1.0 Intelligent Campus Network Solution
2.0 IDC Data Center Network Solution
3.0 Enterprise Cloud Solutions
4.0 Overall Information Security Solution
- 4.1 Exit Security Application Solutions
- 4.2 Branch and Mobile Internet Application Solutions
- 4.3 Data Center Security Solutions
- 4.4 Level Protection Comprehensive Solution
- 4.5 Disaster Recovery and Backup Integrated Solution
- 4.0 Overall Information Security Solution
- 4.6 CDP Local Disaster Recovery Solution
- 4.7 Dual-System Disaster Recovery Shared Storage Hot Standby Solution
- 4.8 Mirrored Hot Standby Solution for Dual-machine Disaster Recovery
- 4.9 Desktop Access Scheme
- 4.10 Anti-disclosure security management system for electronic documents
- 4.11 Email Security Overall Solution
5.0 Smart Wireless Total Solution
- 5.1 Cloud wireless solution
- 5.2 Application authentication access solution
- 5.0 Smart Wireless Total Solution
- 5.3 Smart Business Circle Solution
- 5.4 Wireless bridging solution
- 5.5 Elevator Wireless Coverage Solution
- 5.6 Hotel wireless coverage solution
- 5.7 Smart Campus Wireless Solution
- 5.8 Hospital Wireless Solution
- 5.9 Wireless retail solutions for malls
6.0 HD Video Conference Solution
7.0 IDC Computer Room Construction Solution
8.0 Intelligent Weak Current Solution
9.0 Intelligent Building Solution
10.0 Intelligent Management Center Overall Solution
XX 系统网络上 IT 应用的不断增加以及网络中设备的增加，网络边界安全成为最重要的安全问题之一，需要组合型的安全解决方案。 With the continuous increase of IT applications on the XX system network and the increase of equipment in the network, network border security has become one of the most important security issues, and a combined security solution is required.
Overview of Border Security Solutions:
XX 系统边界进行安全防护，首先必须明确哪些网络边界需要防护，这可以通过安全分区来确定。 To protect the XX system boundary, you must first determine which network boundaries need protection, which can be determined by the security partition. The principle of defining security zones is to first define security assets based on business and information sensitivity, and then define security policies and security levels for security assets. For security assets with the same security policy and level, they can be considered to belong to the same security zone. H3C 提出 XX 系统的安全分区模型，主要包括：内网办公区、数据中心区、外联数据区、互联网连接区、对外连接区、网络管理区、广域网连接区等。 Based on the above principles, H3C proposes a security partition model for the XX system, which mainly includes: intranet office area, data center area, external data area, Internet connection area, external connection area, network management area, and WAN connection area. As shown below:
IPS ）为支撑的边界安全解决方案： Referring to the above partitions, considering the main threats on the current network, we propose a border security solution supported by firewalls, antivirus modules, network security monitoring modules, and intrusion prevention systems ( IPS ):
1) 最主流也是最重要的安全产品，是边界安全解决方案的核心。 Firewall: The most mainstream and important security product is the core of the perimeter security solution. IP 地址和 TCP/IP 服务端口等的访问控制；对常见的网络攻击，如拒绝服务攻击、端口扫描、 IP 欺骗、 IP 盗用等进行有效防护；并提供 NAT 地址转换、流量限制、用户认证、 IP 与 MAC 绑定等安全增强措施。 It can partition the entire network, provide access control based on IP addresses and TCP / IP service ports, etc .; effectively protect common network attacks such as denial of service attacks, port scanning, IP spoofing, IP theft, etc .; and provide Security enhancements such as NAT address translation, traffic restriction, user authentication, IP and MAC binding. Because the firewall is deployed at the gateway, you can also integrate the antivirus module and network security monitoring module in the firewall.
2) 通过部署防病毒模块（ ASM ）可以在网关处阻止病毒、木马等威胁的传播，保护网络内部用户免受侵害。 Anti-virus: The deployment of anti-virus module ( ASM ) can prevent the spread of viruses, Trojans and other threats at the gateway and protect users inside the network from intrusion. ASM ），改变了原有被动等待病毒感染的防御模式，实现网络病毒的主动防御，切断病毒在网络边界传递的通道。 The anti-virus module ( ASM ) is adopted to change the original defense mode of passively waiting for virus infection, to realize the active defense of network viruses, and to cut off the passage of viruses at the network boundary.
