security management software, such as virus software management system, network equipment management system and network security equipment management software. The security management of the whole network is realized through the security management platform.

3.5.3 enhance the safety awareness of personnel

The employees of the unit should often be trained in network security awareness so as to comprehensively improve their overall network security awareness.

The framework of information security construction and operation system

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.