Author: Lonely Swordsman
Keywords:
Virus (Virus) hacker security (Security)
Summary:
In this paper, from a broad angle, the factors that threaten enterprise information security have been analyzed. The information security protection system has been introduced, and the design and implementation of security programs will be set forth, and a typical enterprise security solution application example is given. It is designed to help enterprise users can develop security programs in accordance with the actual safety needs of the company, and can supervise the implementation of the security programs well, thus ultimately achieving the purpose of protecting the security of enterprises.
First, an overview (SUMMARIZE)
Today, in today's high-speed development of Internet technology, the network has brought a lot of benefits such as cost reduction, efficiency, business development and image improvement, so that corporate informationization has become the only way to modern enterprises. However, things are often accompanied by contradictions, many information companies have experienced the convenience of the network, and experienced the problems caused by negative factors such as viruses, hackers, so established a complete safety protection system. Make sure the system network is running normally to protect the information resources of the enterprise are not infringed and have become an important measure in the process of informationization.
Enterprise information security is a comprehensive information system project of interdisciplinary, which involves two major categories of safety technology and safety management. In terms of safety technology, it covers multiple fields such as communication technology, computer technology, operating system, network technology, and cryptography. It can have a special organization or unit to invest in a large number of individual or small teams. The human, material and financial resources are committed to research and development in this area, and it is possible to completely What is more important issues related to security technologies, is the topic that everyone is concerned, and it is also a topic that people have been exploring. In fact, we can't fall into the discussion of answers, and should analyze the security needs of the enterprise. Develop corresponding technical and management schemes based on demand to meet it. In fact, in some enterprise technology, management is relatively small, and some enterprise management is much more important than technology, and it is necessary to depend on the situation. Moreover, in the process of deploying security programs, it is necessary to adhere to the principles such as "safety and convenience" and "input and effect". For example, half of the system's total investment is used as a safe input or application of security programs, it has caused the bottleneck of the system. It is not suitable.
Second, security threats (Security Baleful)
Compared to personal network users, the company's information network is more complicated, multiple network communication nodes, numerous network devices and multiple operating system platforms and applications, which determines the network threats that they face more. More. Correcting a wrong point here, that is, the information security think is to prevent hackers, and even say safety protection is a hacker prevention. This is a terrible idea, which is very narrow, happening in the United States 911 incident, it is overturned. The evidence of this statement. In fact, the threats faced by the company are multifaceted, including natural disasters, emergencies, power interruptions, computer viruses, network worms, hackers, management chaos, etc., ignoring any aspects may bring Some of the disaster, but some of these security issues can be solved, and some require constant maintenance, such as: equipped with multiple UPS and standby generators Generally, there is no need to worry about the problem of power interruptions. Computer virus prevents constant upgrade viral code libraries, otherwise the protection effect is lost. Despite the factors of security threats, from the perspective of the happening, the main points are the following categories:
1, force majeure)
In most cases of force majeure, it is suddenly happening. It is difficult to avoid it or know it is also difficult, although the probability of occurrence is small, but it does exist, such as: earthquake, flood, explosion, etc., but there will be a consequence The information system is greatly destroyed. It can generally be divided into nature and people: Nature Calamity: such as earthquake, flood, volcanic eruption, heavy rain, mudslides, lightning strikes, comets, etc. The destruction caused by nature, etc. They will bring devastating strikes to the enterprise information system.
(2) Factious Event: Any sudden destruction caused by people directly or indirectly belongs to such, for example: US 911 terrorist incident leads to the collapse of the World Trade Building, the information system of many companies It is completely destroyed.
2, electromagnetic security (Electromagnetism security)
Any network information system is inseparable from the use of electronic chips and the transmission of electrical signals. There will be magnetic radiation and electrostatic generation during this process, which brings a series of security issues, which mainly has the following:
(1) High-pressure static: The electronic chip works in a dry environment. If the ground is not good, it is easy to be cut into the surface of the electrostatic breakdown, which causes the chip to be completely damaged, and if it does not pay attention, this high pressure Static electricity will threaten personal safety.
(2) Electromagnetism Blab: When the electronic device such as the network is working, a certain electromagnetic wave is released. If it is not protected, it is not only physically healthy, but also causing serious security issues. The electromagnetic waves emitted from the computer's screen can be collected by a special device, so that the screen can be restored.
(3) Signal Disturb: The system host or line from the transformer is too close or the wiring is unreasonable. It can lead to interference from the communication signal, which further reduces the line transmission quality, and even causes the line to intermittent or interrupt, endanger the information system. Safe operation. In fact, many network devices and lines of the enterprise information system are often very intensive, and signal interference is most likely to generate signal interference.
