/Xiao Fang _ 1633.html
The information revolution has swept the world, rapidly and profoundly changing the way of human society's survival and development. Fire information has played an active role in realizing the comprehensive utilization of office automation and fire business information, establishing a rapid response mechanism of fire forces, improving the actual combat ability of fire forces in preventing and fighting fires and handling other disasters and accidents, optimizing the workflow of fire business, realizing the scientific and standardized management of fire business, and improving the work quality and management level. At the same time, due to the fragility of the network itself and some unstable factors in the construction of the system platform, some security problems will inevitably arise, which may directly lead to virus spread, illegal invasion, information leakage and even platform collapse. Therefore, how to avoid and solve the security problems existing in information construction and make it better serve the current fire fighting work is also an urgent problem to be solved in information construction.
The main contents of the information construction of long-term fire protection
1. 1 fire information category
Fire information is a process of collecting, storing, processing, analyzing and mining fire information by using advanced, reliable, practical and effective modern computer, network and communication technology, so as to realize high-level, efficient and effective utilization of fire information resources and infrastructure.
The scope of fire information construction includes communication network infrastructure construction, information system construction and application, security system construction, operation management system construction and standard system construction.
1.2 communication network infrastructure construction
The national fire communication network is logically divided into three levels: the first level network is from the Ministry of Fire Bureau to the provincial (autonomous regions and municipalities) fire corps and related fire research institutions and fire colleges; The secondary network is the fire brigade from provinces (autonomous regions and municipalities) to cities (prefectures); The third-level network is from the city (prefecture) fire brigade to the grass-roots fire brigade and squadron. For Beijing, Shanghai, Tianjin, Chongqing and other municipalities directly under the central government, the secondary network and the tertiary network can be considered together. Local area networks at all levels should be established by local authorities.
1.3 security system construction
Security system is an important guarantee to realize information sharing, rapid response and efficient operation of public security fire control institutions. The security system should first ensure the safe and reliable operation of the network, on this basis, ensure the confidentiality, integrity and high availability of application systems and services, and provide an expandable space for future applications. The basic requirements for the construction of safety system are:
(1) Ensure the safe, reliable and continuous operation of the network, and prevent malicious attacks from the outside and malicious destruction from the inside;
(2) In order to ensure the integrity, confidentiality and non-repudiation of information access, necessary measures such as information encryption, information access control and access authority authentication are required;
(3) Providing risk protection such as disaster tolerance;
(4) Provide convenience for network applications as much as possible while ensuring security, and implement unified identity authentication and role-based access control for the whole network;
(5) Establish a complete safety management system.
2. Network security issues in fire information construction.
2. 1 Definition of computer network security
In a narrow sense, computer network security means that computers and their network system resources and information resources are not threatened and endangered by natural and man-made harmful factors; Essentially, it is information security on the system.
Broadly speaking, all technologies and theories related to the confidentiality, integrity, availability, authenticity and controllability of information on computer networks are the research fields of computer network security.
2.2 the fragility of the network system
2.2. 1 operating system security vulnerabilities
Unsafe operating system is the root cause of computer insecurity. Mainly manifested in:
(1) defects in the operating system itself;
(2) The operating system supports transferring files, loading and installing programs, including executable files, on the network;
(3) The reason why the operating system is unsafe lies in the creation process, which can even be created and activated remotely on the nodes of the network;
(4) The operating system provides network file system (NFS) service, which is a network file system based on RPC. If there is a major problem with NFS settings, it is almost equivalent to handing over the system management right;
(5) The password-free crowd arranged by the operating system is the boundary entrance of system developers, but these entrances may also be used by hackers;
(6) There are hidden channels in the operating system, which are potentially dangerous.
Vulnerabilities in network security
With the appearance of Internet/Intmnet, the problem of network security is becoming more and more serious. It can be said that FTP, E-Mail, RPC and NFS provided by the network using TCP/IP protocol all contain many unsafe factors and have many loopholes.
At the same time, the popularity of the network makes information enjoy a new level, and the chances of information being exposed are greatly increased. Internet is an unprotected open large-scale system. Anyone can enter the system through unprotected external environment and lines, and eavesdropping, remote monitoring and attacks may occur at any time.
