Technical analysis What kind of switch is safe

Source: Internet
Author: User
Tags new features switches firewall

Security switches-The new darling of the network, the gatekeeper of the network entrance, the ambition is to raise the broadsword to all unsafe factors.

The advent of the network era makes the security problem an urgent problem to be solved. The existence of viruses, hackers and various vulnerabilities makes security tasks difficult in the Internet age.

The switch occupies an important position in the enterprise network, which is usually the core of the whole network. In this era of hacker intrusion and virus-ridden network, as the core of the switch is also taken for granted a part of the responsibility of network security. Therefore, the switch must have the professional security product performance, the security has become the network construction must consider the heavy middle. As a result of this, security switches are integrated with security authentication, ACLs (Access control list, access controls lists), firewalls, intrusion detection and even antivirus functions, and the security of the network really needs to be "armed to the teeth".

Security switch three-layer meaning

The most important role of the switch is to forward the data, in the hacker attack and virus intrusion, the switch to be able to continue to maintain its efficient data forwarding rate, without attack interference, this is the most basic security features required by the switch. At the same time, as the core of the whole network, the switch should be able to distinguish and control the users accessing and accessing the network information. More importantly, the switch should also be coordinated with other network security devices to monitor and block unauthorized access and network attacks.

New features for secure switches

802.1X Enhanced Security Certification

In the traditional LAN environment, as long as there is a physical connection port, unauthorized network equipment can be connected to the local area network, or unauthorized users can connect to the LAN through the device access. This poses a potential security threat to some businesses. In addition, in the school and the network of intelligent community, because it involves the network billing, so verifying the legality of user access is also very important. IEEE 802.1x is the remedy for this problem, has been integrated into the two-layer intelligent switch, complete the user's access security audit.

The 802.1X protocol is a newly standardized LAN access control protocol that conforms to the IEEE 802 protocol set, which is called a port based access control protocol. Based on the advantages of IEEE 802 LAN, it can provide a means to authenticate and authorize the users connected to the local area network, and achieve the goal of receiving legitimate user's access and protecting network security.

The 802.1X protocol is seamlessly integrated with the LAN. 802.1X utilizes the physical characteristics of the switched LAN architecture to achieve device authentication on the LAN port. During the authentication process, LAN ports either act as authenticator or act as requesters. In the case of authentication, LAN port should be authenticated before it needs the user to access the corresponding service through the port, and if authentication fails, it is not allowed to access; The LAN port is responsible for submitting the Access service request to the authentication server as the requester. A port based Mac lock allows only trusted MAC addresses to send data to the network. Data streams from any "untrusted" device are automatically discarded to ensure maximum security.

In the 802.1X protocol, only the following three elements are available to complete the user authentication and authorization of port-based access control.

1. Client. Generally installed on the user's workstation, when users have access to the Internet needs, activate the client program, enter the necessary username and password, the client program will send a connection request.

2. Certification System. In the Ethernet system to authenticate the switch, its main role is to complete the user authentication information upload, release work, and according to the results of the certification to open or close the port.

3. Authentication server. Verify that the user has the right to use the network services provided by the network system by verifying the identity (username and password) sent by the client, and issuing a status of opening or maintaining the port shutdown according to the authentication results.

Flow control

The flow control technology of the security switch limits the abnormal traffic flowing through the port to a certain range, avoiding the unlimited misuse of the bandwidth of the switch. The flow control function of the security switch can control the abnormal flow and avoid the network jam.

Anti-DDoS

Once the enterprise network is subjected to large-scale distributed denial of service attacks, it will affect the normal network use of a large number of users, and even cause network paralysis, which is the most troublesome attack of service providers. Security switches use specialized technology to protect against DDoS attacks, which can intelligently detect and block malicious traffic without impacting the normal business, thereby preventing the network from being threatened by DDoS attacks.

Virtual LAN VLAN

Virtual LAN is an essential function of a secure switch. VLANs can implement a limited broadcast domain on a two-tier or three-tier switch, which divides the network into a separate zone that can control whether these areas can be communicated. VLANs may span one or more switches, regardless of their physical location, and devices seem to communicate between the same network. VLANs can be formed in various forms, such as ports, MAC addresses, IP addresses, and so on. VLANs restrict unauthorized access between different VLANs, and you can set the Ip/mac address binding feature to restrict unauthorized network access for users.

Firewall capabilities based on access control lists

The security switch uses the access control list ACL to realize the security function of the packet filtering firewall and to enhance the security guard capability. Access control lists have previously been used only at the core router. In a secure switch, access control filtering can be implemented based on the source/target swap slot, port, source/destination VLAN, source/Destination IP, tcp/udp port, ICMP type, or MAC address.

ACLs can not only allow network managers to develop network policies, for individual users or specific data flow to allow or deny control, can also be used to enhance the network security shielding, so that hackers could not find a specific host on the network to detect, thus unable to launch attacks.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.