湖南网络安全服务专家告诉你5大技巧打造安全稳定内网
<DIV><P class=MsoNormal style="BACKGROUND: #f7fbfe; MARGIN: 7.5pt 0cm 0pt; TEXT-INDENT: 24pt; LINE-HEIGHT: 21pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; mso-margin-bottom-alt: auto" align=left><SPAN style="COLOR: #424242; FONT-FAMILY: 宋体; mso-bidi-font-size: 10.5pt; mso-font-kerning: 0pt; mso-bidi-font-family: 宋体">随着全球信息化步伐的加快,计算机网络作为信息社会的基础设施已经渗透到社会的各个方面,与此同时,<SPAN lang=EN-US><a href="http://blog.sina.com.cn/wafty666" target="_blank"><SPAN lang=EN-US><SPAN lang=EN-US>网络安全</SPAN></SPAN></A></SPAN>问题也日益突出。虽然大多数用户都部署了防火墙、<SPAN lang=EN-US>IDS</SPAN>、<SPAN lang=EN-US>IPS</SPAN>等种种<SPAN lang=EN-US><a href="http://blog.sina.com.cn/wafty666" target="_blank"><SPAN lang=EN-US><SPAN lang=EN-US>网络</SPAN></SPAN><SPAN lang=EN-US><SPAN lang=EN-US>安全设备</SPAN></SPAN></A></SPAN>。但是,<SPAN lang=EN-US>Intranet</SPAN>内部的安全问题却依然严峻。<SPAN lang=EN-US> </SPAN></SPAN></P>
<P class=MsoNormal style="BACKGROUND: #f7fbfe; MARGIN: 7.5pt 0cm 0pt; TEXT-INDENT: 24pt; LINE-HEIGHT: 21pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; mso-margin-bottom-alt: auto" align=left><SPAN lang=EN-US style="COLOR: #424242; FONT-FAMILY: 宋体; mso-bidi-font-size: 10.5pt; mso-font-kerning: 0pt; mso-bidi-font-family: 宋体"><a href="http://blog.sina.com.cn/wafty666" target="_blank"><SPAN lang=EN-US><SPAN lang=EN-US>网络安全</SPAN></SPAN></A></SPAN><SPAN style="COLOR: #424242; FONT-FAMILY: 宋体; mso-bidi-font-size: 10.5pt; mso-font-kerning: 0pt; mso-bidi-font-family: 宋体">问题在很多情况下都是由<SPAN lang=EN-US>“</SPAN>内部人士<SPAN lang=EN-US>”</SPAN>而非外来黑客引起,另据国内某权威机构针对大型运营商高级<SPAN lang=EN-US>IT</SPAN>经理进行的调查问卷显示,<SPAN lang=EN-US>66</SPAN>%的经理认为终端的随意接入、内部资源滥用和误用、经营数据泄漏,以及病毒是最严重的安全威胁。作为对比,认为黑客入侵是最严重威胁的只有<SPAN lang=EN-US>13%</SPAN>。由此可以看出网络内部的不安全因素远比外部的危害更加恐怖。 <SPAN lang=EN-US></SPAN></SPAN></P>
<P class=MsoNormal style="BACKGROUND: #f7fbfe; MARGIN: 7.5pt 0cm 0pt; TEXT-INDENT: 24pt; LINE-HEIGHT: 21pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; mso-margin-bottom-alt: auto" align=left><SPAN style="COLOR: #424242; FONT-FAMILY: 宋体; mso-bidi-font-size: 10.5pt; mso-font-kerning: 0pt; mso-bidi-font-family: 宋体">引发内部<SPAN lang=EN-US><a href="http://blog.sina.com.cn/wafty666" target="_blank"><SPAN lang=EN-US><SPAN lang=EN-US>网络安全</SPAN></SPAN></A></SPAN>问题的主要因素有:<SPAN lang=EN-US> </SPAN></SPAN></P>
<P class=MsoNormal style="BACKGROUND: #f7fbfe; MARGIN: 7.5pt 0cm 0pt; TEXT-INDENT: 24pt; LINE-HEIGHT: 21pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; mso-margin-bottom-alt: auto" align=left><SPAN lang=EN-US style="COLOR: #424242; FONT-FAMILY: 宋体; mso-bidi-font-size: 10.5pt; mso-font-kerning: 0pt; mso-bidi-font-family: 宋体">·</SPAN><SPAN style="COLOR: #424242; FONT-FAMILY: 宋体; mso-bidi-font-size: 10.5pt; mso-font-kerning: 0pt; mso-bidi-font-family: 宋体">没有严格的身份认证体系<SPAN lang=EN-US> </SPAN></SPAN></P>
