Source: www.e-works.net.cn Zhou Jiji Although security vulnerabilities will lead to rapid risks and cost, the Internet is still one of the fastest, most convenient and safest trading venues. For example, on a famous website, using your credit card is actually more secure than your restaurant in a restaurant. However, the fear of security vulnerabilities will bring a number of companies to have more than security vulnerabilities themselves: Worry on security, many people don't want to use the Internet to conduct commercial transactions. In order to solve this problem, companies must formulate a set of security strategies to take the necessary safety measures to install and maintain a network security solution. These measures are not only practical, but also must be very effective. At the same time, companies must let their customers and potential customers understand their efforts in security. So how can companies create a network security strategy suitable for their own development? The first thing is that companies should fully understand and understand, what is your network enemy and the security factor of hazard the network? Think about it, we will find, hackers, no safety conscious employees, dissatisfied employees, those who like to listen to the news, etc. "Your network enemy"; while viruses, Trojan programs, attacks (reconnaissance attacks, access attacks, DOS attack, etc.), destructive procedures, data monitoring, social engineering, spam, etc. are unloadable factors that endanger enterprise network security. Therefore, it is not difficult to see that the way to harm the network is a variety of ways. Therefore, we must make a network security solution to make full play, it must integrate different types of protection, integrate them into various parts of the network, the more security measures, the possibility of stopping attacks before the attack causes losses The greater the sex. At present, the type of network security product in the network security market is based on safety connection, peripheral security and intrusion prevention, three major physical security levels for classification protection. The first layer: Secure connection virtual private network is a private connection on a public network (eg, the Internet). They allow users to communicate with the same security level and enterprise network in the same security level and enterprise network during the internal work of the company. If we use buildings to metaphor network, then VPN (virtual private network) is a armored car, which can send confidential information from the outside to our buildings along the public highway. All VPN software and hardware use encryption techniques, ensuring that the transmitted information is not read in addition to anyone other than the recipient. It uses advanced data algorithms to "disturb" information and its accessories. Layer 2: Surrounding Safety If we imagine the network into a building, then the surrounding security is like a wall and door around the building. Peripheral security can control users access to critical applications, services, and data, so only legal users and information can enter another network from a network (trust domain). The firewall is like a lock-up door - only people with key (ie, user resumes and passwords) are allowed. Firewall is a method of protecting a private network by analyzing data of entering and exiting networks. It provides network address resolution, so that the computer IP address inside the firewall can be hidden. It can use the rules of packet-based sources, destination, ports, or other basic information to determine whether to allow packets to enter the network. Safety of data and network resources is the key to the success of e-commerce, and firewall is a mandatory network security device. When connecting to the Internet, it is recommended that enterprise users install a firewall in any place where access to the Internet. Layer 3: Intrusion Prevention If your network is imagined into a building, the intrusion prevention is equivalent to monitoring the surveillance camera and activity detector surrounding the entire wall of the building. Intrusion Detection System (IDS) is an active activity that can be discovered, suspicious, and takes possible measures to monitor software that is unauthorized in a computer system.
