With the rapid development of the construction of the garden network, the school has become increasingly dependent on the network, and at the same time, the network application on the campus network is also changing with each passing day. This puts forward new requirements for network security and operability for campus network construction. How can network security be detected to prevent viruses, network attacks, and achieve network security? In terms of operation, how to achieve flexible operation and how to prevent illegal users from enjoying network resources? To ensure the return of the school's investment in the network, how to monitor the application of the network, and ensure that the students are using a healthy and progressive network. Dinglian Network Co., Ltd. urgently needs these network constructions, and organizes a dedicated R & D team. After efforts, it proposes: a highly secure, operable, and healthy campus network.
Intranet security --- virus, monitoring
Network security is an important factor that hinders the development of the network. In the construction of campus networks, network security is also an important aspect to be considered. Network security is mainly divided into internal network security and external network security. At present, most network constructions use firewalls, but most firewalls can only control external network security. Like a country with a strong defense force that resists invasion by foreign enemies, it is incredible that there is no police. The network has a powerful firewall at the border, but it cannot be counted as a secure network without good monitoring inside the network. Nowadays, the applications of the internal network are becoming more and more complex. Most applications on the internal network are very important, even strictly confidential. Once there are incidents of confidentiality and destruction, serious consequences will occur. All these have made the intranet security issue more and more important and prominent. Now the real security of the network should come from within the network. Through long-term efforts, Dinglian Network has proposed two effective internal network solutions for intranet virus prevention and internal network security monitoring.
1. Intranet virus prevention
The application of various types of websites and programs has caused the proliferation of viruses, which has a serious impact on network security. At the same time, students often use removable storage devices to copy files on different computers, causing virus infections. Once there is a computer virus in the entire network, the virus will quickly spread in the network, causing the entire network to be paralyzed, which brings great trouble to the maintenance of the campus network. Dinglian Network puts forward a security solution in front of the virus security intelligent point, that is, implements different virus security policies on the network's converged Layer 3 switches.
Dinglian Network can detect viruses on specific computers by setting the corresponding virus strategy on the switch machine and cooperating with the authentication client software of Dinglian Network. When the switch detects a virus, the switch immediately issues a message to the user to prompt the user to kill the virus, and starts the time program configured by the network administrator to disconnect the user. For example, the time set by the administrator is 2 hours. , Open the user's network, and check whether there is a virus again. If the user has killed the virus, open it for him. If it is not killed, continue to close, and then cycle detection for 2 hours, until the virus is killed. This strategy makes it possible that computers with viruses cannot use the network. At the same time, the network center also knows that a specific user has a virus, which helps network administrators locate and find the source of the virus and ensure that the entire network is virus-free.
2. Intranet security monitoring
In response to the current situation of weak intranet security, Dinglian Network Co., Ltd. is the first in the industry to launch a security product that can implement intranet personal access control and access tracking. It is the first secure routing switch that integrates broadband access, security control and access tracking. It can do what the firewall previously wanted but could not do, that is, move the outbound access security control to the user. Access Point. It has reformed the traditional network security model and thinking, and overcomes the shortcomings of the traditional network of "foreign power and medium strength".
The traditional network monitoring is through network port mirroring or packet capture software. Through the analysis of the data packets flowing through the switch to determine the user's use of the network, this method has two biggest disadvantages. One is: analysis of data packets High professional knowledge is required, and the average staff cannot complete it. The second is: if problems are found, they cannot be solved automatically.
Dinglian Network has developed a network monitoring software that cooperates with its own three-layer switch to achieve real-time monitoring of the network. These monitoring include: real-time recording of screen snapshots of computer workbenches; and playback of recorded historical images at any time through a replayer. You can freely select the time interval for each screen snapshot; monitor one or more workstations and other functions at the same time. At the same time, it also has the control function for the user. Including: Only users with a USB key and password can access the Internet on a designated computer, prohibit the use of designated applications, prohibit or only run designated websites, lock the workstation and log off, restart or shut down the workstation.
Analyze and classify the monitored data.
The application of Dinglian Network's network monitoring on campus network can know the students' Internet access, even if they find and prevent students from accessing unhealthy websites. Correctly guide students to use the Internet to ensure that students are not affected by bad networks.
