Electric Power Enterprise Network Security

As the network extension of the rise and popularity, Internet has been rapid development, from human beings into the network era. Over the years, many emerging business networks up and rapid development, such as e-commerce, e-purse, the rapid development of Internet banking, the importance of network security to enterprises and individuals as well as affect the entire community is also growing. Network security has become the most concern and difficult issues.First, this paper, an overview of network security, identity and enterprise network security management system are discussed. Computer network security features are mainly a) Completeness. The network information data can not be changed without the authorization of the properties; 2) confidentiality. Is the network information will not be leaked to unauthorized users, entities, or processes, or for their use of the properties; 3) availability. Is a network of information access to authorized entities can be used in accordance with the characteristics of the demand. The network information service, when necessary, to allow authorized users or entities features, or the network portion of the damaged or need to downgrade use, can still provide effective services for authorized users of the properties; 4) authenticity. Refers to the user's identity is real; 5) Reliability. Of information systems to the conditions and requirements specified period of time complete the functional characteristics; 6) non-repudiation. Information systems in the network information exchange process, convinced that the true identity of the participants; 7) controllable. Is to disseminate information and content with the control features. Does not allow bad information transmitted via public networks. If the building of network security to achieve the desired objectives, enterprise network security management system is necessary to establish a sound. Network management can be described as an important network of support systems. In this article I manage security, physical security, system security, network security was summarized.Speaking of network security threats, almost everyone's first reaction is a hacker. In fact, hackers, of course, network security threats faced by the indispensable backbone, but the threats to network security is far limited to hacking, it comes from many areas, and over time and change. Network technology continues to evolve, more and more threats, but also increasingly of concern. Natural threats: natural threats may come from a variety of natural disasters, bad venue environment, electromagnetic radiation and interference, the natural aging network equipment. Physical threats: the physical device is the basis of the entire network, the entire information network of the normal operation of the security is inseparable from the physical device. Physical device directly affect the safety of the entire electric power information network security, when the physical device a result of natural disasters, man-made damage can not work properly, the entire network is also bound to a standstill and thus not work properly. Common security threats: 1) non-authorized access. Unauthorized access is not been legally authorized users to access network resources, or low-level user access to higher-than its authorized level of network resources; 2) fake user identity. Counterfeiting refers to the user's identity using forged credentials to fake the identity of the activities of others; 3) hacker attacks. Hackers is the use of network technology, some of the flaws and loopholes in the hacking of computer systems person; 4) Computer viruses: The information network security is another major threat is the virus, with the computer software and network technology development in today's The Internet era, computer viruses have been ever-changing, but also has produced many new forms and characteristics of the study and prevention of the virus has become the information age, the development of computer network technology is one of the important issues.Is now widely used and more sophisticated network security technology are: firewall technology, intrusion detection, network vulnerability scanning technology, data backup technology, anti-virus technology, data encryption technology, etc. In this connection a number of techniques were studied.1. Firewall. Firewalls are used to protect our network from malicious attacks, and the definition of boundary points to prevent network intruders illegal. As a network security firewall, the first barrier, can be achieved can not be trusted internal network and external network or internal network between the different network security zone isolation and access control, network systems and network services to ensure the availability, effectively preventing the network from outside attacks, to achieve the network border security. It was adapted for independent, with limited access to external network connectivity and network services are relatively concentrated and a single type of network system.2. Intrusion detection system. IDS (Intrusion Detection), the name suggests, is found on the invasion behavior. It is through the computer network or computer systems have a number of key points to collect information and analyze, from a network or system, whether found in violation of security policy behavior and signs of attack.3. Network vulnerability scanning. Security Scan is to enhance the system security is one of important measures, it can effectively pre-assessment and analysis of system security issues. Vulnerability scanning system type is used to automatically detect the remote or local host security vulnerabilities procedures.4. Data backup. With the computer systems, network equipment applications, such as deepening of e-government, critical data and database backup and recovery operations has become a routine operation and maintenance of the system is an important component.5. Anti-virus technology. The first is the prevention of computer viruses, if the virus break through our "line of defense", you need to detect and remove detected viruses. Therefore, also resulted in four kinds of computer virus prevention techniques: