With the development of China's routing industry, we have also promoted the update and upgrade of the routing technology. Here we mainly analyze the basic configuration methods of the Sino security router, the LAN end is the line connecting the local network to the enterprise user. Some chinamoocs Security routers have LAN ports and can be connected to switches. Some network administrators connect the chinamoocs security router to the backbone switch first, connect to a common vswitch. Both of the above methods can be used. The latter is suitable for applications with large throughput. For general enterprise applications, the local port of the security router can be forwarded with the bandwidth. Therefore, hardware configuration is relatively simple.
The experience of Qno's technical service personnel points out that IP address management is important for a good security network configuration. IP is the address of the computer on the Internet. Therefore, you must be able to effectively manage the address to prevent attacks or control problematic computers. For network management, IP management should pay attention to the following four important items: using a fixed IP address for computers, issuing a fixed IP address for DHCP servers, and preventing unauthorized computer access and group management, the following are the descriptions:
The computer uses a fixed IP Address: The computer uses a fixed IP address, which is the most rigorous configuration method. In this way, you must manually enter IP address-related data in the computer. The advantage of doing so is that the IP address of each machine must be specified in advance. If no IP address is specified in advance, the Internet cannot be accessed. external users or computers cannot access the Internet easily through the enterprise network. However, for users, you must set a fixed IP address and reset it in other scenarios. This will cause a lot of trouble for some users who often need to move, such as business personnel or senior executives.
DHCP servers issue fixed IP addresses: the advantage of DHCP servers is that users do not need to make any settings on the computer, which is more convenient for users. However, the disadvantage of DHCP is that, without any control, any user can access the enterprise's network, and it is easy to launch internal attacks, resulting in an impact. Therefore, an enterprise can issue an IP address through DHCP, but at the same time limit the IP address that can be obtained by the computer for management. The IP/MAC binding function of the Qno xiaonuo Security Router allows you to identify the MAC address of a computer and issue a specific IP address based on the network management configuration, so that you can manage the IP address. At the same time, the IP/MAC binding function can also prevent users from modifying IP addresses to obtain high permissions. incorrect MAC/IP combinations, the system will be blocked by the "blocked incorrect MAC address" of the Sino security router. This function can also prevent ARP attacks.
Prevent Unauthorized computers from accessing the Internet: uncontrolled computers often cause security problems for network administrators. Some users will bring their own computers with viruses, or even users on other floors will access the company's network via wireless networks. This problem can be solved by preventing unauthorized computers from accessing the Internet. In Qno's IP/MAC binding function, Qno provides the "Block MAC addresses not in the corresponding table" function, which completely prevents Internet access for MAC addresses not configured by the network administrator.
Figure 1: The IP/MAC binding function of the Qno no security router. The network administrator can type the user's IP address and MAC address so that a fixed IP address can be assigned to the user each time the DHCP service is used. In addition, the "Block incorrect MAC address" and "Block MAC addresses not in the corresponding table" feature provides more advanced features to provide a layer-1 security protection.
Group Management: In addition to binding IP addresses and MAC addresses, it can effectively control the use of the outdoors. In addition, the group function can be used to manage users more conveniently. For example, if the IP Group function provided by Qno is used, different IP users can be set to different groups, for example, the enterprise senior supervisor is set to a group, the business department is set to a group, and the internal administrative staff is set to a group. Users in different groups can apply different control permissions or bandwidth management principles. This function can greatly simplify management and avoid the leakage of the Internet.