Although it is impossible for anyone to design an absolutely secure network system, if some reasonable principles are followed at the beginning of the design, the security of the corresponding network system will be more guaranteed. The lesson of the first generation of the Internet has taught us: it is quite dangerous to passively pin security measures on the idea of “patching” after the fact without comprehensive consideration in design! From an engineering perspective, information system management engineers should at least observe the following security design principles when designing network systems:
Principle 1: "Barrel Principle", that is, to protect information in a balanced and comprehensive manner.
"The maximum volume of the barrel depends on the shortest piece of wood." The attacker must attack in the weakest place in the system. Therefore, fully, comprehensively and completely analyzing, evaluating and detecting system security vulnerabilities and security threats (including simulated attacks) is a necessary prerequisite for designing an information security system. The primary purpose of security mechanism and security service design is to prevent the most commonly used attack methods;根本目标是提高整个系统的“安全最低点”的安全性能。
Principle 2: "integrity 安全防护、监测和应急恢复principle", .
There is no one-hundred percent information security. Therefore, it is required to restore network services as quickly as possible to reduce losses when the network is attacked or destroyed. Therefore, the information security system should include three mechanisms: security protection mechanism; security monitoring mechanism; security recovery mechanism. The security protection mechanism is to take corresponding protective measures based on the various security vulnerabilities and security threats in the specific system to avoid illegal attacks; the security monitoring mechanism is to monitor the operation of the system and detect and stop various attacks on the system in time; The security recovery mechanism is to carry out emergency treatment and recover information as much as possible in a timely manner when the security protection mechanism fails to reduce the damage of the attack.
Principle 3: "effectiveness and 不能影响系统的正常运行和合法操作practicality", .
On the basis of ensuring security, how to reduce or apportion the amount of calculations for security processing, reduce user memory, storage work, and the amount of storage and calculations of the security server, should be a problem that information security designers mainly solve.
Principle 4: The principle of "safety evaluation", that is, practical safety is closely related to user needs and application environment.
To evaluate whether the system is safe, there is no absolute judgment standard and measurement index. It can only be determined by the user needs of the system and the specific application environment. For example, 1) The scale and scope of the system (for example, local small and medium-sized networks and nationwide Large-scale networks have different requirements for information security; 2) The nature of the system and the importance of information (for example, commercial information networks, electronic financial communication networks, administrative document management systems, etc.) Also vary). In addition, specific users will put forward certain requirements based on actual applications, such as emphasizing real-time computing or emphasizing information integrity and authenticity.
Principle 5: "hierarchical", that 安全层次和安全级别is, .
A good information security system must be 分为不同级别, including: classification of information confidentiality (top secret, confidential, secret, general secret); classification of user operation permissions (for individuals and for groups), and classification of network security (safe subnets) And security area), the classification of the system implementation structure (application layer, network layer, link layer, etc.), so 针对不同级别的安全对象,提供全面的、可选的安全算法和安全体制as to meet the various actual needs of different layers in the network.
Principle 6: "Dynamic" principle, that is, introduce as many variables as possible into the entire system and have good scalability.
The shorter the lifetime of the protected information and the more variable factors, the higher the security performance of the system. The security system must retain a certain degree of redundancy for network upgrades, and introduce as many variables as possible into the entire system.
Principle 7: design-oriented principles, 安全系统的设计应与网络设计相结合namely, .
Consider the design of the security system in the overall design of the network, and the two are combined into one. Avoid dismantling the eastern wall to make up the western wall due to ill-consideration, which will not only cause huge economic losses, but also cause irreparable losses to the country, the collective and the individual. Since the security issue is a very complex issue, it is necessary to work together to do a good design in order to ensure security.
Principle 8: The principle of autonomy and controllability.
Security issues are related to the sovereignty and security of a country, so network security cannot depend on foreign countries and must be resolved 网络安全的自主权和自控权问题.
Principle 9: The principle of division of authority, mutual restriction, and minimization.
In many systems, there is a system super user or system administrator who has the right to access and allocate all resources of the system, so its safety is very important. If it is not restricted, it may be due to the malicious behavior and password of the super user. Leakage, accidental destruction, etc. cause immeasurable loss and damage to the system. Therefore, it is necessary to restrict the authority of the system super user and realize the principle of minimizing authority. The management authority is crossed, and there are several management users to dynamically control the management of the system to realize mutual restriction. For non-administrative users, that is, ordinary users, they are 实现权限最小原则not allowed to perform unauthorized operations.
Principle 10: The principle of focusing on what is needed.
It must be considered when considering solutions to security problems 性能价格的平衡, and different network systems require different security priorities. It must be targeted, analyze specific issues in detail, and spend limited funds on the blade.