| With the rapid development of the information technology and its applications, the security issues of the information system become more difficult. The network systems that especially contain the national secret or directly compact the national security are challenged by many complex circumstances.In this paper it is focused on the security protection of the classified information systems which involve the national secret and are physically isolated. Directed by the new national security criteria, an integrated protect scheme is designed for a specific classified internal network. The scheme is approved and the first project has been implemented successively.From the view of physical security, the existing network is analyzed thoroughly; from the views of the network security, application security and the security management system, the weakness and risk of the network system are discussed, a solution presented in detail which employs some new techniques and products including the data backup and protection method, anti-virus, user identification, access control, management, and so on.Two issues are emphasized. The first one is the authorization management, including how to prevent the access of the unauthorized users and the over authorized access of the legal users both. To deal with it, it is proposed the security areas are separated by the firewall, and every security area must have its own security policies. Classified people and the information should consist with their security level. And the network boundary management should be enhanced. The second problem is the vulnerability of the operation system. This is a very danger to the client computer and the server that extensive exists. A distributed firewall system is suggested to deal with this problem. The security audit also is discussed, and its usage explained.Part of the solution is put in practice for six months, and some running problem found. Some suggestions are also proposed to improve the design. |
PDF Full Text Request