Based on a deep understanding of information security, referring to advanced standards and concepts at home and abroad, and based on years of experience in security field construction, Shanghai Dehang Technology has summarized and refined an information security assurance system for the power industry that can fully meet the current and future development needs of the power industry to “ Information Assurance (IA) ” Centered on “ Defense in depth ” and “ Comprehensive prevention ” To guide “ Information security risk analysis ” By means of “ Information security management ” Focus on providing security assurance capability from personnel, technology, management, etc., divide the power industry network into multiple security defense fields such as network boundary, network infrastructure, terminal computing environment, and supporting infrastructure, protect the power information and information system, and meet its security requirements such as confidentiality, integrity, availability, authentication, non repudiation, etc.
Shanghai Dehang Technology has developed a series of world leading information security products, including firewall , intrusion detection system, unified threat management (UTM) products, terminal security management system (IntraSec), security event management (SEM) and security management center (SOC), etc., to build an active and deep information security assurance system for the power information network, calmly respond to external and internal, known and unknown security risks, Ensure the information security of power network.
Introduction to security assurance system of power industry:
one Network boundary defense system
The boundary between two different calculation areas refers to the isolation function between two areas or two groups of areas. The boundary belongs to a virtual object and does not correspond to specific assets. The isolation function of the boundary can be realized physically, on the network layer, system layer and application layer, or at multiple levels at the same time;
The main technologies used for boundary protection include:
1. access control
2. Intrusion detection/intrusion prevention
3. Communication encryption (VPN)
4. Gateway antivirus
5. Flow shaping
6. anti-spam
7. Content filtering
two Terminal security protection system
While considering the security defense of network boundary areas, corresponding security products and technologies must be adopted to manage and protect the security of a large number of terminals in these areas. Surveys by many international authoritative organizations show that in addition to external intrusion and attack, internal security issues are also prominent, and internal security incidents account for 70% or more of all security incidents. For example, internal misuse, sniffing, attacks and other abuses cannot be detected in time due to the lack of effective monitoring and management, which also poses great challenges to network security; Information security is a whole, and the weakness of any part will greatly reduce the overall security defense capability, which will not only make the border security defense system built with heavy money lose its function, but also seriously affect the normal operation of power system business, which will have a negative impact on power enterprises from economic, legal, reputation and other aspects. Therefore, it is also important to build an effective terminal security protection system.
The construction of terminal security system mainly has several objectives: reducing the weaknesses and vulnerabilities in the internal environment, preventing the spread of malicious code such as worm virus in the internal environment, improving the ability to detect network attacks, track and trace after security events, and improving the ability to protect, manage, monitor and audit internal users, Maintain a secure and trusted computing environment.
The main technologies adopted by the terminal security management system include:
1. Terminal asset management
2. Automatic patch management
3. Host Access Control
4. Host intrusion prevention
5. Security state integrity check and compulsory certification
6. Network access control
7. Peripheral use control
8. End user behavior monitoring and auditing
three Security Incident and Risk Management Center
The Safety Event and Risk Management Center will assign key equipment( network equipment And security equipment). Through highly intensive management products and means, various security products scattered on different business networks, different network segments, and different business networks are organically integrated to greatly improve the efficiency of security products.
The security management functions involved in the security event and risk management center include risk management, asset management, vulnerability management, security event management, security task list management, security early warning management, security equipment management, security evaluation management, report management, etc. It is a strong support platform for the continuous and stable operation of the information security system in the power industry.
Wuxi Dehang Technology Co., Ltd. provides professional IT services, Wuxi broadcast system, Wuxi projector installation, monitoring engineering, network maintenance, Wuxi Security Monitoring , Wuxi remote monitoring , Wuxi Monitoring , Wuxi cabling project, Wuxi monitoring and installation company, Wuxi LAN cabling, Wuxi IT outsourcing, Wuxi network maintenance, Wuxi generic cabling system, Wuxi generic cabling company, Wuxi monitoring and installation company, Wuxi The server Wuxi generic cabling company, generic cabling system, surveillance camera, we have professional scheme design engineers and professional construction team, and we will make every effort to meet customer requirements and ensure project quality.
