Enterprise intranet security three points technolo

  • Detail

Internal security: three technologies and seven management

1 security is the ultimate purpose of internal management

in order to increase the reliability of the network (for the security of the transmission system), routing backup and redundant backup are often selected; In order to avoid service termination and crash (for service security - information availability), cluster, hot backup and disaster recovery are also common choices; For storage security, people use password, audit, authority and other controls; In order to spread safety, people use information filtering, tracking, registration and other management controls; In order to ensure the safety of use, people adopt such technical means as physical examination, vulnerability detection, intrusion detection, active defense and virus prevention to prevent information leakage, infection, spying, interception, tampering and fraudulent use

in combination with the ISO17799 reference manual, from our contact with the network management needs of all walks of life, through comprehensive analysis, we can roughly draw this verifiable conclusion: the ultimate purpose of network management, especially the internal management of a unit, can be implemented to the security requirements no matter what kind of requirements it is for. In other words, internal management is always considered for security, which can be explained by security requirements

2 good management requires scientific management regulations. From the detailed reference manual of ISO17799, we can see that security, especially information security, is a system engineering. In this system engineering, "three points of technology, seven points of management". In the whole network, the terminal computer accounts for more than 90% of the network nodes, which is obviously the key and difficult point of security management, especially information security management. Terminal computer security management is a hot spot emerging in recent years, and the corresponding products and technologies are blooming. However, no matter how good the information security protection system is, it will be in vain without a good management system and management strategy

"management system and management strategy" is a kind of concentration of "seven point management", which can also be called essence. However, how to formulate a good management system and management strategy to guide the internal management of a unit

there is no absolute standard for a set of good management system and strategy. However, a set of good management system and strategy should at least be based on the actual network situation of the unit, can reflect the changes of the actual situation of the unit in time, has good operability, and consists of scientific management terms

3 the key point of the promulgation of scientific management regulations lies in the support of data collection points.

scientific terms are supported by sound information, and sound information is reflected by timely required data. Therefore, to formulate a good management clause and management strategy, a key point is to collect sufficient data in time. These data can accurately reflect the key information, which provides decision-making basis for managers' management and provides basis for the operation of system terms

how to collect the data needed in time

in the vast amount of data, it is necessary to find useful data, which is reflected in the data collection points, that is, how to design and collect useful data points to reflect the information they need. This constitutes the key to the whole management, and it is also the key to produce good management systems and strategies, so that the management systems and strategies have good operability

the design of data collection points must follow such a philosophy: knowledge drives information, and information drives data

therefore, data collection point design engineering is like a reverse engineering in software engineering, which must include the collective crystallization of public knowledge that designers can query and private knowledge of other managers

4 data collection point design of Baoxin ecop

Baoxin network patrol ecop is a set of internal oriented security. This standard has a great impact on the operation management software in the world. In the data collection points required for design and management, Baoxin information security development department has done a lot of public knowledge collection

the design of data acquisition points should take into account the basic characteristics of data acquisition, such as ease, stability, practicality, representativeness, etc. At the same time, the means of data collection and the combination of automatic collection and manual input are considered

for example, in the manual collection and management data collection point, a collection frame with Sn number of the computer factory is designed in ecop. In a relatively standardized internal management, there are many data points for asset management, and many units give their own numbers to terminal computers. However, the asset numbers of these terminal computers are easy to change and lose. Baoxin suggested that the user use the SN number to represent a terminal computer. During the implementation of management, the user began to understand the benefits of this data collection point to management


sn number is the only one in the world, which naturally indicates the only computer that leaves the factory. Moreover, the SN number of a computer is not easy to be changed and is not easy to be worn. Almost 100% of computers, even if they are retired, the SN number is still in good condition. In internal management, as long as the data point is collected, the computer can be easily located during data query. Although the owner of the computer has been changed, if the SN is used as an index to query its historical preservation records, we can quickly find its change history and track the use history and change records of the computer. In account management, the data point plays an important role in positioning and identification

this management method has been recognized by a large number of customers. Units with strong demand for internal asset management have started to use this data collection point for management

after communicating with a number of managers with many years of management experience, they agreed that most of the time of information disclosure events or safety events in violation of management regulations occurred outside normal working hours. This is the private knowledge of managers with rich management experience

based on this private knowledge, Baoxin and the user jointly designed the data collection point of legal startup time, and completed the automatic collection of illegal startup time data according to jgj144 (2) 004 technical specification for exterior wall external insulation engineering a.7 tensile strength test method

at the same time, in order to remind and avoid false alarm, the ecop also designs an automatic shutdown function to display the experimental force, cylinder displacement, loading rate and deformation experimental data on the computer screen due to the operator's work (Midway out

Copyright © 2011 JIN SHI