From the point of view of network operation Dimension, because the campus network generally achieves hundred trillion or even gigabit to the desktop, at the same time, the desktop node through the 2-3-level switching equipment cascade to reach the core layer or even exports, so the internal infection node continuous scanning, attack and other behavior, will give the core Exchange equipment or export equipment to bring strong pressure, with the increase in the number of infected units , this kind of pressure will be multiplied, and quickly surpass the throughput and connection processing ability of the upper network equipment, this is so-called "funnel effect". Therefore, for the campus network, the large-scale worm outbreak, causing paralysis is not from the network outside the scan, but because of the internal infection node high-frequency, large flow of concentrated scanning, quickly resulting in the network equipment performance and effective bandwidth of the sharp decline, resulting in the following problems:
1, grassroots paralysis: A large number of network broadcasting caused by the basic exchange equipment and convergence equipment paralysis, including ARP spoofing caused by local paralysis.
2, the export of paralysis: a large number of external connection requests caused the export equipment (such as routers, firewalls, etc.) of the number of connections were killed, resulting in other users can not use.
3, the core layer of paralysis: network core layer or export traffic is basically the virus scanning traffic occupy.
From the point of view of entity node, there are a large number of servers and related information systems that undertake information, teaching and research work in the campus network, and tens of thousands of terminal nodes provide services for teachers and students and staff.
For information Server groups, it faces more attacks than ordinary desktop systems, but the current situation is that the relevant security products in the market is not specifically for the server special security settings, still using the same level of protection as the terminal machine.
And for tens of thousands of end user nodes, because of their large base, the user's application level varies widely, if not effective protection, will produce a large number of discrete uncontrollable points, so that the entire network security out of control.
An-day solution
Antian Campus Network solution is based on the "unified Monitoring, distributed defense, effective corresponding, centralized management" as the guiding ideology, combined with the actual situation of campus network analysis, pay attention to different aspects of the task and face the security pressure.
Campus Network's export and core layer, is the network core link, the network throughput is big, undertakes the key communication service, therefore, needs the effective operation dimension safeguard ability. Because of the export and core layer, in the case of internal node virus infection, it is easy to cause serious efficiency problems caused by the funnel effect, or even collapse. Therefore, the first time to affect the overall efficiency of the network problem node rapid and accurate positioning, qualitative is the crux of the problem. It requires an on-day VDS network virus Monitoring system to provide panoramic security monitoring view, and real-time virus location information. The VDS bypass work, does not affect the network efficiency, may form the virus trend and the Localization Panorama view, can carry on the next security strategy for the network management, provides the strong data support.
For the key nodes such as server area, the main task is to provide information service for the whole network, which is the main target of hacker attack. Because the campus network server is numerous, the network management personnel quantity is relatively few, therefore needs to manage the convenient automation protection product. The Antian host Protection System Server Edition is designed specifically for this requirement. At the same time, Ann also designed a key workstation for the security of the host protection system Workstation version.
A large number of terminal nodes in the campus are basically in an uncontrollable or quasi controllable state, which can easily become the source of virus transmission, affect the efficiency of the network and the security of other users. But because the campus network user level is complex, especially has the massive student's terminal system completely relies on individual's safety consciousness and the level, but the student most does not buy the safety product, becomes the campus network security guarantee the biggest pressure. Therefore, a low-cost, high automation, to adapt to complex software and hardware environment solutions, the Desktop user protection system of the host to intelligent, compatible, light load design ideas can be completed above tasks.
The Antian host protection system can improve the security of these key nodes by providing multi-level protection for different types of nodes, which provides file layer, operating system layer and network layer. At the same time, all levels of products are enough to complement the existing anti-virus products in the form of deployment in the system, no conflict, and low resource occupancy rate, can enhance the safety factor of the system.
In addition, the network management staff designed by the Network Manager Toolbox system, can help the network management deep mining system in the security hidden dangers, so that network management has more professional than the user to deal with the means.
The network's discrete will cause the security problem not to converge, but the product's discretization also can bring this kind of problem, the Security Management Center can manage the security product and the equipment which deploys in the network overall, enables the product to form the effective linkage, solves the product discrete question very well.