Foreword With the increasing popularity of computer technology applications, people found that computer security became a top priority. The problem that needs to be resolved is to ensure that hardware, software, and confidentiality, integrity, and availability of processing, storage, and transmission information in the information system. The security involved is: integrity - the correctness and reliability of the operating system, the logical integrity of hardware and software, preventing information from being unauthorized tampering; availability - guarantee information and information system indeed authorized users Prevent system refusal to serve due to computer viruses or other human factors or reject the authorizer for the hostile. There is also a threat to computer security to virus, illegal access, vulnerable, hacker, etc.
1 A variety of solutions currently
(1) Safety Management Center
Establish a set of centralized management mechanisms and equipment, used to distribute keys to all network security equipment, monitor network security equipment, collect audit information of network security equipment;
(2) Test system detection is to use audit tracking data to monitor intrusion activities;
(3) Safety operating system provides a safe operation platform to key servers in the system;
(4) Secure database
Ensure the integrity, reliability, validity, confidentiality, auditory and access control and user identification of the database;
(5) Candy system
Disaster recovery is the system status that can recover data before disaster. The same system is established in the same manner, and the multi-set system is created, and monitoring and function switches are made. Data Disaster is a very important part of the information security strategy.
2 propose a complete system security solution
Establishing a security system consisting of three parts: safety means, safety mechanisms, and security environments. System security means include system means and business means; security mechanisms include system mechanisms, business mechanisms, environmental mechanisms; security environments include supporting equipment and equipment room environments.
3 system security establishment
3.1 Safety means support
1) Equipment security
The server uses a array disk or mirror disc technology; uses Cluster technology; uses a two-machine or multi-machine thermal backup fault tolerant system; the production server and the development test server are separated; provide an optical disk backup library; guarantee 24 hours uninterrupted operation; establish a different standby server.
The workstation and terminal have antivirus function; it is guaranteed that 24 hours is not interrupted.
Network equipment uses multi-transmission media to form multiple routes; it is simple and reliable; it is guaranteed 24 hours uninterrupted operation.
2) Support software security
operating system:
Compliance with C2 level safety standards, provide comprehensive operating system monitoring, alarms, and fault processing.
database system:
Compliance with C2 level safety standards, provide complete database monitoring, alarms, and fault processing. Large relational databases have the following security mechanisms to ensure the security of the database:
The security of the database is role in the entire database.
Table-level security, only for the related processes.
The security of the level is only for the relevant columns.
The safety of the row is only role in the related line.
Safety of levels, only work with the implicit type used.
Another way to manage and use user privileges is to use roles. The concept of roles in the database environment is equivalent to the concept of groups in the UNIX operating system. The purpose of the role in the database system is to further refine the permissions of the DBA.
The audit strategy of the database system is one of the important components of database security. The audit mechanism provided by large relational database systems complies with Trusted Computer System Evaluation CRITERIA (CSC-STD-001-83) C2 standard and Trusted Database Interpretation (NCSC-TC-021) standard. The audit function provided by the large-scale relational database system will generate a record. These records will be used for the following purposes:
Discover illegal users and suspect users and point out their operations;
Discover unauthorized access attempt;
Evaluate the factors of potential damage safety mechanisms; if necessary, provide evidence for the survey.
3) Network system security
Support for identification, access control, data confidence, etc.
The formation can be an internal network of the company. At the same time, both the host of each system adopts the pre-machine communication, the front machine actually has a certain firewall role, increasing the difficulty of attempting to attack other hosts within the net in a host attack network. Second, when the enterprise network is connected to the outside world, it will use domestic firewall products to prevent external illegal users from intrusion on the host.
For users connected to the WAN connection, the data can be ensured by router encryption, and the data is secured and integrity when transmitting the data in WAN (especially public data switched network), but will occupy a certain network bandwidth. If the remote user is connected to the DDN line, it should be said that the data transfer process is relatively secure.
For the user on the LAN, the best way is to separate the subnets and public networks of the business application. Of course, physical complete disconnection is unlikely, and can set a business-specific virtual subnet VLAN on the headquarters online switch. This allows existing equipment, there is no need for additional funding.
4) Application system security
Compliance with C2 level safety standards, provide comprehensive questioning and control functions, providing multi-level password password protection measures.
The security of the application system is based on the security of the database management system. To ensure the security of the system, the system has strict grading rights management on the operator, and each operator has its own working order (account number), login password And permission level. The specific permissions grade can only enter a specific functional module for authorization. In addition to the system's query operation, any "Write" operation (such as entry, modification, deletion) will leave a complete record in the system, including the date, time, operation occurred in the "write" operation. The employee number and what kind of operation have been made to the system for future investigations. In order to ensure the reliability of the password, for the operator's password, the user's password is stored in the database in the database, these passwords can only be modified and cannot be read directly.
3.2 System data security
1) Data backup and recovery
System data can be backed up;
System data can be recovered online;
The recovered data must maintain its integrity and consistency;
Provide complete system data monitoring, alarms, and fault processing.
2) Data transfer and acceptance
Ensure the transmission of system data;
Ensure the transmission confidence of system data;
Provide complete system data transfer monitoring and alarm processing.
3.3 Safety Environment Support
1) Supporting equipment security
Advanced, perfect power supply system and emergency alarm system.
2) Environmental safety
Computer room to fire, dust, lightning protection, anti-magnetic;
Each temperature, humidity, voltage should comply with computer environmental requirements;
The computer room should be carried out regular maintenance.
3.4 Security mechanism support
1) System security mechanism
The system should have access to the identification and control functions of access, providing multi-level password passwords or using hardware keys;
The system should provide the operation logging function to instantly master the health;
The system should have a complete detection function to ensure the accuracy of system processing. The detection of each of the systems is closed-loop management, and establishing a relatively independent detection system with application systems, verifying processing accuracy;
Establish a verification result and a security logical abnormality alarm system.
2) Business safety mechanism
Establish strict management system and development, maintenance, and operation management mechanisms;
Apply authentication rights and access control functions, for system administrators, database administrators, data administrators, operators must grant various access rights, including personnel identity, person's password, control of the geographic location and instructions, permission division , Responsibility segmentation; to ensure unauthorized personnel cannot access the application management system, the alarm must be generated when the application management system security is damaged;
Ensure that only authorized people or systems can access certain features to get some data.
3) Environmental safety mechanism
Establish strict machine room safety management system;
Review the log file in time;
Non-staff is not allowed to enter the room;
Anyone must not disclose the relevant information and copy anything.
4 Conclusion
By establishing system security systems with advanced technology, management and improvement, mechanisms can effectively ensure the safe operation of enterprises, keep enterprises and users secret, and maintain the legitimate rights and interests of enterprises:
(1) The network is uninterrupted, and it is smoothly operated;
(2) The application system is efficient and stably operated;
(3) The system data is accurate, complete and restored.
(4) The system is not illegally violated by external and internal