Realize network operation ----- anti-agent and anti-counterfeiting
Network operation is actually the management of network users. The best solution for the management of network users is through authentication. Only authentication can use the network. Among the many authentication methods, IEEE 802.1x passes the authentication method and The authentication system structure is optimized, which effectively solves the problems caused by the traditional PPPoE and Web / Portal authentication methods, eliminates network bottlenecks, reduces network encapsulation overhead, and reduces network construction costs, thus becoming a hot spot for current campus network selection . Through the use of 802.1x witness protocol, the campus network is simple, efficient, easy to implement, safe and reliable, and easy to operate.
However, the basic idea of ​​traditional 802.1x is port control. The concept of "port" can be a physical port, which is generally implemented on a layer 2 switch. All switches that need to be accessed must support the 802.1x protocol to achieve the entire network. Certification. This has weaknesses such as high requirements for access layer switches, simple functions, and inconvenient management. Dinglian Network analyzes the needs of users and proposes a stream-based authentication method. The flow-based authentication means that the switch can use the MAC address, VLAN, IP, etc. of the user equipment to implement authentication and control, that is, it does not need to correspond to the physical port, but is based on user authentication control, and multiple physical users can be implemented on one physical port. Access control. The switching equipment at the access layer does not need to support 802.1x. At the same time, it can solve the problems that traditional 802.1x cannot solve, but it is very important for operations, such as proxy, fake IP and MAC, fake DHCP SEVER.
1. Anti-agent
At present, in the construction of campus network, it is very common to install proxy server software on the machine where the client is located to share the same account with multiple people. For example, the network sharing function provided by Wingate, Sygate, Windows or using the SOHO router to achieve network sharing. In this way, the school provides students with an Internet line, which will be used by multiple students, greatly consuming network resources, and causing great losses to the school's operation. Using the 802.1x extension function and 802.1x client on the top-tier Layer 3 switch, you can prevent non-authenticated users from using the agent software to use the service or access network resources from the authenticated port. You need to detect the proxy user and proxy For the proxy relationship between servers, authenticated clients are used as proxy servers. It is true that only one user can access the Internet by providing a network port in the school.
2. Professional anti-counterfeiting
Students are a restless and curious group. On the one hand, they will use the school network as an experimental environment to test various network functions. On the other hand, they are constantly looking for ways to get rid of the school ’s use of student network resources. control. In addition to the proxy, fake DHCP SEVER and fake IP and MAC have brought great trouble to the school's operation and management. Some active students use their computers and operating systems to configure a DHCP SEVER to enable computers on the network to learn the IP address from the fake DHCP SEVER, resulting in legitimate users not being able to learn the correct IP address provided by DHCP and unable to use network resources . The Dinglian network cooperates with the client software at the converged Layer 3 switch. If it finds a fake DHCP SEVER, it will immediately seal off the account and prevent him from enjoying network resources.
The traditional authentication method is to determine whether the physical port is legal by IP and MAC address. If the legal IP and MAC address information is received at the authentication end, it is considered to be a combined
Sweep, welcome attention
Official WeChat of Educational Equipment Procurement Network
Master the latest and most authoritative information in the education equipment industry
Copyright and Disclaimer:
â‘ The copyright of all works on this website that indicate "Source: China Education Equipment Purchasing Network" belongs to China Education Equipment Purchasing Network, and may not be reproduced, edited or used in other ways without authorization from this website. Works that have been authorized by this website should be used within the scope of authorization, and indicate "Source: China Education Equipment Purchase Network". Violators of this website will be held accountable for legal liabilities.
â‘¡ All works on this website that indicate "Source: XXX (non-this website)" are reproduced from other media. The purpose of this reprint is to transmit more information. This does not mean that this website agrees with its views and is responsible for its authenticity. Take direct responsibility and joint liability for infringement of such works. If other media, websites or individuals download and use it from this website, they must keep the "source of the manuscript" indicated on this website, and bear the legal responsibility of copyright and other.
â‘¢ If the content of the work, copyright and other issues are involved, please contact this website within two weeks from the date of publication of the work, otherwise it is deemed to waive the relevant rights.
Biodegradable Office Bags For Women,Best Office Backpack,Biodegradable Office Backpack,Office Bags For Ladies
DongGuan Sengtor Plastics Products Co., Ltd. , https://www.sentebio.com