1. Multiple choice
(1) The main functions of computer network security management do not include ().
A. Performance and configuration management functions B. Security and billing management functions
C. Fault management functions D. Network planning and management functions for network managers
(2) Network security management technology involves many aspects of network security technology and management, in a broad sense Seen from the scope of () is a means of secure network management.
A. Scanning and evaluation B. Firewall and intrusion detection system security equipment
C. Monitoring and auditing D. Firewall and anti-virus software
(3) Name service, transaction service, time service and security service are services provided by ().
A. Integrated application management technology for remote IT management B. APM network security management technology
C. CORBA network security management technology D. WeB-based network management mode
(4) Security-related events, such as enterprise guessing passwords, using unauthorized Authorized permissions to access and modify application software and system software belong to the security implementation ().
A. Safe storage of information and software B. Install an intrusion detection system and monitor
C. Install the latest patch software on the network system in time D. Start the system event log
(5) () The function is to enable users to poll and set keywords And monitor network events to achieve network management purposes, and has developed into a network management protocol standard for various networks and network equipment.
A. TCP/IP protocol B. Common management information protocol CMIS/CMIP
C. Simple network management protocol SNMP D. User data message protocol UDP
Answers: (1) D (2) B (3) C (4) D (5) ) C
2. Fill in the blanks
(1) OSI/RM security management includes ____, ____ and ____, and the management information processed by it is stored in
____ or ____.
(2) Network security management functions include various activities required by computer network ____, ____, ____, ____, etc. The functions of open system computer network management defined by ISO include ____, ____, ____
, ____, ____.
(3) ____ is an important part of the information security assurance system. It is built according to the idea of ____ to realize the information security strategy. Generally speaking, the protection system includes a three-layer protection structure of ____, ____ and ____.
(4) Network management is realized through ____, and the basic model consists of
three parts: ____, ____ and ____ .
(5) Among the components of the network management system, ____ is the most important and the most influential is that ____ and ____ represent two major network management solutions.
Answer: (1) System safety management, safety service management, safety mechanism management, data sheets, files
(2) Operation, processing, maintenance, service provision, fault management functions, configuration management functions, performance management functions, safety management functions, calculations Fee management function
(3) Information security management system, multi-layer protection, cognitive publicity and education, organizational management control, audit supervision
(4) Construction of network management system NMS, network management workstation, agent, management database
(5) Network management protocol, SNMP, CMIS/CMIP
3. Short answer questions
(1) Briefly describe the main functions of computer network security management and the relationship between the functions?
The International Organization for Standardization (ISO) defines the five major functions of open system computer network management in the ISO/IEC 7498-4 document: fault management, configuration management, performance management, security management, and billing management. It does not include functions such as network planning and management by network managers.
The above five different management functions can be represented by the three-dimensional management space shown in Figure 3-6, and different resources can be managed differently at different times. Various management functions are interrelated and restricted, and the output of one function can be used as the input of another function.
Figure 3-6 Network Security Management System
(2) What are the solutions for network management? How do they work?
1. Carry out comprehensive patch management
Because some of the most sensitive data is often placed on non-Microsoft systems, such as Linux, UNIX or Macintosh systems. Therefore, it is necessary to adopt a comprehensive patch management solution that provides comprehensive visibility of the network and covers all operating systems and products of all manufacturers, not just Microsoft products.
2. Employee safety training
to improve the level of safety of the employees are familiar with through mandatory training. Training through online courses every month is a good way to remind employees that safety is everyone’s responsibility. Choose a training plan that can provide the latest courses to ensure that users understand the policies and procedures and provide reports to management.
3. Adopt a host-based intrusion prevention system.
Threats now use encryption, packet segmentation, packet overlap, and encoding to bypass network intrusion detection systems. Consider using a host-based intrusion prevention system because it can detect your system for abnormal behavior, attempts to install applications, user privilege escalation, and other abnormal events.
4. Conduct network, operating system, and application layer testing.
Most organizations conduct basic external network and operating system security vulnerability testing. This kind of test can find many security vulnerabilities exposed to the Internet. Testing at the application level is very important because these attacks are becoming increasingly popular, and if they can be detected early, they can reduce the exposure of security vulnerabilities.
5. Apply URL filtering
. Organizations that still allow employees to browse the Internet freely should understand and face the risks of allowing it. In addition to potential legal and reputation concerns, free web browsing opens a large window for malicious attacks. A better alternative is to pre-manage the sites that employees are allowed to visit, restrict these sites to a safe range, and allow access to the sites of reputable web publishers.
6. Centralize desktop computer protection
Desktop antivirus software has become a standard for most computers. This is good news. However, if you manage these systems separately, you may have unprotected systems and expose security vulnerabilities. Ensure centralized management and reporting.
7. Enforcement of policy management system
For some organizations, policy management means the enforcement of complex passwords that change regularly. For other organizations, policy management is to let "administrators" control restricted access at workstations. Still others believe that policy management is a way to report anti-virus updates, patch levels, and operating system service pack levels. To implement a powerful policy management system that includes at least all of the above.
8. Adopt information delivery management solutions.
Since employees of enterprises and public institutions often contact sensitive data and send e-mails, organizations may leak sensitive data every day. The information delivery management solution should restrict sensitive data to the internal network. The first step to be taken should be the filtering solution of the email intranet. This solution can monitor and filter all sensitive data sent through the simple mail transfer protocol. .
