Campus Network Solutions: Who and what to contend with?

Under the influence of the global digital Wave, the construction of digital campus of colleges and universities has been paid much attention, and the University of China has been contacting digital campus construction from various aspects with the strong impetus of the construction of Chinese Educational Research Network (CERNET). In recent years, with the promotion and use of smart cards, a number of management functions and Community services, certification integration of the campus "one card" is widely used in colleges and universities. The campus "one card" takes the smart card as the information carrier, unifies the microelectronics technology, the monolithic integrated technology, the computer network technology and the database technology and so on many high technology, enables it to have the electronic identification and the electronic wallet function, replaces the campus tradition daily life the teacher work permit, student card, library card As well as with cash-related transaction canteen rice Card (voucher), medical certificate, on the machine card, tickets, etc., to teaching, learning, testing, evaluation, housing, use of the overall digitization and networking, and truly realize "a card in the hand, traveled the campus."

Rui Jie: Rgos operating system full range of firewall security assistant

Network platform in the whole campus card system in the bottom, but also the cornerstone of campus card, and the enterprise companies for schools to do the solution is also a school of contention. Ruijie Network Company has 7 years of service in education information construction experience, after in-depth analysis and investigation, designed with high stability and high security characteristics of a card network platform to support the operation of campus card. In the spread of cyber attacks today, a card network will inevitably be attacked. One card network security is mainly threatened by two aspects, one is from hackers such as DDoS attacks, the other is from the intranet of the virus spread such as ARP spoofing; for the former the most effective way is to deploy the firewall, and for the latter need core, convergence and access to the switch has the security protection function.

Rui Jie in the deployment of firewall equipment using the Rgos operating system, Rui Jie full range of firewall use of the software system, the implementation of the full firewall function. Rgos design, completely abandoned the current domestic mainstream firewall is still in use Iptables security protocol stack, out of the general operating system, no common operating system vulnerabilities, is a new generation of firewall software, the use of segmented direct addressing search algorithm (msdal), tree-shaped search algorithm, and other advanced algorithms, The technology of pre-compiling security rules makes the processing performance of firewall greatly improved. The CSS security system of the core equipment ensures the security of the system through the hardware security monitoring technology, the hardware security protection technology, the rich equipment safety management, and through the hardware tunneling technology, the authentication technology, the encryption technology protects the network equipment transmission data security. The pooling and access switches support a wide range of security protection capabilities, including Dos attacks (Smurf, Synflood), anti-IP scans (pingsweep), anti-source IP address Spoofing (sourceipspoofing), anti-ARP spoofing, Bandwidth control and so on, so that security protection from the edge of the network to start.

Cisco: Automatic Defense network security Ideas

Cisco has been committed to leveraging and leveraging the global experience and technical advantages to help the education industry achieve the leading network applications. Most of the campus network in China has a certain problem in security. Virus flooding, hacker attacks, information loss, service rejection and so on, these security risks as long as the occurrence of the entire campus network will be a fatal blow. To this end, the Shanghai Maritime University in the new campus specially considered the overall security, after careful deployment, Cisco Automatic Defense network security ideas have been very good application. Cisco uses Mars systems (Cisco Security Monitoring, analysis, and response systems) to strengthen deployed network devices and security countermeasures, making it easier for school administrators to identify, manage, and eliminate network attacks and maintain regulatory compliance.

Self-Defense network planning is a big step forward compared to the previous strategy of integrating multiple security services through Internet Protocol networks. The specific implementation of the Shanghai Maritime University Campus Network, Cisco fully consider the different functions of the Division to undertake different business.

In order to enhance the border security control between different functional partitions, the Firewall security module (FWSM) is added to the Cisco 6509 switch in the core switching area.

Cisco FWSM modules are based on high-performance network CPUs, with a maximum throughput of 5.5Gbps and support for up to 1 million concurrent connections, a high standard that is the cornerstone of ensuring network security. In a Cisco 6509 switch, 4 FWSM modules can be deployed in parallel to maximize throughput up to 22Gbps. Because the FWSM module is deployed in the core switch, the number of devices in the network link is reduced, the performance of the network is improved, and the maximum 22Gbps throughput can meet the requirement of the performance of the campus network traffic. Wang Haiwei, Assistant president of Shanghai Maritime University, said: "The network security effects of new campuses have withstood the test in recent outbreaks of virus worms, and our overall management costs have been drastically reduced by Cisco solutions." ”