Security Operations Center(SOC)
In general, each centerSOC It is divided into three levels, each of which are responsible for specific tasks.
The levels are::
Client contact point and responsible for responding to the warnings of the Client and responsible for warnings
Client Hast.dr the level of all the warnings of lower complexity, answered.
In fact, the first supplement is responsible for more complex problems in security systems Network is.
برای اخطارهایی که از اهمیت بالایی برخوردارند، سیستم های سطح دوم به طور کامل درگیر می شوند.
This level of senior experts and security consultants Network These levels are actually lower support levels.
If you have not answered to security bugs in both low-level, and system level experts, involved.
All security and management Network SecurityAt this level is thought.
Design centers, network security, methodologies are raised. However, all methodologies based on a combination of technology,
People, processes, core network security activity center and surrounded by administrative processes. These processes include
Including tools and criteria by which to evaluate the services provided are. These parameters include
Vision, resources, time, cost, and risk communication available at launch SOC is.
Services through the SOC Are available, advanced services as follows::
- The development of security policies
- Training security Mbakhs
- Design firewalls
- The immediate response
- Threats and implement
Hardware components that Network Management systems for use by security policies are,
- Systems detect and eliminate attacks (Intrusion Detection System )
- سیستم های فایروال
- Management Systems Security Virtual private network.
Attacks, whether by internal resources or through external sources, at any point in the network and applications offered through it
Nmayd.hkrha in different parts of the world threatens at any moment of Security Network Monitoring and if one of
Equipment to be careful not carried out its activities, from that point, an entry will be created for himself.
In order to prevent hackers from penetrating the network, be sure the security system SOC The reliability is high.
A variety of managed services in SOC:
- Firewall (Firewall)(The first entrance barrier between confidential information and a network firewalls in the world outside of it.)
- برررسی عملکرد FirewallAnd
- Call a strike after the announcement of
- Log record check-in firewall
- Check software and hardware firewall
- Attack detection systems (IDS)
Systems such as IDSIn a network the efficiency of all equipment, processes and related employees that are necessary to respond to events. Due to the fact that sensors IDS Warning every time a large number of producers and the network is not possible to respond to all of them, be sensitive IDSSet to be the only major threat to declare.
- Ability to filter content
One of the main service centers SOCThe possibility of filtering the input content to the server.
Filter content in SOC To prevent unnecessary access to sites, block access to certain types of files and limiting the virus attacks, WormAndTrojanAnd (Many dangerous viruses such as Nimda,CodeRed As executable programs using HTTP or other common protocols that allow the Firewall to them, are network. As a result, users unknowingly download the contents from the sites are safe.) Here software is used for URL Filtering.
More virus is transmitted by Email and Internet traffic. So, the best way to deal with defense at the forefront of the Internet Gateway
It is. With the addition of the Virus Scanning on appropriate measures to eliminate its Cache can be performed.
In the center SOC To define and control access to network equipment and services from AAA. A method that used in SOC centers
For authentication and security policies used, is using CA or Certificate Authority.
Implementing Security in the center of SOC
Utilizes various tools Network Security In SOC, attacks on the network in three categories and the different aspects examined.
The three categories are: :
The integration of the operations carried out in each category, can be used to control and manage Security The network created.