On Enterprise Network Management Thesis "Network Security and Network Management of Small and Medium-sized Enterprises"
This paper briefly discusses the network security and network management of small and medium-sized enterprises.
Keywords: network security network management
There are 40 million small and medium-sized enterprises in China. According to the investigation of authoritative departments, more than 90% of small and medium-sized enterprises have at least established internal networks. However, it is followed by the security problem of enterprise internal network. New technologies such as multi-core, 10 Gigabit security and cloud security may be too high for them. How should small and medium-sized enterprises manage network security? Where should we start?
1 Three principles of enterprise internal network construction
In enterprise network security management, there are three principles, that is, to provide employees with information access rights needed to complete their work, to prevent unauthorized people from changing key documents of the company, and to balance access speed and security control.
Principle 1: principle of least authority
The principle of minimum authority requires that in the enterprise network security management, we only provide employees with information access rights needed to complete their jobs, and do not provide other additional rights.
If the enterprise now has a file server system, for the sake of safety, the files of our financial department will be controlled by some special permissions. The finance department will set up two folders, one for storing some files that can be made public, such as blank reimbursement vouchers, so as to facilitate other employees to fill out expense reimbursement vouchers. There is also a file, which contains some confidential documents, which can only be viewed by the top management of the enterprise, such as the cash flow statement of the enterprise and so on. At this time, when we set permissions, we should set permissions for ordinary employees and senior managers according to the principle of minimum permissions. If they are ordinary employees, their functions will query the folders they can access. If they don't have access, the server will deny them access.
Principle 2: the principle of good faith
The principle of integrity means that in enterprise network security management, it is necessary to ensure that unauthorized individuals cannot change or delete information, especially to prevent unauthorized people from changing key documents of the company, such as financial information of the enterprise and customer contact information.
Integrity principle is mainly embodied in two aspects in the application of enterprise network security. First of all, unauthorized people can't change information records. Second, if someone modifies it, you need to save the history of the modification for subsequent queries.
Principle 3: the principle of balance between speed and control
When we impose various restrictions on information, it will inevitably affect the access speed of information. In order to achieve this balance, we can do this. The first is to classify file information according to its security. For some unimportant information, we can lower the level of security control, thus improving the work efficiency of users. The second is to manage as much as possible at the group level, not at the user level. The third is to use temporary authority with caution.
2 the main problems of enterprise internal network exposure
2. 1 single password
2. 1. 1 E-mail with a uniform password or a certain rule password.
For the passwords of accounts such as mailbox system, file server and management system, the setting should be a little more complicated, at least the rules should not be so obvious, otherwise there will be great security risks.
2. 1.2 The passwords of important files are complex and easy to crack.
Look at enterprise users, in fact, their understanding of passwords is very poor. Many users know to set passwords for some important documents, but it is often too simple to set passwords for convenience and other needs. Therefore, when we train users in network security, we should give them key tips in this regard.
2.2 network congestion and conflict
2.2. 1 Movies and games occupy a lot of bandwidth resources.
Nowadays, many enterprises use optical fiber access, and the bandwidth is relatively large. However, it also provides opportunities for some people who love movies. They download movies at home, and the download speed may be only 10K, but in the company, the download speed can reach 1M or even more. This is very attractive to employees who like to watch movies.
2.2.2 Changing the IP address at will leads to address conflict.
Some enterprises will set some rules according to IP, such as restricting the IP address of a segment from QQ and other simple settings. The original intention of these settings is good, but it may also bring some trouble to our network maintenance.
2.3 portal control is not strict
2.3. 1 portable mobile devices are not well controlled.
Although our company now has strict requirements for the use of mobile storage devices, such as USB flash drives, mobile hard disks and MP3 players, such as approval before use and so on. However, many users still use mobile storage devices privately.
Using portable mobile storage devices privately will bring two hidden dangers to the enterprise intranet.
The first is the security of enterprise documents. Because some important documents of the enterprise belong to the resources of the enterprise, such as customer information, product bill of materials and so on. Enterprise regulations cannot be spread abroad. Second, if mobile storage devices are used, viruses will leak through our peripheral virus firewall and directly invade from within the enterprise.
