With the rapid development of the campus network construction, the school increasingly dependent on networks, while network applications are also changing. This building to the campus network security and operational nature may make a new request, how to detect network security to prevent viruses, network attacks and network security? On the operations side, how to achieve flexibility in operation, how to prevent unscrupulous users to access network resources? Input of the network guaranteed return on the school? How the application of network monitoring, to ensure that students make progress in the use of the health of the network?
Top United Network Limited for the construction of the urgent needs of these networks, the organization of specialized research and development team, and make unremitting efforts to introduce high safety, operation, and healthy campus network.
--- Viruses within the network security, monitoring,
Network security is impeding the development of an important factor in the network, the campus network construction, network security is also a need to focus on one aspect to consider. Network security is divided into internal and external network security network security, and now most of the network construction are using a firewall, but most firewalls can only control the external network security. As a country with a strong military defense against foreign invasion, but no police was incredible. Network has a strong firewall at the border, but within the network are not very good monitor can not count as a safety net. Now the application of more complex internal network, internal network, most of the applications is very important, even strictly confidential, once the secret, the incident damaged, will have serious consequences. These are made within the network security issues become increasingly important and prominent. Now the real network security should come from the internal network. Top Alliance network made by long-term efforts to prevent the virus within the network and internal network security monitoring are two effective solutions to the internal network.
Top United Campus Network Security Solution
1. Inside the network virus prevention
Procedures for all types of web sites and applications, resulting in virus spread to form a serious impact on network security, while students often use removable storage devices can be calculated on a different copy files, resulting in infection. Once the entire network to have a computer with a virus, the virus will spread rapidly in the network, resulting in paralysis of the entire network to maintain the campus network to bring great trouble. Top Alliance network security intelligence point of pre-made virus security solution, that is, convergence in the network switch on the implementation of the three different virus security policy.
Top Alliance network switch machine by setting the corresponding virus strategy, with the top joint certification network client software, able to specifically detect a specific computer for viruses. When the switch detects a virus immediately after the switch prompts the user to publish information to the user anti-virus, and start the network administrator to configure the user's time off program, such as the administrator to set the time is 2 hours, 2 hours after virus found , open the user's network, once again testing for viruses, if the user has to kill the virus, they opened for him. If you do not kill to shut down, and then to 2 hours for the time cycle of detection, until the virus is killed. This strategy was done by a computer virus can not use the network, while network-centric users know that a specific virus, which will help network administrators to locate and find the virus source, virus-free operation to ensure the entire network.
2. Within the network security monitoring
Top United Networks for network security within the current realities of a weak, first introduced in the industry to achieve personal interviews within the network control and access tracking security products. Is the first to broadband access, security, access control and tracking integrated into one of the secure routing switches, can want to do before the firewall can not do has been done, that is out of network access security control to move the user before access point. Innovation of the traditional network security model and thinking, to overcome the traditional network "paper tiger" of the defect.
Traditional network monitoring through the network port mirroring, or Ethereal, by convection through the packet switch users to use network analysis to determine the circumstances, this approach has the two biggest drawbacks, one of the data packets need high professional knowledge, the general staff will not be completed. Second, if they can not automatically solve the problem.
Network developed in conjunction with the top three switch their network monitoring software, to achieve real-time monitoring of network, which monitors real-time records, including computer workstations in the screen shot; can always play by reproducing the history of recorded images. Free to choose for each record screen snapshots of the time interval; while monitoring one or more workstations and other functions. It also has on the user's control. Include: only the user holds a USB key and password to access the specified computer, prohibiting use of specified applications only run on Prohibitions or visit the designated website, lock workstation and log off, reboot or shut down the workstation. And the monitoring data can be classified into the analysis.
Top Alliance network monitoring network in the Campus Network, the Internet can know the situation of students, to detect and prevent unhealthy students on the website. Guide students in using the network to ensure that students are not adversely impact the network.
----- Anti-agent network operation, anti-counterfeiting
Network operators are actually the management of network users in the management of network users is the best solution is the way through the certification only certified to use the Internet. Certification in many ways, IEEE 802.1x authentication and certification by architecture optimization, to effectively solve the traditional PPPoE and Web / Portal authentication issues brought to eliminate network bottlenecks, reduce the cost of network packages, reduce the cost of network building, and thus become a hot selection of campus. 802.1x witnesses through the use of simple and efficient protocol to campus, easy, safe, reliable, easy to operate.
But the basic idea of the traditional 802.1x is a port control, "port" concept can be a physical port, the switch is usually implemented on the second floor, need access to all switches need to support the 802.1x protocol, to achieve full network authentication. This is on the access layer switch for high, simple functions, such as vulnerability management is not convenient.
Joint analysis of the top real needs of users of the network proposed flow-based authentication. Flow-based authentication is based on the user device can switch the MAC address, VLAN, IP and so on to achieve certification and control, that is no corresponding physical port, but on the user authentication control, a physical port on the access of multiple users into the control. Switching equipment at the access layer do not support 802.1x. 802.1x can not be solved at the same time to solve the traditional but it is important for operating some of the problems, if the agency, fake IP and MAC, fake DHCP SEVER.
1. Anti proxy
Current campus network construction, the use of the machine where the client software installed on the proxy server to share one account over the Internet is widespread, such as the Wingate, Sygate, Windows provides network sharing for network or shared use of SOHO routers. Such schools provide students with an Internet line, will give many students, a significant drain on network resources, to operate the school great loss. Use the top three switches on the associated extension and 802.1x 802.1x client can prevent non-authenticated user authentication using agent software from the port to use the service or access network resources required to detect the user and agent by agent agency relationship between the server has been authenticated by the client is used as a proxy server. Truly a network of schools, only one user access port.
2. Professional IMPACT
Students is a restless, curious group, they authority has the school's network as a test environment, testing a variety of network functions, on the other hand, who are increasingly looking for Fangfabaituo schools on student use of network resources control. Now things are encountered in addition to agents and fake fake DHCP SEVER IP, MAC's operational management to the school a great deal of trouble. Number of active students with their computer and operating system configuration of a DHCP SEVER, so that the computer on the network to learn from the fake to the IP address of DHCP SEVER, leading the school to the legitimate user can not provide the correct IP address of DHCP can not use network resources . Gathered together by the top three network switches and client software, and if there are fake DHCP SEVER, sealing of the account immediately, so that he can not access network resources.
Traditional authentication methods are generally adopted by IP, MAC address to determine the legality of the physical port, the authentication side If you receive a legitimate IP and MAC address information is that this is a legitimate user, many students will use the weakness of this approach to your computer's IP and MAC address changes into the legal, so can use their network resources. Top Union proposed stream-based network authentication, authentication is based on the user flow, rather than physical port, a fake IP and MAC not have any effect here on.
Top United Network for network security and operational management of the school weakest aspect of their own unique solutions, these internal network security and prevent illegal users of technology in the campus network, the network will bring the school can operate a safe and true network, to bring convenience to the maintenance of schools, to schools operating in the best profits.