3, physical security (Physical Security)
By physically contacted unauthorized access and destruction, it is a very simple and effective way of attack. Fortunately, most people who can physically touch your computer are trustworthy. However, as the saying goes: "The heart is not available, the heart is not the heart," for the safety of computer and data, you still have to understand the way of physical attacks, the main mode is as follows:
(1) FLOPPY BOOTING: By using the floppy drive to easily access the hard disk data, according to expert studies, this method is currently valid for all Windows and UNIX.
(2) Hard Disk Stolen: If the computer is placed, it is likely that the hard disk is stolen.
(3) Password Record: When entering a password on the keyboard, it is easy to be unrestricted, and it is true that some people can quickly knocket on a few meters, even letters. Size and special characters. 4, viral infection (Virus Infection)
A few years ago, everyone's concept of viruses is mainly guided type and documentary viruses, but the development of network is so fast. Take a little attention will be seen that in recent years, the harmful worm is the worm program on the Internet. They have a very rapid broadcast speed in the network, which not only causes endless network obstruction, but also hurts numerous innocent people. In general, their intrusion pathways have the following:
(1) FLOPPY DISK: Unprotected Using floppy disk may bring you a boot zone or a computer virus that can perform file classes. Although the guiding area virus has almost no survival environment, if you accidentally use the floppy disk that has been infected infected with the guiding area in the early years, although it can't succeed on your computer, it is possible to try Infection will destroy your hard drive partition, resulting in the loss of data, want to have tears.
(2) CD: Empty use of the disc is harmful as the floppy disk, even more than the floppy disk, because the disc is read-only, even if there is a virus, harmful procedures can not be killed, it is easy to use, more worrying Yes, pirated discs are quickly spread, and most of them have been infected by viral.
(3) Email: With the development of the Internet network, email is frequent, providing a good living space for worm viruses, a lot of facts prove, just receive an email, even if you don't open the text Or attachments, just select the title head of the message, it is possible to bring the top disaster.
(4) Malicious HomePage: Browse the website is the things you have to do, unfortunately, the past has been considered to browse the website is a safe concept, the continuous broken, a large number of attacks indicate that Just watch the web page of some malicious websites by using the browser, it is entirely possible to perform binary code on your machine. It means that you can run any programs on your machine, including the programs of Trojans and formatting hard drives.
(5) Network Share: The original design of the network is for resource sharing, so most operating systems can set the shared folder to share information with other network users, unfortunately, the virus will infect the shared file Then infect all systems that use this shared file.
4, network attack (NetWork attac)
With the development of network technology, all things are coming, especially the frequent occurrence of network attacks, there is no "Hacker" associated with "Hacker", which once represents the reputation of top system network technology, but now it is almost falling. The abyss of the conscience, the public is far away, the victims of victims still have a lighter, but it can attract a batch of script kid (Script Kids), dedication to the Script Kids, dedicated to achieving the so-called real hackers, bringing The consequence is the home page of many enterprise units. The homepage of the website is innocent, the network system is inexplicably crash. Personal privacy is disclosed on the Internet. When they experience the horses of the network, they don't know that they have brought to the company and individuals. It has been difficult to estimate and have violated national laws. Analysis of its network attacks will help do safety precautions, not more than the following ways: (1) Denial of service: referred to as DOS, is the system crash by sending special deformity packets Cancer or submission of a large amount of normal packets for flood (FLOOD), can lead to the ability of the system to provide normal service, namely, called rejection attack. There are currently a large number of such programs on the network, and can be easily downloaded, common: Winnuker, Teardrop, Syn Flooder, etc.
(2) Hacker Inbreak: Use the scanner to discover the port and vulnerabilities of the system, and then control the entire system through special programs or perform specific operations, and can do such a person, generally referred to as " hacker". In fact, a large number of hacker events have proven that most of the operating systems currently installed have almost no security, which means that if there is no security measures, it is equal to being in an open state.
(3) Trojan: This noun in this Greek myth, finally resurrected in the current network after many centuries, once in the system, it means that the computer can be used by others, And it is a remote remote control, and it is often used to use a springboard that attacks the network, and it has become a sin.
(4) Network Sniffer: When the network is originally designed, it is mainly for education and research, so there is no consideration too much security, and the data on the network is clear, so the sniffing process is If you have time to come, they have laid in the network, quietly capture all the data packets on the network, including account password information and mail content such as FTP, Telnet, etc., and the network has no security.
