Security analysis and strategy of enterprise intranet

I. Background analysis

When it comes to network information security, people will naturally think of virus damage and hacker attacks. In fact, the loss caused by government and enterprise information theft far exceeds the loss caused by virus damage and hacker attacks. According to the investigation of authoritative organizations, more than two-thirds of the security threats come from leaks and internal crimes, not viruses and foreign hackers.

At present, the government, enterprises and other social organizations generally adopt the traditional intranet boundary security protection technology in the network security protection construction, that is, setting gateway boundary firewall, AAA authentication, intrusion detection system IDS and other network boundary security protection technologies at the edge of the organization's network to monitor and protect network intrusion, resist attacks from outside the organization, prevent the loss of organization's network resources and information resources, and ensure the effective operation of the organization's business processes.

This solution strategy aims to prevent external invasion, but it has no effect on the security protection of enterprise network resources and information resources from the destruction and illegal behavior inside the network. For those terminal devices that need to move frequently in the external network environment with weak security protection, the security protection technology based on network boundary is beyond the reach of enterprises, thus endangering the security of the internal network. On the one hand, people in enterprises often surf the Internet privately through modem dialing, mobile phones or wireless network cards, and these machines are usually placed in the enterprise intranet, which brings great potential threats to the enterprise network; On the other hand, hackers can take advantage of various loopholes in VPN, WLAN, operating system and network applications, bypass the enterprise's border firewall, invade the enterprise's internal network, launch attacks to paralyze the internal network, shut down important servers, and destroy and steal important data within the enterprise.

Second, the intranet security risk analysis

The network environment of modern enterprises is based on the rapidly developing open network environment. As the name implies, the open environment not only provides a window for enterprises in the information age to interact with the outside world, but also provides a convenient way for enterprises to enter the core area of enterprises-enterprise information system, which makes enterprise networks face various threats and risks: viruses and worms destroy the system; The security loopholes of system software and application software are exploited by criminals to steal the information resources of enterprises; Due to the lack of security awareness, knowledge and skills of enterprise end users, enterprise security strategy can not be really well implemented, and the open network poses a great threat to enterprise information security.

1. Virus and worm intrusion

At present, the virus and worm threats facing the open network have the characteristics of fast spread, wide range, great destruction, various types and rapid change. Even the most advanced anti-virus software and intrusion detection technology can not independently and effectively complete security protection, especially for new types and varieties of viruses and worms, the protection technology always lags behind the invasion of new viruses and worms.

Viruses and worms can easily invade the enterprise internal network through various channels. In addition to taking advantage of the loopholes in enterprise network security protection measures, the biggest threat comes from various dangerous applications of intranet users: not installing anti-virus software; Installing antivirus software but not upgrading it in time; After installing their own office desktop system, network users connect to dangerous network environment, especially the Internet. , without taking any effective protective measures. Mobile user computers access various unknown network environments, and then access enterprise networks without taking any protective measures; Desktop users use various data media and software media at the terminal, which will unconsciously bring viruses and worms into the enterprise network and bring immeasurable losses to the enterprise information infrastructure and business.

2. Software vulnerabilities

Enterprise network is usually composed of a large number of various software systems, including system software, database system, application software and so on. Especially for all kinds of application software existing on the desktop of end users, every software system has inevitable, potential or known software vulnerabilities. No matter which part of the vulnerability is exploited, it will bring harm to the enterprise, ranging from individual devices to media attacking the whole enterprise network and endangering the security of the whole enterprise network.

3. The system security configuration is weak

All kinds of software systems used in enterprise network construction have their own default security policies to enhance security configuration settings, such as account policy, audit policy, screen saver policy, anonymous access restriction, dial-up connection establishment restriction and so on. The correct application of these security configurations plays an important role in enhancing the security protection of various software systems. However, in the actual enterprise network environment, these security configurations are ignored, especially for the end users of the network, which leads to the security configuration of the software system becoming a "soft rib", and sometimes even a serious configuration loophole, which is completely exposed to the outside. For example, "password coercion attack" used in some software system attacks takes advantage of the habitual use of weak passwords, and hackers use the limited information provided by default installation of various network applications to obtain the necessary information for the attack.

4. Vulnerable network access security protection

Traditional network access control is carried out on the boundary of enterprise network or on the boundary of different subnets of different enterprise intranets. After the identity of the network access user is confirmed, the user can perform various access operations on the enterprise intranet. Under such an access control strategy, there are infinite security loopholes in the enterprise network. For example, legal mobile users of enterprise network use VPN connection, remote dialing, wireless AP, Ethernet access and other network access methods to establish a secure channel between the external network and the enterprise internal network in an external network environment with poor security protection.

