Shulou(Shulou.com)06/01 Report--

The servers of the intranet contain important information of the enterprise, including CRM user information, technical materials and so on. Therefore, the information security of intranet server is the focus of enterprise network management. Private network servers face not only external * *, but also internal *. In this article, I will show you how to use WFilter NGF's defense module to protect intranet servers. The network structure is as follows:

WFilter NGF uses the bridge deployment mode, which is connected between the internal network and the server network segment and the Internet, which can not only manage the behavior of the external network, but also protect the server network segment.

1. Turn on defense.

Enable the * * defense feature, and set "log only" to the private network * *.

two。 Perform network scan on server network segment

The first step of the network * is to scan the network first, and then proceed to the next step according to the scan results. As shown in the following figure, in kali_linux, use the db_nmap command in metasploit to scan the IP of the server; you can see the server's open port, software version and other information.

You can see * events in the * * detection module and event viewer. If alarm event forwarding is enabled, you can also forward the alarm event to the administrator's mailbox.

3. Log the private network * * and block IP

In the default configuration, * * Defense only logs events in the private network * *, and does not prohibit the private network IP;. You can log the event to the terminal for verification and processing. If your server has high security requirements, you can set "private network * *" to "log and block ip". After this configuration, as soon as * * is detected, the IP will be blocked immediately. As shown in the figure:

Let's scan it with kali_linux again. The ping server is open before scanning. As shown in the figure:

After performing the scan, the ping of the server is disabled, and the scanned information is much less (because the IP is blocked as soon as the scan is detected by WFilter, so that subsequent scans cannot continue)

In the "* Detection" of WFilter, you can see the operation record of the IP that is blocked.

After the above configuration, you can effectively protect the private network server in real time, so as to prevent the server from being maliciously caused by the internal and external network.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.