1. Multiple choice questions
(1) In designing a network security solution, the system is the foundation, ( ) is the core, and management is the guarantee.
A. System administrator B. Security policy
C. People D. Leaders
(2) The authorized entity can access the data when needed, that is, the attacker cannot occupy all the resources and hinder the author's work. The above is the goal of ( ) to achieve the security scheme.
A. Auditability B. Controllability
C. Confidentiality D. Availability
(3) When designing and writing the network scheme, ( ) is the biggest difference between the network security scheme and other projects.
A. Relativity of network schemes B. Dynamic nature of network schemes
C. Integrity of network scheme D. Authenticity of network scheme
(4) When a problem occurs in a certain part of the system, it does not affect the normal operation of the enterprise information system, which is a requirement in the network scheme design ( ).
A. Controllability and manageability B. Sustainability
C. Availability of the system D. Security and legality
(5) In the analysis of network security requirements, the security system must have ( ) to adapt to changes in network scale.
A. Scalability B. Security system
C. Ease of management D. Openness
answer:
(1)C (2)D (3)B (4)C (5)A
2. Fill in the blank
(1) High-quality network security solutions are mainly reflected in three aspects: , , and , among which are the foundation, the core, and the guarantee.
(1) Security technology Security policy Security management Security technology Security policy Security management
(2) The security principles of the network system are embodied in five aspects of , , , and .
(2) Dynamics, uniqueness, integrity, professionalism, rigor
(3) It is one of the important measures to identify and prevent network attacks and track down network leaks.
(3) Security Audit
(4) In the network security design scheme, only sum , but cannot be achieved .
(4) Avoid risks Eliminate the root causes of risks Completely eliminate risks
(5) There are five types of commonly used security products: , , , and .
(5) Firewall, antivirus, identity authentication, transmission encryption, intrusion detection
answer:
(1) Security technology Security policy Security management Security technology Security policy Security management
(2) Dynamics, uniqueness, integrity, professionalism, rigor
(3) Security Audit
(4) Avoid risks Eliminate the root causes of risks Completely eliminate risks
(5) Firewall, antivirus, identity authentication, transmission encryption, intrusion detection
3. Short answer questions
( 1 ) What are the main contents of the network security plan?
The framework (content) of the security solution can be summarized into six aspects, which can be properly selected and adjusted according to the actual needs of enterprises and users in practical applications.
1. Summary analysis of security risks
2. Actual security risk analysis
Usually, the actual security risk can be analyzed from four aspects:
(1) Network risk analysis
(2) System risk analysis
(3) Application security analysis
(4) Security analysis of systems and applications
3. Security principles of network systems
The security principles of the network system are mainly reflected in five aspects: dynamics, uniqueness, integrity, professionalism and rigor.
4. Main security technology
There are five commonly used security products and security technologies: firewall, antivirus, identity authentication, transmission encryption, and intrusion detection.
5. Risk assessment
6. Safety management and service
(1) Network topology security
(2) System security hardening
(3) Application Security
(4) Disaster recovery
(5) Emergency response
(6) Safety management regulations
(7) Service system and training system
( 2 ) What are the goals and design principles of network security?
1. Goals of the Security Program
The goal of applying network security technology to design network security solutions:
(1) Security protection of local area networks of various departments and units
(2) Security protection connected to the Internet
(3) Encrypted transmission and storage of key information
(4) Security of application business system
(5) Safety net monitoring and auditing
(6) Ultimate goals: confidentiality, integrity, availability, controllability and auditability
Specifically, it mainly includes the following three aspects: access control, data encryption, and security audit
2. Network security scheme design principles
(1) Strive to improve the security and confidentiality of the system;
(2) Maintain the original performance characteristics of the network, and have good transparency to the network protocol and transmission;
(3) It is easy to operate, maintain, and facilitate automatic management without increasing or increasing additional operations;
(4) Try not to affect the original network topology, while facilitating the expansion of the system and system functions;
(5) The security and confidentiality system has a good performance-price ratio, one-time investment, and can be used for a long time;
(6) The security and encryption products are legal and have been approved or certified by the relevant national management department;
(7) Implement step by step. For a comprehensive network security solution, several stages are required for step-by-step implementation, stage-by-stage acceptance, and overall quality assurance.
