Digital manufacturing enterprise information security system and implementation plan
Digital manufacturing enterprises combine information technology, modern management technology and manufacturing technology to apply to the whole process of enterprise's product life cycle and operation and management of enterprises so as to realize digitalization and integration of product design and manufacturing, enterprise management, production control process and manufacturing equipment Improve and enhance the enterprise product development ability, management level and manufacturing capacity, thereby enhancing the overall competitiveness of enterprises. With the deepening of the digital construction of enterprises, the requirements of enterprises for information construction are getting higher and higher, and building a fully integrated digital manufacturing enterprise has become the goal of enterprise informationization. 1, classification of information security issues In the development of enterprise informatization, information security is the primary issue that must be considered. Digital enterprise information security issues are generally divided into information leakage and information loss issues. 1.1 Information disclosure issues Digital enterprise information system covers a wide range, not only related to the internal design and management information systems, but also down to the production equipment network operating system. Visible information security personnel and links involved, there will be a slight accidental information disclosure incidents, leakage of information once the enterprise will cause great harm. 1.2 information loss problem The high degree of digitization of enterprise information, in the event of loss of information, will likely affect the operation of the entire enterprise, so that enterprises paralyzed. At the same time, due to the high degree of reliance on information, the "water poke effect" of the security problem is more obvious. A single point of security problem may bring great harm to the enterprise. 2, security system For the overall information security needs of digital enterprises, follow the design principles of security, feasibility, efficiency, affordability, digital information security system can be from the physical security, network security, information technology and data security, system constraints Design aspects. 2.1 physical security The purpose of physical security is to ensure the enterprise information security of database servers, application servers, computer systems, network switches, communication links and other key production equipment. The physical security measures mainly include the following aspects. (1) Establish different safety zone signs to implement different regional isolation. In particular, the server room for storing the center, involving enterprise-level confidential data unit. Specific design of access control systems to consider, establish a review and registration management system, on-going activities in real-time monitoring records. (2) suppress and prevent electromagnetic leakage (ie TEMPEST technology). At present, there are two main types of protection measures: one is the protection against conducted emissions, mainly to the power lines and signal lines installed with good performance of the filter to reduce the transmission impedance and the cross between the conductor. The other is the protection of the radiation, these protective measures can be divided into the following two kinds: First, the use of a variety of electromagnetic shielding measures, such as the metal shield of the device and a variety of connectors shielding, while the central room under Water pipes, heating pipes and metal windows and doors for shielding and isolation; the second is interference protection measures, that is, while the computer system works, the use of interference devices to produce a computer system radiation-related pseudo-noise radiation to the space to cover up the work of computer systems Frequency and information characteristics. 2.2 Network Security 2.2.1 Network structure security Through the hierarchical design and the partition design to realize the access control between the networks, the network structure design needs to reasonably plan the network address resource allocation, VLAN division, routing protocol selection and QoS configuration. Through the VPN encrypted channel to protect information security between enterprise branches, partners and headquarters; through the deployment of a firewall system to enhance the security of the network layer; by intrusion detection system on the entrance firewall to dynamically protect the network; through the deployment of access control System, host-based intrusion detection system to further protect the security of key servers. 2.2.2 Access Control Policy Access control is the main strategy of network security prevention and protection. It is one of the most important core strategies to ensure network security. Its main task is to ensure that network resources are not illegally used and accessed very much. Access control is also an important means to maintain network system security and protect network resources. Access Control Firewall (Firewall) to control the server's network access, while important servers installed special access control software, login to the operating system for identification and audit. A variety of strategies must work together to truly play a protective role. (1) human network access control. Human network access control provides the first level of access control for network access. It controls which users can log in and access network resources. User's access control can be divided into three steps: user name identification and verification, user password identification and verification, and user account default restriction checking. The user can not enter the network as long as any of the three levels have not passed. Validating the user name and password of the network user is the first line of defense against unauthorized access. When registering, the user first inputs user name and password, and the server will verify whether the inputted user name is valid or not. If the verification is valid, continue to verify the password entered by the user, otherwise the user will be rejected outside the network. Network administrators can control and limit the average user account, access the network time, way. The user name or user account is the most basic form of security in all computer systems. User account can only be created by system administrator. (2) network access control. Network permission control is a kind of security protection measures proposed for the illegal operation of the network. Users and user groups are given certain permissions. Network Control which directories, subdirectories, files, and other resources users and groups can access. You can specify what the user can do with these files, directories, and devices. Users are divided into the following categories based on their access rights: < 1 2 3 > Stainless Steel Casting Parts,Rapid Prototyping Cost,Custom Metal Machining Parts,Complex Machining Part Guangdong Fenghua Zhuoli Technology Co., Ltd , https://www.fhzlprinter.com