Confidential, confidential (secret)-related, and security solutions for key movable assets
chrispeng [ad_1]
Overview
At present, the protection of important information systems and assets has received more and more attention. With the construction of confidential and confidential networks, it has strengthened the importance of information related to the normal operation of national economic policies, macro-control and economic order. System protection. At the same time, we have also seen that while the key information systems in the confidential and secret-related networks are effectively protected, the information systems and assets of the secret-related networks are not included in the secret-related networks, or those that are extended from the secret-related networks. Information (such as important information stored on laptops, printed confidential documents, etc.) has not yet been fully secured by security technology. In this context, we propose to implement confidential network construction while considering confidentiality. , The security of key movable assets is also being implemented at the same time, and management and operation are strengthened. These needs have laid a good foundation for the design and implementation of this program.
need
The scope of confidential and key movable assets includes the following:
Staff’s laptop;
Important paper documents and materials;
Other portable electronic devices that store important information, etc.
The protection requirements for the above movable assets are as follows:
1. The important information stored in the laptop needs to be protected;
2. It is necessary to authenticate the person who uses the laptop;
3. It is necessary to effectively monitor the entry and exit of laptops in the confidential office area;
4. It is necessary to effectively monitor the entry and exit of important paper documents and materials into and out of the confidential office area;
5. It is necessary to effectively monitor removable electronic devices that store important information.
Target
The goals of the construction of the security guarantee for the confidential key movable assets are:
1. The important information stored in the laptop needs to be protected;
2. It is necessary to authenticate the person who uses the laptop;
3. It is necessary to effectively monitor the entry and exit of laptops in the confidential office area;
4. It is necessary to effectively monitor the entry and exit of important paper documents and materials into and out of the confidential office area;
5. It is necessary to effectively monitor removable electronic devices that store important information.
This solution uses tags based on RFID technology to monitor the entry and exit of notebook computers, important paper documents, etc., in and out of confidential office areas.
Self-safety protection of confidential laptops
In view of the needs of users and the goals to be achieved according to the needs, we can use the measures adopted to meet the needs 1 and 2 to be achieved through the personal computer security suite of Yihua Tonglian. The realization of these goals can meet the confidentiality. Currently, it is aimed at notebook computers. Needs for its own safety protection.
The personal computer security suite of Yihua Tonglian Company can protect confidential and key mobile assets, the protection of the use of laptop computers, the security of information storage, and the self-protection function of the security suite, which can effectively solve the security problems of the confidential laptop itself. The personal computer security kit includes hardware security PC card, driver, client function program (use permission protection program, data encryption storage program, etc.).
1. Laptop usage rights protection
Boot authentication and temporary away protection
The unique identification information of each user is stored in a confidential and secure PC card, read in through the PCMCIA interface, for the terminal computer to verify and perform component identification. In the process of verification and identification, the identification information is not disclosed, so that it is truly non-counterfeit and forgery. If the secure PC card is illegal or there is no secure PC card, you cannot enter the Windows system (Windows 2000, Windows XP) to perform any operations.
Figure 1 Schematic diagram of the boot authentication process
If the user walks away temporarily, the security PC card can be removed so that the security system will automatically lock and save the user’s working environment. At this time, no one except the original cardholder can enter the user’s working environment. After the user returns and inserts the original card, the system will unlock it.
2. Information storage security
Virtual disk
Use virtual disks to protect sensitive data files. All files entering the virtual disk will be automatically encrypted, and files taken out (including cutting, moving and copying) from the directory will be automatically decrypted. In order to ensure the privacy of private information, only users who have a legal and secure PC card and log in normally can access the virtual disk.
3. The anti-sabotage function of the security suite (self-protection of the security software suite)
The personal computer security kit has an automatic recovery function for key functional modules to prevent illegal uninstallation and disabling of security components in the safe mode. Key functional modules include boot authentication, anti-illegal outreach, and process network access control. The self-protection module monitors registry entries to prevent illegally disabling key security functions; power-on detects the key files of the security suite to ensure that the key files are valid, and if they are invalid, they will be restored immediately and ensure the normal operation of the key functional modules of the security suite; the detection module is protected by special means , To prevent illegal users from sabotage.
Confidential and key moveable assets in and out of the office solution
System Overview
Radio Frequency Identification (RFID) is actually an important branch of automatic identification technology. The basic idea of this technology is to realize people’s automatic recognition and supervision of various objects or equipment (personnel, articles) in different states (mobile, static or harsh environment) by adopting some advanced technical means.
In response to user needs and system implementation goals, we use a center system middleware-based RFID suite with completely independent intellectual property rights to realize the supervision of key movable assets in and out of the office area.
