The rapid development and wide application of Internet technology have had a greater and greater impact on human life and production. The construction of enterprise information network has strengthened the competitiveness of enterprises, and all major enterprises or units are communicating with users and other related industry systems through the network, providing various online information services such as e-commerce and online banking. At the same time, it also brings new risks under high technology. The insecurity of computer system itself, man-made attacks and destruction, and the imperfection of computer security management system all lurk many security risks, which may seriously lead to information loss or computer system paralysis, resulting in huge economic losses and bad social impact. Therefore, it is extremely important to strengthen the construction of network system security system and ensure its normal operation.
The following analyzes the network information security and prevention of enterprises from three angles: local security, transmission security and management security.
First, local security policy.
1. Local security
Mainly including operating system and software security, data storage security.
1. 1 operating system and software security
Operating system is the most important system software of computer, which controls and manages the software and hardware resources of computer system and is the command center of computer. At present, the operating systems commonly used in network systems are Unix and Windows. These systems have been in existence for many years, which can be said to be relatively safe and rigorous, but they are not impeccable. The mixed virus spread by e-mail, Trojan horse and file * * * is becoming more and more serious, and thousands of computers are infected. The most influential "cover letter" virus has the highest infection rate in six months, and the "shock wave" virus has also made countless computer users miserable.
1.2 data storage security
The diversity of computer networks, the uneven distribution of terminals, and the openness and interconnection of the networks make the computer systems connected to the networks vulnerable to the invasion and attacks by hackers, malicious software and illegal authorization, and the data stored in the information systems are exposed completely, which seriously threatens the security and confidentiality of users' information resources. In particular, the rise of e-commerce and the opening of online banking involve the storage and transmission of a large number of sensitive data of related enterprises, and its security is particularly important. How to protect these important data from infringement and improve the security of computer system is a problem that we must consider and solve.
2. Local security strategy
2. 1 Upgrade the operating system in time: Because there are security holes in the operating system, malicious attackers can attack computers and even spread viruses through these holes, so every user should update and upgrade the security patch in time.
2.2 Install and upgrade antivirus software in time: It is necessary and practical to install antivirus software. Deploy a unified anti-virus strategy in the enterprise, collectively prevent viruses, install anti-virus software, conduct enterprise-wide virus inspection and anti-virus, and respond to virus intrusion efficiently and timely.
2.3 Data encryption: Each operating system and application software has its own characteristics, such as user rights, account and password settings, file system, * * access settings, file encryption, etc. Users can improve system settings from multiple angles.
(1) local file encryption technology
The purpose of local file encryption technology is to prevent data loss in storage, which can be divided into ciphertext storage and access control. The former is generally realized by encryption conversion, additional password, encryption module and other methods, which can encrypt and digitally sign files spread on the network, or encrypt files on the local hard disk to prevent illegal access. The latter is to review and restrict users' qualifications and rights to prevent illegal users from accessing data or legal users from accessing data beyond their authority. This technology is mainly used in NT system and some network operating systems. In these systems, users of different working groups can be given corresponding rights to protect important data from illegal access.
(2) Data integrity detection technology
The purpose is to verify the identity of the personnel involved in the transmission, access and processing of information and related data content, so as to meet the confidentiality requirements, generally including the identification of passwords, keys, identities, data and other items. By comparing and verifying whether the eigenvalues input by the object conform to the preset parameters, the system realizes data security protection. This authentication technology is mainly used in large-scale database management systems, because the data of a company is usually the lifeblood of the company, so it is very important to protect the security of the company's database.
Second, the transmission security prevention strategy
1. transport security
This refers to physical safety, such as line safety, which not only ensures the normal connection of the line, but also considers whether it is monitored or not. Network interruptions caused by line connection failures also occur frequently, resulting in serious losses. However, directly or indirectly intercepting specific data packets on the network and analyzing them to obtain the required information, you can also obtain some confidential files or business secret information, and you can also illegally obtain passwords, intercept and modify specific data packets on the network, and destroy the integrity of the target data. The losses caused by this are hidden and worse in nature, so these aspects should be considered when setting up the network.
2. Transmission security prevention strategy
2. 1 Suppression and prevention of electromagnetic leakage (TEMPEST technology)
This is a major problem of transmission security strategy. At present, there are two main protective measures: one is the protection of conducted emission, which is mainly to add filters with good performance in power lines and signal lines to reduce transmission impedance and cross coupling between wires. The other is radiation protection, which is divided into the following two types: one is to adopt various electromagnetic shielding measures, such as shielding equipment and various connectors, to shield and isolate the sewer pipes, heating pipes, metal doors and windows of the computer room; The second is interference protection measures, that is, when the computer system is working, using the interference device to generate a pseudo noise related to the radiation of the computer system to radiate into space to cover up the working frequency and information characteristics of the computer system.
2.2 Information encryption technology
The purpose is to encrypt the data stream in transmission to prevent it from being eavesdropped, leaked, tampered with and destroyed on the communication line. According to the communication level of encryption, encryption can be realized at three different communication levels, namely, link encryption (encryption below the network layer), node encryption and end-to-end encryption (encryption before transmission and encryption above the network layer). Encryption technology can be divided into symmetric encryption and asymmetric encryption.