<P class=MsoNormal style="BACKGROUND: #f7fbfe; MARGIN: 7.5pt 0cm 0pt; TEXT-INDENT: 24pt; LINE-HEIGHT: 21pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; mso-margin-bottom-alt: auto" align=left><SPAN lang=EN-US style="COLOR: #424242; FONT-FAMILY: 宋体; mso-bidi-font-size: 10.5pt; mso-font-kerning: 0pt; mso-bidi-font-family: 宋体">·</SPAN><SPAN style="COLOR: #424242; FONT-FAMILY: 宋体; mso-bidi-font-size: 10.5pt; mso-font-kerning: 0pt; mso-bidi-font-family: 宋体">外来终端设备难以判定并加以监视和控制<SPAN lang=EN-US> </SPAN></SPAN></P>
<P class=MsoNormal style="BACKGROUND: #f7fbfe; MARGIN: 7.5pt 0cm 0pt; TEXT-INDENT: 24pt; LINE-HEIGHT: 21pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; mso-margin-bottom-alt: auto" align=left><SPAN lang=EN-US style="COLOR: #424242; FONT-FAMILY: 宋体; mso-bidi-font-size: 10.5pt; mso-font-kerning: 0pt; mso-bidi-font-family: 宋体">·</SPAN><SPAN style="COLOR: #424242; FONT-FAMILY: 宋体; mso-bidi-font-size: 10.5pt; mso-font-kerning: 0pt; mso-bidi-font-family: 宋体">对设备的系统无法进行严格的安全检验或检查<SPAN lang=EN-US> </SPAN></SPAN></P>
<P class=MsoNormal style="BACKGROUND: #f7fbfe; MARGIN: 7.5pt 0cm 0pt; TEXT-INDENT: 24pt; LINE-HEIGHT: 21pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; mso-margin-bottom-alt: auto" align=left><SPAN lang=EN-US style="COLOR: #424242; FONT-FAMILY: 宋体; mso-bidi-font-size: 10.5pt; mso-font-kerning: 0pt; mso-bidi-font-family: 宋体">·</SPAN><SPAN style="COLOR: #424242; FONT-FAMILY: 宋体; mso-bidi-font-size: 10.5pt; mso-font-kerning: 0pt; mso-bidi-font-family: 宋体">不具备完整的访问授权机制<SPAN lang=EN-US> </SPAN></SPAN></P>
<P class=MsoNormal style="BACKGROUND: #f7fbfe; MARGIN: 7.5pt 0cm 0pt; TEXT-INDENT: 24pt; LINE-HEIGHT: 21pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; mso-margin-bottom-alt: auto" align=left><SPAN lang=EN-US style="COLOR: #424242; FONT-FAMILY: 宋体; mso-bidi-font-size: 10.5pt; mso-font-kerning: 0pt; mso-bidi-font-family: 宋体">·<a href="http://blog.sina.com.cn/wafty666" target="_blank"><SPAN lang=EN-US><SPAN lang=EN-US>网络</SPAN></SPAN><SPAN lang=EN-US><SPAN lang=EN-US>安全</SPAN></SPAN><SPAN lang=EN-US><SPAN lang=EN-US>管理</SPAN></SPAN></A></SPAN><SPAN style="COLOR: #424242; FONT-FAMILY: 宋体; mso-bidi-font-size: 10.5pt; mso-font-kerning: 0pt; mso-bidi-font-family: 宋体">规范制度得不到落实<SPAN lang=EN-US></SPAN></SPAN></P>
<P class=MsoNormal style="BACKGROUND: #f7fbfe; MARGIN: 7.5pt 0cm 0pt; TEXT-INDENT: 24pt; LINE-HEIGHT: 21pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; mso-margin-bottom-alt: auto" align=left><B><SPAN style="COLOR: #424242; FONT-FAMILY: 宋体; mso-bidi-font-size: 10.5pt; mso-font-kerning: 0pt; mso-bidi-font-family: 宋体">解决之道</SPAN></B><SPAN lang=EN-US style="COLOR: #424242; FONT-FAMILY: 宋体; mso-bidi-font-size: 10.5pt; mso-font-kerning: 0pt; mso-bidi-font-family: 宋体"> </SPAN></P>
