Multi-protection on enterprise switch security

As the saying goes, the body is the capital of revolution, a person only strong physique can live better, in order to create greater wealth for society. Enterprise network is like a person, only security measures to do in place, the enterprise in all aspects of the operation of a better. In today's information age enterprises, information for the enterprise is undoubtedly the greatest wealth. With the spread of virus and the rampant hackers, enterprise network security protection has been greatly concerned.

As we all know, security should be spread throughout the network, and enterprise network security can not only rely on a single device and a single technology to achieve, as the backbone of network enterprise switches in the Enterprise network Security Protection deployment also plays an important role. Taking the necessary security technology on the switch can not only effectively relieve the work pressure of other safety equipment, but also can find and solve the problem in time.

For example, antivirus software in front of the worm appears powerless, the firewall's ability to reverse lookup is very weak, intrusion detection software can not detect internal intrusion, and the switch can easily make up for the lack of security equipment. Now, many enterprise users to solve security problems through the switch is also very optimistic, through the multi-layer switch features to improve the security of the network will become more and more common.

The security and robustness of enterprise switches directly affect the security and reliability of the enterprise network, therefore, the security protection of enterprise switches should be fully armed, in addition to the general exchange functions, but also with the performance of professional security products, in the system security, the switch in the network from the core to the edge of the overall framework of the implementation of the security mechanism , that is, to encrypt and control the network management information through the specific technology, and to use secure access mechanism, including 802.1X access verification, ADIUS/TACACST, MAC address checking and various types of virtual network technology in Access security.

Not only that, many switches also increase the hardware form of the security module, some of the network security features of the switch to better curb the use of WLAN with the overflow of intranet security vulnerabilities. This type of switch from network security and User Service application, can realize specific security policy, restrict illegal access, after analysis, effectively protect enterprise users network business Normal development. Enterprise switch often through the following several common measures to the enterprise network to achieve multi-directional protection.

A. 802.1X standard

802.1X Standard is a newly completed standardization of an IEEE 802 protocol set of LAN access Control Protocol, is a network device to authorize the customer's standards. As a security feature of LAN, the 802.1X standard can force network users to log on to the network before accessing any devices and resources, which can effectively restrict the access of illegal users and achieve the goal of protecting network security.

The 802.1X standard is fairly practical, but because 802.1X relies on Windows XP clients, which is supported by only window XP users, many switch devices have this functionality but are not popular and widely used by network designers and managers.

Two. Flow control technology

This technology in the switch allows managers to easily control the bandwidth of each switch port, the abnormal flow through the port is limited to a certain extent, can achieve storm control, port protection and end-to-end security, effectively avoid network congestion while also effectively prevent Dos attacks, and does not affect network performance.

Three. Access Control List (ACL) technology

ACL technology by accessing input and output control of network resources, switches can block or allow network access based on server and client IP addresses. ACLs are a list of rules in which the switches execute the rules and process each packet entering the port. Each rule either allows, or rejects, the packet through the properties of the packet (such as source address, destination address, and protocol). Because rules are processed in a certain order, the relative position of each rule is critical to determining what packets are allowed and disallowed to pass through the network.

ACL technology can not only facilitate network managers according to the needs of users assigned to their appropriate role, can also be used to enhance the network security shielding, so that hackers could not find a specific host on the network to detect, so that the enterprise switch can not launch attacks.

Four. Virtual local area network (VLAN) technology

Virtual local area network (LAN) is an essential function of security switch, and it is a security policy which is widely used. Virtual local area network (LAN) is a logical network which can be built by network management software to cross different network segments and different networks on the basis of switched local area networks. VLANs can be in the two-tier or three-tier switch on the implementation of a limited broadcast domain, it can cover a number of network devices, and their physical location is not the same as the device between the same network communication, which makes the enterprise network management becomes simple and intuitive.

Virtual LANs can be used to divide users into groups, allowing users to use only the network resources they need. VLAN based on the port of VLAN, MAC address and routing access list and other principles of the Division, restricting the various different VLAN unauthorized access, and can set the IP/MAC address binding to restrict user access to unauthorized networks, thereby improving the overall performance and security of switched networks. And through the creation of VLAN, isolated broadcast, narrow the broadcast range, you can control the production of broadcast storm. For a network with VLAN technology, a VLAN can divide different geographic network users into one logical network segment according to departmental functions, object groups or applications.

Five. Switch and IDS system linkage

The linkage between enterprise switch and IDS system is an ideal scheme which is very practical and does not increase investment cost. As hackers and viruses are dependent on the network platform to attack, the IDs as a monitoring system, with the switch linkage, you can cut off the network platform of hackers and viruses to spread the way to achieve unexpected security effects. Specifically, the enterprise switch and IDS system linkage is in the process of operation, the switch will be a variety of data flow information to the security equipment, IDS can be reported according to the information and data flow content detection, in the discovery of network security incidents, carry out targeted operations, These responses to the security incident are sent to the switch, where the switch enables the exact port disconnect operation. This technology has been recognized by most users, but it has not been widely used in practice.

Six. Anti-DDoS

Once the enterprise network by large-scale distributed denial of service attacks, will make a large number of users can not use the network, serious time will cause the entire enterprise network paralysis, become the service provider the most headache attack. If the enterprise switch uses specialized technology to protect against DDoS attacks, it can intelligently detect and block malicious traffic without affecting the normal use of the network, thus preventing the enterprise network from being threatened by DDoS attacks. Many enterprise switches now offer powerful anti-DDoS capabilities in the context of an application-demand stimulus.

Seven. All-distributed architecture design

The distributed architecture design is a high speed routing lookup with powerful ASIC chip, and data forwarding is carried out by the longest matching and packet forwarding, which greatly improves the forwarding performance and expansion capability of the routing switch.

The protection of human health is not only by standing drugs can be solved, but also need to have regular inspection and good health habits and so on, and corporate network security protection, like personal safety and security, are not a method and measures can be achieved, all need to be considered comprehensively from all aspects. The security of enterprise network from intranet to extranet needs to be solved by professional security equipment such as firewall, and the switch should play an active protective role to realize multiple protection.

Security-enhanced switches in a growing number of enterprise users to achieve network security through the switch to consolidate a positive attitude came into being, security-enhanced switch itself has a professional anti-attack capability, is a general switch of the perfect version and upgrade version, with higher intelligence and security protection functions. Believe that the enterprise network in the firewall and other security equipment and enterprise switches together to make the hackers refused to the door, the virus will be wiped out!