5, social engineering (Society Engineering)
Social engineering in the security sector is to make the information needed by deceiving or theft, and the system is illegally infringed. In fact, it is a collection process of unconventional information. Many hackers use social engineering skills that can be frequently compiled online, mainly related to people's weak prevention awareness.
(1) Consciousness Dim: The faint security awareness often leads to the leak of important information, throws away from the file information or does not give the room lock, etc. are not good habits. For example: throwing the account information that is printed out into the waste in the waste rather than using the shredder, it is possible to be treated with hackers who are pretended to be garbage. (2) Telephone Cheat: The call claims to check the test network or to appear to the network administrator with the leader's identity is a social engineering means for hackers. At this time, we must believe in your own eyes. Don't believe in your ears.
(3) Network trap: Use the camouflage page to defraud account information, disguise friends send you Trojans with email, let you access web pages containing bombs, etc. The trick is not to make full use of social engineering, and people will prevent it.
Third, safety protection system
Whether you do anything, you must first inspect the mechanism, master the law, and understand and understand it well, then it is possible to make things perfect. This is not the case. After a long-term study of many information security experts, many information security methods have been summarized, and there are time-based, event-based, and space-based, however, in numerous safety protection systems The most information security expert is advised to be called P2DR to adapt to the information security system. This system is not an accident, but a summary of the past safety incident, it is a lot of practical verification. There is its own scientific and advanced nature, here is here:
The traditional computer security theory is to perform a certain security measures only on the information system, but with the change of the network structure, the operation system upgrade and the change of the application system, this static security measures cannot accommodate dynamic changes. , Multi-dimensional network environments, which can adapt to the network security theoretical system. The main model of adaptable information security protection system (or dynamic information security theory) is a P2DR model. The P2DR model provides an operational way for network security management.
The P2DR model contains four main parts: Policy, Protection, Detection, and Response. Protection, detection and response form a complete, dynamic security loop. Guarantee the security of the information system under the guidance of the security policy.
According to the theory of the P2DR model, the security strategy is the basis for the entire network security. Different networks require different strategies to fully consider a wide variety of security issues that may exist in the network before developing policies. Detailed answers to these issues, and determine the corresponding protective means and implementations are a complete security policy for corporate networks. Once the strategy is developed, it should be used as a guidelines for the entire enterprise security.
Traditional safety methods will consider similar access control, encryption, certification and other prevention measures, namely the Protection section in the P2DR model, but why is this network still subject to malicious attack? According to the P2DR model, protection is a must-have, and the techniques used in the protection have also been widely adopted. However, there is only the basic protection networks that are unsafe, static security measures such as access control can only protect a few links in the network system. There is a large amount of security vulnerabilities in the network, and an attacker is easily bypassing security to invade the network. Therefore, although static security protection is large, if you ignore security hazards in the network system and may not meet the purpose of security. Only by detecting and responding to these two links, the security hidden dangers hidden in the system are discovered to be able to increase the anti-attack capabilities of the network. The P2DR theory gives people a new security concept, and security cannot rely on simple static protection, and can not rely on simple technical means to solve, but it is necessary to combine technology and management well to achieve better safety protection effects. . In addition, network security theory and technology will also develop with the development of network technology and application technology, can predict that more complete safety protection systems will also appear.
Fourth, security solution
Although different companies' network systems and application services are different, designing enterprise-level security solutions is roughly the same, and they are to achieve effective protection of enterprise information resource security applications. The information security program is different from the traditional system integration program, which is determined by the specialty of security, and the needs of the program, the network design, product deployment and technical training, etc. are the same. However, in general, the system integrates to maximize the principle, and keep interconnect interconnection between networks and install as many services and applications as possible, to facilitate the installation and commissioning of the system, improve work efficiency. Information security programs should adhere to the principle of minimization, that is, unnecessary necessities, must use strict limitations, because every unnecessary factor, may bring greater security risks. Here, the security scheme will be described from the following aspects.
1, network security factor
There are many factors such as physical security, network isolation technology, encryption and certification, network security vulnerability scan, network anti-virus, network security vulnerability scan, network anti-virus, network security vulnerability, and minimization of network security. It is necessary to consider design information security programs. Formation of strategies and technology implementations of information security programs.
