Most security problems are deliberately caused by malicious people in order to gain some benefits or hurt some people. It can be seen that ensuring network security is not only to avoid programming errors. Including those who are smart, usually cunning, professional and rich in time and money. At the same time, we must be soberly aware that the methods that can stop the enemies who have done damage unintentionally have little effect on the veterans who are used to crime.
Network security can be roughly divided into four intertwined parts: confidentiality, authentication, rejection prevention and integrity control. Confidentiality is to protect information from unauthorized access, which is the most common content when people refer to network security. Authentication mainly refers to confirming the identity of the other party before revealing sensitive information or conducting transactions. Denial is mainly related to signature. Privacy and integrity are achieved by using registered mail and file locks. 2 Program objectives This program mainly considers from the network level, and designs the network system as a secure network that supports users or user groups at all levels. The network not only ensures the internal network security of the system, but also realizes the secure interconnection with the Internet or other domestic networks. This scheme can ensure network security and meet the needs of various users, such as the privacy of personal calls and the security of enterprise client computer systems. The database will not be illegally accessed and destroyed, and the system will not be invaded by viruses. At the same time, it can also prevent harmful information such as reactionary obscenity from spreading on the Internet.
What needs to be clear is that security technology can't put an end to all the intrusions and damages to the network, and its function is only to prevent as much as possible and reduce losses as much as possible after the intrusions and damages occur. Specifically, the main functions of network security technology are as follows:
1. Take multi-layer defense measures to minimize the probability of being invaded and destroyed;
2. Provide means to quickly detect illegal use and illegal initial entry points, and check and track the activities of intruders;
3. Provide methods to recover damaged data and systems and minimize losses;
4. Provide methods to detect intruders.
Network security technology is the basis of security management. In recent years, network security technology has developed rapidly, which has produced very rich theoretical and practical content. 3 Security Requirements Through the risk analysis of the network system and the security problems that need to be solved, we need to formulate reasonable security policies and security schemes to ensure the confidentiality, integrity, availability, controllability and auditability of the network system. That is to say,
Availability: Authorized entities can access data.
Confidentiality: Information will not be exposed to unauthorized entities or processes.
Integrity: ensure that data will not be modified without authorization.
Controllability: control the information flow and operation mode within the scope of authorization.
Auditability: provide basis and means for security problems.
Access control: the internal network needs to be isolated from the external untrusted network through a firewall, and the internal network and the hosts that exchange data with the external network and the exchanged data should be strictly controlled. Similarly, for internal networks, due to different application services and different security levels, firewalls are also needed to isolate different local area networks or network segments to achieve mutual access control.
Data encryption: Data encryption is an effective means to prevent illegal stealing and tampering with information during data transmission and storage.
Security audit is one of the important means to identify and prevent network attacks and track network vulnerabilities. Specifically, it includes two aspects: first, it adopts network monitoring and intrusion prevention system to identify various illegal operations and attacks on the network, and immediately respond (such as alarm) and block them; Second, the audit of information content can prevent illegal disclosure of internal confidential or sensitive information. 4 Risk analysis Network security is the premise of the normal operation of the network. Network security is not only a single point security, but the security of the whole information network, which needs three-dimensional protection from the aspects of physics, network, system, application and management. To know how to protect, you first need to know where the security risks come from. Network security system must include technology and management, covering various risk categories of physical layer, system layer, network layer, application layer and management layer. No matter which level of security measures are not in place, there will be great security risks, which may cause network interruption. According to the network structure and application of domestic network system, this paper makes a comprehensive analysis from the aspects of network security, system security, application security and management security.
Risk analysis is an important function that network security technology needs to provide. It should continuously detect messages and events in the network, and analyze the risk of intrusion and destruction of the system. Risk analysis must include all relevant components in the network. 5 solutions 5. 1 design principles
In view of the actual situation of the network system, it is urgent to solve the network security problem. Considering the technical difficulties and funds, the design should follow the following ideas:
1. greatly improve the system.