(3) What are the technologies for network security management?
- Concept of
network security management technology Network security management technology is a technology that realizes network security management and maintenance. It needs to use a variety of network security technologies and equipment to manage and maintain the network system safely, reasonably, effectively and efficiently.
Network security management technology generally needs to implement a strategy and management protocol based on multi-level security protection, and apply security technologies such as network access control, intrusion detection, virus detection, and network traffic management to the intranet for unified management and control. Security technologies complement each other and cooperate with each other to detect and control network behaviors to form a distributed security protection system structure with centralized management of security policies and distributed security inspection mechanisms to realize security protection and management of the intranet.
Monitoring and auditing are technologies closely related to network management. Monitoring and auditing provide a basis for post-processing by recording suspicious and harmful information or behaviors in the network communication process, thereby forming a strong deterrent to hackers and ultimately achieving the goal of improving the overall network security. - New network management technology
At present, the network is developing towards intelligence, integration, and standardization. New changes are also taking place in network management technology, and new network management concepts and technologies are constantly emerging.
(1) Web-based network management mode (Web-Based Management, WBM)
(2) Integrated application of remote IT management
(3) CORBA network security management technology (Common Object Request Proxy Architecture, CORBA)
(4) What is the composition of the logical model of the network management system and the content of each component?
Modern computer network management system (Network Management System, abbreviated as NMS) is mainly composed of the following parts:
Multiple managed agents and managed objects (Managed Object)
Network manager (Network Manager ) used to perform specific management tasks Management)
Public Network Management Protocol (Network Manager Protocol, abbreviated as NMP)
System Management Application Programme (System Management Application Programme, SMAP for short)
Management Information Base (MIB).
(5) Briefly describe the principles and system requirements of safety management?
- Principles of Security Management
In order to ensure the security of network systems, security management must adhere to the following principles:
(1) Principle of multi-person responsibility
(2) Principle of limited tenure
(3) Principle of separation of duties
(4) Strict operating procedures
(5) System security monitoring and auditing System
(6) Establish and improve system maintenance system
(7) Improve emergency measures - Improve safety management institutions and systems.
Safety management systems include personnel resource management, asset and property management, education and training, qualification certification, personnel appraisal systems, dynamic operating mechanisms, daily work specifications, and post responsibility systems.
The establishment and improvement of network security management institutions and various rules and regulations requires the following aspects:
(1) Improving the management institutions and post responsibility system
(2) Improving security management rules and regulations
(3) Adhere to the cooperation and exchange system
(6) What is the network information security policy? What are the specific contents included?
-
Information security management policy
Information security management policy is a set of top guiding principles including regulations and conventions for information security of enterprises and institutions from management to information security. It is formulated for organization management, protection, and information resource allocation under the information security strategy. in principle.
The information security management policy is the highest-level statement in the information security policy and standard system, providing a broader leadership direction and explaining the goals and objectives of the management.
Information security management policies are usually issued in the form of general information security management policies. On the basis of the information security strategy, the organization's information security management structure, various goals and detailed principles are determined. -
Information security functional policy The
information security functional policy is a statement of more specific matters. It is a policy established for a specific management requirement under the information security management policy.
Clear regulations are given for the specific needs of management, including:
(1) Information security risk management
(2) Information security awareness
(3) Information security organization
(4) Information security audit
(5) Information security laws and regulations compliance
(7) What are the network security strategies? How to realize the host network security protection function?
Network security strategies are:
- Safe storage of important business information and software.
2) Install the latest patch software to the network system in time.
3) Install intrusion detection system and implement monitoring.
4) Start the system event log.
How to realize the host network security protection function?
Host network security technology is adopted. Host network security technology is a security technology for active defense. It combines network characteristics of network access and operating system characteristics to set security policies. Users can set up security policies according to the visitor of the network access and the time and location of the access And behavior to decide whether to allow access to continue, so that the same user has different permissions in different places, so as to ensure that the permissions of legitimate users are not illegally invaded. The elements considered by the host network security technology include network characteristics such as IP address, port number, protocol, and MAC address, and operating system characteristics such as users, resource permissions, and access time. Through comprehensive consideration of these characteristics, the detailed network access of users can be achieved. Granularity control.
Unlike network security that uses security firewalls, security routers, and other technical means outside the protected host, the technical means used for host network security are usually implemented in the protected host, and generally in the form of software. Because only the software running on the protected host can simultaneously obtain the network characteristics of external access and the operating system characteristics of the accessed resources.
The most widely used products of this type are the shareware TCP Wrapper developed by Wietse Venema. TCP Wrapper is a tool for monitoring and filtering incoming network service requests. It can intercept network service requests such as Systat, Finger, FTP, Telnet, Rlogin, RSH, Exec, TFTP, Talk, etc., and according to the services set by the system administrator Access policy to prohibit or allow service requests.
The host network security system is to solve the contradiction between host security and access convenience, and comprehensively consider the network characteristics and operating system characteristics of the user's access. Therefore, such a system must be built on the protected host, and It runs through the application layer, transport layer, and network layer in the network architecture. In different levels, different security strategies can be implemented.
More complex designs can achieve more security functions in more layers. The following is a feasible structural model of the host network security system based on the previous assumptions, as shown in the figure.
