Network Security Implementation

Language 2023-07-15 16:14:25 views: null

Network Security Implementation

1. In-depth understanding of existing network resources

Network security is the same as software. The first step in network security is to sort out the model, hardware version, software version, and patch status of all devices currently running on the network. Complete and perfect work on existing switches, routers, servers and other equipment in existing resources.

1.1 Basic network security deployment of network switching and routing equipment

Security authentication management checks for logins

Enable ACL to block known viruses (shock wave, oscillation wave) and other ports

Access control between vlans (do a good job of access control between departments)

Restrict the management of equipment (such as only allowing network management machines to manage network equipment)

Check for SNMP security vulnerabilities (many devices support SNMP by default, which will bring many security risks to the network)

System log settings (many devices have few standard configuration system logs, which need to be tuned)

Whether the system time is consistent (keeping the time consistent is helpful for troubleshooting, it is recommended to build an ntp server)

Enable DDOS attack prevention on switches and routers

1.2 Basic security deployment for servers

Install OS patches

Security hardening of the system (many default server configurations are insecure)

Harden the vulnerabilities of the application system

shut down services that don't have

Antivirus software deployment

Install firewall software if possible

For some security hardening and application system vulnerability hardening, if you don’t know how to do it, you need to use some vulnerability scanning equipment to assist.

2. Manage the network by region

The network is managed in different regions, and the key protection objects need to be included in the daily security protection focus, so as to avoid serious security accidents. The network can be divided into the following areas to treat:

Intranet area

★Financial area

★Medical area

★Development area

server area

DMZ area

Extranet area

★Internet zone

★VPN dial-in zone

★Dedicated line access area

border network area

user terminal area

For a general network, it can be divided into internal network area, external network area, DMZ area, and user terminal area. For some complex networks, the network area needs to be refined. For example, the intranet area is divided into financial area and production area. Generally, firewall devices are used to divide areas, and the security of each area is controlled by the firewall. Therefore, the more detailed the area is, the more firewall equipment is needed. If it is more advanced, it is necessary to deploy security devices such as IPS, traffic detection, and virus gateways in each area to filter.

3. User terminal security

Network backbone security is a basic task for network administrators. The next step is to secure user access. The ultimate goal of network security is to make the network controllable. User-side security control can be protected by the following means:

The port of the switch that the user accesses is MAC bound to prevent illegal user access and prevent ARP virus

User access anti-Proxy to prevent unpredictable users from entering the network

Prevent DHCP spoofing and attacks (if using dhcp server)

Employ security access solutions if possible

★Realize network access control based on user identity

★Isolate "dangerous" users

★Block illegal users from entering the network (the system is not activated, or hacker software is installed, etc.)

★Acl based on user

4. Do a good job in active defense

The above actions are some passive network security basic improvement work. Next, we need to deploy corresponding security devices for specific applications, such as anti-virus filtering and anti-spam for mail servers. Deploying traffic monitoring and traffic analysis equipment can kill the budding state of attacks. Network security is only relative, there is no way to achieve absolute security. Therefore, it is necessary to do a good job of encryption for important servers, so that even if the data is intercepted by hackers, it cannot be understood.

5. Establish a scientific safety management system

Computers are dead and people are alive. It is unrealistic to want network security equipment to build an effective security fortress. The most important thing to do a good job in network security prevention is to establish a scientific security management system, do a good job in security inspections, and ensure that each device and each application has a dedicated person in charge.

Guess you like

Origin blog.csdn.net/dexi113/article/details/131502021
Recommended
TIOBE May list: Fortran “resurrected” into Top 10
GCC 14.1 released
Ranking
B. Little Girl and Game【1300 / 回文字符串 博弈论】
CIKERS Shane 20190613
"Javascript advanced programming" study notes - the constructor and prototype
beeline hiveserver2 start
springboot - Automatically backup mysql data every day
Data Storage Full Solution--Detailed Persistence Technology
Detailed Explanation of Spring Web MVC DispatcherServlet—Official Original
TCP / IP protocol layers structure and function
Command type literal pos: unknown; Fallback type literal pos: unknown] with root cause
Design of multifunctional curtain controller with indoor anti-theft alarm
Daily
More
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)

Code World

© 2018 codetd.com