2.3.2 There are security risks in email attachments.
The harm of email attachments is also slowly increasing. Nowadays, with the popularity of electronic documents, more and more people like to use email attachments to deliver electronic documents. Many electronic documents are office documents, picture format files or RAR compressed files, but these files are just good carriers of viruses.
According to the investigation of related websites, the cases of viruses in e-mail attachments are increasing year by year. If the enterprise does not control it in its daily management, it will affect the network security of the enterprise sooner or later.
3 daily behavior management of enterprise internal network
Because the online behavior of employees in the organization is complex and changeable, there is no panacea for all diseases, and there are mature solutions for different online behaviors in the industry. Based on the technology that leading manufacturers in the field of online behavior management believe in science and technology, this paper briefly introduces the basic coping strategies.
3. 1 Filtering and delayed auditing of outgoing emails.
The prevention of mail leakage needs to be considered before and after. First of all, emails will be intercepted and filtered according to various conditions before being sent, but the intercepted emails may not necessarily contain contents harmful to the organization. How to avoid the limitation of machine recognition? I firmly believe that the provided mail delay audit technology can intercept outgoing mail that meets the specified conditions and send it after manual audit to ensure foolproof.
Post-audit can't be ignored. Record all outgoing emails, including texts and attachments. In addition, due to the widespread use of Webmail, it should also be able to filter, record and audit the outgoing mail of Webmail.
3.2 URL library+keyword filtering +SSL encrypted web page identification.
It is the foundation to realize partial control of plaintext web pages through static pre-classified URL library, but at the same time, it must be able to filter keywords input by search engines to supplement the static URL library with slow update and small capacity. For the identification and filtering of SSL encrypted web pages, there are agents in the industry to identify and filter SSL encrypted traffic and decrypt SSL encrypted traffic. However, for the financial department of the institution and ordinary employees, there is obviously a great security risk in decrypting the data of online banking accounts. It is believed that online behavior management equipment can identify, detect and filter the digital certificates of SSL encrypted websites, which can not only meet the requirements of users to filter SSL encrypted websites, but also will not introduce new security risks.
3.3 Network upload information filtering.
Forum irrigation, online posting, file uploading and downloading all need to be filtered based on a variety of keywords, and all the successfully uploaded contents should be recorded in detail for later investigation. However, this is not enough. For example, the vast majority of internet chat rooms, one of the main places to shelter evil people and shelter evil people, are accessed by using random dynamic ports. Identifying and intercepting such dynamic port addresses has become one of the difficult problems in online behavior management at present, and only some vendors can properly solve this problem, which is a problem that users should pay attention to when choosing online behavior management gateways.
3.4 P2P accurate identification and flexible management.
P2P software emerges one after another on the Internet, so it is obviously not enough to block "yesterday's BT". In P2P identification, I am convinced of the patented technology of P2P intelligent identification-the analysis based on behavior statistics does have its uniqueness. Based on behavioral characteristics rather than P2P software itself, all types of P2P are accurately identified, including encrypted, uncommon and flooded versions. Accurate identification, this kind of equipment has outstanding effect on P2P traffic control.
3.5 Control all kinds of network behaviors unrelated to work.
The leading manufacturers in the industry have abandoned the application identification method based on IP and port, and adopted the deep content detection technology based on application protocol feature code. The only difference is which vendor has the largest application identification library and the fastest update. Based on accurate application identification and different network access strategies for different users and different time periods, the work efficiency of employees is improved.
With the surge and spread of malicious online behaviors of intranet employees, online behavior management technologies and solutions that meet the needs of China customers will also develop rapidly to meet the needs of users.
The second part of the enterprise network management paper "Enterprise network infrastructure and network management"
With the increasing popularity of Internet and the vigorous development of network application, this paper analyzes the problems existing in the current enterprise network construction and management, and puts forward specific countermeasures to solve the problems, aiming at improving the construction quality and management level of marketing network. The confidentiality, integrity, availability, controllability and auditability of the system are of great significance. It is an effective measure to solve the above problems by constructing enterprise network through network topology and network group technology and improving network management through physical and data design.
Keywords: enterprise network network construction network management
Enterprises have higher and higher requirements for the network. In order to ensure the high availability of the network, it is sometimes necessary to provide redundant devices, modules and links in the network. However, in a two-layer network, redundant links may lead to a switching loop, so that broadcast packets circulate endlessly in the switching loop, thus damaging the performance of devices in the network and even causing the whole network to be paralyzed. Spanning tree can solve the problem of switching loop and provide redundancy for the network.
