Shulou(Shulou.com)06/01 Report--

A computer virus is a collection of programs or instructions that can lurk in a computer storage medium or program in some way and be activated when certain conditions are reached (such as a specific time or specific network traffic, etc.). Thus, it can destroy computer resources to a certain extent.

Computer viruses can be transmitted through mobile disks, CD-ROMs, local area networks, WWW browsing, E-Mail and other ways

According to statistics, more than 20 new computer viruses appear every day.

Viruses are divided into: network worms, typical viruses, * programs, spyware, malicious programs, etc.

Worm: a computer worm is a virus that spreads through a computer network, which can cause network congestion or even paralysis when flooded.

Characteristics: fast spread, wide spread and high harm

Spyware: spyware resides in a computer system, collects information about the user's operating habits, and quietly sends this information to the software publisher over the Internet. Because this process is carried out without the user's knowledge, software with such dual functions is often called SPYWARE.

AV anti-gas wall

The single machine checking and antivirus seriously affects the performance of the server, it is difficult to force all hosts to upgrade the virus database, and they forget to upgrade the virus database and become poisoned again, and the antivirus software takes up a lot of host resources. normal work can not be carried out, most of the virus source network, unable to monitor the exit gateway virus status, is not conducive to management

EAD terminal admission control

Aiming at user terminal management and access security control strategy, to ensure network security is proposed.

It strengthens the active defense capability of network terminals and controls the spread of viruses through the interaction of secure clients, security policy servers, access devices and third-party servers.

Current terminal security problems

Everyone installs antivirus software and updates the virus database on their own. The management is decentralized and inefficient.

1. Be in passive defense and lack of active resistance

2. Single point of defense, lack of control over virus repetition and cross-infection

3. Decentralized management, inconsistent security policy and lack of overall defense capability

Through the cooperation of the switch, EAD can force users to authenticate and evaluate their security status through 802.1X before accessing the network.

EAD authentication process

Four steps of secure access for end users: identity authentication, security check, dynamic authorization, real-time monitoring

Authentication: illegal users refuse to join the network

Security check: if the security check is not qualified, enter the quarantine area to repair.

Dynamic authorization: different users enjoy different network permissions

Real-time monitoring: monitor the network traffic of end users, and the administrator controls the threshold of user traffic.

EAD components: Radius server, policy server, proxy server, portal component

EAD components: EAD foreground configuration page, desktop asset management server, and desktop asset management agent

The deployment of EAD clients is large, and the network administrator downloads the version for each EAD client and upgrades the client software.

The switch is responsible for the security linkage equipment and is responsible for the access control function to the users.

Radius scheme AAA # create AAA

Security-policy-server 172.16.18.253 configure security policy server (virus database, patch pack)

Dot1x free-ip 172.16.18.0 Compact 24 accessed address field

Dot1x url http://172.16.18.254 redirected address (the address must be on the free-ip segment, otherwise it cannot be redirected)

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.