With the development of Network technology, new techniques of network attacks are emerging. It is a proven fact throughout long time monitor that over 85% of the successful attacks are from internal of the network. Therefore to establish a safe and controllable internal computer network has now become an urgent need to address the problem.

The internal network you need

What is the secure internal network you need? What are the aspects that need to be considered to establish a secure internal network? To build up a relatively closed internal network with security, the full control of the network must be guaranteed. The full control suggests the followings:

• Monitor to the nodes connected to the network
  nternal network are relatively closed environment, it is necessary to have detailed monitor and risk-prevention to the node information in the network and nodes connected to the network.
• Monitor to the illegal external access
  If there are external accesses from the internal network nodes through abnormal channels, such as to access external network via Modem dial, in-time feedback and security prevention are necessary.
• Real time monitor and audit for network data
  o real time monitor the internal data transfer through network devices and alert when suspicious information is found. Execute security audit in the mean time for possible evidence obtainment.
• Real time virus monitor
  To real time monitor the internal network including important servers, work stations and PCs for virus prevention.
•  Unified monitor for the network
  To overall manage the security data with unified security strategy implementation and full-scale analysis of the security data to understand the security status and risk level.

Construction of network security

The construction of network security is a systematic engineering that requires careful design and deployment. And it is a long-term task as well for it contains both network security system establishment and network security policy making with cultivation of staff security sense. It can be described in the following 4 aspects:

Network security system establishment

• Rational division of network security domains
  t is a common practice to divide a large local area network into different domains with related security levels. A preliminary security protection will be taken by the VLAN technology supported by network devices.
• Network security system establishment
  The current common security system consists of Firewall, Intrusion Detection System, Vulnerability Scanning System, Security Audit System, Anti-Virus System, Illegal Dial-up Monitor System, VPN and Network Security Management Platform, etc
  
  Firewall
  Firewall is commonly used for network border protection. In fact, it will not only keep the security domains relatively secure from each other by setting up firewall among security domains with different security level, but also makes it convenient to adjust the access permission for each security domain in daily operation.
  
  Intrusion Detection System
  Intrusion Detection System largely compensates the feature of Firewall that the network can be protected from outside attacks only and achieves the real time monitor and alarm for the internal information. The co-work of Intrusion Detection System and the Firewall can create a dynamic real time protection for the important security domains in the network.
  
  Security Audit System
  The recording function of the Security Audit System that records every action and data in detail can provide supportive original evidence for the analysis of possible attacks.
  
  Anti-virus System
  The gateway anti-virus system can intercept the virus from internal network with best possibilities. In the mean time, comprehensive network anti-virus client application will be installed for protection with specialized anti-virus client application for server, to unify the management of anti-virus system with unified strategy.
  
  Illegal Dial-up Monitor System
  Illegal Dial-up Monitor System can effectively guarantee the legitimacy of network nodes access, and actively alarm and block the access through abnormal link to the nodes outside the security domains.
  
  Virtual Private Network
  For the crucial server parts in the network, it is to guarantee the legitimacy of the visitor’s identification that VPN verification will be used to have detailed visits control to the servers.
  
  Integrated Network Security Management Platform
  The Integrated Network Security Management Platform can analyze the data provided by different security devices in the network and generate the security analysis report for the network for the support of constructive advices for further network security device deployment strategy and network security policy management.
  
  
• Network Security Policy Construction and Staff Security Sense Cultivation
  - Network Security Policy Making
  - Staff Security Sense Cultivation