<P class=MsoNormal style="BACKGROUND: #f7fbfe; MARGIN: 7.5pt 0cm 0pt; TEXT-INDENT: 24pt; LINE-HEIGHT: 21pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; mso-margin-bottom-alt: auto" align=left><B><SPAN style="COLOR: #424242; FONT-FAMILY: 宋体; mso-bidi-font-size: 10.5pt; mso-font-kerning: 0pt; mso-bidi-font-family: 宋体">(一)严格控制非法接入</SPAN></B><SPAN lang=EN-US style="COLOR: #424242; FONT-FAMILY: 宋体; mso-bidi-font-size: 10.5pt; mso-font-kerning: 0pt; mso-bidi-font-family: 宋体"> </SPAN></P>
<P class=MsoNormal style="BACKGROUND: #f7fbfe; MARGIN: 7.5pt 0cm 0pt; TEXT-INDENT: 24pt; LINE-HEIGHT: 21pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; mso-margin-bottom-alt: auto" align=left><SPAN style="COLOR: #424242; FONT-FAMILY: 宋体; mso-bidi-font-size: 10.5pt; mso-font-kerning: 0pt; mso-bidi-font-family: 宋体">办公室规模化的网络接口方便了员工接入网络,同时也方便了外来计算机或终端设备接入网络,<SPAN lang=EN-US><a href="http://blog.sina.com.cn/wafty666" target="_blank"><SPAN lang=EN-US><SPAN lang=EN-US>网络安全</SPAN></SPAN><SPAN lang=EN-US><SPAN lang=EN-US>管理</SPAN></SPAN></A></SPAN>人员对此类情况很难判定并加以监视和控制,而一些严重的<SPAN lang=EN-US><a href="http://blog.sina.com.cn/wafty666" target="_blank"><SPAN lang=EN-US><SPAN lang=EN-US>网络</SPAN></SPAN><SPAN lang=EN-US><SPAN lang=EN-US>安全</SPAN></SPAN></A></SPAN>问题往往就是由于这些随意、非法接入网络的终端引起,解决此类问题的核心思想在于屏蔽一切不安全的设备和人员接入网络,或者规范用户接入网络的行为。只有终端对网络资源的访问是受控的,才能从源头上铲除这样的<SPAN lang=EN-US><a href="http://blog.sina.com.cn/wafty666" target="_blank"><SPAN lang=EN-US><SPAN lang=EN-US>网络</SPAN></SPAN><SPAN lang=EN-US><SPAN lang=EN-US>安全</SPAN></SPAN></A></SPAN>威胁,避免名誉受损及事后处理的高额成本。<SPAN lang=EN-US> </SPAN></SPAN></P>
<P class=MsoNormal style="BACKGROUND: #f7fbfe; MARGIN: 7.5pt 0cm 0pt; TEXT-INDENT: 24pt; LINE-HEIGHT: 21pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; mso-margin-bottom-alt: auto" align=left><B><SPAN style="COLOR: #424242; FONT-FAMILY: 宋体; mso-bidi-font-size: 10.5pt; mso-font-kerning: 0pt; mso-bidi-font-family: 宋体">(二)双因子实名制身份认证</SPAN></B><SPAN lang=EN-US style="COLOR: #424242; FONT-FAMILY: 宋体; mso-bidi-font-size: 10.5pt; mso-font-kerning: 0pt; mso-bidi-font-family: 宋体"> </SPAN></P>
<P class=MsoNormal style="BACKGROUND: #f7fbfe; MARGIN: 7.5pt 0cm 0pt; TEXT-INDENT: 24pt; LINE-HEIGHT: 21pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; mso-margin-bottom-alt: auto" align=left><SPAN style="COLOR: #424242; FONT-FAMILY: 宋体; mso-bidi-font-size: 10.5pt; mso-font-kerning: 0pt; mso-bidi-font-family: 宋体">真实可信的网络身份认证体系一方面能够让心存恶意者在有害行为之前有所顾忌,另一方面也可以让<SPAN lang=EN-US><a href="http://blog.sina.com.cn/wafty666" target="_blank"><SPAN lang=EN-US><SPAN lang=EN-US>网络</SPAN></SPAN><SPAN lang=EN-US><SPAN lang=EN-US>安全</SPAN></SPAN><SPAN lang=EN-US><SPAN lang=EN-US>管理</SPAN></SPAN></A></SPAN>者在安全事件发生后准确及时的找到肇事者,能够在一定程度上防止<SPAN lang=EN-US><a href="http://blog.sina.com.cn/wafty666" target="_blank"><SPAN lang=EN-US><SPAN lang=EN-US>网络</SPAN></SPAN><SPAN lang=EN-US><SPAN lang=EN-US>安全</SPAN></SPAN></A></SPAN>事件的发生,所以身份认证是建设安全可信网络的前提条件。<SPAN lang=EN-US> </SPAN></SPAN></P>