System Configuration
According to the needs of users, the RFID suite based on center system middleware mainly consists of the following parts:
Electronic label: Choose paper label and metal surface label. Mainly used to identify assets that need to be supervised;
Metal tag
Plain paper label
Antenna: Use linear polarized antenna, cooperate with reader to realize the operation of electronic tag;
Reader: Choose UHF 915 adjustable frequency band products to realize the physical reading and writing of tags;
Center system middleware: complete the functions of label data filtering, grouping, counting error-proof reading and leak-proof reading;
Management software: complete label printing, writing, verification and other functions;
Label data management: Provide a system operation interface for asset supervisors to realize terminal functions such as asset access information retrieval and query, report printing, access authorization, illegal carry alarm, user information maintenance and other terminal functions.
The specific configuration list of the system is as follows
|
Serial number |
name |
instruction |
quantity |
|
1 |
Asset Management Client |
Monitoring operation terminal software |
|
|
2 |
Center system Middleware |
|
|
|
Application Level Event |
|
||
|
Reader Server System |
|
||
|
Gateway |
|
||
|
Basic Reader Server license(for 4 readers) |
|
||
|
3 |
Management software |
Label generation system |
|
|
4 |
csl-461 |
Reader |
|
|
5 |
csl-771 |
antenna |
|
|
6 |
TAG |
(Plain paper label) |
|
|
Metal tag(Metal surface label) |
|
||
|
7 |
Antenna mounting bracket |
Antenna mounting bracket |
|
|
8 |
server |
Inter Xeon |
|
|
|
|
||
|
|
|
||
|
9 |
Terminal Equipment |
PCMachine (mainstream configuration is fine) |
|
Key movable assets
RFID tags are deployed on key movable assets (including confidential documents, laptops, and others).
According to the actual situation of users, we use electronic tags suitable for different media to mark the individuals who need to be identified according to different categories of movable assets.
The notebook computer is marked with Metal tag due to the metal substance;
Confidential documents are marked with ordinary paper labels;
Other assets are marked with Metal tags or ordinary paper tags according to whether they contain metal substances.
System work steps
1. Attach electronic tags to confidential and confidential documents, data, files, and equipment:
2. Upload the confidential, secret-related documents, materials, archives, and equipment information to the central database of the management system:
3. You can enter only if you have a certificate approved by the system. Access control applications:
4. Hold a certificate recognized by the system and go through the procedures for borrowing, returning, and using after entering
5. Find and check confidential, confidential documents, data, files, equipment, and inventory
Office building entrance
The layout of the antenna at the entrance and exit of the office building is shown in the figure below:
The height of the gate is 3 meters and the width is 2.5 meters. Each gate needs to install a linearly polarized antenna on both sides. There are 8 doors and a total of 16 antennas need to be installed.Each reader can support 4 linear antennas, and 4 readers are needed, which can be fixed on the wall or ceiling between every two gates, but it is necessary to provide a strong current and a weak point interface for it.
Schematic diagram of the flow of preventing the loss of confidential assets
Backstage management system
In order to better ensure the security of the system, it is recommended that the key movable assets based on the Center system middleware be exported to the monitoring system to connect to the dedicated switching equipment and allocate its independent network segments separately.
Management process
The system management process is shown in the figure below:
The management process in the above figure is described as follows:
1. All departments and bureaus will report the confidential and confidential assets that need to be entered and exited to the Secrecy Office;
2. The Confidentiality Office enters the classified assets into the management system, and the system starts to monitor the classified assets;
3. When the migrants carry the secret-related assets out of the gate, the system judges whether the secret-related assets are allowed to “in and out”. If allowed, only record without alarm; otherwise, alarm and record.
4. The entry and exit records are stored in the system and handed over to the Confidentiality Office;
Confidential asset loss prevention management
In the use of RFID technology for confidential asset monitoring and loss prevention management, RFID technology has shown that it is faster and more efficient than any previous technology; it can not only monitor the location and flow of each fixed asset, but also remotely monitor each fixed asset. The asset’s serial number, name, outflow time, inflow time, information of personnel carrying confidential assets and other information.
In the anti-loss management of confidential assets, the most important thing is the timeliness of the alarm when the loss occurs, so that the asset management department can deal with the loss in the shortest time after the loss occurs and arrive at the loss site to prevent the loss;
Confidential assets here include not only hardware assets such as servers, but also paper, CD-ROMs, floppy disks and other carriers that record technical data, reports, and other confidential information.
Confidential assets will not move by themselves, so when a confidential asset flows out, someone must carry it out. When a person carries a confidential asset under supervision through the exit, the exported RFID reader will read the ID numbers of both the person and the confidential asset, and query the server to find that this confidential asset belongs to the scope of supervision and has not yet Get authorization to leave. The antenna at the door will automatically send out sound and light alarms; the server sends the personnel and asset information represented by the two ID numbers to the asset management department and the security control room, and shows which room it is out of. Make the relevant supervisory personnel arrive at the laboratory where the alarm occurs as soon as possible, and carry out further processing.
If you have any questions, please contact:
Haohai Yitong Technology (Beijing) Co., Ltd.
Marketing Department: Ren Zhixian
Tel: 010-58572586
Fax: 010-58573146
Mobile: 15801381484
QQ:479017087
MSN: [email protected]
[email protected]
[ad_2]