Another traditional network access control problem comes from the enterprise network, especially the large enterprise network with thousands of user terminals, and the network applications used are endless. At present, it is difficult for enterprise network management to accurately control the application of enterprise network, which leads to security risks: employees use network applications that are not allowed by enterprises, such as mail servers to send and receive mail, which may cause confidential data of enterprises to be leaked or infected with mail viruses; Employees in the enterprise use unauthorized network applications on the terminal privately, and in the process, it is possible to download software with malicious codes such as viruses and Trojan horses, thus infecting the intranet, and then causing the disclosure or destruction of sensitive data in the intranet.

5. Enterprise network intrusion

At present, there are eight types of hacking techniques, namely, intrusion system attack, buffer overflow attack, deception attack, denial of service attack, firewall attack, virus attack, camouflage/Trojan attack and backdoor attack.

For the enterprise intranet that adopts various traditional security protection measures, there is no foolproof grasp; For mobile users who go out from the enterprise intranet to the external network environment with weak security protection, the security will be seriously deteriorated. When mobile users connect to the intranet, all kinds of network intrusions will be brought into the enterprise network.

6. The end-user computer lacks security integrity.

With the popularization and development of network technology, more and more employees will use computers to work outside the private network of enterprises, and at the same time, these mobile employees need to connect back to the internal network of enterprises to obtain the data needed for their work. Because these mobile users are outside the protection of private networks, they are likely to be captured by hackers or infected with network viruses. At the same time, if the enterprise's existing security investment (such as anti-virus software, various patches, security configuration, etc. ) is not working normally, the terminal staff fails to update the virus signature database in time, or uninstalls the security software privately, which will become the springboard for hackers to attack the intranet.

Third, the implementation strategy of intranet security

1. multilevel virus and worm protection

The field of network security has not fundamentally solved the events that viruses and worms destroy network security. There are many reasons, such as human factors, such as not installing anti-virus software and not upgrading the virus database in time. And there are also technical reasons. Security technologies such as anti-virus software and intrusion prevention systems often lag behind in protecting new types and varieties of viruses and worms. Injury seems inevitable, but we can control its degree of injury. As long as effective protective measures are taken for different reasons, the harm of viruses and worms to enterprises will be minimized or even eliminated. In this way, a single and simple protection technology is difficult to resist the threat of viruses and worms.

2. Transparent automatic patch management and security configuration for end users.

In order to make up and correct the security vulnerabilities of system software and application software running in enterprise network terminal equipment, so that the whole enterprise network security will not be harmed by individual software system vulnerabilities, it is absolutely necessary to strengthen the management of patch upgrade and system security configuration in enterprise security management strategy.

Users can centrally manage the patch upgrade and system configuration strategy of enterprise network terminal equipment software system through the management console, and define terminal patch download. The patch upgrade strategy and enhanced security configuration strategy of the terminal system are distributed to the security agent running on each terminal device, and the security agent executes these strategies to ensure that the patch upgrade and security configuration of the terminal system are complete and effective. The whole management process is completed automatically and completely transparent to end users, which reduces the troubles of end users and the security risks of enterprise networks, improves the efficiency and effect of enterprise network patch upgrade and security configuration management as a whole, and effectively implements the patch and security configuration management strategy of enterprise networks.

3. Comprehensive network access control

In order to solve the security risks caused by traditional external network users accessing the enterprise network and the security problems caused by the inability of enterprise network security managers to control the network behavior of internal employees, in addition to effectively solving the access control problem of enterprise employees accessing the enterprise network from the enterprise intranet and external network in various network access modes, at the same time, taking network access security protection measures that traditional network boundary access control can not solve, and adopting technologies such as boundary access control and access layer access control to achieve comprehensive access control. When an external network user accesses the enterprise network, check whether the security policy status of the client conforms to the overall security policy of the enterprise, and release the qualified external network access. A comprehensive network access detection system.

4. Security and integrity guarantee of terminal equipment

Host integrity enforcement is a key component to ensure enterprise network security. Host integrity can ensure that clients connected to the enterprise network run the required applications and data files. The information security industry has developed a variety of host-based security products to ensure the security of enterprise networks and information, and to prevent attacks launched by using the weaknesses and loopholes of network connection technologies, applications and operating systems. And fully adopted the personal firewall, intrusion detection, anti-virus, file integrity, file encryption and security patches and other technical progress, effectively protecting enterprise equipment. However, only by fully ensuring the application status, update level and policy integrity of these security technologies can we enjoy the benefits these security technologies bring to enterprise network security. If an enterprise endpoint device cannot achieve host integrity, it cannot be regarded as a trusted device of the enterprise network.

For reference only, please learn by yourself.

I hope it helps you.