<P class=MsoNormal style="BACKGROUND: #f7fbfe; MARGIN: 7.5pt 0cm 0pt; TEXT-INDENT: 24pt; LINE-HEIGHT: 21pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; mso-margin-bottom-alt: auto" align=left><SPAN lang=EN-US style="COLOR: #424242; FONT-FAMILY: 宋体; mso-bidi-font-size: 10.5pt; mso-font-kerning: 0pt; mso-bidi-font-family: 宋体"><a href="http://blog.sina.com.cn/wafty666" target="_blank"><SPAN lang=EN-US><SPAN lang=EN-US>网络安全</SPAN></SPAN><SPAN lang=EN-US><SPAN lang=EN-US>管理</SPAN></SPAN></A></SPAN><SPAN style="COLOR: #424242; FONT-FAMILY: 宋体; mso-bidi-font-size: 10.5pt; mso-font-kerning: 0pt; mso-bidi-font-family: 宋体">者必须采用安全度更高的双因子实名认证机制,将<SPAN lang=EN-US>“</SPAN>人<SPAN lang=EN-US>”</SPAN>和<SPAN lang=EN-US>“</SPAN>设备<SPAN lang=EN-US>”</SPAN>分开对待,并做一一的绑定,只有对应的<SPAN lang=EN-US>“</SPAN>人<SPAN lang=EN-US>”</SPAN>使用其对应的<SPAN lang=EN-US>“</SPAN>设备<SPAN lang=EN-US>”</SPAN>才能完成身份认证。保障了接入网络终端设备的合法性,从而加强内部网络的可控性,方便管理员对网络的统一管理。<SPAN lang=EN-US> </SPAN></SPAN></P>
<P class=MsoNormal style="BACKGROUND: #f7fbfe; MARGIN: 7.5pt 0cm 0pt; TEXT-INDENT: 24pt; LINE-HEIGHT: 21pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; mso-margin-bottom-alt: auto" align=left><B><SPAN style="COLOR: #424242; FONT-FAMILY: 宋体; mso-bidi-font-size: 10.5pt; mso-font-kerning: 0pt; mso-bidi-font-family: 宋体">(三)科学、严格的系统安全性检查</SPAN></B><SPAN lang=EN-US style="COLOR: #424242; FONT-FAMILY: 宋体; mso-bidi-font-size: 10.5pt; mso-font-kerning: 0pt; mso-bidi-font-family: 宋体"> </SPAN></P>
<P class=MsoNormal style="BACKGROUND: #f7fbfe; MARGIN: 7.5pt 0cm 0pt; TEXT-INDENT: 24pt; LINE-HEIGHT: 21pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; mso-margin-bottom-alt: auto" align=left><SPAN style="COLOR: #424242; FONT-FAMILY: 宋体; mso-bidi-font-size: 10.5pt; mso-font-kerning: 0pt; mso-bidi-font-family: 宋体">由于绝大多数单位员工的计算机水平参差不齐,同时网络管理人员也不可能对每一方面的技术都很精通,因此在日常的<SPAN lang=EN-US><a href="http://blog.sina.com.cn/wafty666" target="_blank"><SPAN lang=EN-US><SPAN lang=EN-US>网络</SPAN></SPAN><SPAN lang=EN-US><SPAN lang=EN-US>安全管<SPAN lang=EN-US>理</SPAN></SPAN></SPAN></A></SPAN>中,就需要有系统能够快捷有效地进行系统漏洞扫描和智能修复。对于管理员来说,只有这两方面的工作做好才能规避潜在的安全风险。<SPAN lang=EN-US> </SPAN></SPAN></P>
<P class=MsoNormal style="BACKGROUND: #f7fbfe; MARGIN: 7.5pt 0cm 0pt; TEXT-INDENT: 24pt; LINE-HEIGHT: 21pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; mso-margin-bottom-alt: auto" align=left><B><SPAN style="COLOR: #424242; FONT-FAMILY: 宋体; mso-bidi-font-size: 10.5pt; mso-font-kerning: 0pt; mso-bidi-font-family: 宋体">(四)细粒度的用户权限管控</SPAN></B><SPAN lang=EN-US style="COLOR: #424242; FONT-FAMILY: 宋体; mso-bidi-font-size: 10.5pt; mso-font-kerning: 0pt; mso-bidi-font-family: 宋体"> </SPAN></P>
