With the growing global information wave profound application of information network technology is becoming increasingly popular and widespread.With the deepening of application-level, application of the start of the most traditional enterprise business systems.Business users in order to provide office productivity, faster access to market information, external publicity of their products, have established their own corporate network.And the corporate network information security, has been of great concern to corporate users.If the disclosure of sensitive information, hackers, intrusion, illegal use of network resources and computer viruses, etc., will pose a threat to corporate information.
Enterprise network involves the following issues:
Internal network systems were network attacks.
Internal confidential information by external unauthorized access.
Enterprise network systems have been against computer viruses.
Enterprise network transmission systems and affiliated companies during the transfer of confidential data stolen.
Or, enterprise network systems and remote transmission of confidential client data stolen.
Main page corporate Web site is malicious delete, modify, replace.
To ensure the security of enterprise network systems, Guangdong Keda according to its specific characteristics, to establish complete security protection system, thereby enhancing the security of the entire enterprise network, applications and ensure the security of confidential data.
In an enterprise scenario, set primarily in the following areas:
Intrusion Detection System NIDS
Virus checking and protection
VPN encrypted transmission
Home tamper monitoring system
Firewall settings and security policy
Here are some of the major enterprise solution in the function of the firewall and policy settings:
Configure access control:
External network: such as the Internet, external to internal, DMZ service access within the clear limits to prevent illegal access to the system of internal importance.Use of DMZ's isolation, as part of the external services of the server placed in the DMZ area, through the NAT mode, protecting the internal network from attack.In addition to shutting down the operating system provides all necessary services and other applications, because these services and applications to prevent their own vulnerabilities to the system risk.Internal E-mail, FTP, WWW, database access be strictly limited in the planning and to prevent malicious behavior.
Internal network: If the internal classified network, internal network to external network (such as the Internet) access should be strictly limited.Internal staff resources to prevent illegal access of external network.External access to internal staff access by NAT.DMZ and the internal staff of the regional server access must be restricted.WWW access to the internal staff of foreign network using proxy service mode.
DMZ network: such as internal office network, usually on the external and internal DMZ can not take the initiative to visit, unless special application needs to collect data within the network can be limited to open part of the service.
Intrusion Detection System (NIDS):
Division of S & T8341 first real-time access to the latest virus database system intrusion and attack database, dynamically technology solutions these attacks added to the Division of S & T8341 in the first, subjects first of S & T8341 Security Gateway 1500 currently can supportintrusion detection and more than able to successfully block such attacks, such as the recent Code Red.For a variety of attacks, such as the TCP sequence number attack, hijacking, fragment attacks, port scanning to identify blocking.And this database can be updated in real time to upgrade.First upgrade in the Division of S & T8341 management interface to complete.
Denial of service attacks: Section 8341 of the first security gateway NIDS capabilities to resist the following common denial of service attacks:
1.Packet floods, including Smurf floods, TCP SYN flood, UDP flood and ICMP flood.
2.Malformed packets, including Ping of Death, Chargen, Tear drop, land and WinNuke.
Spoofing: firewall can automatically identify a variety of electronic fraud and to block.Firewalls can also disguise IP address recognition.
Virus checking and protection:
Division of S & T8341 first security gateway solutions in the traditional firewall and virtual private network technology to increase the function of anti-virus and worms.For the following types of object files in the web traffic (HTTP protocol) and e-mail traffic (SMTP, POP3 and IMAP protocol) check the filter for viruses and worms. In Section 8341 the first of the network to IPSEC VPN data packets through the networkis allowed to pass through.
VPN settings:
Protect the enterprise network systems and confidential data under the company's security during transmission.Protect the enterprise network system and a remote client's confidential data security during transmission.
Other related settings:
There are other NAT / Route mode to implement the address switch, IP / MAC address binding, URL screening, logging and reporting, traffic management, hot backup and other related settings can be up to the security gateway in accordance with Section choose configure the user manual.
System Upgrade:
Network security technology with the ever-changing network technology development, and network security policies and software can not be static, need to constantly upgrade.Division of S & T8341 first security gateway management interface to facilitate system upgrades and NIDS upgrades.Subjects in addition to the first of S & T8341 can also be configured to automatically update manually update the virus library and database attacks.Ensure real-time enterprise firewall and network security products, technology simultaneously, to prevent security problems due to the new security risks to the system.
Enterprise solutions network structure:
Division of S & T8341 first security gateway can be flexible to meet different security needs, to provide users with a multi-layered and comprehensive security system, Guangdong Keda with excellent security products and perfect service system can guarantee the systemrunning stability, flexibility and durability for the enterprise network information security escort.