Traditional network behavior audit
Due to the increasing demand for the Internet, enterprises pay more and more attention to the construction of the Internet. However, in the process of using the Internet, there are many user behaviors that are difficult to monitor and manage, such as investing in stocks at work and playing games, which affect work efficiency, and visiting unhealthy sites and taking a walk for illegal remarks, which have negative effects on enterprises and cannot be traced back. In order to control unreasonable online behavior and trace the responsibility of network risk to people, Internet behavior audit equipment is usually deployed at the Internet outlet, which is born for Internet access control.
Lack of traceability of Intranet behavior
During routine service processing, enterprise personnel only need to access specific internal service systems (such as Office Automation (OA) and EMR). The access relationship takes place between the LAN and the data center, rather than through the Internet. As network viruses and network attacks become more and more simple, the application security of the enterprise Intranet is confronted with great challenges. When enterprise personnel access the internal service system, whether there are malicious attacks or whether they inadvertently bring network security risks. Because these network behaviors do not pass through the Internet, they cannot be audited by the online behavior audit device. As a result, they cannot be held responsible for the security risks caused by illegal access.
Self-secure Network Based "Personnel Track Tracing"
Based on Portal access authentication, the self-secure network records users' access to the internal network in real time to realize "personnel track tracing". Human trajectory includes two aspects:
■ Personnel network location track, through the self-security switch and self-security controller linkage, can record the terminal information used by personnel to access the network, access specific switch equipment and port, access time and so on;
■ Personnel access behavior track, through the self-security controller can record the target business system, access time and access terminal IP.
The self-secure network can trace the track of personnel to form a historical record. When enterprise personnel have malicious attacks on the internal network, the linkage between the self-secure switch and the controller can realize the association between the track of personnel and network attacks, which provides a basis for future investigation of the liability of network security risk.