<P class=MsoNormal style="BACKGROUND: #f7fbfe; MARGIN: 7.5pt 0cm 0pt; TEXT-INDENT: 24pt; LINE-HEIGHT: 21pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; mso-margin-bottom-alt: auto" align=left><SPAN style="COLOR: #424242; FONT-FAMILY: 宋体; mso-bidi-font-size: 10.5pt; mso-font-kerning: 0pt; mso-bidi-font-family: 宋体">公司员工首先是内网资源的使用者,需要对其赋予相应权限来完成所对应的工作,但同时要保证关键资源的安全性,必须对权限进行适当的控制,同时随着各项业务的开展,访客来往用户单位也十分的频繁,更需要对来宾和第三方代维人员进行<SPAN lang=EN-US><a href="http://blog.sina.com.cn/wafty666" target="_blank"><SPAN lang=EN-US><SPAN lang=EN-US>网络</SPAN></SPAN><SPAN lang=EN-US><SPAN lang=EN-US>安全</SPAN></SPAN></A></SPAN>规划和有效管理。<SPAN lang=EN-US> </SPAN></SPAN></P>
<P class=MsoNormal style="BACKGROUND: #f7fbfe; MARGIN: 7.5pt 0cm 0pt; TEXT-INDENT: 24pt; LINE-HEIGHT: 21pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; mso-margin-bottom-alt: auto" align=left><B><SPAN style="COLOR: #424242; FONT-FAMILY: 宋体; mso-bidi-font-size: 10.5pt; mso-font-kerning: 0pt; mso-bidi-font-family: 宋体">(五)落实安全管理规范</SPAN></B><SPAN lang=EN-US style="COLOR: #424242; FONT-FAMILY: 宋体; mso-bidi-font-size: 10.5pt; mso-font-kerning: 0pt; mso-bidi-font-family: 宋体"> </SPAN></P>
<P class=MsoNormal style="BACKGROUND: #f7fbfe; MARGIN: 7.5pt 0cm 0pt; TEXT-INDENT: 24pt; LINE-HEIGHT: 21pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; mso-margin-bottom-alt: auto" align=left><SPAN lang=EN-US style="COLOR: #424242; FONT-FAMILY: 宋体; mso-bidi-font-size: 10.5pt; mso-font-kerning: 0pt; mso-bidi-font-family: 宋体"><a href="http://blog.sina.com.cn/wafty666" target="_blank"><SPAN lang=EN-US><SPAN lang=EN-US>网络安全</SPAN></SPAN><SPAN lang=EN-US><SPAN lang=EN-US>管理</SPAN></SPAN></A></SPAN><SPAN style="COLOR: #424242; FONT-FAMILY: 宋体; mso-bidi-font-size: 10.5pt; mso-font-kerning: 0pt; mso-bidi-font-family: 宋体">规范制度的落实,一直是各单位信息部门头痛的难题。安全规范的实施前期,依靠行政发文通告的方式强制实施下去。但到后期,总是由于这样那样的原因,造成一纸空文被个人和部门束之高阁。<SPAN lang=EN-US> </SPAN></SPAN></P>
<P class=MsoNormal style="BACKGROUND: #f7fbfe; MARGIN: 7.5pt 0cm 0pt; TEXT-INDENT: 24pt; LINE-HEIGHT: 21pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; mso-margin-bottom-alt: auto" align=left><SPAN style="COLOR: #424242; FONT-FAMILY: 宋体; mso-bidi-font-size: 10.5pt; mso-font-kerning: 0pt; mso-bidi-font-family: 宋体">管理者需要以入网强制技术<SPAN lang=EN-US>NAC</SPAN>为基础,将之前无序的接入行为加以控制,再结合高效、可持续升级的检查引擎进行安全修复,并监视终端用户在单位内网的操作行为。通过这种严谨的流程化管理及多种高新技术的有效组合,可以有效的帮助单位解决<SPAN lang=EN-US><a href="http://blog.sina.com.cn/wafty666" target="_blank"><SPAN lang=EN-US><SPAN lang=EN-US>网络安全</SPAN></SPAN><SPAN lang=EN-US><SPAN lang=EN-US>管理</SPAN></SPAN></A></SPAN>规范落实的问题。</SPAN></P>
<P class=MsoNormal style="BACKGROUND: #f7fbfe; MARGIN: 7.5pt 0cm 0pt; TEXT-INDENT: 24pt; LINE-HEIGHT: 21pt; TEXT-ALIGN: left; mso-pagination: widow-orphan; mso-margin-bottom-alt: auto" align=left><SPAN lang=EN-US style="COLOR: #424242; FONT-FAMILY: 宋体; mso-bidi-font-size: 10.5pt; mso-font-kerning: 0pt; mso-bidi-font-family: 宋体"><a href="http://blog.sina.com.cn/wafty666" target="_blank">湖南网络安全服务专家</A>咨询热线:13007481580</SPAN></P></DIV>
页:
[1]