Home PC Games Linux Windows Database Network Programming Server Mobile  
           
  Home \ Linux \ Large computer network security policy Experience     - The Samba service does not have permission to access (Server)

- Linux System Administrator Network Security Experience (Linux)

- Android shutdown (reboot) process (Programming)

- Supervisor Installation and Configuration (Server)

- JEdit 5.2 Pro Edition installation on Ubuntu 14.04 (Linux)

- jQuery plugin dynamic label generation (Linux)

- Installation and Configuration ISC DHCP server on Debian Linux (Server)

- Nginx DHCP TFTP Kickstart set up automatic installation system (Server)

- Nginx start, stop, smooth start, smooth upgrade (Server)

- systemctl Command Complete Guide (Linux)

- Java heap (Heap) and stack difference (Programming)

- MySQL monitoring tools -orzdba (Database)

- Lua non-blocking write log (Programming)

- Using the Linux folder wc statistics number of lines of code for all files (including subdirectories) (Linux)

- CentOS 7 source code to compile and install Nginx process record (Server)

- Definition Format Oracle basis of various statements (Database)

- Attic-- delete duplicate data backup program (Linux)

- AngularJS (Programming)

- Through the source code to install MySQL 5.6.26 under CentOS6 (Database)

- Monitor traffic Linux Shell Edition (Programming)

 
         
  Large computer network security policy Experience
     
  Add Date : 2016-11-20      
         
         
         
  As an enterprise network security design, security before Consideration should stand on a higher level, examine what kind of security model should be adopted, which will affect the subsequent development of the security policy to a large extent, it is the entire enterprise network security infrastructure set a tone of network security policy can be described as large.

Combined with their own practical experience, there is a sense, the higher stand high degree of knowledge by the more systems. Benpian will occupy us some time, tell us about the overall network security model. Which can be taken in accordance with security methods (boundary, layered) different classification, the system can also be classified according to the initiative.

1, border security (Perimeter Security) Model

Border security model is the attention on the network boundaries, without regard to the internal security of the network model. Including firewall, application gateway, password policies, as well as a variety of network access authorization techniques it is based on the idea of ​​border security. Border security methods to protect the security of network boundaries, but usually a lot of internal network systems are also vulnerable.

Therefore, this model is obviously not comprehensive, but why many companies use it? Small companies often due to budgetary constraints or a lack of experienced network administrators choose to use the model for border security, a firewall is usually to buy a bin. This is no sensitive information of small companies may also OK, but for large companies is not enough. Recent frequent occurrence of some well-known company's customer information stolen, and some even stolen two years did not find that it had to be said to be high enough security in the country.

2, Layered Security (Layered Security)

Layered security model not only takes into account the network border security, but also within the network of personal protective systems together. All devices in the network servers, workstations, routers, hubs, etc. have carried out protection. To accomplish this, the usual method is to network fragmentation protection, to each one as a separate network, so even if the border security measures have been compromised, the internal system is not completely affected. Whenever, layered security models are preferred.

3, active and passive safety model

Security model can also be measured by the initiative and responsiveness. Take a look at the security device and system which can take the initiative to adjust policy to prevent the attack, which occurred just after the attack to respond appropriately. Passive approach to security attacks before they occur almost no action, and the dynamic or active defense is before the attack began responded. A proactive defense case is IDS, it can be found attempting to bypass security measures of behavior and invasion has not been completed when the system administrator is notified. In addition, IDS can detect a variety of attack techniques used by the intruder, even in the time of the attack has not been able to implement notify the administrator.

4, hybrid security model

In practice, several safety is usually mixed model, rather than only one; the same type may be mixed between, can be layered passive, active or boundaries. The best model is the dynamic stratification.

What makes dynamic stratification?

IDS is adding a dynamic hierarchical yet? I'm afraid a little one-sided. I understand the dynamic hierarchical model applied to the actual work, in addition to the equipment of dynamic hierarchical, but there must be the concept of dynamic operation and maintenance of process safety and security. In this process, people, things, things form a complex system, and the various elements are dynamic, we as members of this complex system, only through the constant motion of the system to affect the presentation of the results. That is why Rambo always stressed that the concept of offensive and defensive combat, has stressed the importance of normal operation must be good. This complex security system is based on the normal operation of a regular, periodic updates, regular antivirus, regular audit logs, regular self-assessment, it's that simple. Again, normal operation is very important to the disease as a mountain down, treat illness, such as spinning, we all understand that their doctor is sick again, it is better to spend more fitness, but is doing well. Sometimes very strange, it is to do simple things well.

In addition, the normal operation well, still some accidents can not be avoided, as usual great attention to health, but still may one day suddenly got cancer. Sometimes the disease is very similar and safety, security can not be fully resolved, is a dynamic process of offensive and defensive combat. To continue to learn, to be prepared. This is in fact to the security company offers great opportunities, at this stage most of the security company also just sell drugs, how drugs patients how clear it? If the security company completed the transition to the hospital pharmaceutical companies, for patients is huge gospel, but for security companies enormous business opportunities Azerbaijan. Well, I say point the way, now, for security administrators, normal operation well, the rest is their more practicing. Chronic illness into health, experience more, naturally know how to do.
     
         
         
         
  More:      
 
- CentOS 6.5 installation and deployment SVN 1.8.10 (Linux)
- Fedora10 use Git version Configuration Management (Linux)
- Kickstart automated installation and deployment RHEL 7.0 (Linux)
- Linux System Getting Started Learning: On Linux how to convert text files to PDF (Linux)
- ARM runtime environment built from scratch using QEMU emulator (Linux)
- How to protect your eyes automatically adjust the screen brightness on Linux (Linux)
- Bash added to the Vi mode indicator (Linux)
- How to deploy Icinga server (Server)
- Modify Linux terminal prompt path length (Linux)
- 10 example of the detection memory usage free Linux commands (Linux)
- In Debian 4.3 compiler under Linux-2.6.28 kernel Summary (Programming)
- To achieve Linux Security (Linux)
- GitLab installation configuration notes (Linux)
- Linux Fundamentals of the text, data flow processing orders (Linux)
- There are three ways to run a Linux operating system from a USB stick (Linux)
- Ceph distributed storage system is installed on a CentOS 7.1 (Server)
- AngularJS achieve picture upload feature (Programming)
- JavaScript file loader LABjs API Explanation (Programming)
- 10 Nginx safety tips (Linux)
- Java static code analysis tool Infer (Programming)
     
           
     
  CopyRight 2002-2020 newfreesoft.com, All Rights Reserved.