With the rapid development of network technology, enterprise networks need to start from network construction and network management.
I. Basic network construction
Due to the characteristics of enterprise network (large data flow, strong stability, economy and expansibility) and the requirements of various departments (access control between production department and office department), we adopt the following scheme:
1. Network topology selection: the network adopts star topology (as shown in figure 1). It is the most widely used and common LAN topology at present. The node has a high degree of independence and is suitable for placing the network diagnosis equipment in the central position.
2. Selection of networking technology: At present, the commonly used backbone networking technologies include Fast Ethernet (100Mbps), FTDH and Gigabit Ethernet (1000 Mbps). Fast Ethernet is a very mature network technology with low cost and high cost performance. FTDH is an ideal network platform for multimedia application system, but its actual utilization rate of network bandwidth is very high. At present, Gigabit Ethernet has become a mature networking technology, so I recommend using Gigabit Ethernet as the backbone to quickly switch Ethernet to the desktop to form a computer broadcast control network.
Second, the network management
1. Physical safety design. In order to ensure the physical security of enterprise network information system, besides the requirements of network planning, site and environment, it is also necessary to prevent the spread of system information in space. There have been many cases in which the information of computer systems has been intercepted and destroyed by electromagnetic radiation. The verification work supported by theory and technology has also confirmed that this recovery display technology with interception distance of hundreds of meters or even kilometers has brought great harm to the information of computer systems. In order to prevent the information in the system from spreading in space, some physical protection measures are usually taken to reduce or interfere with the spread of space signals. The normal preventive measures are mainly in three aspects: shielding the main computer room and important information storage, sending and receiving departments, that is, building a shielding room with high shielding efficiency, and using it to install and operate main equipment to prevent the signal leakage of drums, belts and high radiation equipment. In order to improve the efficiency of the shielded room, the connection and connection between the shielded room and the outside world should adopt corresponding isolation measures and designs, such as signal lines, telephone lines, air conditioners, fire lines, ventilation, waveguides, and door closing. Suppress the conducted radiation of LAN and LAN transmission line. Due to the inevitability of transmitting radiation information by cable, optical cable is used for transmission now. Most devices coming out of Modem adopt photoelectric conversion interface, and optical cable is connected to shielding room for transmission.
2. Design of network resources and data information. In order to solve this problem, we decided to use VLAN technology and physically isolated computer network.
VLAN is a logical network divided on a physical network. The network corresponds to the second layer of the OSI model. By dividing enterprise network into virtual network VLAN, network management and network security can be strengthened, and unnecessary data broadcasting can be controlled. VLAN divides the network into multiple broadcast domains, thus effectively controlling the occurrence of broadcast storms, and can also be used to control the mutual access between different departments and different sites in the network. People rely more and more on the internet. In order to ensure the high availability of the network, it is sometimes necessary to provide redundant devices, modules and links in the network. However, in a two-layer network, redundant links may lead to a switching loop, so that broadcast packets circulate endlessly in the switching loop, thus damaging the performance of devices in the network and even causing the whole network to be paralyzed. Spanning tree can solve the problem of switching loop and provide redundancy for the network. Tianyi company has a sales department and a technical department. The computer system of the technical department is connected to two switches in a decentralized way, and they need to communicate with each other. In order to meet the needs of the company, this goal should be realized on network equipment. In order to make computer systems in the same VLAN communicate with each other across switches, it is necessary to establish a relay between two switches, and computer systems in different VLANs should also communicate with each other to realize interoperability between VLANs.
To enable computer systems in the same VLAN to communicate with each other across switches, it is necessary to establish a relay between two switches, and computer systems in different VLANs should also communicate with each other. The communication between VLANs requires three-layer technology, that is, through routers or three-layer switches. It is recommended to use a three-layer switch, because the use of routers can easily lead to bottlenecks.
VLAN is put forward to solve the broadcast problem and security of Ethernet. It adds a VLAN header to the Ethernet frame, divides users into smaller workgroups with VLANID, and restricts users' second-layer access between different workgroups. Each workgroup is a virtual local area network. The advantage of virtual local area network is that it can limit the broadcasting scope and form a virtual working group to dynamically manage the network. At present, VLAN division by port is the most common way. Many VLAN manufacturers use the ports of switches to divide VLAN members, and all the set ports are in the same broadcast domain to realize network management.
