Network Security Incident Response Strategy Realization

Traditional network security solution is mainly a defensive-oriented security policy, which strengthens the network of protection through the firewall, antivirus software, installing system patches and other means in order to achieve the purpose of protecting network from the attacker's aim. With the need of higher performance of network security requirement, gradually there come out the network attack detection system and honeypot technology and so on, most of which are based on active defense network security tools, but in actual application, none of them forms a complete system whose function for network attack prevention and treatment is limited when accident happens.On the basis of the study of the theory and technology of network security monitoring, network attack prevention, network data recovery and backing up, this paragraph both researches on network security incident response strategy model and achieves the various applications of the model with using the theory and methods of software engineering combined with programming language. Different from network attack prevention and protecting, the main content of network security incident response strategy are with situation happened how to restore the network, how to ensure data security, and how to enhance network data backup and recovery; also at the same time, attack defense system can record form the attacker the information, change the security policy which was always protecting but failed all the time into active defense response and information recording to make network strong enough to recover by itself. This model consists of three components, first of which is namely the attack of information recording technique, who mainly takes advantages of attack detection and network security monitoring technology to capture and save the network attacker relevant information by examining network traffic and network link that can provide a reliable basis for attack defense systems, data backup and recovery system, also play an important role in both the analysis of network attack and study of countermeasures.The second one, attack defense techniques, mainly based on the information recording system to obtain information about the attack, embedded both the honeypot technology and system vulnerability scanning technology into attack detection and prevention system, in order to build a three-dimensional attack defense system that can achieve protection of network attacks and resist. The last one, network of data backup and recovery techniques, whose goal is to be a backing up and recovery systems that can achieve a low-cost, high performance, be able to work with other network security devices and deal with more data backup. In this passage, the writer did the work on the analysis, design of the structure and its overall workflow, to achieve large-scale multi-point data file backing up, rapid recovery and strategy for synchronization of large distance data with a high efficiency.