论文部分内容阅读
“将你的服务器集中,将你的数据集中,这可以节省大量的管理成本。”今天,很多供应商这样教导用户。“尽管从业务控制的角度来看,这种做法有其合理性,但从网络安全的角度来看,这并不是最好的做法。”思科公司负责安全业务的Barbara Fraser 女士说:“我们认为,应当将不同的应用放置在不同的服务器上。也就是说,最好是每一台服务器上仅仅支持一种服务。比如,相互独立的邮件服务器、部门服务器、语音邮件服务器等等。同时,每台服务器还需要使用全冗余,即使某一台服务器万一被攻破也不会影响大局。”但这并不是全部。为保证企业的网络坚固性,网络管理员还应当在内部网中添加 NIDS(网络入侵检测系统),在关键服务器上添加 HIDS(主机入侵检测系统),在关键业务主机上部署防火墙,在必要的地方部署 SSH/SSL。管理和提高第2层的安全性。对于某些关键模块,
“Centralizing your servers and centralizing your data can save you a lot of administrative costs.” Today, many vendors teach users like this. “While this is plausible from a business control standpoint, this is not the best approach from a cybersecurity perspective.” Ms. Barbara Fraser, Cisco’s Security Business, said: “We think , Different applications should be placed on different servers.That is, it is best to support only one service per server, for example, independent of the mail server, departmental server, voice mail server, etc. At the same time, Each server also needs to use full redundancy, even if a server is compromised will not affect the overall situation. ”But this is not all. To ensure the robustness of the enterprise network, network administrators should also add NIDS (Network Intrusion Detection System) to the intranet, add HIDS (Host Intrusion Detection System) to the key servers, deploy firewalls on the key business hosts, Deploy SSH / SSL locally. Manage and improve Tier 2 security. For some key modules,