在当今信息社会中,商业间谍、黑客、不良员工对企业的信息安全形成了巨大的威胁。而网络的普及和USB等接口的大量使用给企业获取和交换信息带来巨大方便的同时, 也给这些威胁大开方便之门。员工在上班时经常上网聊天打游戏,使工作效率大大降低。同时也给计算机带来了病毒、木马等恶意程序,严重威胁了企业网络的安全。如何来管理这些情况呢?大多数企业是采用拆除光驱软驱,封掉 USB接口,限制上网等方法来尽可能的减少信息交换,以达到信息安全的目的。但这些方法都严重影响工作的方便性,并容易触发员工的抵触情绪。大量事实证明传统的方法效果并不好,重要的文件依旧会被泄漏出去。
We conducted a survey of a number of Chinese manufacturers, found that domestic enterprises of electronic documents almost no protective measures, the protection of less than 3%, and some confidential information, electronic documents can be easily via e-mail, instant messaging, U disk and removable hard disk to leak outside the enterprise.
FBI and CSI survey of 484 companies found that: more than 85% of security threats from within the enterprise. 16% of unauthorized access from an interior; 14% of patent information being stolen; financial insider fraud 12%; 11% destruction of data or network.
In the industrial age, the world's large trade secrets, code-named 7X Coca-Cola formula, has taken strict security measures, won more than $ 80 billion of intangible assets for the Coca-Cola Company. The China Millennium learned the "cloisonne" porcelain technology, the "paper of the King" Chinese rice paper and other technology stolen, the enterprise has brought immeasurable loss.
Firewall, antivirus, intrusion detection, physical isolation of these common network security measures can not effectively prevent the disclosure of confidential corporate information.
Technical staff turnover and took away their core data, leading to serious risks
of new product drawings stolen, are comprehensive than rivals
customer data leak, causing direct economic losses of the enterprise
Tender plan leaked, a direct result of the tender failed
financial data is just open, it affects the normal business
... ...
1, needs analysis
a large number of information security incidents to contact with from our point of view, mostly internal staff deliberately or accidentally leaked, competitors occupation by all means malicious or hunting, stolen or lost computers and other events. Which in turn internal staff leaked more serious way, more than 70% of the proportion, mostly intentionally or outgoing, the company's infidelity or disgruntled employees. The company has the following requirements for the protection of confidential information:
1, the premise of ensuring internal company work together, effectively preventing any diffusion controlled document within the organization;
2, to prevent important internal project team staff, external contacts controlled document without permission the contents of the document leaked to the outside of the project team;
3, authorization control outgoing documents, to prevent the decrypted file to the external cooperation units lead to secondary leaks.
2, the solution
ITEN according to the actual needs of enterprise customers, developed with advanced PHOENIX encryption technology as the core set of authentication and rights management, automatic backup, U disk control, process control, logging, screenshots monitoring, remote communications and other multi-functional module in one of the commercial anti-leak system software, is Jiaoyou solution to the problem of enterprise information security leaks.
Prior active defense:
Itanium software for existing anti-leak or a variety of formats being generated Office, CAD, PDF and other electronic documents and design drawings for encryption, encrypted documents only by authorized users in authorized environment (such as a corporate intranet) application, documents are encrypted at creation, storage, use, transfer and other aspects, unauthorized or authorization from the environment, the encrypted information is not open to use.
Something in the effective control:
Itanium anti-leak encryption software will not modify the program or process, and save the file to change the suffixes such as cheating and failure, and copy / cut to encrypt documents / drag / paste and other operations are also restricted to non-encrypted file drag and Drop / copy / paste operation is automatically disabled. In addition, anti-leakage software for Itanium printer, U disk and other storage tools, laptops have control measures, and more detailed settings and protection by means of authentication and identity management strategy grouping permissions and other technologies.
Later traceable to fill a vacancy:
Itanium anti-leakage software provides logging and automatic backup function, the former operation can be specified in detail, complete record, and to facilitate supervision and inspection problems traceable; the latter may be intentionally or accidentally deleted or damaged files from backup timely data recovery. Files are encrypted form in the presence of a backup transmission, storage and recovery process.
3, the main function of
1) encrypted
inside the terminal system after deployment, to be forced to be protected DOCUMENTS automatic encryption. These documents can only be used internally, no matter what way after being taken away from the internal environment, the document will not open.
2) control port
to prevent leakage of data by a variety of removable media: such as U disk, mobile hard disk, a burner, a printer and the like. It may be implemented whether to allow an access terminal, whether to allow reading, writing, printing and other operations.
3) a control issued
by the outgoing file control software, can be transmitted to the tender needs drawings ,, the like disposed outwardly open rights. Outgoing document control software also supports printing function control, effective management and control of drawings or documents need to be printed out.
4) Data backup
to prevent files from being intentionally or unintentionally erased or damaged, can specify the file format of the computer on the specified automatic backup. When the file has been modified will be backed up again a new version of the file formation of the repository can be traced to each modified record.
5) Identity Rights Management
Itanium anti-leak system is not a simple encryption software, but the management at different levels of thought into them, rely on PKI system, to identify different users by identity certificate, and rights information in an encrypted file inside the plant to realized with traditional key division by way of rights has obvious advantages compared to, can achieve a variety of complex application model.
4, the deployment mode
Itanium anti-business software system can solve the leak confidential document data and security management needs, the basic blocking various channels leaks.
4.1 Confidential information about the internal document database
for secret documents and the like present in the respective drawings computer terminals, mandatory encrypted by installing a client. After the implementation, in the same department internal documents can circulate the same company or freedom, just as there is no software to install the same anti-leak. But when the outflow of unauthorized file, the file is garbled. If the file needs to customers or people outside the company, it will need to be approved by managers decryption. System and perfect docking with OA, ERP and other internal management systems, will not affect the original work environment.
4.2 interchange of information transmission and the confidentiality demand
1, thanks to encryption technology, a variety of network transmission if the message transfer operation without the decryption, the cipher text sent out can not be opened;
2, anti-leak system for adhesion text will automatically limit its copy, paste, screen capture and other acts may be performed to prohibit the use of the printing apparatus, the use limit, and the like to control the print log record;
3, anti-leak system may be provided to automatically recognize and management of a variety of storage devices there banned, read-only, such as automatic encryption and open access mode;
4, in the case of secret documents need to carry out the drawing of a laptop, anti-leak system can provide encryption and offline limit is managed in two ways;
5, the need to send to customers drawings of classified documents, additional anti-leak system software can limit function, changes to the document, print and use the time to set parameters.
4.3 information between different positions and manage browser restrictions
1. For information barriers between different departments or groups, anti-leak system can be addressed by grouping strategy;
2, document management rights for different levels of management personnel, anti-leak system can grading strategy to achieve a higher level of authorization and approval of lower-level document management.
5, deployment model
when deploying anti-leak system, the company's headquarters can only set up a server, you can also set up multiple server side.
If a server is the only way that the needs of all terminals within the company in the same network, or VPN leased line communications to ensure that the branches and headquarters in a local area network.
If you can not get through the branch network and headquarters, branch offices set up in the use of sub-server mode, you can have a variety of modes:
uniform (1) branch-office servers and the headquarters server basic key setting, the relationship between the department The effect is similar;
( 2) the branch server and the headquarters server basic keys are different branches of information can be placed in the headquarters server, the effect is similar to a department branch headquarters.
