Network security issues and solutions for the integration of three networks

The integration of three networks has been what people in the information age have been looking forward to for many years. The integration of three networks can combine the last "one kilometer" line connecting users into one ("three" refers to telephone, television, and the Internet). Especially today when 3G technology is becoming increasingly popular, the integration of three networks can enable users to feel the integration and unification of the network anytime and anywhere. More importantly, the integration of three networks can integrate people's life, work, and entertainment methods, making mobile phones, televisions, and computers display screens that can be switched at any time, allowing the virtual network world to accompany users in the real world...

However, while people are enjoying the convenient information services brought by the integration of the three networks, its back-end operation system, supervision system, and maintenance system are also facing unprecedented challenges, among which the challenges of network and information security are the most urgent. This is not difficult to understand. Just imagine: under the integration of the three networks, information and network channels are more diverse and complex. In this case, users' various important and sensitive information needs double network security and information security protection. This is enough to be explained by information from hackers and security vendors, and from information from various security incidents in the field of science and technology and society.

In general, the security issues faced by the integration of three networks are mainly manifested in the following aspects:

First, the Internet is an emerging interactive platform technology that connects all regions on the earth. At present, people do not have enough ways to deal with the insecurity factors from the Internet. This is a reality. The integration of the three networks means that the country's media propaganda will face the same security status as the Internet. How to ensure the media's broadcast control?

2. The characteristic of the Internet is public participation. News release channels are no longer fixed and controllable. How can we control and protect against the release and dissemination of false and sensitive information?

3. Communications are like the "nervous" system of modern society and have become a national public infrastructure related to people's livelihood. Attacking the communications system is no longer just a political or national security issue, but a major livelihood issue related to social stability. How can we protect this huge network?

Fourth, of course, the core of the security problem is the security of the content, which is also the most headache for the relevant management departments and the problem that needs to be solved urgently. What cannot be made public is, at the most, state secrets, at the most, personal privacy; what cannot be said casually is, at the most, political speech, at the most, personal information. Only when these problems are solved well can the government and users enjoy the convenience brought by the information technology revolution with peace of mind.

To this end, as a leading company in the field of domestic information security, Venustech proposed the "vase" model, which demonstrates the design ideas for the network and information security architecture under the integration of three networks. Its main idea is to establish three security baselines of protection, monitoring, and trust, select security measures that are compatible with business needs, and form a three-dimensional and time-effective network security protection system. The details are as follows:

1. Protection system: Adopting the idea of ​​"boundary", gateways and control devices are deployed at the interface between the network, system, resources and the "outside world". The model proposes five major boundaries: network boundary (LAN exit and security domain), human-machine boundary (server and terminal), and data exchange area;

2. Monitoring system: Using the idea of ​​"camera", we can comprehensively monitor the viruses and Trojans, intrusions and anomalies, network traffic, device status, and application system status within the network, sense the dynamics of the network, and reduce possible losses to a minimum;

3. Trust system: Establish a reputation guarantee system for internal users to confirm that each person's work is compliant and legal. The core of the trust system is three verifications: first, verify the user's identity, then verify the user's authority, and finally audit and verify the user's behavior.

The above three security baselines complement and cooperate with each other. The level of each baseline should be balanced. The requirement of any baseline should not be missing or lowered, which will lead to security shortcomings (the so-called wooden barrel principle). Below the three security baselines is the public security support on the network, such as security management platform, patch management service, etc.

In summary, after the integration of the three networks, there are more types of services, flexible user access, and significant content security. In addition, social progress and people's choices will never wait until there is absolute security. There is no absolute security in the world; the greatest security is that we can grasp the overall dynamics at any time, have the ability to reduce the losses of local unsafe incidents to the minimum, and be able to control the situation is security.

Therefore, in the face of the integration of three networks, we need to strengthen the construction proportion of the monitoring system and the trust system, strengthen the awareness of the overall security situation, and establish an emergency guarantee system.