yl23455永利(中国)有限公司

Border Protection Scheme Position:Home » Solutions » Border Protection Scheme
1. requirements overview
1.1 background introduction
In recent years, the complexity of computer and network attacks has been increasing, and the traditional firewall and intrusion detection system (IDS) are becoming more and more difficult to detect and block. With every successful attack, hackers will quickly learn which direction is the most successful. The time gap between vulnerability discovery and hackers exploit vulnerabilities has become shorter and shorter, so that IT and security personnel do not have enough time to test vulnerabilities and update systems. With the proliferation of viruses, worms, Trojans, backdoors and hybrid threats, security threats in the content layer and network layer are becoming commonplace. Complex worms and e-mail viruses such as Slammer, Blaster, Sasser, Sober and MyDoom often made headlines in the past few years, they also showed us this kind of attack will usually in a few hours can spread all over the world how fast sweeping. Not only do IT and security personnel need to worry about known security threats, they also have to concentrate their efforts on preventing new, unknown threats known as "Zero-Hour" or "zero-day".
1.2 demand analysis
1.2.1 next generation firewall requirements
·business server itself vulnerabilities are generated by hacker attacks, operating system, application software or application protocol may have vulnerabilities, such as remote desktop windows vulnerabilities, Apache vulnerability Struts2 OPEN SSL bleeding heart vulnerability, BASH vulnerabilities such as broken shell;
·Web application level security threats, such as SQL injection attacks, XSS attacks, Webshell uploads, etc.;
·Website admin or personal account login system is password brute force crack;
·Sensitive information stored on the business server is stolen;
·publishing content has been tampered with;
·Protection against vulnerabilities in the terminal's own system or application software;
·Known remote control Trojans, worms and other malware is implanted in the terminal, formed after the detection and identification of zombie hosts;
·Detection and protection of unknown variant malware threats;
 
1.2.2 online behavior management needs
Low efficiency
The popularity of the Internet has changed the traditional office mode, but there are always some network users who do network behavior naturally or half unconsciously has nothing to do with the job, such as stocks, chat, play online games, watch videos, online shopping, and more and more employees are through the enterprise wireless network to use the mobile version of APP Taobao, unfamiliar street. This seriously affects the efficiency of work, which leads to the decline of enterprise competitiveness.
Therefore, the organization needs for PC, mobile terminals and other applications, APP for more effective identification and control.
Bandwidth abuse and waste
The Internet is filled with non key business applications P2P download, online video, online games, novels and other consuming bandwidth, users will occupy a lot of bandwidth in the use of these applications, and the key personnel of business applications, the role is not enough resources.
In addition, the traditional bandwidth management strategies are static, and when bandwidth is idle, the traffic will still be limited and the bandwidth value will be wasted.
Therefore, IT departments need to provide a more flexible, detailed and dynamic bandwidth management strategy for various application types, user roles, bandwidth usage and so on, so as to enhance the user experience online.
2, network topology

 

 