( 3 ) What are the quality standards for evaluating network security solutions?
(1) Exact uniqueness is one of the most important criteria for evaluating security solutions. The requirements for each specific index should be exact and unique, and not ambiguous, so as to be implemented according to actual needs.
(2) Comprehensively grasp and understand the security technology and security risks in reality, and have a certain degree of foresight.
(3) For the security risks and security threats that the user's network system may encounter, combined with the existing security technology and security risks, a specific, appropriate, practical and accurate assessment result and suggestion should be given.
(4) Aiming at the system security issues of enterprise and institutional users, use advanced security products, security technologies and management methods to reduce the risks and threats that users' network systems may encounter, eliminate risks and hidden dangers, and enhance the ability to prevent security risks and threats.
(5) Effectively reflect the service support for users.
(6) During the entire design process, it should be clear that network system security is a dynamic, holistic, and professional project that needs to be implemented step by step and cannot completely solve all security problems of users in one step.
(7) Organize and implement with the idea and method of network security engineering.
(8) The safety products, safety technologies and specific safety measures adopted in the specific plan shall all be able to withstand verification, scrutiny and demonstration and implementation, and shall have actual theoretical basis and basis.
( 4 ) Briefly describe the demand analysis of the network security scheme?
Key Points of Network Security Requirements Analysis
(1) Key Points of Needs Analysis Needs
analysis must focus on the following six aspects:
1) Security system
2) Reliability
3) Security
4) Openness
5) Scalability
6) Easy to manage
(2) Demand analysis case
1) Preliminary analysis
2) Security requirements analysis
● Physical layer security requirements
● Network layer security requirements
● System layer security requirements
● Application layer security requirements
● Management Security Requirements
( 5 ) What is included in the network security program framework? What should I pay attention to when writing?
The framework (content) of the security solution can be summarized into six aspects, which can be properly selected and adjusted according to the actual needs of enterprises and users in practical applications.
1. Summary analysis of security risks
2. Actual security risk analysis
Usually, the actual security risk can be analyzed from four aspects:
(1) Network risk analysis
(2) System risk analysis
(3) Application security analysis
(4) Security analysis of systems and applications
3. Security principles of network systems
The security principles of the network system are mainly reflected in five aspects: dynamics, uniqueness, integrity, professionalism and rigor.
4. Main security technology
There are five commonly used security products and security technologies: firewall, antivirus, identity authentication, transmission encryption, and intrusion detection.
5. Risk assessment
6. Safety management and service
(1) Network topology security
(2) System security hardening
(3) Application Security
(4) Disaster recovery
(5) Emergency response
(6) Safety management regulations
(7) Service system and training system
Note when writing:
(1) Dynamic nature of network security solutions
Dynamic security means that when designing a security solution, not only the current status of enterprise network security, but also the needs of future business applications and system changes, updates and upgrades must be considered, which is the biggest difference from other projects.
(2) Relativity of network security
In the plan, users should be told that only risks can be avoided, the root causes of risks can be eliminated, and hidden dangers and losses caused by risks can be reduced, but risks cannot be completely eliminated.
( 6 ) What are the specific solutions for network security?
Specific security solutions mainly include:
(1) Physical Security Solutions
It mainly includes 3 aspects:
1) Environmental Security 2) Equipment Security 3) Media Security
Four measures should be taken in terms of physical security:
1) Product Assurance 2) Operational Safety
3) Anti-electromagnetic radiation 4) Security
(2) Link security solution
(3) Network Security Solutions
(4) Information security solutions