Shulou(Shulou.com)06/01 Report--

Top-level design concept

Consider all levels and elements of the project, trace the source, take charge of the overall situation, and seek a solution to the problem at the highest level.

Top-level design is not a bottom-up "crossing the river by feeling the stones", but a top-down "systematic planning".

Network security is divided into

Physics, network, host, application, management system

The strongest boundary and the weakest access layer

General outline of safety characteristics

1. Effective access control

Second, effectively identify legal and illegal users

Third, effective anti-counterfeiting means, important data protection

Fourth, the concealment of the internal network

V. Protection of the external network

VI. Prevention of internal and external network viruses

Effective means of safety management (three-point technology, seven-point management)

It's pointless to simply * the Internet is meaningless to steal information.

The real security is the product safety protocol security.

Interception (interception)-interruption (interruption)-tamper (modification)-forgery (fabrication)

Steps for *

Information collection-"vulnerability scanning -" * *-"*--" rights-- "back door--" log clearance

The purpose of the network:

1: obtain confidential information

2: destroy the network integrity of the information.

3The availability of the network.

4: change the controllability of network operation

5: evade responsibility

Security control points:

Access control, security audit, structural security, network equipment protection, communication confidentiality (data is intercepted), communication integrity (data is not tampered with), data backup and recovery

I. access control

1. Access control based on data flow (router, switch, firewall ACL)

2. Classify data according to packet information (QoS)

3. Different data streams adopt different strategies * (extended ACL)

4. User-based access control (telnet, password complexity, ciphertext form, login times, SNMP, fortress host)

5. For access service users, set specific filtering attributes (divide regions, prevent middlemen *)

II. User identification

1. Authentication of docking users (NTP, 802.1X, portal, MAC authentication, AAA)

2. Authentication and authorization of intranet access users (AAA, MAC authentication)

3. Authentication and authorization of remote access users (AAA, local authentication)

Third, protect data security

1. Authentication of network equipment itself (console, system patch, shutdown service CDP)

2. Authentication authorization when accessing the device (fortress host, audit system)

3. Authentication of routing information (protocol authentication, VRRP authentication, IP binding, port binding)

4. Data encryption and anti-counterfeiting (× ×)

5. Data encryption (symmetrical encryption)

6. Using public network to transmit data will inevitably face the problem of data eavesdropping (MD5, SHA authentication)

7. Encrypt the data before transmission to ensure that only the peer communicating with it can be decrypted (asymmetric encryption)

8. Data anti-counterfeiting

9. In the process of transmission, the message may be intercepted and tampered with.

10. Data integrity authentication is required at the receiving end.

Fourth, the concealment of the internal network

1. Hide the internal address of the private network to effectively protect the internal host (NAT)

2. Allow internal network users to initiate connections to the outside, and prohibit external network users from initiating connections to the internal network (closing unnecessary service ports)

5. * protection

1. Effective protection of all kinds of external network * * (FW, IPS interception, WAF, equipment redundancy, protocol redundancy, link redundancy, 75% * * is for web applications)

Disadvantages of IPS: analyze each packet, voice packet requires low latency

VI. Virus prevention

1. Guard against the introduction of viruses from the external network (anti-virus wall, periodic update of virus database)

2. Suppression of intranet virus attacks (IDS, EAD, periodic update virus database)

VII. Improve the system

1. Ensure that the important network equipment is in a safe operating environment to prevent man-made damage.

2. Protect access passwords, passwords and other important security information

3. Implement message audit and filtering on the network, and provide necessary information for network operation.

4. Formulate a sound management system and ensure that the system is well implemented.

There are security issues:

In advance (lack of risk prediction ability) (what assets do you have? What are the loopholes? Is there a strategy? )

In the course of the event (linkage, calling other mechanisms)

Afterwards (lack of detection and response) (are there any new vulnerabilities? Can it be detected by bypass? Can you respond quickly? (lack of continuity)

Solution:

Unpredictable risks in advance, leading to security incidents: disclosure of information, notification of vulnerabilities (be predictable)

There is no effective defense in the event, the database password is modified, and the network fault location is difficult (* log association, call linkage mechanism defense)

Unable to detect hacks, ports, vulnerabilities (lack of detection), web pages tampered with, unable to detect in time (fast response) (continuous detection / response)

(situational awareness system, situational awareness platform) first proposed in the military field (network-wide security situational awareness, behavioral situational awareness)

Situational awareness is a kind of ability based on environment, dynamic and overall insight into security risks. it is a way to improve the ability to discover, identify, understand, analyze, respond and deal with security threats from a global perspective on the basis of Security big data. Ultimately, it is for decision-making and action, and it is the landing of security capabilities.

Defensive measures

1. Do not turn off the default firewall function. If there is a special need, you can selectively open the secure port.

2. Install the monitoring system or deploy the honeypot system on the server side to monitor the abnormal behavior of the server at any time.

3. Update the system patch in time and pay attention to the update announcement of Microsoft system at any time.

4. Get into the habit of checking server logs regularly to find abnormal operations or abnormal users in time.

What security incident management is concerned about

Security events that occur on the network

System events that occur on the network

Application events that occur on the network

Security management should make a comprehensive analysis of all kinds of events on the network.

Unified network management: topology discovery, device management, log management, Trap alarm

Preferred standard protocol

Clustering, stacking applications, simplifying complexity

Real-time monitoring, prevent *, avoid congestion

NTP service at the same time, log, Trap orderly management

There are two testing methods: black box and white box.

Black box testing refers to testing without knowing about the infrastructure.

White-box testing refers to testing when the structure is fully understood. Regardless of whether the test method is the same or not, * tests usually have two significant

Features:

* testing is a gradual and in-depth process

* testing is a test that chooses a * * method that does not affect the normal operation of the business system.

* testing is a gradual and in-depth process

* testing is a test that chooses a * * method that does not affect the normal operation of the business system.

Https://github.com/evilcos/ * the artifact

Http://www.securityxploded.com/ security tools

Http://bbs.cfanclub.net/forum-3-1.html Courseware blog

Http://download.cnet.com/Toolwiz-Care/3000-2086_4-75610754.html?part=dl-&subj=dl&tag=buttonToolwiz Care download system software link

Http://www.ntester.cn

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.