With the continuous development of computer application and network technology, the risks and losses of information security are increasing exponentially, which leads to the increasingly prominent network security problems. According to the current situation of network security, this paper puts forward the idea of using network security controller to help solve network security problems, and designs and implements an improved scheme of adaptive network security controller. With the rapid development of computer science and network technology, the global computer network security situation is becoming increasingly severe, and various attacks against network information security are also increasing.
Therefore, it is necessary to adopt effective network security technology to deal with computer network security. Network security technology is a technical means to ensure the security of data transmission and effective intervention control. The technologies adopted include physical security analysis, management security analysis, system security analysis and technical network structure security analysis. Firewall and intrusion detection technology, which are closely related to network security, are widely used in network security. Firewall is a protective barrier composed of software and hardware devices, which is constructed on the interface between internal network and external network, private network and public network. It is a special network interconnection device to protect the operating environment of internal network.
It can be used to strengthen access control between networks and prevent external network users from accessing the internal network resources by illegal means.
Its security strategy is to check the data packets and links transmitted between two or more networks, so as to determine whether the communication between networks is allowed, and monitor the operation status of the network. Using firewall technology, although it can provide safe network protection between internal and external networks and reduce the risk of network security, is an effective means to protect the network from hacker attacks at present, but only using firewall can not prevent attacks from LAN, nor can it completely prevent the transmission of infected software or files, as well as prevent data-driven attacks. Therefore, in order to truly achieve network security, in addition to adopting a variety of network security measures, it is also very necessary to strengthen the technical improvement of network controller. Network security controller belongs to network security products, its characteristics mainly include: firstly, network security comes from the diversification of security strategies and technologies; secondly, network security mechanism and technology should be constantly updated and changed; thirdly, network security software with powerful functions should be closely integrated to achieve the combination of software and hardware in order to truly achieve network security.
The existing network security controllers exchange information between the internal network and the external network by storing “intermediaries” in the network. Although physically blocking the internal network and the external network, the sensitive information of the internal network can still be accessed by the external network with the help of “intermediaries”, and the security is relatively low. Moreover, the information of both intranet and extranet is stored and accessed through “intermediary”, which is inefficient. Because the existing network security controllers lack the function of network security, thermostatic element they can not take into account both the security and the efficiency of network connection, so they will cause many security risks in the use process.
The improved network security controller can realize the function of automatic detection of sensitive information. If the sensitive information of the internal network is accessed by the external network, it will be physically isolated automatically. With the adaptive network security controller, users can switch back and forth conveniently between the internal network and the external network, and enjoy the convenience and rapidity of the information environment. A new adaptive network security controller is designed to set up a network switch and sensitive information detector between the switch control processor of the gateway and the access port. Usually, the Intranet is directly connected with the External Network. Once sensitive information detectors sniff sensitive information, the network switch automatically isolates the Intranet from the External Network, thus realizing the balance between the Intranet and the External Network. It can overcome the limitations of soft protection and solve the communication limitations of the existing physical isolation. Among them, the main function of sensitive information sniffer is to realize packet filtering.
In fact, it authorizes the source address, destination address, port number and network protocol of the data packet, annotates sensitive information, and controls the network switch to communicate and interrupt. Through filtering and processing of these information, the licensed data packets can be transmitted through sensitive information sniffers, and those without permission can be intercepted or even discarded. Once sensitive information is detected to be accessed by the extranet, the network switch can automatically disconnect the physical connection between the intranet and the extranet, and can protect the whole local network without bottlenecking the whole network. Neck. In order to realize this function, the sensitive information sniffer has access terminal, access port and switch control processor on the structure diagram. Access and access ports connect the external network and host respectively.
The switching control processor is used for data exchange and real-time detection of external hard disk or intranet hard disk signals. The access port realizes data exchange between the switch control processor and the connection port; the input connection line is connected between the connection port and the switch control processor; the output connection line corresponding to the input connection line is connected between the switch control processor and the access port, and each output connection line is equipped with an isolator. A network switch is set between the switch control processor of the sensitive information sniffer and the access port, so that both the internal and external networks can be taken into account.
This not only overcomes the limitations of the soft protection mode, but also solves the communication limitations of the existing physical isolation.
In a word, the all-round development of network security technology provides factual basis for the improvement and update of network security products. Although there are many ways of intrusion and attack, the use of the new adaptive network security controller plays an important role in preventing the real network security to a certain extent.