办公自动化网络安全防护策略(2)

南昌大学计算机网络基础

全的决策依据。

病毒预警系统通过对所有进出网络的数据包实施不间断的持续扫描,保持全天24小时监控所有进出网络的文件,发现病毒时可立即产生报警信息,通知管理员,并可以通过IP地址定位、端口定位追踪病毒来源,并产生功能强大的扫描日志与报告,记录规定时间内追踪网络所有病毒的活动。

Office automation network security pre oath system is divided into two parts and virus intrusion early warning early warning.The intrusion warning system, intrusion detection can be analyzed to determine the network transmission of data packet is authorized or not. Upon detection of the intrusion information, will issue a warning, thereby reducing the network threat. It includes the network scanning, scanning system scanning, Internet, real-time monitoring and the third side of the firewall to produce important safety data together, providing internal and external analysis and the actual network found in the risk source and direct response. It provides enterprise safety risk management report, the report focused on the important risk management, such as real time risk, attack conditions, analysis of security vulnerabilities and attacks; to provide detailed intrusion alarm reporting, display intrusion alarm information (such as the invasion of the IP

第 - 6 - 页 共 14 页

南昌大学计算机网络基础

address and the destination IP address, destination port, assault characteristics ), and tracking analysis intrusion trend, to determine the network security state; information can be sent to related database, as the basis for decision making about network security.Virus warning system based on the network data packets of all import and implementation of uninterrupted continuous scanning, maintain 24 hours of monitoring all import network files, found that the virus can be immediately generates alarm information, notify the administrator, and can through the IP address port positioning, positioning and tracking the source of the virus, and generate powerful scanning log and report, recording time tracking network all virus activity.

3.2 数据安全保护

对于数据库来说,其物理完整性、逻辑完整性、数据元素完整性都是十分重要的。数据库中的数据有纯粹信息数据和功能文件数据两大类,入侵保护应主要考虑以下几条原则:物理设备和安全防护,包括服务器、有线、无线通信线路的安全防护;服务器安全保护,不同类型、不同重要程度的数据应尽可能在不同的服务器上实现,重要数据采用分布式管理,服务器应有合理的访问控制和身份认证措施保护,并记录访问日志。系统中的重要数据在数据库中应有加密和验证措施。

For the database, its physical integrity, logical

第 - 7 - 页 共 14 页

南昌大学计算机网络基础

completeness, elements of the data integrity is very important. The data in the database have pure information data and the function of file data two kinds big, intrusion protection should mainly consider the following principles: the physical equipment and safety protection, including servers, wired, wireless communication line safety protection; the server safe protection, different types, different importance degree data should be possible on a different server implementation, important data using distributed management, server should have reasonable access control and authentication measures to protect, and records the access log. System of the important data in database encryption and verification measures should be.

3.3 入侵防范 3.3.1 内外网隔离

在内部办公自动化网络和外网之间,设置物理隔离,以实现内外网的隔离是保护办公自动化网络安全的最主要、同时也是最有效、最经济的措施之一。

第一层隔离防护措施是路由器。路由器滤掉被屏蔽的IP地址和服务。可以首先屏蔽所有的IP地址,然后有选择的放行一些地址进入办公自动化网络。

第二层隔离防护措施是防火墙。大多数防火墙都有认证机制,

第 - 8 - 页 共 14 页

南昌大学计算机网络基础

无论何种类型防火墙,从总体上看,都应具有以下五大基本功能:过滤进、出网络的数据;管理进、出网络的访问行为;封堵某些禁止的业务;记录通过防火墙的信息内容和活动;对网络攻击的检测和告警。

In the interior of office automation network and outside the network, set up physical isolation, in order to achieve internal and external network isolation is to protect the office automation network security is the most important, but also the most effective, the most economic measure.The first layer of isolation protection measures is a router. Router filter blocked IP address and a service. Can be the first shield all the IP address, and then selectively release some address into the office automation network.The second layers of the insulating protective measures is the firewall. Most firewalls are authentication mechanism, no matter what type of firewall, from look on the whole, should have the following five basic functions: filtering, network data; management, network accessing behavior; blocking certain prohibited business; records through the firewall information content and activities; to the network attack detection and alarm.

3.3.2 访问控制

办公自动化网络应采用访问控制的安全措施,将整个网络结构分为三部分,内部网络、隔离区以及外网。每个部分设置不同的访问控

第 - 9 - 页 共 14 页

南昌大学计算机网络基础

制方式。其中:内部网络是不对外开放的区域,它不对外提供任何服务,所以外部用户检测不到它的IP地址,也难以对它进行攻击。隔离区对外提供服务,系统开放的信息都放在该区,由于它的开放性,就使它成为黑客们攻击的对象,但由于它与内部网是隔离开的,所以即使受到了攻击也不会危及内部网,这样双重保护了内部网络的资源不受侵害,也方便管理员监视和诊断网络故障。

Office automation network should be used in access control security measures, the whole network structure is divided into three parts, the internal network and external network, isolation zone. Each portion of the set of different access methods. Among them: the internal network is not open to the region, it does not provide any service, so the external user cannot detect its IP address, is difficult for it to attack. Isolation zone of external services, open system information on the region, due to its openness, makes it become the hackers attack object, but as it was with the internal network is separate from, so even if attacked they do not endanger the intranet, the double protection of the internal network resources are not infringed, also facilitate the administrator of monitoring and diagnosing network fault

3.3.3 内部网络的隔离及分段管理

第 - 10 - 页 共 14 页

百度搜索“77cn”或“免费范文网”即可找到本站免费阅读全部范文。收藏本站方便下次阅读，免费范文网，提供经典小说综合文库办公自动化网络安全防护策略(2)在线全文阅读。