(1) symmetric encryption technology
In symmetric encryption technology, the same key (usually called "session key") is used to encrypt and decrypt information. This encryption method can simplify the encryption process, and both sides of information exchange do not need to study and exchange special encryption algorithms with each other.
(2) Asymmetric encryption technology
In an asymmetric encryption system, the key is decomposed into a pair (that is, a public key and a private key). The public key is used for encryption and the private key is used for decryption. The private key can only be held by the switch that generated it. The public key can be widely distributed, but it only corresponds to the exchanger who generates the key. Asymmetric encryption can establish secure communication without exchanging keys in advance, and is widely used in information exchange fields such as identity authentication and digital signature.
2.3 Information Integrity Identification Technology
For dynamically transmitted information, many protocols mainly ensure information integrity by receiving errors, retransmitting and discarding subsequent packets. However, hacker attacks can change the contents of data packets, so effective measures should be taken to control the integrity. Data integrity identification technology mainly includes message authentication, checksum and message integrity coding.
2.4 Denial of defense technology
Including the proof of both the source and the destination, the common method is digital signature, and a certain data exchange protocol is adopted, so that both parties can meet two conditions: the receiver can identify the identity claimed by the sender, and the sender cannot deny the fact that he sent the data in the future.
2.5 firewall technology
"Firewall" is a figurative term. In fact, it is a combination of computer hardware and software, which establishes a security gateway between the Internet and the intranet, thus protecting the intranet from illegal users. In fact, it is a barrier that separates the Internet from the intranet.
In terms of implementation, firewalls are divided into hardware firewalls and software firewalls. Generally speaking, a hardware firewall is a hardware firewall. By combining hardware and software, the internal and external networks can be isolated. The effect is good, but the price is more expensive. Software firewall is realized by pure software, which is very cheap, but this firewall can only achieve the purpose of restricting some illegal users from accessing the intranet through certain rules.
2.6 Simple wireless network security
On the surface, wireless network can be said to be a completely open network, so the security measures of conventional network may not be applicable to wireless network. Therefore, we apply wired equivalent privacy (WEP), Bluetooth technology and WAP 2.0 (Wireless Application Protocol) to solve the security problem of wireless network.
WEP (Wired Equivalent Privacy) protocol in IEEE802. 1 1 standard is the most basic wireless security encryption measure in IEEE 802.1/b protocol, and its main uses include providing access control to prevent unauthorized users from accessing the network; Encrypt data to prevent it from being eavesdropped by attackers; Prevent data from being maliciously modified or forged by attackers in the middle.
Bluetooth technology is oriented to the small-scale connection between mobile devices, which is essentially a technology to replace cables. Bluetooth system adopts authentication and encryption technology to ensure the security of data transmission between mobile devices and the security of communication units.
WAP protocol defines the standard way for mobile communication terminals to connect to the Internet. WAP2.0 adopts WTLS and WIM (wireless identity module technology), which enables it to provide a perfect and effective end-to-end security mechanism while supporting various security measures such as anonymous access, client authentication and server authentication, secure session control and digital signature. WAP is a relatively safe wireless fidelity.
Third, the management of security policy.
In addition to taking the above security technical measures, strengthening the security management of the network and formulating relevant rules and regulations will play a very effective role in ensuring the safe and reliable operation of the network.
The strongest fortress always breaks through from the inside first. No matter how secure the network is, whether intentionally or unintentionally, insiders will turn these huge investments into bubbles, such as leaking internal information at will and not paying attention to protecting their accounts. Therefore, the key departments of many companies have taken strict measures to physically isolate the internal network from the external network, so that ordinary employees can't log in to the external network at all; In addition, some companies use to save employees' online records or e-mails, which is also a security measure, but it is controversial at present and will be considered as suspected of invading privacy.
The effective way to solve the problem is to establish a strict management system and determine the level and scope of safety management; Formulate relevant network operation and use regulations and computer room management system; Formulate the maintenance system and emergency measures of the network system. Specifically, it includes the establishment of regulations on the use and management of computer systems in business departments, and regulations on the management of computer passwords for department heads and business operators; Prohibit public and public passwords; Establish and improve the backup system; In information management, many people are responsible, the term of office is limited, and the responsibilities are separated. It should be implemented, and the rules and regulations formulated should be implemented by special personnel to fundamentally eliminate internal security risks. At the same time, we should pay attention to strengthening the ideological education and safety awareness education of employees, so as to enhance the education of moral and legal concepts, improve the quality of employees and improve their safety awareness and ability.
Concluding remarks
Computer network has increasingly become an indispensable means of information exchange, which has penetrated into all fields of social life and production, and the prevention of network information security has become a prominent problem. Therefore, it is very important to recognize the vulnerability and potential threats of the network, and ensure the integrity and correctness of information and the integrity and real-time security of the network with strict confidentiality policy, clear security strategy and high-quality network managers. Network security is a complex system engineering, which requires not only the development of technology, but also manual security management. Only by combining the two aspects closely can we achieve good security effects and provide powerful security services for the network.
See this website: /ml/itsj/200506- 1.htm for details.