1. Layer 1: physical security
Entity security is the basis of information system security. According to the national standard of physical safety, the implementation process is determined as the following detection and optimization items: computer room safety, site safety, computer room environment/temperature/humidity/electromagnetism/noise/dust prevention/static electricity/vibration, building/fire prevention/lightning protection/fence/access control, facility safety, equipment reliability, communication line safety, radiation control and leakage prevention, power supply/air conditioning, disaster prevention and recovery, etc.
2. Layer 2: Platform safety
Platform security generally refers to the security of operating system and general basic services, which is mainly used to prevent hacker attacks. At present, most of the security products on the market are limited to solving platform security. Based on the information security assessment criteria, CNNS determines that the implementation process of platform security includes the following contents: operating system vulnerability detection and repair; Detection and repair of vulnerabilities in Unix system, Windows system, network protocol and network infrastructure; Detect and repair vulnerabilities in routers, switches, firewalls and general basic applications; Database, Web/Ftp/Mail/DNS and other system daemons and network security products deployment. The realization of platform security needs to use common network security products in the market, mainly including firewall, intrusion detection, vulnerability scanning and anti-virus products, comprehensive platform security testing/simulated intrusion and security optimization of the whole network system.
3. Layer 3: Data security
In order to prevent data loss, crash and illegal access, CNN provides the following contents to ensure data security: media and carrier security protection, data access control, system data access control inspection, identification and authentication, data integrity, data availability, data monitoring and auditing, and data storage and backup security.
4. Layer 4: Communication security
In order to guard against the threat of security loopholes in communication between systems, according to the actual threats faced by network communication, CNN has taken measures to ensure the security of communication between systems, including: testing and optimizing the security of communication lines and network infrastructure, installing network encryption facilities, setting up communication encryption software, setting up identity authentication mechanism, establishing and testing security channels, and testing the operating loopholes of various network protocols.
5. Layer 5: Application Security
Application security can ensure the safe operation of related business on computer network system, and its vulnerability may bring fatal threat to information system. Based on the actual threats faced by business operations, CNNS provides assessment measures for application security, including program security test (Bug analysis) of business software, non-repudiation test of business communication, access control verification test of business resources, identity authentication test of business entities, backup and recovery mechanism check of business sites, uniqueness/consistency/anti-collision test of business data, confidentiality test of business data, reliability test of business systems and availability test of business systems.
After the test is implemented, it can provide targeted security suggestions, repair methods, security policies and security management norms for business systems.
6. Layer 6: Operational safety
Operation security can ensure the stability of the system and control the security of the network system within a certain range for a long time. The implementation measures provided by CNN for operational safety include: emergency response mechanism and support services, network system security monitoring, network security product operation monitoring, regular inspection and evaluation, system upgrade and patch provision, latest security vulnerability tracking, disaster recovery mechanism and prevention, system transformation management, and network security professional technical consulting services. Operation safety is a long-term service, which is included in the after-sales service of network security system engineering.
7. Layer 7: Managing security
Administrative security provides a management mechanism for the above security levels. According to the characteristics, actual situation and management requirements of the network system, various safety management mechanisms are adopted to comprehensively control risks, reduce losses and consumption, and promote the safety production benefits of users. The mechanisms set by CNN for managing security include personnel management, training management, application system management, software management, equipment management, file management, data management, operation management, operation management and computer room management.
Through the implementation of management safety, the safety strategy is established for the above aspects to form a safety system, and the implementation of various management systems is guaranteed through training.