- Author|Zhang Nina
- Source|DOIT
- Release time|2021-02-02
In May 2019, national standards related to Level Protection 2.0, such as the "Basic Requirements for Information Security Technology Network Security Level Protection", "Information Security Technology Network Security Level Protection Evaluation Requirements", "Information Security Technology Network Security Level Protection Security Design Technical Requirements" and other national standards The official release indicates that the revision and improvement of the graded protection standard system that has lasted for many years has been basically completed, and that my country's network security graded protection work will officially enter the "2.0 era". "Level Protection 2.0" has also become the "nirvana" of network epidemic prevention in a true sense.
Nirvana one: "two defenses". "
Intrusion prevention equipment". It has the functions of in-depth detection, real-time detection, active defense, anti-denial of service, etc., supports attack behavior recording, and supports anti-denial services such as traffic detection and cleaning, traffic traction, and injection back.
"Antivirus Gateway Device". With functions such as virus filtering, content filtering, anti-spam, etc., it supports anti-virus, file-based anti-virus, virus scanning of common protocol ports, virus filtering of IPv4 and IPv6 dual protocol stacks, virus isolation, etc.
Nirvana Two: "Two Walls". "
"Network firewalls" generally have functions such as access control, intrusion prevention, virus defense, application identification load balancing, traffic control, etc., and support access control types such as area access, session access, information content filtering access, and application identification access control.
"Database firewall" generally has functions such as database audit, access control, access inspection and filtering, database service discovery, sensitive data discovery, database status and performance monitoring, database administrator privilege management and control, and supports bridging, network and hybrid access methods, based on The access control strategy marked by the security level and the dual-machine device function ensure continuous service capability.
Nirvana Three: "Two Management". "
Internet behavior management" has functions such as Internet user, browsing, outgoing, application, traffic management, Internet behavior analysis, Internet privacy protection, risk centralized warning, etc. It supports IP, MAC identification methods, user, password authentication methods and other Internet personnel identity management It supports operations such as keyword identification, recording, and blocking of content sent out by mainstream instant messaging software.
"Unified Security Management" is an information system for the monitoring, analysis and management of various network security events of the unit, with asset management, asset risk management, network security event collection, network security event analysis, network security event analysis model, real-time security monitoring, Visualization of analysis results, security operation and maintenance decision-making, and disposal services. Visualized results display methods based on data analysis models, supporting tables, radar charts, topological charts, and heat maps.
Nirvana Four: "Three Audits". "
"Host security audit" supports the audit of important events in the system, such as user behavior, abnormal use of system resources, and the use of system commands. It also supports recording the date, event, type, subject identification, object identification, and result of the event.
"Database Audit" has functions such as query, protection, backup, analysis, audit, real-time monitoring, risk warning and operation process playback of database audit operation records, and supports monitoring center quotation, SMS alarm, email alarm and other alarm methods.
"Operation and maintenance audit" has functions such as resource authorization, operation and maintenance monitoring, operation and maintenance operation audit, audit report, real-time alarm and blocking of illegal operations, session audit and playback, etc., and supports based on user, operation and maintenance protocol, target host, and operation and maintenance time Combinations of authorization strategies such as segments, support real-time monitoring information items such as operation and maintenance users, operation and maintenance client addresses, resource addresses, and protocols.