(1) Physical security
The purpose of physical security is to protect routers, switches, workstations, web servers, printers and other hardware entities and communication links from natural disasters, artificial damage, and shock attacks. Verify the user's identity and permissions to prevent over-weight operation; ensure that the network device has a good electromagnetic compatibility environment, establishing a complete computer room safety management system, properly keeping backup tape and documentation; preventing illegal person from entering the computer room for stealing and destroying activities. In addition, inhibition and prevent electromagnetic leakage is also the main problem of physical security, often using shielding measures and pseudo noise technology to solve.
(2) Network isolation technology
Based on the requirements, confidentiality, safety levels, etc., the network segments the network, and there is a lot of benefits to the safety of the entire network. A more refined security control system can be achieved, and the threats caused by attacks and intrudes are limited to the smaller subnet, respectively, and improve the overall security level of the network. Routers, virtual LAN VLANs, firewalls are currently the main network segmentation means.
(3) Encryption and certification
The purpose of information encryption is to protect the data, files, passwords, and control information in the network to protect the integrity of network sessions. According to whether the key to the transmission and reception, the encryption algorithm can be divided into symmetric (private key) password algorithm and asymmetric (public key) password algorithm. In a symmetric password, encryption and decryption use the same key, the more common password algorithms are: des, 3Des, IDEA, RC4, RC5, etc., the symmetry password is characterized by strong confidentiality strength and the operation is fast, but The key management is essential to transfer through a secure pathway. In an asymmetric password, the key used by encryption and decryption is different, and it is almost impossible to derive the decryption key from the encryption key. The more common password algorithms are: RSA, DIFFE-HELLMAN, etc., the advantage of public key passwords is that it can accommodate the open requirements of the network, and convenient key management, especially for portable digital signatures, but its algorithm is complicated, encrypted The data rate is low. Verifying the username and password of the network user is to prevent the first line of defense from illegal access. When the user registers first inputs the username and password, the server will first verify the user name entered, if the verification is legal, continue to verify the password, otherwise, users Will be rejected. It can be seen that the user's password is the key to the user login network. Unfortunately, the data transmission is clear, including Telnet, HTTP, FTP, POP3, etc., so it is easy to use the sniffer class program to hear the user password of the plain text in the network, so often use SSH SSL, S / KEY, PGP and other measures to transmit passwords and data to ensure safety.
(4) Network security vulnerability scan
From the P2DR model, you can know that security scan is an important technique in network security defense. The principle is to check the known security vulnerability of the target in the form of analog attacks. The goal can be a workstation, server, router, switch, database, and more. Then submit a security analysis report to the system administrator according to the scan results, and produce an important basis for improving the overall network security overall level.
(5) Network anti-virus
In a traditional enterprise security program, when considering the network security factor, only the network system is only emphasized, and the importance of anti-viruses is ignored, although the anti-virus software is later purchased, the anti-virus strategy is not considered, resulting in the results Anti-virus effect is greatly reduced. In fact, with the development of new technologies, the concept of viruses has evolved in gradually, and has developed from the past to the guidance zone and system file infection to automatically spread through the network, and some will no longer use the system file as a host. Directly parasitic on the operating system, the web, email, shared catalogs have become the way of network virus spread. In recent years, there are many security incidents, and most of them are caused by network viruses. Therefore, anti-virus technology is also The scanning investigation has developed to real-time monitoring, and there is also a corresponding anti-virus system for special application services, such as the gateway virus firewall, mail anti-virus system, etc.
(6) Network intrusion detection
The purpose of network intrusion detection is mainly to monitor all incidents that occur on host and network systems. Once there is a sign of attacks or other abnormal phenomena, it takes truncation, alarm, etc. to process and notify the administrator, and record the relevant event log. In order to prepare for analysis and evidence. Its real-time monitoring and reaction greatly enhances the security of the network system. Intrusion detection system is generally divided into hors and network types, the former monitoring of the attack feature on the host system, the latter monitoring network has a data package that meets the intrusion characteristics, and current intrusion detection systems can be connected to the firewall and anti-virus software. Move, thereby blocking the invasion of hackers or viruses more effectively.
(7) The principle of minimizing the problem from the perspective of network security, the more services open, the more security issues may occur. "Minimize Principle" refers to the minimum number of inter-service configuration, service configuration, and host trust relationship between the network should be the minimum operation of the network. Turn off the network service that is not defined in the network security policy and configures the user's permissions as the minimum limit of the policy definition, and deletes unnecessary accounts, etc., can reduce the risk of the system to the system. In a network environment without a clear security policy, network administrators delete the trust relationship between the host by simply closing unnecessary or not understanding, and deletes unnecessary accounts, etc., can reduce the intrusion danger to more than half.
