On computer network security and preventive strategies

With the continuous development of computer networks, global Information has become the major trend of human development, but because of the diversity of the computer network connection, resulting in network hardware, software and Information transmitted over the network vulnerable to accidental or malicious attacks destroy it. anthropogenic network intrusion and attacks makes network security is facing new challenges. Therefore, whether a local area network or wide area network, there is a natural and human factors such as vulnerability and potential threats, which forced us to the network security measures to a new level, to ensure that the network Information confidentiality, integrity and availability.

First, the network system design is reasonable or not is the key to the safe operation of the network
A comprehensive analysis of every aspect of network system design is to create secure computer network engineering priority. Should be the basis of a careful study of the operation of the network up and down make strenuous efforts to grasp the quality of the design. For the lifting of the network security risks inherent in the system can be take the following measures.

1, network segmentation technology network from the source to prevent safety problems. Because the LAN using the switch as the center and a network router for the transmission pattern of the border, coupled with the center switch-based access control and three-tier exchange features, so take the physical and logical sub-section are two ways to achieve the security control of the LAN, the aim is to illegal users and isolated sensitive network resources, thus preventing the illegal interception, to ensure the security of Information flow.

2 to switching hubs instead of shared hub manner may well be another method of lifting hazards.

Second, strengthen computer security management is to ensure network system
1, strengthen facilities management, establish a sound safety management system to prevent unauthorized users to access the computer control room and all kinds of illegal acts, focus on protection of computer systems, network servers, printers and other hardware entities and communication lines from natural disasters, man-made damage and take the line of attack, verify the user's identity and permissions to prevent unauthorized operation of the user to ensure the physical security of computer network system.

2 strengthen the access control policy. Access control of network security and protection of the main strategy, its main task is to ensure that network resources from unauthorized use and unauthorized access. Various security strategy must complement each other can really play a protective effect, but access control is to ensure that network security is one of the most important core strategies.

(1 access control policy. It provides the first layer of access control. In this layer allows which users can log on to the network server and access network resources, the control network to allow users time and allow them to network in which workstations. Network Access Control can be achieved in three steps: identification and authentication user name, password identification authentication, user account check. three-step operation as long as there has not been any step, the user will be rejected. network administrators will be average user account used to access the network time, approach to management, but also control the user logs on network sites and limit the number of user workstations network.

(2 network access control policy. It is illegal for the operation of the proposed network as a security measure. Users and user groups are given certain privileges.

Divided into three types: special user (such as system administrator, general users, system administrators based on their actual needs for the operation of their assigned permissions, auditing users, responsible for network security control and audit of the use of resources.

(3) the establishment of a network server security settings. Web servers to set password security control, including lock the server console, set the server login time limits, monitoring and closure of illegal visitors to the interval, install unauthorized access devices. Firewall technology is based on modern communication network technology and Information security technology based on the application of security technology, more and more used in private network and public network interconnection environment, especially access to INTERNET network is staggering. In logic, a firewall is a separate device, a limiter, but also a parser to effectively monitor the internal network and any activity between the INTERNET and ensure the security of the internal network.

(4) information encryption strategy. Information encryption to protect data within the network, files, password, and control information to protect data transmitted over the Internet. Network encryption methods commonly used line encryption, endpoint encryption and encrypted three nodes. Line encryption The purpose is to protect the lines between network nodes of information security, endpoint encryption is intended for the source to the destination user to protect user data, the purpose encryption node, the source node to destination node transmission line between the protection. Users can select the network as appropriate, the encryption method. reposted elsewhere in the Research Papers Download http://www.hi138.com (5 properties security control strategy. When using files, directories, and network equipment, network system administrator should be given files, directories, and other designated access the property. property security control can be given attributes with the network server file, directory and network equipment linked. property rights security on the basis of security to provide further security. the network resources should be marked in advance a set of security attributes. user access to network resources corresponding to an access control list, which indicates that the user access to network resources capacity. property can override the designation of any fiduciary who has been assigned and effective rights. Network The property can protect important directories and files, to prevent users from accidentally deleted files and directories, perform change, display and so on.

(6 establish a network of intelligent log system. Log data recording system with integrated search capabilities and automatic classification. In this system, the log will record from the time when a user logs on to its withdrawal from the system only, all operations performed , including the login failed operation and system operation of the database features used. the contents of the log recorded the user to perform an operation of the machine to perform operations by IP address, type of operation, the operation object and the operation execution time to prepare for future audits verification purposes.

Third, establish and improve backup and recovery mechanism
To prevent damage to the abnormal storage devices, can be formed by the hot-plug SCSI disk fault-tolerant disk arrays, RAID5 way to real-time hot backup of the system. At the same time, build a strong database trigger and restore critical data and update operations tasks, to ensure that important data under any circumstances be able to maximize the recovery.

Fourth, the establishment of security management institutions
Sound security management organization or not, is directly related to the security of a computer system. Its administration by the security, auditing, systems analysis, hardware and software, communications, security and other relevant staff.

More than the combination of strong security policy, for the protection of network security will become very important. Links http://www.hi138.com Research Papers Download