3, solutions:
3.1 external Web application security protection
The next generation firewall has professional Web application protection capability, and it can provide security protection for the export of internet:
1. SQL injection, XSS attack, Webshell file upload, site scanning, CSRF, file containing attacks, directory traversal attacks, system command injection, etc. OWASP TOP 10 Web security threats;
2., for the common website content management system CMS security protection;
3., HTTP protocol based anomaly detection, buffer overflow detection, etc.;
4. server version information hiding;
5. Web weak password detection and password brute force protection;
6., provide website management, background login, two times authentication;
3.2 terminal security protection
3.2.1 terminal botnet detection
The next generation firewall has the unique function of Botnet detection and isolation. It can detect the outgoing traffic initiated by the terminal in real time and help the user locate the server or terminal controlled by the hacker in the intranet. The use of the industry's leading botnet identification detection technology to effectively identify hacker attacks, targeted at the Trojan horse as a representative of malicious software for deep protection. The botnet identifies more than 500 thousand libraries and is updated in real-time by the attack and defense team.
3.2.2 terminal unknown threat detection
In addition to the establishment of a malware sample library, in order to cope with the new variants of malware and other unknown threats, next generation firewall build a cloud security platform, security threats through the sandbox detection technology of cloud platform to identify the unknown. The next generation firewall can run the detected abnormal traffic into the sandbox virtualization environment and discover unknown threats by monitoring registry modifications, process creation, and file system modifications. At the same time, a feature rule base is generated for the newly discovered threat samples, and is pushed to the next generation of firewall devices that are connected to the Internet through the cloud security platform.
3.3, real-time vulnerability analysis, positioning effective attacks
The real-time vulnerability analysis function provided by the next generation firewall can be analyzed according to the traffic flow of the equipment.
By combining an attack log against a known vulnerability, an effective attack that can really threaten the business server is located.
Business / user security operation and maintenance
In the face of centralized data, multi business operation scenarios, the next-generation firewall also provides a comprehensive risk report strong function, can first and the number of detected attacks to help users from the current vulnerabilities found for the overall network security situation of a risk assessment, and gives the current network security environment rating.
The comprehensive risk report from the two dimensions of business and user of detailed analysis, according to the type of attacks, vulnerabilities and threats to type the type of statistical analysis, and to analyze the safety of each business according to the corresponding IP server, provide the corresponding service safety instructions, the readability of the report more convenient from the user the report of the security reinforcement strategy next step.
3.4 improve work efficiency
3.4.1 web filtering strategy
Working hours for personal activities, managers are difficult to stop, such as work time, browse shopping websites, micro-blog, BBS post, etc.. AC can provide for different users (Group) management method based on the role of the managers to achieve the specified user access to specific sites in the Department and work time only, such as industry information website, the company website, and other unauthorized web browsing will be rejected.
Management of 3.4.2IM (Instant Messenger) chat software
Working hours using private chat such as QQ, MSN, not only affect work efficiency, but also because of IM transfer files and the introduction of viruses and leaked out. The face of many IM software, AC by detecting the characteristics of the application packet field, to achieve IM chat software management, improve work efficiency.
3.4.3 comprehensive behavior management
Web filtering, IM chat and other controls are only part of Intranet behavior management. In the face of the user work that hang download, search for the latest network news, pictures, blogs and work time to upload pictures, watch online video, online games and other issues, AC supports the use of identification rules, including 1500 kinds of applications, the overall management of the employees' online behavior.
3.4.4 Internet time management
AC through different departments, different users, based on the distribution of permissions within the time period, you can also limit the user's total Internet access time in a day, to achieve user-friendly management. Support set a certain time value of the Internet, when the user exceeds this threshold, will automatically pop-up reminder page, reminding employees to work time, pay attention to improve work efficiency, do not engage in work-related network activities.
3.5 improve bandwidth utilization
3.5.1 multi line strategy
AC supports multi line multiplexing and bandwidth Overlay Technology (patent number: 200310112006X), and enterprises connect multiple public network lines through AC, so as to improve the overall bandwidth level. At the same time, combined with multi route intelligent routing technology (patent number: ZL03113974.4), the intelligent flow routing and load balancing can be achieved.
3.5.2 P2P software control
