Protecting enterprise’s data securityupdating network system in LT Company

1、protecting enterprises data security by updating network system in lt companysubmitted by li zhaohuistudent id number 092011010255supervised by hu jintaoa thesis submitted in partial fulfillment of the requirements of the degree of bachelor of artsthe institute of online educationbeijing foreign stu

2、dies university论 文 摘 要摘要 （中文）lt公司自从创建以来，已经过去3年了；公司从不到10人的小型团队，发展壮大到如今500人左右的中型企业。我们目前已经拥有了自己的仓储物流中心和呼叫中心。在公司总部，我们有200人左右的核心团队，包括数据中心，运营部，人事部，行政部和财务部，组织机构基本健全。就在我们公司快速发展的同时，我们也注意到企业信息安全管理存在着很多漏洞和缺陷。而我们也遭遇到多起来自外部的黑客攻击和内部人员窃取商业资料的事件。 由于过去并没有足够重视信息安全为公司带来的影响和损失，因此我们向公司提出了信息安全升级项目，并获得了批准。公司支持此项目，并要求多个部门的

3、协同合作完成项目。我们不仅获得了有效的预算支持，完成了现有的系统环境硬件方面的升级改造；同时也调动了公司内的技术专家在系统软件部署上做了大量工作。与此同时，行政部与人力资源部协同合作，共同完善了企业信息安全管理的规章制度与保密协议。 在公司全体成员的共同努力之下，我们依照如下步骤顺利完成了任务：成立项目小组，前期协同调研、汇总分析、制定最优方案，按计划实施，定期召开项目例会，向全公司推行新政策法规，完成项目并长期监控。这里要感谢公司全体成员为此所做的努力，尤其感谢ceo对此事的大力支持，行政部门和hr部的默契配合。另外，特别感谢信息部的工程师为公司选定的最优的解决方案，与其他公司对比，我们不仅

4、节约了大额预算，而且获得了更高的安全防御能力。 本次信息安全升级是一个非常值得推荐的实际应用案例，也是我们公司在发展过程中获得的宝贵经验和财富。关键词：网络安全 信息泄露 安全防御 abstract (english)lt e-commerce company has been created for three years; it becomes the medium-sized industrial enterprise of 500 employees from 10 in the past. now we have our own warehousing, logistics cent

5、er and call center. in the head office, there is the core team of 200 employees, include five departments: operations department, finance department, human resources department, administration department and data center.at present, lt company is developing rapidly; and is preparing for going public.

6、 in last six months, we met multiple events of hacker attack and internal information leaking. we realized that there are many leaks in our information management system. then, for developing smoothly and having a healthy network environment, we applied the network upgrade plan, and got permission.

7、by a series of research, investigation and analysis, hr and administrative department cooperate with us to achieve this project together. in the effort of all team members, we achieved the task smoothly according these procedures: establish project team, the collaborative research, summary analysis,

8、 the optimal scheme formulate and carry out, regular conference, new policies and regulations implement, complete the project and long-term monitoring.through this security upgrade, we have already become the most competitive enterprise on security:1) the reliability of lt company has increased to 8

9、5% from 26.8 in the past.2) the hidden danger decreased to1% from 90% in the past.2) the ratio of cost and security: lt company has ever occupied the last position, but now, she improved to the first.in addition, we hope on the basis of this project, the procedure of design, implementing, supervisio

10、n and evaluation, we can develop a more professional measure for network security protection, and improve the security level for our data and business secrets. it can help us to defense with the attack and leaking from internet, since than to build a harder network system. this network upgrade proje

11、ct is a recommendable sample. its also the precious experience and fortune during development. keywords: network security information leakage security defensetable of contents1. introduction62. summary of the preliminary research72.1problem72.2problem analysis82.3 a needs analysis of the key factors

12、 related to the lt company92.4 a swot analysis of the situation related to the lt company93.project rationale104. project objective and hypothesis124.1 project objective124.2 project hypothesis125.project design125.1 activities planned to take place125.1.1 activities planned to take place135.1.2 tim

13、e scale of activities135.1.3 critical path of the planned activities145.2 people involved in the activities and their responsibilities155.3 cost155.4 risk analysis166. management and control167.project findings and discussion177.1 changes in the number of project carrying out177.2 data analysis187.2

14、.1 the previous problem analysis187.2.2 the record of project implementing187.2.3 the feedback of hr and administrative department197.2.4 the factors threat network security197.3 discussion208. conclusion21bibliography22appendix i: evaluation questionnaire of security hidden danger23appendix ii: eva

