Role conversion switch from "hostage" to "guard"

Like the bridge adapter, the switch simply decides to forward information based on the MAC address in each package. This type of forwarding decision generally does not consider the deeper information hidden in the package. The difference with the bridge adapter is that the forwarding delay of the switch is very small, and the operation is close to the performance of a single LAN, far exceeding the forwarding performance between common Bridging networks. The exchange technology allows the shared and dedicated LAN segments to adjust the bandwidth to reduce the bottleneck of information flow between the LAN.

For networks, vswitches are undoubtedly the heart and should be the most sensitive, weak, and protected part. Even if the performance is strong, once paralyzed, it is a disaster for the network. Security is the final principle. As a result, a new concept of security switch emerged, which requires that "as the core of the network, the switch not only exchanges data, but also has the performance of professional security products ", vswitches are used to connect servers, security gateways, and terminal computers to form a security protection system throughout the network.

This new concept of security makes switch security protection the most important part of enterprise network security protection, and also puts forward high requirements on the security performance of switches. Take the ASUS GX1116i +/1124i + series smart network management switch technology that ASUS has invested in the small and medium-sized enterprise market as an example. First, these switches support the latest 802.1x Standard, which can limit access by illegal users to the maximum extent to protect network security. Second, the Asus GX1116i +/1124i + switch has traffic control technology, the manager can easily control the bandwidth of each vswitch port, limit abnormal traffic passing through the port to a certain range, and implement storm control, Port Protection, and port security, in addition to effectively avoiding network congestion, it can effectively prevent DOS attacks without affecting network performance. Thirdly, the GX1116i +/1124i + switch also has the access control list (ACL) technology, not only can network administrators assign appropriate roles to users according to their needs, but also can be used to enhance network security shielding So that hackers cannot find specific hosts in the network for detection, therefore, it is impossible to launch attacks on Enterprise switches.

In addition, the virtual LAN function of a variety of security switches is also a widely used security policy. Using this function, users can be divided into several groups, allowing users to use only the network resources they need. VLAN is divided based on the port VLAN, MAC address, and route access list, which limits unauthorized access between different VLANs, you can set the IP/MAC Address binding function to restrict unauthorized network access to improve the overall performance and security of the switched network. In addition, through VLAN creation, broadcast is isolated, and the broadcast range is reduced to control the generation of broadcast storms. For Networks Using VLAN technology, a VLAN can be divided into logical network segments based on Department functions, object groups, or applications.

The protector can not only protect himself, but also protect the internet. This concept is no stranger to traditional network equipment manufacturers. "If you are poor, you are dedicated to it. If you are good at it, you can enjoy the advantages of the world." I believe that only such a network architecture is "all people, only when network devices with high security performance are combined with professional security devices can they fully cope with the increasingly intensive security threats in the information society and maximize network security.

Related Articles]

• Vswitches also require Network Security: security functions on vswitches
  

• Technical analysis what vswitches are safe
  

• Adjustment idea: Use vswitches to solve LAN security