For a long time, people often think that the security problem mainly stems from outside factors, so everyone wants to deploy the security equipment in the network access place, the virus and the attack is blocked outside the door. As everyone knows, the fortress is easiest to penetrate from the inside, there are many important network security problems are caused by internal staff. According to the U.S. CSI/FBI Computer Security survey data, although from internal attacks accounted for 22% of the total number of attacks, but the damage is more than 10 times times the external network attack.
Operator's support network (intranet) is its core IT resources, along with the operator's business development and the security threat developing trend, the operator's support network generally has the following problems, has the very big security risk:
Network full connectivity, support system is not effectively isolated
The network structure of the support network is complex, the boundary is unclear, the safety protection is difficult, the investment is big and the omission is easy; the security of a single system can easily spread to other systems.
Staff safety awareness is weak
Terminals often have not patched, not installed anti-virus, weak password, installation of illegal software, violation of system security policies and other events, the different subsystems of the terminal mixing phenomenon is serious, easy to illegal access and information leakage.
Lack of unified security management and operational platform
Each security product and technology sees only the local security problem, lacks the security management and the centralized dispatch, does not see the whole problem, cannot provide the whole valid information for the security operation Dimension.
Scenario Overview
The H3C intranet control solution is based on the PDRR model and consists of security management platform, safety protection equipment and terminal software:
Prevention (homeowner)--through the Firewall for Security Zone division, to avoid internal personnel across the region access, through the access control software to the terminal patch, virus database Upgrade status check to ensure that each terminal health access, and the user reasonable authorization.
Detection (detection)-Firewall/ips Internal network data flow monitoring, according to the characteristics of worms, viruses, trojans and other attacks.
Response (Response)--security equipment and network equipment and terminal software linkage, common defense attacks.
Recovery (Recovery)--The Security Management Center carries on the real-time analysis and the post audit to the security incident, discovers the current network weak link, adjusts, sends out the security strategy, and serves as the next step strategy consummation and the security construction basis.
Typical networking
Programme features
Flexible, concise area isolation
The industry-leading Wan Chaoping provides high-performance security equipment that ensures business continuity while ensuring security; Virtualization design simplifies the network structure by customizing the protection strategy for different businesses.
Active defense of viruses and worms
Security management platform through the H3C EAD (Endpoint access defense) terminal software to authenticate the access user, at the same time, check the terminal patch, virus library upgrade status, to ensure that only the identity of the legitimate and patch installation and virus protection meet the requirements of the user access, so as to ensure the security of each access endpoint, while through the three libraries in one IPs , the virus in the network traffic timely filtering, to avoid further transmission.
Security linkage based on depth detection
Security defense devices include firewalls and IPs. The combination of packet filtering, stateful detection, intrusion prevention and anti-virus technology, can detect and block worms, viruses and malicious intrusion behavior, while the security incident to the security management platform. Seccenter carries on the intelligent analysis after the linkage IMC, to the network user who poses the threat to take the on-line reminder, the forced off-line, closes the switch port, joins the blacklist and so on the control means, from the source to stop the threat the occurrence.
Secure Unified Management
There is a lack of information interaction between different vendors, different kinds of networks and security devices, which is easy to form an island of information. Based on advanced depth mining and analysis technology, Seccenter supports the management of various IT resources, such as firewalls, IDS, IPS, UTM, anti, spam, routers, switches, Unix, Linux, windows, etc. Through the collection, analysis, association, Convergence and unified processing of massive information, assist the Administrator to monitor the security situation of intranet in time and discover the hidden danger in time. At the same time, security administrators can customize the corresponding security reports in accordance with the laws and regulations (e.g. Sox Act) and standards.
In short, the H3C intranet control solution through the point (Access endpoint control), line (security event linkage), surface (unified security Management) of the combination of three-dimensional protection for operators to provide perfect intranet security solutions.