How to use a computer to achieve network isolation and security control?

Due to the different nature of the work, many enterprises are not allowed employees on the network, once the need to find information online, must be in the designated domain through a dedicated computer to query and download. Such a surface is to protect the security of the internal network, to prevent internal information leakage to the extranet, but from the actual operating process, management complex, inefficient, resources can not be used rationally, to bring a lot of inconvenience to staff work.

There are also some units, in order to ensure the security of internal information, the use of virtualization, all files stored in the remote server, that is, the legendary "cloud", the local do not save files, invested heavily in the construction of this set of virtualization system, but often because of network bandwidth resources and follow-up maintenance is not in place, resulting in more trouble.

Research and development departments as the core competitive advantage of the main department, has been the focus of internal information protection, so there are some units directly to all their files are encrypted processing, so as to control the enterprise's internal information security, which is indeed the most powerful means of information protection.

Because of the different nature of the content, some enterprises want to reduce the difficulty of management, save the cost of protection, the internal and external network effective isolation, the adoption of the principle of not allowed to control can not affect efficiency, but also to ensure security. But if the network isolation, to configure more than one computer, the cost increases, so the market is calling for more effective isolation solution to the problem of information security!

Billion Saiton by virtue of their own more than 10 market development experience, the use of mature sandbox technology and encryption and decryption technology, fully maintain the compatibility of the premise, for research and development enterprises, financial units, military units, government industries, such as the need for a variety of network office environment units to provide a set of virtual security isolation control system, The system can effectively create and isolate multiple security domain environment, ensure the application of each security domain and the original system, on the other hand, data security isolation in each security domain environment, full disk encryption storage, so as to achieve the purpose of security protection, the main characteristics are as follows:

　　1. Environmental isolation and encrypted storage

Each security domain environment can realize one-way or bidirectional isolation, guarantee data storage and use security between different environments, and realize physical isolation effect. All data generated by the security domain environment is redirected to the virtual encrypted disk, ensuring that the data is stored securely on the hard disk, preventing illegal users from stealing disk leaks.

　　2. Security Identity Certification

Support a variety of identity authentication methods, including: User name and password authentication, hardware USB dual-factor authentication and AD single sign-on authentication, and support the integration of certification with the CA certificate.

　　3. Network encryption and isolation

In each security domain environment, network communication is completely encrypted and isolated, the security domain can be set up encryption security Isolation network, each security domain environment can be isolated from each other, and can realize the access isolation of the core application system, guarantee the security authentication and access security of the application system.

　　4. Port and Peripheral control

Computer ports and peripherals can be enabled or disabled control, including USB storage devices, mobile phone synchronization, physical printing, optical drive, serial port, parallel port, infrared, Bluetooth and so on.

　　5. Secure sharing and transmission within the domain

In the same security domain environment, secure instant messaging and file security sharing can be carried out between users, while ensuring secure domain isolation and transmission security while improving internal synergy efficiency.

　　6. Off-line safe off

For special scenarios such as business trip office or network interruption, the system supports setting off-line policy and time limit; Under normal policy permissions, users can use security domain and quarantine data off-line normally, but prohibit unauthorized export and network outbound, the system will record the operation log and audit in detail.

　　7. Data Security Outgoing

When important documents in the security domain need to be sent out, need to submit a clear or secret text outside the application, after the approval of the document can be exported to the security of the outside; When the ciphertext is out, the outgoing document will be encrypted to the external use, to prevent the illegal proliferation of important documents and leaks. Ciphertext can be set to open the document authentication mode, the use of permissions, reading times and reading time and other control.

　　8. Data centralized control and cloud storage

All the isolated data in the security domain can be stored in the server centrally, and the high secrecy requirement of "data large concentration and terminal no trace" is realized.

Billion-game virtual security Isolation control system, the real application of environmental protection, so that the former messy work environment become safe and controllable; The product application impact is small, with the existing environment integration fast, and the security domain environment can be a key fast switch between the real security and efficiency coexist.