2. Design and implementation of security programs
The quality of the security program is directly related to whether the company's information security can be resolved. An inappropriate program not only wasts the valuable financial, material and manpower, but also cannot achieve the effect of protecting the information resources, and a good The security program can bring the best security return with a suitable investment, so the design of the security program is critical. The current security product manufacturer provides a lot of business solutions to its products, mainly in order to achieve the purpose of selling its products, and other security services provided by some security services, the security solutions are emphasized through safety testing and system repair. Configuration services can achieve good security effects, and even extremely considered that they don't have to use security products at all. So this, from the perspective of service manufacturers and company, it is not wrong. In order to obtain economic benefits, we will do our best to market our products and services to achieve the purpose of maintaining the survival and development of the company. However, these practices are harmful to companies that require security programs. Most companies do not have professional security personnel, which cannot be rational assessment of security vendors and security services companies. They often fall into blindness. The result is not only for enterprises. There is a waste of funds and may leave a safety hazard. Therefore, companies must understand certain safety knowledge, with certain identification, and need to hire professional security consulting companies to perform the design and implementation of security programs. Here, some knowledge of the design and implementation of the security program will be described from the perspective of the enterprise.
(1) Analysis of safety requirements
The needs of the needs analysis here refer to the analysis of the safety threat sources, and the security analysis of the security analysis of each network layer is specific for the security analysis of the enterprise network. To determine the assets and information data of the enterprise need to protect, then Analyze network structures and applications, found that there may be a safe hidden danger to resolve in the security policy. It is necessary to distinguish between those places to protect, those places do not need to be protected, the places that need to be protected are also separated from the protection level, and they can not always be colleagues, so that they can be reasonably deployed, but also note that the company's security program is very Some part of the content is involved, and it is not possible to think that the security program is all for security protection. For most companies, it is generally to assess some aspects:
● Computer room, host environment, network equipment and communication lines to security needs
● Internet access server security needs
● Internal network users secure access to the security requirements of the INTERNET
● Demand for monitoring and bandwidth control of Internet users to Internet users
● Safety requirements for internal network servers and external website systems
● Safety requirements for email systems
● Details of internal and external network data transmission security
● Computer virus prevention needs
● User identification and authentication of security needs
● Data confidential storage requirements
(2) Develop security strategies
The security policy plays an important role in the overall situation in the security program. For the construction of the network, the first priority to achieve security is to clarify the service positioning, the service type provided by this website and the object of service providing services. These data directly affect the development and implementation of security policies. For larger companies, they should have their own network security technology experts, they can directly participate in engineering design, negotiation, and operation, have a very thorough understanding of overall network topology and services. It can ensure that the network security strategy is continuing from beginning to end. For most companies, such a technical force is unrealistic. It is recommended to purchase network security services on the market, such as network security risk assessment, network design security assessment, network Safety maintenance, etc., which can also achieve better safety levels. The development of the company's security strategy should be sufficient for adequate examination and research, at least the following content is defined: ● Physical security strategy
● Access control strategy
● Open network service and run level strategy
● Network topology, isolation means, dependency and trust relationship
● Physical security and protection of equipment room equipment and data
● Solution and responsibility sharing of network management functions
● User's rights grade and responsibility
● Attack and intrusion emergency processing procedures and disaster recovery plans
● Password security
● Network security management
● Update policy for operating systems and applications and security products
● System Security Configuration Policy
(3) Safety products and safety services
If the security program is more than the person, then the security strategy is the brain and nerves, safety products and security services are blood and meat. It is necessary to achieve through technology and services, otherwise it is a empty talk. According to expert opinions, safety products and security services are equally important, and only the two are well combined to truly implement the implementation of security strategies. In general, companies are mainly purchased from security companies without their own safety technical strength. By the way, the practice that only pays attention to safety products and ignores security services is not available, many security incidents have proven that companies networks that only use security products such as firewalls can not meet safe needs. The security service contains the investment of people's wisdom, and is targeted, it can make up for the low level of intelligence and lack of targeted deficiency, so, in addition to purchasing the necessary security services outside security products.
Safety products are mainly:
● Network security class: scanner, firewall, intrusion detection system, website recovery system, etc.
● Anti-virus: involving anti-virus systems such as servers, gateways, emails, special systems, etc.
● Commercial password class: virtual private network, public key system, key management system, encryption machine, etc.
● Authentication class: dynamic password, smart card, certificate, fingerprint, iris, etc.
