Research And Implementation Of Information Security Strategy In Electric Enterprises

As the rapid development of information construction and with the application of information network technology growing popularity, information security has become an important issues affecting the security and the efficiency of the network. At present, the hardware environment of the information construction of the power system has been basically fulfilled. Whether the number of hardware devices or network construction are relatively in good condition. Production, marketing, dispatch and operation and other departments have also achieved informationization. However, cause the different divisions and sectors of the power system have big understanding gap about the information security, and different staffs need to raise awareness of the information security, as well as the shortage of understanding of new coming information security issues, while the lack of a unified information security management standards, etc. There are much more information security issues.To solve these information security issues of the power enterprises, after introducing the basic concept and popular technologies of the information security, this paper studied risks and potential threats of the information security and analyzed the corresponding security requirements, based on a concrete power enterprise. According to the different using and functions of PC terminals and servers, we partitioned and isolated the enterprise's network. Through the deployment of firewalls and IDS security devices, we modified the network structure, and designed and implemented corresponding strategy to enhance the network security, based on different levels of physical security, network security, system security, user security and data security. Besides, using VLAN classification, VLAN security technology, switch port security, user certification, BPDU filter technology, DHCP and ARP Snooping technology and devices security technology enhanced the information security.Finally, we tested the information security of the enterprise using penetration testing. The analysis and statistics of the test results and the audit log showed the information security had been greatly enhanced, and those implemented security strategies could defend a variety of network attacks.