Intranet security management solution-Intranet threat detection and analysis

Intranet threat detection

Threat detector is a high-performance security device based on high-performance ASIC chip architecture that achieves centralized Intranet identity management and attack suppression with full-line rate computing efficiency. An Intranet threat detector is a 2nd-layer device in a layer-7 network model. It manages resources on the layer-2 network (such as the relationship between MAC addresses and IP addresses, defends against layer-3 attacks (such as ARP spoofing ). Simply put, after you manage the MAC and IP addresses, you can manage the identities of users in the network. In this way, you can effectively defend against layer-2 attacks and automatically locate and isolate them outside the network.

Main functions:

MAC/IP Address Management

Identity Security Management: automatically learns MAC, IP, and user computer names, and quickly establishes a one-to-one network user database. Network administrators (hereinafter referred to as "management personnel") are strengthened to manage the identity security of network users;

Binding management: network access security policies bound to MAC and IP addresses are used to prevent unauthorized modification of IP addresses and MAC addresses, resulting in address conflicts and management problems, avoid management troubles caused by network address conflicts between personal computers and important equipment and servers, and ensure the operation of important equipment or server services;

Data Management: The system supports single MAC/IP data entry and provides management services such as import, export, and clear of the entire database, this improves the management of MAC/IP data on the network.

Exception Detection Management

IP Scan Detection: IP scan is usually performed before the ARP virus attack. By detecting the Scan, the problematic users are located during the test and isolated from the network;

ARP exception detection: this function can still locate and isolate users who are launching ARP attacks even if the ARP virus does not scan any more;

DNS phishing Detection: checks whether your browser is hijacked due to Trojan Infection.

Intranet Threat Analysis

According to the spirit of ISO27001/27002, the Intranet threat analysis system aims to build a threat prevention and control system and behavior audit system similar to the disease prevention and control system for the Intranet, working in the layer-7 network model, the layer-7 and layer-3rd are mainly used to collect and analyze the data traffic at Layer-4th and the port used at Layer-3rd, determine whether the network is abnormal based on the analysis results, and locate and isolate the host with abnormal traffic. In addition, the analysis system can store a large number of network behavior logs, which must be used to provide evidence for possible crisis handling in the future.

Main functions:

Traffic Analysis

User Analysis: through a list, managers can understand the traffic volume of each user in the network and the ranking of the traffic in the network, so as to find users with potential threats;

Protocol analysis: the Administrator analyzes the protocol of a user in the traffic ranking to find out which applications the user may be using and check whether risks exist;

Real-time analysis: Administrators can analyze Intranet traffic in real time to learn the latest Traffic Transmission status.

Exception Analysis

Detects network traffic exceptions and notifies management personnel by email;

Detects common known worms and automatically blocks problematic users;

For the user's superstream analysis, if the traffic exceeds the specified limit, the system blocks the traffic and can automatically unlock the traffic according to the lock time setting.

Intranet security is an important part of the introduction of Intranet threats. I hope you can understand the content of this solution. We will further discuss this solution in future articles.