Guarantee the sharing of resources

Network security is more and more valued by people. This article discusses its own views and practices on campus network security from the aspects of system security, network operation security and internal network security, for your reference.

With the continuous development of network technology and the increasing popularity of the Internet, many schools have established campus networks and put them into use. This undoubtedly plays an inestimable role in accelerating information processing, improving work efficiency, reducing labor intensity, and achieving resource sharing. However, teachers and students ignored the network security issues while using the campus network. They logged in some illegal websites and used virus-containing software, which led to the collapse of the campus computer system and brought a lot of work burdens to computer teachers. Seriously affected the normal operation of the campus network. Therefore, while actively developing office automation and achieving resource sharing, both teachers and students should pay more attention to the safety of campus networks. As people often say: the life of the network lies in its security. Therefore, how to do a good job of network security under the existing conditions has become an important issue for campus network administrators.

As a middle school computer teacher who is also responsible for the maintenance and management of the campus network, let's discuss the campus network security technology together.

Network security is mainly the security of network information systems, including system security, network operation security and internal network security.

1. System Security

System security includes the operation security of the host and server, and the main measures are anti-virus. Intrusion detection, audit analysis and other technologies.

1. Anti-virus technology: Computer virus is a program that causes computer failure and destroys computer data. It can infect other programs and replicate itself. Especially in a network environment, computer viruses are inestimablely threatening and destructive, so The prevention of computer viruses is an important part of campus network security construction. The specific method is to use antivirus software to frequently scan and monitor the files in the server, or use antivirus chips on the workstations and set access rights to network directories and files. Wait. For example, our school has installed the Jinshan Duba configured by the distance education center for real-time monitoring, and the effect is good.

2. Intrusion detection: Intrusion detection refers to the discovery of intrusion behavior. It collects information from several key points in the computer network or computer system and analyzes them to find out whether there are any violations of security policies and signs of being attacked, in order to improve the security management capabilities of the system administrator and timely safety precaution. The intrusion detection system includes software and hardware for intrusion detection. The main functions are: detection and analysis of user and system activities; inspection of system configuration and operating system logs; discovery of vulnerabilities, statistical analysis of abnormal behavior, and so on.

From the current point of view, the existence of system vulnerabilities has become the primary problem of network security. It is the main task of every network manager to find and timely repair vulnerabilities. Of course, finding vulnerabilities from the system is not what our general network managers can do, but discovering reported vulnerabilities early and updating patches is what we should do. The most common method for discovering reported vulnerabilities is to frequently log in to the relevant network security websites. For the software and services we use, we should pay close attention to the latest versions and security information of their programs. Once security issues related to these programs are discovered Immediately apply necessary patches and upgrades to the software.

Many network administrators do not know enough about this, so that after a few years, they can scan many vulnerabilities in the machine. In the campus network, the server provides users with various services, but the more services are provided, the more loopholes there are in the system, and the more dangerous it is. Therefore, from a safety point of view, unnecessary services should be shut down, and only the basic services they need are provided to the public. The most typical is that we usually only provide WEB service function to the public on the campus network server, and there is no need to provide FTP function to the public. In this way, in the server service configuration, we only open the WEB service, and the FTP service is prohibited.

If you want to open the FTP function, you must only open it to users you may trust, because users can upload file content through FTP. If the user directory gives executable permissions, then uploading certain programs may cause the server to receive attack. Therefore, trusting data from untrusted data sources is also a factor that causes network insecurity.

3. Audit monitoring technology. Auditing is the process of recording all activities performed by users using a computer network system, and it is an important tool for improving security. It can not only identify who has accessed the system, but also indicate how the system is being used. For determining whether there is a cyber attack, audit information is important to determine the problem and the source of the attack. At the same time, the recording of system events can identify problems more quickly and systematically, and it is an important basis for accident handling in later stages. In addition, through the continuous collection, accumulation and analysis of security incidents, selective audit trails of some of the sites or users can detect possible destructive behavior as early as possible. Therefore, in addition to the general network management software system monitoring and management system, more mature network monitoring equipment should also be used in order to perform real-time inspection, monitoring, alarming and blocking of common operations entering and leaving the local area network to prevent targeting the network. Attacks and crimes.