The problem of enterprise internal network is not only the problem of equipment and technology, but also the problem of management. For enterprise network managers, to manage the enterprise network well, they must improve their knowledge of network management and strengthen their mastery of network management technology.
References:
Andrew Tarnum Baum. Computer Network (4th Edition) [M]. Beijing: Tsinghua University Publishing House, August 2008.
[2] Yuan Jinsheng, Wu Yannong. Fundamentals of computer network security [M]. Beijing: People's Posts and Telecommunications Publishing House, July 2006.
[3] China IT Lab. VLAN and Technology [J/OL], 2009
On Enterprise Network Management (Ⅲ) —— Reflections on Enterprise Network Management
Network management is one of the characteristics of enterprise network economy. The management process, business data, business-related financial data and various assets of an enterprise need network management. Establishing a business-oriented enterprise resource planning system is the goal of enterprise management informatization. Finally, the success or failure factors of this kind of system are analyzed.
Keywords: network management process; Network finance; Resource planning
The implementation of network management in enterprises is one of the characteristics of network economy. The management process, business data, business-related financial data and various assets of enterprises all need network management. Establishing a business-oriented enterprise resource planning system is the goal of enterprise management informatization. In the final analysis, the success or failure of this digital system.
Keywords: management flow network; Financial network; Resource planning
China Library Classification Number: C29 Document Identification Number: A Document Number:
order
Different forms of enterprises, different main businesses and different management levels may lead to different internal management systems. With the expansion of business activities of business owners, more and more decisions need to be made, which are more and more complex and diverse. I soon realized that it is impossible to appear in all places at the same time, and it is impossible to contain all the data. The level of ability required to give decision-making requirements has greatly exceeded the ability of a manager. Therefore, enterprises need to carry out various investigations and studies when making decisions. The first step to solve these problems is to delegate responsibility to subordinates with the help of financial, sales, production, personnel and other functional departments. Therefore, the staff of various functional departments should give full play to their innovative spirit in the process of completing their tasks and start collecting and sorting out information related to their work independently. The result is an information system whose information consists of data from different departments.
Although there is a lot of repetitive work in collecting and storing this multi-channel data stream, this is the first time that enterprises have begun to consider replacing bookkeeping with a formal information system focusing on management. This is the initial motivation of management information system. With the development of equipment technology, all kinds of automation equipment can help the informationization and networking of management, in which computers play an important role. The development of computer and network has brought convenience to networked management, but also put forward new requirements for the traditional division of labor of enterprises. In addition, a technically, operationally and economically feasible management plan must be coordinated by professional departments.
The network has had a revolutionary impact on the economic environment and economic operation mode. The influence of network on economy has produced a new economic model-network economy after agricultural economy and industrial economy. The networking of management is one of the characteristics of network economy. In this case, the integration of capital flow, logistics, business flow and information flow can realize refined management.
1. The necessity of establishing network management in enterprises
1. 1 The management process of an enterprise needs to be networked.
The management of traditional enterprises is three-dimensional, just like the intersection of longitude (representing all levels of management) and latitude (representing all levels of management) on the management globe. Using the network to manage the process can realize flat management, which can cross multiple departments and connect together with business as the main line.
1.2 The business data of an enterprise needs network management.
Once the network management of business data is realized, the source of each financial account will be very clear and the business traceability will be very convenient; The networking of management process also needs to carry the data of each business process.
1.3 enterprise financial data needs network management.
There are many defects in the traditional non-networked financial management system, such as the financial accounting level is difficult to meet the needs of financial management, the financial control level is flawed, and the support means of financial decision-making are lacking. The traditional financial management information system can't monitor the two lines of financial revenue and expenditure of the subordinate departments by the superior departments, can't meet the requirements of standardized and unified management, and can't control the authenticity and validity of the data. In view of these shortcomings, it is very necessary to establish a business event-driven network financial management system.
1.4 materials, equipment, human technology, customer relations and partners of enterprises also need network management.
After the tangible assets, intangible assets and knowledge management of enterprises are networked and unified, the efficiency will be greatly improved, and the utilization rate of various machinery, equipment and manpower will also be improved; The formation of enterprise knowledge is the basis of enterprise cloning and replication.