2.2.3 database management system security vulnerabilities
At present, a lot of information is stored in various databases, but these database systems pay little attention to security. In addition, the security of database management system must match the security of operating system.
Limitations of firewall
Although the firewall can protect the safety net from external hackers, it can only improve the security of the network, and it is impossible to guarantee the absolute security of the network.
2.3 Analysis of Common Intrusion Means Based on Fire Communication Network
Because of the sociality of fire fighting work, an important aspect of fire fighting information construction is to strengthen the function of serving the society by means of information, and actively provide all kinds of fire fighting information to the society through online media, such as fire fighting laws and regulations, fire fighting knowledge and so on. , thus promoting the socialization of fire control work; Accept fire fighting business online, release relevant information of administration according to law, provide services for the society, and improve people's satisfaction with fire fighting work. While using the network to improve work efficiency and simplify daily workflow, it also faces many information security problems, mainly in the following aspects:
2.3. 1 Internal data stolen.
At present, all kinds of materials uploaded and distributed by the fire department are basically printed by computer before they can be issued. Generally, there are electronic copies in computers. If this computer directly accesses the local area network or the Internet, it may be threatened by internal or external personnel. The main ways are:
(1) Use system vulnerabilities to invade, browse, copy or even delete important files. Some time ago, a vulnerability named DCOM RPC was popular in the security field, involving a very wide range, from Windows NT4.0, Windows 2000, Windows XP to WindowsServer 2003. Because there is a buffer overflow defect in the DCOM (Distributed Component Object Module) interface of Microsoft RPC, if an attacker successfully exploits this vulnerability, he will gain local system privileges and can run any commands on the system, such as installing programs, viewing or changing, deleting data or establishing an account with system administrator privileges. At present, the attack code of this vulnerability involves 48 corresponding operating systems and versions, and its harmfulness can be seen.
(2) Computer operators have poor safety awareness and negligent system configuration, so they can enjoy the directory at will; System users use empty passwords, or lend their system accounts to others at will, which will lead to illegal access to important content and even loss of system control.
2.3.2 The Web service is illegally used.
According to statistics, at present, China public security fire departments at all levels have established nearly 100 websites on the Internet, providing important information such as fire laws and regulations, basic data of dangerous goods, product quality information, fire technical standards and so on. Some detachments have also opened online acceptance services for key units within their jurisdiction, which greatly improved work efficiency, but web-based intrusion and fraud are also threatening the security and credibility of website data. Its main performance is as follows:
(1) Web fraud
Many websites that provide various laws, regulations and related professional data query provide membership services. These members generally need to pay a certain fee to formally register as members, and the website allows members to register online through credit cards. Attackers can obtain sensitive information in membership registration through a way called middleman.
An attacker can attack the external router of the site and let all traffic in and out of the site pass through him. In this process, the attacker plays the role of agent, transmitting information between the victim and the communication receiver. An agent is a system between two concentric computers. In most cases, it can establish a separate connection between each system. In this process, the attacker records all the traffic between the user and the server, and chooses the information that he is interested in or valuable, which poses a threat to the user.
(2)CGI deception
CGI (Common Gateway Interface) is a common gateway interface. Many web pages allow users to input information and interact to some extent. There are also some search engines that allow users to find sites with specific information, which is usually done by executing CGI programs. Some CGI programs that are improperly configured or have loopholes in themselves can be used by attackers to execute some system commands, such as creating users with administrator rights, opening * * * enjoyment and system services, uploading and running Trojans, etc. After the attacker seizes the system management authority, he can also install a sniffer in the system to record the user's sensitive data, or change the page content at will, threatening the authenticity and credibility of the website information.
(3) Errors and omissions
Website administrators, website designers, page makers, website operators and programmers sometimes make some mistakes unintentionally, which will lead to some security problems, reduce the stability and query efficiency of the website, and seriously lead to system crash, page tampering and reduce the credibility of the website.
2.3.3 Potential security risks of network services
All network functions must be based on the corresponding network services, such as IIS services, FTP services, e-mail services and so on. However, these powerful services are also very fragile in the face of some targeted attacks. Here are some common attack methods.
