A detailed explanation of switch network security policy

The switch occupies an important position in the enterprise network, which is usually the core of the whole network. In this era of hacker intrusion and virus-ridden network, as the core of the switch is also taken for granted a part of the responsibility of network security. Therefore, the switch must have the professional security product performance, the security has become the network construction must consider the heavy middle. As a result of this, security switches are integrated with security authentication, ACLs (Access control list, access controls lists), firewalls, intrusion detection and even antivirus functions, and the security of the network really needs to be "armed to the teeth".

Security switch three-layer meaning

The most important role of the switch is to forward the data, in the hacker attack and virus intrusion, the switch to be able to continue to maintain its efficient data forwarding rate, without attack interference, this is the most basic security features required by the switch. At the same time, as the core of the whole network, the switch should be able to distinguish and control the users accessing and accessing the network information. More importantly, the switch should also be coordinated with other network security devices to monitor and block unauthorized access and network attacks.

New features for secure switches

802.1X Enhanced Security Certification

In the traditional LAN environment, as long as there is a physical connection port, unauthorized network equipment can be connected to the local area network, or unauthorized users can connect to the LAN through the device access. This poses a potential security threat to some businesses. In addition, in the school and the network of intelligent community, because it involves the network billing, so verifying the legality of user access is also very important. IEEE 802.1x is the remedy for this problem, has been integrated into the two-layer intelligent switch, complete the user's access security audit.

The 802.1X protocol is a newly standardized LAN access control protocol that conforms to the IEEE 802 protocol set, which is called a port based access control protocol. Based on the advantages of IEEE 802 LAN, it can provide a means to authenticate and authorize the users connected to the local area network, and achieve the goal of receiving legitimate user's access and protecting network security.

The 802.1X protocol is seamlessly integrated with the LAN. 802.1X utilizes the physical characteristics of the switched LAN architecture to achieve device authentication on the LAN port. During the authentication process, LAN ports either act as authenticator or act as requesters. In the case of authentication, LAN port should be authenticated before it needs the user to access the corresponding service through the port, and if authentication fails, it is not allowed to access; The LAN port is responsible for submitting the Access service request to the authentication server as the requester. A port based Mac lock allows only trusted MAC addresses to send data to the network. Data streams from any "untrusted" device are automatically discarded to ensure maximum security.