2. Establish a networked management system
2. 1 Business and financial data networking
Information network is of great significance to network economy. It can be said that if there is no information network, there will be no network economy different from agricultural economy and industrial economy. According to the network scope and interconnection distance, the network can be divided into Internet, intranet and inter-enterprise network. Internet is a network system of global computer networks, which physically connects computers or computer networks distributed in different geographical locations and with different functions through various communication lines according to certain communication protocols. Intranet is a kind of local area network, which uses Internet technology to physically connect computers with different functions through various communication lines. In this network, all departments within the enterprise can enjoy programs and information, enhance cooperation among employees and simplify work processes.
The establishment of business event-driven information system is the beginning of network management, which refers to the organic combination of management process and economic business process by making full use of mature information technology achievements in the network economy environment. When an enterprise has an economic business (event), an employee of the relevant business department is responsible for inputting business information, and when the information enters the system, it is immediately stored in the designated database; At the same time, business events generate real-time vouchers through the management platform, which are displayed on all relevant account books and statements automatically or after being confirmed by management personnel, and no need for the second department or any other employees to re-enter. In this way, information is shared by all "authorized" personnel. Every business manager and accountant must open an information screen every day to manage and control related economic business, so as to respond to the changes of external and internal economic environment in real time and quickly; All managers make decisions based on unified and real-time information sources, which avoids the confusion of management decisions caused by different decision-making units or individuals making contradictory decisions due to different information sources. In this financial information system, most event data are stored in an original and unprocessed way, which realizes the simultaneous storage of financial information and non-financial information, and realizes the synchronous generation of logistics, capital flow and business data flow. Business vouchers, statements and other financial data originally compiled by accountants can be generated and output by computers in real time, which greatly reduces the repeated work of the financial department, improves work efficiency, and reduces errors at the same time, realizing "counting one door and enjoying information".
Driven by business events, after establishing business data and generating financial information, a management model base directly connected with the database can be established, and advanced management models, such as early warning model, forecasting model, decision-making model and financing model, can be established in the model base. For special information users, we can design some models that meet the needs of enterprises according to their own needs, such as setting up cost accounting models and inventory early warning models within enterprises according to their own needs to meet the needs of enterprises' own management. The data needed by these models can be directly extracted from the database.
2.2 Enterprise Resource Planning System
Under the network economy, the competition among enterprises is all-round competition, including not only the competition of internal management resources, but also the competition of external resources such as supply chain and customer resources. Therefore, under the network economy, it is an inevitable trend of enterprise management to establish an enterprise overall resource planning system so that enterprises can adapt to the changing market environment and be invincible. Enterprise resource planning system is no longer strange to people. Enterprise resource planning (ERP) is a set of enterprise management system standards put forward by Gartner, a famous American consulting company, in the mid-1990s, and it has been quickly recognized by management and academic circles, and gradually expanded. Enterprise resource planning system is actually the integration of advanced management ideas and information technology. It holds that enterprise resources include factory buildings, warehouses, materials, equipment, tools, capital, manpower, technology, reputation, customers, suppliers and other tangible and intangible assets available to enterprises. It emphasizes the comprehensive combination of people, finance, materials, production, supply and sales, comprehensive control, real-time feedback and dynamic coordination to solve customers. The enterprise resource planning system takes business as the center, regards the operation process of the enterprise as a close supply chain, fully coordinates the internal and external resources of the enterprise from suppliers to customers, integrates the overall information of the enterprise, and realizes the all-round competition of the enterprise.
3. Management system issues
No matter how good the management system is, it depends on people to participate. If the participant thinks that the system has nothing to do with him and the input is junk data, then the output is junk data, and the management system will not play its due role. This requires the personnel who develop the management system to make the system input data simply, accurately and without repetition. These should use automatic input equipment to collect data automatically as far as possible to reduce human error factors. Management system should be suitable for application and practice. In addition, the importance of leaders at all levels in enterprises is also an important factor in the success or failure of this management system.
Recommendation of papers on enterprise network management;
1. On enterprise network management papers
2. Selected model essays on network management papers
3. Network management papers
4. Technical papers on network management
5. Network management and maintenance papers
6. Talking about Modern Enterprise Management Papers
7. Talking about enterprise team management papers