Enterprise security building self-built access system

Enterprise security building self-built access system, this article describes the experience of self-built access to the system, the system in a stable operation of a large Internet company for 5 years.

Access to the system profile

Network Access Control (NAC) is a Cisco-sponsored, multi-vendor initiative designed to prevent emerging hacking technologies such as viruses and worms from compromising enterprise security. With NAC, businesses can only allow legitimate, trusted devices (such as PCs, servers, PDAs) to access the network without allowing other devices to access it.

To remedy the situation

Internet companies in addition to the basic listing of the United States there is no pressure of safety and compliance, all business development and work efficiency as the first driving force, so costly and labor-intensive construction depends mainly on event-driven security, we encountered before entering so few An unlucky thing:

Office network a large number of PC antivirus was uninstalled staff, and did not promptly patch, the result was very low arp virus at the time, several network office off, affecting the development of a thousand small RD.

Angry young staff post, uncle door check meter, we almost did not find out who is.

Pain points

Based on historical lessons, the brief summary of the pain points we want to solve on the access system is:

Authentication: WiFi and cable access to the device / IP can be bound to the case, the investigation of security incidents can be targeted to people

Permissions restrictions: different functions of the crowd network permissions are not the same, the minimum permissions

Security reinforcement: to meet the company's baseline security requirements of the equipment can access the network, did not install antivirus without patching to prohibit access

Any of the above problems, in fact, there are other solutions, such as binding mac and the like, but when we Beijing four buildings, two thousand RD, extensive use of wifi mobile office, wired network access to some buildings are silly hub , Some H3C 31, some Cisco 29, visual access to get on the.

Threesome must have my teacher

According to the rankings of the then gartner, we investigated the products of several foreign manufacturers and summarized the advantages of them under the following conditions:

Authentication and authorization integration with the Microsoft domain SSO

Wired and wireless switch automatically certified

Network Control Reduce network infrastructure dependencies on the third floor