3) 通过启用流量监控功能可以实时收集网络流量信息，分析网络应用情况，可以识别分析一百多种协议，包括 P2P 等应用层协议。 Network security monitoring: By enabling the traffic monitoring function, network traffic information can be collected in real time, network applications can be analyzed, and more than one hundred protocols can be identified and analyzed, including application layer protocols such as P2P . NSM ）可以将收集的信息存储在本地或远端服务器，为用户提供网络优化和再投资的依据。 The network security monitoring module ( NSM ) can store the collected information on a local or remote server to provide users with a basis for network optimization and reinvestment.
4) 传统的安全解决方案中，防火墙和入侵检测系统 (IDS ， Intrusion DetectionSystem) 已经被普遍接受，但仅仅有防火墙和 IDS 还不足以完全保护网络不受攻击。 Intrusion prevention: In traditional security solutions, firewalls and intrusion detection systems (IDS , Intrusion Detection System ) have been generally accepted, but just firewalls and IDS are not enough to completely protect the network from attacks. IDS 也不能阻挡检测到的攻击。 As a security device at the network layer, a firewall cannot adequately analyze attack signals in application layer protocol data, and IDS cannot block detected attacks. IDS 等基础网络安全产品， IT 部门仍然发现网络的带宽利用率居高不下、应用系统的响应速度越来越慢。 Therefore, even if basic network security products such as firewalls and IDS have been deployed in the network, IT departments still find that the bandwidth utilization of the network is high and the response speed of application systems is getting slower and slower. P2P 、木马等安全威胁日益滋长并演变到应用层面的结果，必须有相应的技术手段和解决方案来解决针对应用层的安全威胁。 The cause of this problem is not the poor network design at the beginning, but the result that security threats such as worms, P2P , and Trojans have grown and evolved to the application level in recent years . There must be corresponding technical means and solutions to address the application layer. Security threat. (IPS, Intrusion Prevention System ) 为代表的应用层安全设备，作为防火墙的重要补充，很好的解决了应用层防御的问题，并且变革了管理员构建网络防御的方式。 Application layer security devices represented by Intrusion Prevention System (IPS, Intrusion Prevention System) , as an important supplement to the firewall, have solved the problem of application layer defense and changed the way administrators build network defenses. IPS 可以检测并直接阻断恶意流量。 With online deployment, IPS can detect and directly block malicious traffic.
Typical deployment of a perimeter security solution:
XX 系统互联网出口部署防火墙（集成防病毒和网络安全监控模块）和 IPS 设备，同时通过防火墙和 IPS 将企业内部网、 DMZ 、数据中心、互联网等安全区域分隔开，并通过制定相应的安全规则，以实现各区域不同级别、不同层次的安全防护。 Deploy firewalls (integrated anti-virus and network security monitoring modules) and IPS devices at the Internet exits of the XX system . At the same time, the firewalls and IPSs are used to separate the security areas such as the corporate intranet, DMZ , data center, and the Internet. Rules to achieve different levels and different levels of security protection in each area.
Border Security Solution Features:
1) 在安全区域规划基础上，在网络边界部署防火墙、 IPS 等安全设备，能够实现网络 2 至 7 层的威胁抵御，形成动态、立体的全面安全防护； Comprehensive protection: On the basis of the security zone planning, deploying security devices such as firewalls and IPS at the network boundary can realize the defense of layer 2-7 threats and form dynamic and three-dimensional comprehensive security protection;
2) 通过 H3C 防火墙和 IPS 的部署，可以形成有效的深层次安全防护。 Deep protection: Through the deployment of H3C firewalls and IPS , effective deep security protection can be formed. P2P 应用禁止和限流、抵抗 DoS/DDoS 的攻击等等。 Such as defense against worm propagation and attacks, banning and limiting P2P applications, resisting DoS / DDoS attacks, and so on.