P2P behavior has a strong phagocytosis of bandwidth, while traditional flow control capabilities do not work on P2P applications. AC provides P2P intelligent identification patent technology (patent number: 200610156977.8), not only can identify and control commonly used P2P software and version, not unusual and future P2P will also be able to control. The P2P flow control technology provided by AC will limit the bandwidth occupied by the designated user after the P2P is switched on. Not only allows users to use P2P, but also does not misuse bandwidth.
3.5.3 dynamic adjustment
AC supports dynamic flow control function, by setting a threshold, when the rate is too low by the whole bandwidth to automatically adjust the release of more bandwidth resources, make efficient use of bandwidth, avoid waste, is more effective than the traditional single, rigid flow control method to improve the bandwidth utilization rate.
3.5.4 bandwidth statistics and management
AC data center statistics and trends, reports and so on the network behavior of Intranet users. With graphical reports, curves, and statistical results, IT managers can easily control network behavior, distribution, and bandwidth usage.
At the same time, based on the AC (user group), intelligent control application type, site type, file type, target IP, detailed classification and allocation of bandwidth resources, such as the protection of the leadership of the video conference, market access, industry website design department CAD file transfer behavior get guarantee of the bandwidth, improve the bandwidth efficiency of institutions.
3.6 terminal access security
3.6.1 antivirus, Trojan horse
In the intranet users access Internet, often to download some files contain malicious viruses inadvertently, these viruses are usually highly destructive, serious when can cause the collapse of a computer system, so that employees can work normally. And if you use Internet Security desktop in the Internet process, you can effectively prevent these viruses program damage to the machine.
When the user use the secure desktop Internet, file, registry files and registry redirection technology make this machine has been protected, and access the directory permissions function cannot access the virus infection and the internal documents, effectively prevent the virus on the system of the machine broken, anti-virus software to compensate for the lack of security incidents prior protection. Internet Security desktop using the world's leading sandbox technology to ensure that it can bring users a clean, secure network application environment, allowing users to use, and no longer plagued by viruses, Trojans flooding.
At the same time, AC has the gateway anti-virus function, carries on the virus filtration to the mail which the intranet user receives, the visiting web page, the downloading document, reduces the intranet user to infect the virus the risk.
3.6.2 intercept bad Web pages
AC built-in automatic update of the massive URL library, including pornography, reactionary classification, hidden in such sites in danger will be AC filtering; AC allows the user to manually add the new URL classification; then filter the user through the search engine search keywords, keyword filtering URL address and web page text keywords, to achieve a comprehensive filtering on the web. To reduce the network users to access web pages may bad and dangerous.
Phishing sites that fake online banks, encrypted reactionary websites and so on, show that "encryption" has become a trend, and the majority of equipment in the industry can not control the SSL encrypted web pages. AC links black and white list technology through certificate verification, filters SSL sites containing incredible digital certificates, and implements filtering of SSL encrypted pornography, cults, phishing sites, and so on.
3.6.3 file transfer control
For QQ, MSN and other IM software viruses, through to lure users to download the specified file or open the specified URL link and communication; "AC" intercepting "measures will prevent users from accessing the virus containing URL address; AC can also limit the use of QQ and MSN file transfer.
Files downloaded from the Internet through HTTP and FTP often open or run, causing users to infect viruses, Trojans, and even paralysis. The risk of "infection point" will wait for an outbreak, more users infected, paralyzed the entire network. And this kind of behavior and flow through AC, AC first restrict users to download specified types of files through HTTP, FTP upload, to allow the transmission of documents, AC gateway antivirus virus and Trojan hidden will be killing the file.
3.7 avoid leaks and legal risks
Internet behavior management system after deployment, through the definition of key way to send mail, online search, online publishing, file outward behavior such as filtering, so as to avoid the leakage of sensitive information problems caused economic losses to the enterprise. At the same time, effective prevention of bad information dissemination behavior, to avoid legal disputes. Even if the occurrence of adverse information behavior, also can through the implementation of audit records to the network behavior of Internet users, can be in the event of network violations through the audit log tracing responsible person, avoid the enterprise bear the corresponding legal responsibility.
At the same time, according to the rules of the Internet Security desktop machine data files were isolated, any program within the secure desktop trying to obtain isolated file data of the machine will be prohibited, to prevent the terminal after the Trojan invasion file information was stolen, so as to help users to effectively protect the security of sensitive data.

 

Solutions

© 2000-2024 Suzhou HuaSu Info-Tech Co., Ltd.   |   Su ICP 16051456号-1

              Technical support:HUICHENG

Online
Baidu
sogou