2. Network operation safety

In addition to the use of various security detection and control technologies to prevent various security risks, network operation security also requires emergency measures such as backup and recovery to ensure that the data required to run the computer system can be recovered as soon as possible after the network is attacked.

There are three general data backup operations. One is full disk backup, that is, all files are written to the backup medium; the second is incremental backup, which only backs up the files that have been changed since the last backup, this backup is the most effective backup method; the third is differential backup, backing up the last full disk All files changed after the backup.

According to the different storage media for backup, there are two solutions: "cold backup" and "hot backup". "Hot backup" means that the downloaded backup data is still in the entire computer system and network, but it is transferred to another non-working partition or another non-real-time processing business system for storage. It has the characteristics of fast speed and convenient calling . "Cold backup" is to store the downloaded backup in a safe storage medium, and this storage medium has no direct contact with the entire computer system and network that is running, and is reinstalled when the system is restored. Its characteristic is that it is easy to keep, to make up for some shortcomings of hot backup. During the backup process, backup software such as GHOST is often used.

3. Internal network security

In order to ensure the security of the local area network, it is best to isolate access between the internal network and the external network. Common measures are to use access control and network security detection between the internal network and the external network to enhance the security of the organization's internal network.

1. Access control: In internal and external network isolation and access systems, the use of firewall technology is currently the most important protection of internal network security, but also one of the most effective and economical measures. It is the only entry and exit of information between different networks or network security domains, it can control the flow of information to and from the network according to security policies, and it has strong anti-attack capabilities. It is to provide information security services. Infrastructure to achieve network and information security. Firewall technology can determine which internal services can be accessed by the outside world, who can access which internal services, and which external services can be accessed by internal personnel. Its basic functions include: filtering data in and out; managing access behaviors in and out of the network; blocking certain prohibited services, etc. It should be emphasized that the firewall is an important part of the overall security protection system, not all. Therefore, the security of the firewall must be integrated into the overall security strategy of the system to achieve true security.

In addition, the firewall is also used for isolation and access control of different network security domains in the intranet.

The firewall can isolate one network segment of the internal network from another network segment, preventing the problem of one network segment from propagating through the entire network. For some networks, in some cases, a certain network segment of some of its LANs is more trusted than another network segment, or a certain network segment is more sensitive than another network segment. Setting up a firewall between them can limit the impact of local network security issues on the global network.

2. Network security detection: The most effective way to ensure the security of the network system is to regularly conduct security assessment and analysis of the network system, scan and analyze the network system with a practical method, check the report system for weaknesses and vulnerabilities, and recommend remedial measures and security strategies , To achieve the purpose of enhancing network security.

The above are just some superficial views on preventing external intrusions and maintaining network security. Establishing a sound network management system is an important measure of campus network security. A healthy and normal campus network needs to be maintained by teachers and students.

Lounge Chairs Furniture

Lounge chairs Furniture

Lounge chairs furniture that means single chair, with rattan weaving design or aluminium frame design, lounge chair and make 1+1+1 set or L sectional sofa seating set. You can decorate your garden or home in many different ways.

Handwoven premium resin wicker UV resistant

Rust-resistant powder-coated frames

Cushions included with 30 density sofa foam

Versatile tempered glass tables

Cushions also available with 100% waterproof fabric.

outdoor lounge chairs furniture with different style and hand weaving

If you have any questions, please contact with us directly. Outdoor Sofa Furniture are produced

by Golden Eagle Outdoor Furniture With High Quality and Good Appearance. Welcome you can visit our Factory.For any inquiry,Please send mail directly to us.

Lounge Chairs Furniture,Modern Outdoor Furniture,Timber Outdoor Furniture,Wicker Outdoor Furniture

Golden Eagle Outdoor Furniture Co., LTD. , https://www.gebarset.com