Security services are mainly:
● Analysis of safety requirements
● Security policy
● System Vulnerability Audit
● System security reinforcement
● System vulnerability repair
● Permeate attack test
● Database security management and reinforcement
● Safety product configuration
● Emergency response
● Network security training
3. Typical enterprise security solutions
In order to make the enterprise user understand the content described in this article, it is convenient to apply to practice to protect enterprise information resources, here will be a typical enterprise intranet network as an example, briefly designed And implement the process of safe solution, the process will need to pass through the following steps:
(1) Network application overview
The company's network system is a typical intranet system. The main networking system of the headquarters is connected to the Internet, running a website server system, mail server system, and intranet server and internal server, which are used to publish the company's website. The Email system and the local and remote networking office are implemented, and the data communication of the sub-network system of the main network system and branches of the headquarters is done through the Internet public network. In addition, the company's R & D Center and other important departments are set at the headquarters.
(2) Analysis of safety requirements
To ensure safe and stable operation of the company's entire network system, you need to safely protect important servers, important subnets, encrypt the transmitted data, identification of users, etc., mainly to solve the following security issues:
● Server system security: including web servers, mail servers, intranet servers, and internal servers.
● The internal network security of the company headquarters and branches: to prevent attacks from Internet, such as: viruses, Trojans and hackers.
● The user's identification: including company employees, websites, visitors, and network members.
● Data transmission security: including headquarters and branches, internal network users to servers, mobile users, and home users to servers.
● Protect important departments: such as important information such as the company's product source code.
(3) Safety strategy
● Physical security strategy: such as a machine room environment, access control system, device lock, data backup, CMOS security settings, etc.
● Access control strategy: Between the internal network of the company and the Internet network, the company headquarters and branches, the Internet users, such as the company, and the company network to formulate access control rules for interconnection.
● Safety configuration and update policy: Upgrade the operating system, application system, security products, etc., setting user access, and trust relationships.
● Administrators and user strategies: formulate an engine room access management system, implement safety responsibility system.
● Safety management strategy: Safety rule settings, security audits, log analysis, vulnerability detection and repair, etc.
● Password security policy: password complexity, password change cycle, password validity period, etc.
● Emergency Policy: Develop emergency processing processes and disaster recovery programs for results that may result in attacks and invasions.
(4) Product selection and deployment
Using security products is an effective means of implementing security strategies to solve most of the security issues, but this does not mean that the use of safety products will be safe. It is often necessary to combine safety products with safety management and service. Higher security level.
● Switch: Divided VLAN for subnet isolation, resisting sniffing procedures and improving network transmission efficiency.
● Firewall: Solve internal and external isolation and server security prevention, etc., mainly deployed between Internet contacts and important sectors and other internal subnets, where the personal firewall system is installed on the client.
● Virtual private network: Solve security and confidentiality between network data transmission, mainly deploying nodes at both ends of the route that require security, such as: firewall and client.
● Identity authentication: Solve user identification issues, mainly deploying in a dedicated authentication server or a server system that requires authentication.
● Anti-virus: prevents infection and dissemination of harmful procedures such as viruses, Trojans, worms, mainly deploying on server systems and client systems.
● Intrusion detection system: Safety monitoring and hacker invasion real-time alarm interception, mainly deploying server hosts that need to be protected and subnets that need to be protected.
(5) Safety education training
Inside the security program, safety education is also a more important link. Safety education can make basic safety knowledge, which is conducive to the improvement of safety awareness, and can stop or avoid possible safety incidents in time to better enable safety products. Play its role, it is also convenient for safety management and services. In general, it is mainly to implement safety training for objects such as general network users and network administrators and information supervisors. The content should be included in the following aspects:
● Basic network knowledge
● OSI seven-layer network model and TCP / IP protocol
● Computer virus and prevention
● Analysis and prevention of common network intrusion
● Safety settings for operating systems and their applications
● Installation and configuration of safety products
● Enterprise network system security management and maintenance
● Data backup and recovery
Five, conclude
Any company will definitely exist information security issues, and solve information security issues to meet the needs of enterprises to safe operation and data security in network systems. In this article, the author has introduced the knowledge of enterprise information security from its own practical experience and gives a typical instance. I believe that for most companies solve their existence, it will be helpful, but due to The network system of the enterprise is very different. bibliography:
1. "Network Security Guide", People's Posts and Telecommunications Publishing House, November 2000.
2. "Enterprise Network Construction Practice", China Electric Press, June 2001.
3, "Halal Exposure", Tsinghua University Press, January 2002.