15、luation interview record of security hidden danger23- 5 -protecting enterprises data securityby updating network system in lt company1. introductionlt company is a e-commerce company, has been operating for more than 3 years; now its in a nice development stage in e-commerce field. at present, the b

16、usiness prospect of lt company is broad. because of getting another round of investment of overseas fund, company is making preparation actively before listing on the stock market.lt company has come into a high speed development stage; the construction of enterprise informationization has become th

17、e problem what we must take seriously right now. as the data center, we are responsible for data protection and network security. in the last six month, the event of information or customer data leaking appeared constantly. it threatens to data security of our company; meanwhile, it brings a tremend

18、ous risk for work of listing on the stock market. data center made a series of research, analysis and practice, build a hypothesis: the situation of data leaking problem can be decreased or even avoided by network system upgrade. then, as the department who controls all information of our company, w

19、e built a security project group, and made a plan for this project of network upgrade.about the information security, what our first tasks is that through making a security test to all employees, then finds the obvious problems, and builds the corresponding project implementing plan. in addition, ou

20、r department should boost rapidly this project to develop and implement. as enterprise, it should be considered that the problem of cost and profit. so the project should base on a rational cost budget. except technology factor, hr and administrative department formulate relevant policies; it streng

21、thens the aspects of policies and regulations. except the basic security rules, it also include the regulation of supervision, report, rewards and punishments etc.as the department for security guarantee, the task we take afford is helping company to improve work efficiency and controllability, and

22、decreasing operating cost. along with the companys development, the increasing of employees number and employee turnover, the controllability of our information construction is not ideal. so, the goal of this project is clear and definite: through network upgrade to build a high level network enviro

23、nment of information security. in general, it means that clear monitoring and alarm system, perfect technology control methods, and thorough security management policies.data center made a series analysis, and utilized lots of approaches to design this project: interview, regular conference, swot et

24、c. in addition, we also utilized kinds of monitoring and evaluation tool to ensure activities implementing, including project plan, activities schedule, flow chart etc. through the effort of hr, administrative department and data center, this project is implementing gradually. the realization of exp

25、ected goal will fasten the step of information construction; and push the development of e-commerce industry.in this paper, through the design of network system upgrade plan, to improve the security level of internal network and eternal, and get maximum protection for the company confidential inform

26、ation. meanwhile, through the design, implementing, supervision and evaluation of this project, we also hope can develop the professional strategy of network security protection, and improve the level of data security and business secrets, whatever on policies or technology. then we can easily handl

27、e the threats from different aspect of network attack or information stealing; sequentially, it creates a stable and healthy network system environment for our enterprise.2. summary of the preliminary research2.1problemalong with the application and development of the computer network, enterprise ma

28、nagers paid much attention to data and network security. nowadays, paperless office has become the majority of companies choice. well then the terrible problem has appeared: hackers develop and spread kinds of software; which helps many people finding the bug of network system or the methods of crac

29、king network access. if an employee utilize this kind of technology, its possible that all companys materials and business secrets will be disclosed.im working in the data center of lt company. its an e-commerce company and its sales network covers most of countrywide areas. the clients orders prese

30、rve their important information fully: their phone number, mailing address etc. the amount of this kind of data reaches about hundreds of thousand, and is also in growing. although we have dealt these sensitive data with limits of authority, only the individual managers and system maintenance person

31、nel may inquire the data, we are still facing the problem of data security. seriously, an employee who has quit stole some clients information and sold to our competition opponent not long ago. it shows us the serious problem of our data security.the reason we can hold these data is that we have cos

32、t a lot in enterprise operation, and accumulated bit by bit. these data is filled with commercial value. in consideration of my job responsibility of data management and maintenance, i must analyze the current status about data security, and try to find the strategy for network upgrade safely; furth

33、ermore, it can be implemented effectively. not only the achievement of strict network security strategy can ensure the security of business secrets, for me personally, but also the improvement of professional technology brings a great significance to my career development. 2.2problem analysisi made

34、the problem analysis blow through three aspects, for a better understanding of the importance of solving the network security problem:1. the current situation analysis of the lt company;2. a needs analysis of the key factors related to the lt company;3. a swot analysis of the situation related to th

35、e lt company.1. current situation analysis of the lt company1) physical resourcesthe head office of lt is located in macao building in beijing, now the office occupies 2 floors there; the number of all the employees in head office is about 200. we have an independent mail system; the server is locat

36、ed in idc. every employee has a computer to complete the daily tasks. the communication way of our tasks gives priority to mail. a lot of enterprise internal materials, commercial secrets, and all kinds of user permissions pass each other through the enterprise internal email system. 2) human resour