(1) Distributed Denial of Service Attack
Attackers send a lot of information to the system or network, which makes the system or network unable to respond. Any system that connects to Intemet and provides TCP-based network services (such as Web server, FrP server or mail server) may be the target of attack. In most cases, it is difficult for the attacked service to receive new connections, and the system may run out of memory, crash or cause other problems.
(2) Password attack
In the process of network-based office work, it is inevitable that some sensitive files will be transmitted in the form of * * *, FTP or web pages. These forms can improve the security of files by setting passwords, but most of them use some basic numbers or words such as 123, work, happy, etc. as passwords, or use their own birthdays and names as passwords. Due to subjective reasons, these passwords are invalid, and attackers can use dictionaries and combinations.
(3) Routing attack
Attackers can change the routing settings by attacking the router, which prevents the router from forwarding the user's request normally, thus preventing the user from accessing the external network. Or send some carefully modified packets to the router to stop responding and disconnect the network.
3. Countermeasures to solve the network security problems in fire information construction
3. 1 Standardize management process
Network security is an aspect of information work. The basic purpose of information work and standardization work is the same, both to improve work efficiency, but to change the means of standardization. Therefore, management plays a more important role than technology in the process of informatization. Only by optimizing the management process, consolidating the management foundation, refining the management process, simplifying the redundant links of management and improving the management efficiency can we achieve the goal of informatization and improve the level of network security construction.
3.2 Establish a management support layer
Informatization is a systematic project, and its implementation needs the attention and support of the head of the unit from beginning to end, including the support of workflow reengineering, the support of coordinating the work of various departments, and the support of software promotion and training. In practical work, it is necessary to set up a "leading group for information construction", with ministers of various departments as members and specific administrative departments under it, which are specifically responsible for network construction and information security. This is an ideal practice. However, to really play its role and promote the smooth development of information work, it is not only necessary for leaders to attach importance to it, but more importantly, it is necessary for the person in charge to have the ability to fully coordinate and communicate the work of various business departments, and to have good coordination and cooperation with the heads of other departments.
3.3 Development of network security management system
Strengthening the construction of computer network security management laws and regulations and establishing and perfecting various management systems are necessary measures to ensure computer network security. Such as formulating personnel management system and strengthening personnel audit; In terms of organization and management, we should avoid separate operation and separation of operation and design.
3.4 Take effective safety technical measures.
As far as the current degree of fire information construction is concerned, the application of network is mainly reflected in LAN service, Web service and database service. Direct access to the Internet should be avoided, but a secure proxy server should be configured so that the whole LAN can access the Internet through this proxy, so that the terminals accessing the Internet have no real IP and most conventional attacks can be avoided. Web service-based online office and e-government should be equipped with a network firewall certified by the Ministry of Public Security, and a special person should be responsible for it. Open as few useless services as possible, strictly limit the number and authority of system users, and restrict access through authorization certificates or IP to enhance the security of the site. In terms of database, the fire department now mainly uses Microsoft Access. The network function of this database is mainly based on dynamic web platforms such as ASP and PHP. SQL query statements interact with pages. On the premise of ensuring that the system is not invaded and can't download the database directly, data security mainly depends on the rigor of page query statements. In addition to Access, Microsoft's SQL Server and Oracle are widely used. The network functions of these two database systems are very powerful. Its security first requires professional database operators to correctly configure the database, limit the number of database users, set permissions according to users' responsibilities, encrypt sensitive data, and back up the database regularly to ensure the continuity and integrity of data.
4. Concluding remarks
With the rapid development of Internet/Intranet technology application, the automation and networking process of fire department office is quietly starting, which is an irresistible development trend, and the security problems faced in information construction will be paid more and more attention by leaders at all levels. Network security construction should focus on three key points: first, improve the safety awareness of leaders, designate special personnel to be responsible for security construction, and pay attention to the value and confidentiality of information; The second is to formulate a sound security management system, with important information managed by special personnel to avoid sensitive information directly accessing the network; Thirdly, the specialization of network security means training professional network security talents, carrying out professional security management on the whole network, improving the security of the whole network, building a dynamic, advanced, feasible and practical fire information network, and promoting and improving the fire information construction while constantly meeting the needs of modern fire protection work.
There are many more here.
/Channel-22.html