【 Weak current College 】 hackers attacking with detailed solution (3)

5. security audit

Security auditing is a simulation of social activities in the network of monitoring bodies, the activities of the network system for monitoring, recording and making safety recommendations a mechanism. Use security audit can be targeted on the network running status and the procedure for recording, tracking and review. Through the security audit not only on effective network risk assessment, you can make reasonable security policies and strengthen security management provides the basis for decision making, make the network system can adjust strategies in a timely manner.

Overall solutions in network security has become increasingly popular today, security auditing network security system is an important component. Network users on the network system of safety equipment, network devices, applications and system health to comprehensive monitoring, analysis, assessment, is to protect an important means of network security.

Computer network security auditing, including on the operating system, database, Web, mail systems, network devices and firewalls, and other items of security audit, and the strengthening of security education, enhanced security, the sense of responsibility.

Network security is dynamic, and on the established systems, if not real-time, centralized, Visual audit, you will not be able to evaluate the security of the system and the discovery of security vulnerabilities.

At present, the network security audit system contains a primary function and general issues involved are as follows:

1. network security auditing system main features

(1) acquisition more types of log data. To capture a variety of operating system, firewall systems, intrusion detection systems, network switches, routing devices, services and application system log information.

(2) log management. The ability to automatically collect log information in multiple formats and convert them to a unified log format that is easy to log information about various complex of unified management and processing.

(3) log query. In multiple ways to query the network log information, and to report form.

(4) intrusion detection. Use a variety of built-in dependency rules on distribution in the network equipment generates log and alert correlation analysis information to detect a single system is difficult to find security events.

(5) the safety analysis report is automatically generated. According to the logging database record log information, analysis of network or system security, and to submit safety analysis report to administrator.

(6) the network status monitor in real time. You can monitor running agent status of specific equipment, network equipment, log contents, network behavior.

(7) incident response mechanism. When the security audit system detects a security incident, timely response and automatic alarm.

(8) for centralized management. Security audit system can utilize a unified management platform to enable log proxy, security, auditing and logging database for centralized management.

2. network security auditing system on general issues involved

(1) log format compatibility issues. Typically, different types of equipment or system generated log formats are incompatible with each other, such as network security event analysis of concentrated significant difficulty.

(2) log data management problems. Log data volume is very large, growing, when the limit is exceeded, you cannot simply discarded. Need a complete backup, recovery, handling mechanism.

(3) log data set to analyze the problem. An attacker could at the same time on multiple network destination, if an individual analysis of each destination host log information, not only of heavy workload, and it is difficult to find. How to add multiple target host log information, identify attacks is a security auditing system faces important problems.
r>(4) analysis reports and statistical reports generated automatically. The network every day will produce a lot of log information, huge workload allows the administrator to manually review and analysis of various log message is not realistic. Therefore, providing an intuitive analysis reports and statistical reports automatically generated mechanism is necessary, it can ensure that administrators to timely and effective discovery networks in a variety of abnormal state.

VI. safety management

1. content of the information security management

Under my computer information system security level protection management requirements (GA/T391 — 2002) description of the content of the information security management is an organization or agency information system's life cycle, the entire process of implementing security level responsibility requirements of scientific management, which includes:

(1) implementing safety and security managers, clear roles and responsibilities, develop safety planning;

(2) development of safety strategies;

(3) the implementation of risk management;

(4) to develop business continuity plans and disaster recovery plans;

(5) the choice and implementation of security measures;

(6) ensure that the correct configuration, change and security;

(7) to conduct safety audits;

(8) to ensure the maintenance of support;

(9) a monitoring, inspection, handle security incidents;

(10) the safety and security education;

(11) personnel security management.

General sense, the security management refers to achieve information security objectives and take a series of management systems and technologies, including safety testing, monitoring, response, and adjustment of all the control process. But on the whole system for risk analysis and assessment is clear information security objectives and requirements of an important means.

2. the basic information security managementPrinciple

Need to be clear that the point is: no matter how advanced security technologies that are merely for information security management tools. Information security from a valid management, advanced security technology play better results, it is necessary to establish a good information security management system, this is a fundamental issue. Since people (particularly senior leader) always believe that information security is a technical problem, and the information security management's responsibility is limited to technical staff who, in fact this view and practice is very wrong.

Now, information has become an important asset for the development of enterprises, business leaders must pay attention to information security management must be involved in the management of information security, information security management as one of the existing management measures.

In our country, to strengthen information security work and establish and improve the information security management system, usually with whoever is in charge who is in charge, who's who and who's operations use who is responsible for the basic requirements, adhere to the general principle of the main leaders in charge is:; code grading principles; law principles; the principle of human; moderate security principles; comprehensive prevention, focused principles; system, dynamic principles; the social impact of the control. And information security management is the main strategy: the separation of powers, minimum privilege, selection of mature technology and widespread participation.

3. the information security management process

Security management is an evolving, dynamic process of constant revision, throughout the life cycle of information systems, information systems management level, physical layer, network layer, the operating system level and application level and operating level of security risk management. In these aspects of security management is to ensure that the information systems security technology, security engineering running the correct, safe and effective basis. Overall security aims to prevent the State secrets and units of sensitive information compromised, exposure and prevent data theft, unauthorized modification, loss, and destruction, the loss of the ability to prevent the system, reduce, prevent fraud, ensure the credibility of the information and systems and assets.