the virus prevention technology, virus detection, virus elimination and virus Immunoassay technology.6. Data encryption technology. Data encryption technology is to re-encode the information to hide the information content, so that unauthorized users can not access to information, the real content of a technological means. Data encryption measures to improve information systems and data security and confidentiality, to prevent secret data from being used by the external access to one of the principal means.In understanding the overview of network security and prevention measures, I have to business units of the network construction, for example, as we explain in detail the formation of the network and program implementation. First of all, the need for electricity is now used by business units have a certain understanding of network structure. At present, the internal network and Internet network connection they use a star topology. Followed by network design, in accordance with the actual needs of electric power enterprise network to achieve Internet connectivity, network resource sharing, internal office automation. Second, the division of VLAN, over-analysis, enterprise local area network according to application types are divided into four sub-networks corresponding to: Production Sub-Network (LAN1), the management sub-network (LAN2), Labor subnet (LAN3) and financial sub-networks (LAN4) . The operation of the network system used is based on the exchange of technology-based approach. Three networks are used is the backbone Gigabit Ethernet technology, the starting point of the high positioning information applications for the enterprise has brought high-speed, stable, and in line with international standards network platform.Construction of enterprise network security system1. Firewall system. 1) Access Control List to build a firewall architecture. Access control list is applied in the router interface commands list, a list of these commands is used to tell the router which packets can receive, and which to reject the packet. As for the data packet is received or rejected, can be similar to the source address, destination address, port number, protocol and other conditions specific instructions to decide. Increase through flexible access control list, ACL can be used as a powerful tool for the control of a network is used to filter the inflow and outflow of the router interface the packet. So as to achieve the network firewall role. 2) hardware firewall applications. In enterprise applications, the more common is the hardware firewall, I am "Watchg Guard" The firewall in the network set up to be a power company to explain in detail.2. Antivirus system to build. 1) Manually remove the virus. You want to remove a virus or trojan, it first has to find out. After identified the virus further killing. Through the system state judge to determine network status, system tools to identify three aspects of the root causes of the virus. 2) network anti-virus software killing. If a network anti-virus software. Network anti-virus software are also designed for network features. It should have the implementation of monitoring, a small footprint, suitable for a variety of operating systems, unified management, easy to distribute, easy online updates, and good after-sales service of products features. In the installation of such software should be installed on a network server, Server-side tools. When the installed server-side software, through the server automatically distributed to the client, allowing users to complete the client installation. So that server-side and client-side entrance of the two major viruses are effective in preventing the invasion of the virus, but also conducive to side-line for future service upgrades updated automatically notify the client to update anti-virus program.3. Group Policy security settings for the network program. Windows Group Policy is a powerful management tool, which can not only be configured on the workstation, its powerful features can also be applied to the entire network. Is the most commonly used in the enterprise network security management "magic weapon", one can make the machine safer, but also can make users more intuitive operation and convenient.4. Secure Access Control Construction. Access control, the main task is to ensure that network resources are not illegal use and access. Building on the security level access control, permissions settings, network monitoring, security control of several aspects of properties completed.5. Network vulnerability scanning implementation. Internet Scanner (network vulnerability scanning Evaluation System) is a device used to analyze the network security vulnerability assessment products. Through it to check the router, Web server, Unix servers, Windows Server-class servers, desktop systems and firewall weaknesses and identify the intruder can be used for illegal entry into the network holes. As the Internet Scanner easy to use and simple to configure, test the rapid, comprehensive, and can generate a comprehensive summary and an independent vulnerability assessment report submitted to detected vulnerabilities, including location, detailed description and the proposed improvements.6. Data backup implementation. Data backup we use NAS (Network Attached Storage, Network Attached Storage), it is connected to the network is local area network (LAN) rather than the storage network. NAS is a dedicated file server device, the working group or company for each user in the shared disk space, user rights to set idea is very similar to regular Windows system, the operation is very simple.7. To strengthen security management. Strengthen network security management, and formulate relevant rules and regulations, for ensuring network security, reliable operation, will play a very effective role.Conclusion, computer network security issues, should be like every household security issues like fire prevention, to take preventive measures; not even think you will become a target when the threat has already emerged, in the event, often caught by surprise, causing a great loss. Network security is one of human and social reality of the battle, we must be prepared to win.