The issue of network security is no longer a purely technical issue. A complete network security system must reasonably coordinate the three factors of law, technology and management, and integrate the three technologies of protection, monitoring and recovery. Whether in a local area network or a wide area network, network integrity measures should be able to comprehensively address various threats and vulnerabilities, and ensure the confidentiality, integrity and availability of network information.

network security structure

Network security runs through the OSI 7-layer model (physical layer, data link layer, network layer, transport layer, session layer, presentation layer, application layer), and for the actual operation of the network system TCP/IP protocol, network security runs through the information system. 4 levels.

Physical layer information security mainly prevents damage to physical links, eavesdropping on physical paths, and attacks or interference on physical paths.

The link layer needs to ensure that the data transmitted over the network link is not eavesdropped. Can be divided into Vlan (local area network), encrypted communication (remote network) and other means

The network layer needs to ensure that the network only uses authorized services for authorized users, to ensure correct network routing, and to avoid interception and monitoring.

Operating system security requires ensuring the security of user data, operating system access control, and auditing applications on the operating system.

The application platform refers to the application software services built on the network system, such as database server, e-mail server, web server, etc. Because the system of the application platform is very complex, a variety of technologies (such as SSL, etc.) are usually used to enhance the security of the application platform.

The security of the network system should have the following functions

The security system of the network application system should include the following functions:

Attacks interfere with monitoring. Through the attack monitoring system established for specific network segments and services, most attacks can be detected in real time, and corresponding actions can be taken (such as disconnecting the network connection, recording the attack process, tracking the attack source, etc.).

Encrypted communications. Active encrypted communication can prevent attackers from understanding and modifying sensitive information.

Check for security holes. Through periodic inspection of security vulnerabilities, even if the attack can reach the attack target, most attacks can be made invalid.

Certification System. A good authentication system prevents attackers from impersonating legitimate users.

Multiple layers of defense. After the attacker breaks through the first line of defense, it delays or blocks it from reaching the attack target.

Backup and restore. A good backup and recovery mechanism can restore data and system services as soon as possible when the attack causes losses.

Access control. Through the access control system established for specific network segments and services, most attacks are prevented before they reach the attack target.

Set up a security monitoring center to provide security system management, monitoring, protection and emergency services for information systems.