37、cesthe 200 employees of our company is divided into five departments, respectively is operations department, finance department, human resources department, administration department and data center. there are four employees work in data center; the four employees are responsible for system operatio

38、n and maintenance, the website system, database management, and lan management.3) financial resourcessince its founding in 2009, the annual sales profit of lt company has reached around 40 million yuan. every year the cost is around 1 million yuan that which is applied specifically in the applicatio

39、n of network hardware and software update equipment maintenance; including 800,000 yuan used in the network security, and 200,000yuan used in the learning and training for professional technical staff of data center. this year, the business goal is 50 million yuan, the budget will be 1.5 million yua

40、n, and will be used to improve the network safe protection.4) pest analysisbeijing is a city which has a good environment politically, economically and culturally. she provides a good marketing environment for numerous industries. as a member of e-commerce industry, like the other e-commerce compani

41、es, lt company is developing rapidly. last year, the commerce department participated in the electronic commerce forum; on one hand, the e-commerce development was gotten confirmation by its strong push power for national economies; on the other hand, the data introduced by commerce department shows

42、 that this market has a huge potential in the future. getting such support directly by government, more and more traditional enterprises join the e-commerce industry to purchase new breakthrough. on this occasion, all e-commerce enterprises are facing both opportunity and challenge. facing the compe

43、tition of industry opponent, lt company must make a perfect protection with enterprises business secrets and network safety, so that keep a good trend of development, occupy an important market share. in todays information age, business secrets are the core of enterprise. lt company must take effect

44、ive measure to insure its business secrets and network safety, keep its good development, prevent be eliminated in the fierce market of information competition. 2.3 a needs analysis of the key factors related to the lt companythe majority of employees in our company dont treat the privacy problem se

45、riously. for example, the system administrator set up an e-mail password for user, he/she doesnt change the password during one year; one day, system is reset because of some reason, the user cant remind what the password is. mail client software and password memory function cause that problem. some

46、 people are more stupid, write down the password on paper and posted on the computer screen. in addition, there are some common problems; such as various equipments: printer, network storage equipment, ups power equipment, etc, are the default user password. in many cases, our enterprise internal ne

47、twork can be defeat by very low-level attack methods. in fact, the security plan is difficult to realize thoroughly, the usual practice is choosing a safe scheme in certain cost range.2.4 a swot analysis of the situation related to the lt companystrengthenindependent mail system;independent and perf

48、ect server room;enough budget for data center;experienced and professional technology employeesweaknesslack of time for technology communication between colleagues;non-technology staffs need to study more information about networks;some basic computer problems increased the amount of work to system

49、administrator;network safety training doesnt be arranged in the normal training course.opportunitiesrecently, the human resources and administrative department have strengthened internal privacy and security control. they put forward administrative requirements that written into articles of associat

50、ion, furthermore, all employees signed a new confidentiality agreement. as the technology department who is responsible for network system management, we should hold this opportunity to apply setting up a project, getting the budget and time to update our network system, to a certain degree to impro

51、ve our data security level. treatse-mail with the virus, can infect the system that has read email, and further spread to the entire organization;network viruses, external network access can go through the unprotected port, then threaten the entire network;the virus attack based on web, if web serve

52、r be attacked, hackers can get other system privileges inside the network;attack from internal network, the traditional firewall is helpless, can only consider defense controlling between segment.3.project rationalethe fundamental of lan security defense system upgrade is: physical security, access

53、control, effective monitoring.the purpose of physical security strategy is protecting the hardware like computer system, network server, printer, etc, and to avoid the nature damage, or human attack; the second purpose is to confirm the identity and permission of users, for avoiding the over-rides o

54、peration; the last purpose is building a self-contained security management system, for avoiding the sabotage in the server room illegally. (quote in mandy, 2002:76) most experts agree that, physical security is the starting point of all safety. the control of physical access of computer and network

55、 additional equipment may be better than any other security. any type of physical access inside the site will make the site to be exposed to danger. if can be physical accessed, then it is not difficult that getting the security files, password, and certificate and all other types of data. fortunate

56、ly, there are all kinds of access control equipment and safety ark can help solve the problem.access control is the main strategy of network security protection. to ensure the network resource will be use and access legally is the main mission of access control. and its also the important method to

57、maintain network system security, protect network resource. all kinds of security strategies must mesh with each other for truly playing a protective role, but access control may be seen as one of the core strategies for network security protection. (quote in heith, 2003:121) in most cases, digital

58、access control means that control the connection with external world (usually the internet). almost every media and each large company has its own website on the internet. nowadays, the number of family and the small companies who always keeps connectivity with the internet is growing day by day. therefore, the task of ensure security will be a boundary building between the external internet and enterprise network.access control can