1.注意内网安全与网络边界安全的不同内网安全的威胁不同于网络边界的威胁。网络边界安全技术防范来自 Internet 上的攻击,主要是防范来自公共的网络服务器如 HTTP 或 SMTP 的攻击。网络边界防范(如边界防火墙系统等)减小了资深黑客仅仅只需接入互联网、写程序就可访问企业网的几率。内网安全威胁主要源于企业内部。恶性的黑客攻击一般都会先控制局域网络内部的一台主机,然后以此为基地,对 Internet 上其他主机发起恶性攻击。因此,应在边界展开黑客防护措施,同时建立并加强内网防范策略。2.限制 VPN 的访问 1. Be aware of the differences between intranet security and cyberbound security The intranet security threats are different from the cyberbound threats. Network border security technology to prevent attacks from the Internet, mainly to prevent attacks from public network servers such as HTTP or SMTP. Network border guard (such as the border firewall system, etc.) to reduce the senior hacker just access to the Internet, write procedures to access the corporate network probability. Intranet security threats mainly from within the enterprise. Malicious hacker attacks will generally first control a host within the LAN, and then as a base for malicious attacks on other hosts on the Internet. Therefore, hacking should be carried out at the border protection measures, while establishing and strengthening intranet defense strategy. 2. Limit VPN access