Shulou(Shulou.com)06/01 Report--

Local area network security

First, review the common ways of *

[vulnerability scanning and exploitation]:

Through a specific operation process, or the use of special vulnerabilities * * programs, take advantage of vulnerabilities in existing operating systems and application software to * the system or obtain special permissions. For example, the web page * * takes advantage of the vulnerabilities of browsers such as IE, and SQL injection exploits the loopholes of web code.

[virus implantation]:

Destroy user data, steal user information, or secretly control the user system by implanting viruses or programs into the user's system. For example, sending an email with a virus or hanging a horse through a website can install the virus or * * into the user's system.

[DDoS***]:

DDoS (Distributed Denial of Service) is distributed denial of service (DDoS). The most basic DoS*** is to use reasonable service requests to occupy too many service resources, so that the server can not handle legitimate user requests. Many DoS*** sources form a DDoS*** together with a server.

[phishing]:

* * people use fraudulent e-mails, text messages or QQ to entice users to visit fake websites to carry out online fraud. victims often disclose their own private information, such as bank card number and password, × × number, and so on. In terms of appearance, the fake website is almost exactly the same as the real website, and the domain name of the website is also similar. For example, the real URL of China Merchants Bank forges a similar wwwNaNdchina.com site for wwwNaNbchina.com,***, and sends it to the victim, such as "your online bank account failed more than 15 times on x month x day. In order to improve the security of your account, it is recommended to log in to the http://wwwNaNdchina.com website to reset your password." So as to induce them to visit fake sites to steal information such as users' online bank accounts and passwords.

In addition, there are password cracking, network monitoring, e-mail and other methods.

II. Security Protection of Local area Network

(1) physical security

Storage location: centrally store key equipment in a separate computer room, and provide good ventilation and fire protection

Conditions of electrical facilities

Personnel management: strict management of personnel entering the computer room to minimize direct contact with physical equipment

The number of personnel

Hardware redundancy: provide hardware redundancy for critical hardware, such as RAID disk array, hot backup routing, UPS no

Intermittent power supply, etc.

(2) Network security

Port management: close unnecessary open ports and, if possible, try to use non-default ports for network services.

If Port 3389 is used for remote Desktop connections, it is best to change it to a different port

Encrypted transmission: try to use encrypted communication to transmit data, such as HTTPS, × ×, IPsec...

Generally, only TCP ports are encrypted, but UDP ports are not encrypted.

* * Detection: enable * detection to identify the characteristics of all access requests and discard or block attacks in time

Hit the request and send a strike warning

(3) system security

System / software vulnerabilities: choose genuine application software, and install various vulnerabilities and repair patches in time

Account / rights management: set high-strength complex passwords for system accounts and change them regularly for specific

Personnel open up the minimum permissions they need

Software / service management: uninstall irrelevant software, turn off non-essential system services

Virus / protection: uniformly deploy antivirus software and enable real-time monitoring

(4) data security

Data encryption: encrypt data with high confidentiality requirements, such as Microsoft EFS

(Encrypting File System) to encrypt the file system

User management: strictly control users' access to critical data and record users' access logs

Data backup: back up critical data and make a reasonable backup plan, which can be backed up remotely.

Server, or save to physical media such as CD or tape, and ensure the availability of backup

Deploy the network version of antivirus software

In fact, the biggest threat to the security of the local area network is not from the outside, but from within the local area network.

Due to the lack of security awareness and skills of end users, as well as the proliferation of viruses and * * on Internet, it is easy for users to unwittingly bring viruses and * * into the local area network when browsing the web.

(1) introduction of network version antivirus software (characteristics)

Client antivirus software can be installed or uninstalled remotely

Users can be prohibited from uninstalling client antivirus software by themselves

Disease prevention strategies can be uniformly formulated, distributed and implemented throughout the network.

The system health status of the client can be monitored remotely

Provide remote alarm means to automatically send virus information to the network administrator

Allow client users to customize antivirus policies

(2) deploy Symantec network version antivirus software

Symantec Endpoint Protection Enterprise Edition is a network version of antivirus software launched by Symantec, which is composed of a management desk and a client.

It integrates antivirus, antispyware, firewall and defense, as well as device and application control capabilities. Through centralized management functions, you can help physical and virtual systems defend against various types

Deploy the relevant components of Symantec:

This software needs the support of IIS function, so it is necessary to install IIS7.0 and related ASP.NET, CGI, IIS6.0 management compatibility role services on Server 2008.

IV. Introduction to firewalls

(1) the concept of firewall

In order to prevent *, the intranet must build a secure "moat" when accessing the Internet, and protect the intranet through the "moat". This "moat" is the firewall.

The English name of the firewall is "Fire Wall". It is one of the most important network protection devices at present.

There is a built-in firewall in each of the systems. By enabling the Windows firewall, it can effectively block illegal access to the system and improve the security of the computer system, as shown below:

(2) the main functions of the firewall

V strengthen security policy

§restrict users' internal and external access

V record users' online activities

§Monitoring the online behavior of LAN users

V hide network topology

§hide the internal network

§alleviate the contradiction of shortage of public IP addresses

V check security policy

§filter insecure services to improve network security

(3) the classification of firewalls

1. Classify by function of firewall

Packet filtering firewall

Hardware firewall, packet filtering technology is the most traditional and basic technology of firewall.

It works at the network layer of the OSI (Open System Interconnection) reference model

It determines whether packets are allowed to pass based on flags such as header source address, destination address, port number, and protocol type.

Application proxy firewall

The software firewall, which works at the highest layer of OSI, namely the application layer

Using this kind of firewall, you can implement strong data flow monitoring, filtering, recording and reporting functions.

Stateful inspection firewall

A hardware firewall, which is developed from a packet filtering firewall

It can dynamically generate or delete corresponding packet filtering rules according to the actual application requirements without manual intervention by the administrator.

This kind of firewall can not only control the packet according to the source address, destination address, protocol type, source port, destination port and other packets, but also record the connection status through the firewall and directly process the data in the packet.

2. Classify according to the form of software and hardware of firewall

Software firewall

The software firewall runs on a specific computer and requires the support of a pre-installed operating system. Generally speaking, this computer is the gateway of the entire network.

The software firewall, like other software ports, needs to be installed and configured on the computer before it can be used, such as Microsoft's TMG firewall.

Hardware firewall

The hardware firewall uses dedicated chips to process network packets, and CPU is only used for management.

Z. uses a special operating system platform, thus avoiding the security vulnerabilities of general operating systems, such as Cisco Asa firewall

(4) commonly used style firewalls

1. NetScreen series firewall

Integrated firewall, * *, * * detection and traffic management functions (see figure)

2. Cisco ASA 5500 Series Firewall

Provides a wealth of application security, network control, × × and other functions (see figure)

3. Tianrongxin Firewall

Integrated firewall, anti-virus, * * detection, * and other functions (see figure)

4. TMG firewall (software firewall)

TMG belongs to Microsoft Forefront product family, which is mainly responsible for the security prevention and protection at the edge of the network. It can be perfectly integrated with active directory, NAP and so on to achieve more comprehensive and convenient security control.

In addition to the main functions of traditional firewalls, it also has the following functions.

Perfect support for 64-bit memory addressing

Not limited by the addressing of 4G memory, the performance of memory reading, writing and management has been greatly improved.

Web Antivirus and Filterin

Check the Web access through URL filtering, malware inspection, HTTS inspection and other ways to shut out viruses, spyware and so on.

Caching

For enterprises that need to handle a large amount of Web traffic, the caching function can greatly improve the Internet speed of users and reduce the cost of bandwidth.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.