Shulou(Shulou.com)06/01 Report--

The work of information security grade protection includes five stages: grading, filing, security construction and rectification, information security grade evaluation and information security inspection.

China's information security level protection is divided into five levels, the higher the level, the stricter the requirements.

The main standards of information security level protection in China include "Technical requirements for Information system level Protection Security Design (GBT 25070-2010)" and "basic requirements for Information system Security level Protection (GBT 22239-2008)".

According to the above two standards, it can be found that in the information security level protection, the fortress machine can be matched mainly in the aspects of identity authentication, access control, security audit, integrity encryption check and so on. The following excerpts from the standards are as follows:

1. User identity authentication (grade protection three requirements for compliance)

Two or more combinations are required for authentication. The fortress machine has local authentication, AD domain authentication, Radius authentication, digital certificate authentication, and provides an external interface for fingerprint identification authentication and UKEY (Mobile data Certificate) authentication, which meets the design requirements of the three-level system.

Description: identity authentication from the level of protection three, we must carry out two factors, through two factors to identify the individual, and if the two factors (such as dynamic password) are deployed to all production servers, the cost is very high and it is easy to have production accidents, the online of the fortress machine can be reasonably regulated this article, strong authentication such as CA, dynamic password, fingerprint identification, USBKEY certificate and so on are built on × ×. Compliance identification without moving the production system.

2. Discretionary access control

Within the scope of security policy control, users should have appropriate access rights to the objects they create, and some or all of these permissions can be granted to other users. The granularity of autonomous access control subject is user level, and the granularity of object is file or database table level and / or record or field level.

Note: the fortress machine can fully comply with the access control requirements by establishing a fortress machine account (main account) for each user, and assigning the equipment account (slave account) to the main account to complete the authorization. At the same time, the authorization can be bound with source IP restrictions, runnable command restrictions, login time restrictions and other rules.

3. Marking and mandatory access control

On the basis of identity authentication and authority control of the security administrator, the security administrator should mark the subject and object through the specific operation interface, and the operation of determining the subject access object should be controlled according to the security tag and mandatory access control rules.

Note: there are administrator, group administrator, auditor and other roles. Administrators can configure and mark devices, users, and permissions. At the same time, all configuration processes are recorded, and records can be audited by auditors. Administrators must write strict access control rules as required to achieve this compliance.

4. System security audit

Relevant security events of the system should be recorded. The audit record includes the subject, object, time, type and result of the security event. Audit records shall be provided for query, classification, analysis and storage protection; to ensure that specific security incidents are alerted; and to ensure that audit records are not destroyed or unauthorized access. An interface should be provided for the security management center.

Description: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

The video recording itself is in its own encrypted format and stored in a special space, which can effectively prevent data from being destroyed or unauthorized access to delete, add, and tamper; moreover, it is divided into administrators, auditors, password administrators to carry out the separation of powers and mutual control, and any operations of administrators are audited by auditors.

* supports alerting to special events customized by users in the form of SYSLOG, SMS and email.

Therefore, through the above-mentioned audit, separation of powers and alarm function, these regulations are in compliance.

5. The exploration and application of user data integrity protection, user data confidentiality protection, object security reuse, program trusted execution protection fortress host in the information security level protection system.

* uses encryption protocols such as HTTPS, RDP, SSH and other encryption protocols for communication link transmission, local video files are encrypted and stored through their own algorithms, and cannot be played by general software, and important files are recorded with MD5 values, so these regulations are in compliance.

From network security, host security, application security to identity authentication, access control, security audit, and data security, it has become a necessary equipment in the grade protection scheme.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.