论文部分内容阅读
企业网络的安全问题变得越来越棘手,网络基础设施的极度扩张,使得网络环境的复杂性激增,结果造成所期望的安全性难以实现,管理成本也越来越高,还影响着网络适应新业务的灵活性,另一方面,围绕防火墙和利用后门的各种攻击日益复杂和普遍,企业面临的安全威胁越来越严重,但是每加入一项新的安全设施(例如防火墙、入侵检测和防范系统等),就意味着网络环境变得更加复杂,管理更加难以实现。企业网络无疑需要全面而深入的安全性,即深度安全(secure in-depth)。通过使用多级防火墙、入侵检测和防范系统来加固边界,可以保护和隔离关键资产,并将攻击损失控制在较低范围内。但是,如果使用传统的多功能的安全工具来实现深度安全,代价一般会非常昂贵,因为每一层安全都意味着企业需要投入相应的设备和运行成本,以支付其所使用的每一种新安全工具。除了成本、购买、安装、配置和实施哪怕是其中的某一种工具,都会消耗数天到数星期的时间。对于已经面临预算和资源压力的IT部门来说,在这些问题上投入更多的资金和人力显然不是一个可行的选择那么,有没有一种既能降低成本和复杂度,又能提高网络安全性的办法呢?
Enterprise network security becomes more and more difficult, the extreme expansion of network infrastructure, making the proliferation of network environment complexity, resulting in the desired security is difficult to achieve, management costs are also getting higher and higher, but also affect the network to adapt On the other hand, the increasing complexity and prevalence of attacks around firewalls and backdoors have led to more and more serious security threats for enterprises. However, each time a new security device is added (such as firewall, intrusion detection and Prevention system, etc.), it means that the network environment has become more complicated, more difficult to achieve management. Enterprise networks undoubtedly require comprehensive and in-depth security, that is, secure in-depth. By using multi-level firewalls, intrusion detection and prevention systems to harden the boundaries, you can protect and isolate critical assets and keep attack losses low. However, using traditional, multi-functional security tools to achieve deep security can be very expensive, as every level of security means that organizations need to invest the appropriate equipment and operating costs to pay for every new type of use Safety tools. In addition to costs, buying, installing, configuring, and implementing even one of these tools can take days to weeks. For IT departments that are already facing budgetary and resource pressures, investing more capital and manpower on these issues is obviously not a viable option. Is there any way to reduce both cost and complexity while improving network security Way?