Maples EIP System Safety Network scheme

1. Foreword

Due to the openness of Internet and the limitation of the original design of communication protocol, all information is transmitted in clear text, which leads to the security problem of Internet increasingly serious. Illegal access, network attacks and so on frequently, to the company's normal operation brings security hidden trouble even immeasurable loss, therefore must use the information security technology to ensure the network security problem.

2. Network Solution Description

Through in-depth analysis of the existing network model and EIP business process, to ensure that the existing network does not make big changes, while saving equipment investment, it is recommended to use MPSEC SSL600 Office tunnel system to form the safety network.

2.1 Network topology

　　

2.2 Network Implementation Plan

The Mpsec SSL600 Office tunnel system consists primarily of SSL tunneling gateways (MPSEC SSL 600) and SSL tunneling client software (mpsec SSL600 clients). Additionally, users need to request digital certificates for SSL tunnel gateways and SSL tunneling clients to certification authorities, such as CA Center or MPSEC CMS Certificate management system.

The network implementation plan is as follows:

1 Install Certificate Management Server (Mpsec CMS)

The MPSEC CMS server issues digital certificates for secure proxy gateways and remote fixed or mobile users, and the digital certificates bind their identity information. Use digital certificates for authentication and encrypted transmission of information between a secure proxy gateway and a network transmission between remote or mobile users.

Install the certificate Management Server in a subnet that is easy for administrators to use, as follows:

Install Certificate Management System

Assign an administrator and issue the appropriate administrator certificate

Installing the Certificate Management client

Issuing certificates for remote users or mobile users

Each remote user or mobile user in the hands of the issued certificate distribution

2) Installation of Mpsec SSL600 system

In the edge of the network to join the Security Agent Gateway (Mpsec SSL600), the security proxy gateway is located behind the firewall, you can use the existing public network IP address to do NAT, so that remote users or mobile users through the public network to access the security proxy gateway, and then by the Security agent Gateway access to the ERP server

3 Install mpsec SSL600 client clients

Installs the secure Transport Agent client software on a remote fixed user or on a mobile user's client machine. In order to achieve the authentication of client user identity by secure Proxy gateway server, the information encryption transmission between secure proxy gateway server and remote user or mobile User client machine is realized.