Immune NetworkThe solution is specialized in Intranet security management. It features both technical architecture, strategy, and feasibility to ensure stable operation of the network base. This is what all enterprise networks can use, the premise of application management. The immune network solution is not a separate product, but a complete set of components consisting of software and hardware, Intranet security protocols, and security policies. In the patrol immune network solution, various technical means are used to meet the basic requirements of the immune network.
Network Structure Optimization
First, it analyzes the network structure of the network to be upgraded and optimizes the basic network structure. The following factors are taken into consideration:
1. IP address management: in addition to the dhcp ip address available for special network applications such as guests and conference rooms, other computers should use fixed IP addresses whenever possible, so that IP addresses correspond to network users one by one, the network is standardized and clear, and network management is straightforward.
2. VLAN Division: For information security considerations, some enterprises divide the networks of the host department into VLANs with other networks, and the servers of the immune operation center must be connected to public VLAN ports, ensures monitoring and management of the entire network.
3. Others: View network connections and adjust unreasonable parts of the topology.
Operating Server Configuration
Install the software of the immune operation server on the specified server computer, use the random disc attached to the immune wall router to install the immune wall router operation center, and follow the installation prompt "Next ", step by step. The immune driver download service and operation center are installed on the server host.
Access part parameter settings
Configure the immune wall router to complete the configuration before the vro replacement, and log on to the immune wall router through the configuration software on the attached CD for the vro parameter settings:
Set the WAN port parameters of the router and change the LAN port IP address to the default gateway IP address of the network. In this way, connect the WAN port of the router to the immune wall router of the LAN port line to implement simple Internet access;
Device replacement and upgrade
After completing the above preparations, you can connect the immune wall router to the actual network and upgrade and replace the device. The network may be interrupted for 3-5 minutes during device replacement.
1. Remove the original vro in the network, replace it with the Xinxiang immune wall router, connect the network cables of the power supply, LAN, and WAN to the immune wall router, and turn on the Immune wall router power switch.
2. Connect the NIC of the operating server to the LAN switch. If a port-based VLAN is set on the switch, the operating server must be connected to the port of the Public VLAN of the switch.
Enable immune Mode
Run the configuration software on any Intranet computer, log on to the immune wall router in normal mode, enable the working mode function, and select "switch to immune wall mode ", fill in the nic ip address of the server where the operation center is installed, click the "test" button, and click "Switch" after the test is successful, switch the vro to the immune wall mode, and start the immune network management status.
Immune policy setting
After the immune mode is enabled, you need to set the immune security option, force installation of the immune driver, and set the immune security management policy.
1. The immune wall router manages network security through group management and groups Intranet IP addresses, the Division principle can be based on different departments of the enterprise, Internet access permissions, different bandwidths, and different regions.
2. Set whether or not to force install the immune Driver Based on the configured group. In "group management"> "Group Policy", select the corresponding group, select "verify" in "immune drive Verification", so that all computers in this group do not have an immune drive installed and cannot access the Internet.
In this way, when the computer in this group accesses the network, it will jump to the download service page on the server to download and install the immune driver.
3. Set the immune-driven security policy based on the well-established grouping, set false IP addresses, IP segments, Intranet uploads/downloads, Internet uploads/downloads, ARP Queries/replies, large Ping packets, and Internet/Intranet TCP for this group in "Security Options ". SYN and other network attack protection parameters.
After completing the above operations, some computers will be able to send too many ping packets, IP spoofing, MAC Address Spoofing and other attack interception information in the system monitoring. The director of the network management is shocked. The immune monitoring center monitors all Intranet hosts through the immune drivers on each computer of the automatically installed terminal. Green monitoring icons are constantly increasing. Xin's engineers specifically mentioned: "At present, there are far more Intranet attacks than the Internet, and the harm of Intranet attacks is also greater. The immune wall technology controls each terminal in the network and blocks attack data alarms from the bottom layer of the Protocol, in this way, the network security and stability can be fully guaranteed ".
Immune Network Monitoring Center
After the implementation of the immune network solution, the network of the Guangzhou Water Conservancy and hydropower Survey and Research Institute finally said goodbye to the effects of disconnection and lagging on enterprise office work. Instead, the monitoring center constantly prompts you to intercept alerts for various Intranet attacks. The immune network solution, which expands to the end of the network, goes deep into the bottom layer of the protocol, finds the entrances and exits of the internet, and obtains the full picture of the Intranet, is the right remedy, it solves the network security and stability problems that have plagued integrators and enterprises for a long time.
The immune gateway has a professional server platform and access module, which provides higher performance, more centralized management, more thorough and efficient use of the immune network solution for Intranet security management, it is particularly suitable for system integration projects and network security protection for medium and large enterprise users, and completely solves the problem of network security and stability that has plagued them for a long time.
Immune network can solve the problem of network security and stability because it implements an immune network solution based on the network architecture to support and manage various network applications stably, this solution completely solves various network attacks, network lagging, and disconnection problems that occur when enterprises use normal networks, and comprehensively improves the efficiency of enterprise network usage. The immune network solution is based on the Intranet Communication Protocol (Xin omnidirectional patent) A complete set of Intranet management solutions, including the immune security operation center, terminal immune drive, attack protection policy, immune monitoring center, and related hardware devices.