1.0 Intelligent Campus Network Solution
2.0 IDC Data Center Network Solution
3.0 Enterprise Cloud Solutions
4.0 Overall Information Security Solution
- 4.1 Exit Security Application Solutions
- 4.2 Branch and Mobile Internet Application Solutions
- 4.3 Data Center Security Solutions
- 4.4 Level Protection Comprehensive Solution
- 4.5 Disaster Recovery and Backup Integrated Solution
- 4.0 Overall Information Security Solution
- 4.6 CDP Local Disaster Recovery Solution
- 4.7 Dual-System Disaster Recovery Shared Storage Hot Standby Solution
- 4.8 Mirrored Hot Standby Solution for Dual-machine Disaster Recovery
- 4.9 Desktop Access Scheme
- 4.10 Anti-disclosure security management system for electronic documents
- 4.11 Email Security Overall Solution
5.0 Smart Wireless Total Solution
- 5.1 Cloud wireless solution
- 5.2 Application authentication access solution
- 5.0 Smart Wireless Total Solution
- 5.3 Smart Business Circle Solution
- 5.4 Wireless bridging solution
- 5.5 Elevator Wireless Coverage Solution
- 5.6 Hotel wireless coverage solution
- 5.7 Smart Campus Wireless Solution
- 5.8 Hospital Wireless Solution
- 5.9 Wireless retail solutions for malls
6.0 HD Video Conference Solution
7.0 IDC Computer Room Construction Solution
8.0 Intelligent Weak Current Solution
9.0 Intelligent Building Solution
10.0 Intelligent Management Center Overall Solution
项目概述 1 project overview
Now, with the rapid development of enterprises, the corresponding business systems are more and more, and general enterprise units are gradually beginning to apply OA, ERP, CRM, various financial software, etc., and various business operations are increasingly dependent on network operations. The higher.
With the increase in the scale of enterprises and institutions, the number of branches has further increased, and the geographically dispersed and flexible office space has generated a lot of mobile office demand. However, the north-south and complex network environment of Chinese telecom operators has brought significant difficulties to the secure access and fast transmission of mobile offices. At the same time, third-party vendors, partners, customers, etc., have access to the company The demand for corresponding business systems for web applications is also gradually apparent. How to allow mobile office users and third-party organizations to securely access the headquarters intranet, quickly operate business systems and perform data transmission, so that the right people can use the right systems?
2.1 Strong data encryption: VPN supports DES, 3DES, AES, RC4 and other international mainstream encryption algorithms. It is an IPSec / SSL integrated device based on IPSec national standards and SSL national standards. The strong encryption of the data guarantees the absolute security of the data.
2.2 Network-wide "Local Area Network" Construction: Establish a virtual private network between the headquarters and the branch through IPSec VPN, and enable inter-tunnel routing to build an IPSec tunnel from branch to branch office to achieve the entire network VPN "Local Area Network" Construct. At the same time, the VPN device is an IPSec / SSL two-in-one VPN device. While realizing the establishment of an IPSec VPN tunnel between the network, it also supports business travelers and small branch employees to establish an SSL VPN tunnel through the browser to the network where the application server is located. Wherever you go, you can make the LAN “extend” wherever you go, truly achieving the entire company ’s entire network “LAN”.
2.3 Detailed permission division: IPSec VPN implements service-based and user-based permission division, down to IP and ports. Through the setting of "role", SSL VPN binds users, user groups, and application resources, and can grant users and user groups access rights without applications at different times by checking authorization rules based on time-based clients. Detailed grouping of user groups, time, and applications. Combine with each other to build a secure Internet.
2.4 Integrating multiple acceleration technologies: VPN combines multiple acceleration technologies to improve data transmission speed in three aspects: data reduction, line optimization, and transmission speed improvement. Stream buffer technology, B / S, C / S compression will reduce redundant data, HTP fast transmission protocol, FLASH LINK technology to optimize the line for packet loss and delay, using multi-line technology, Web optimization, Web Cache, resource load balancing, and IP services accelerate data transmission to create the "fastest" VPN application access.
2.5 Combination of multiple authentication methods: To address the insufficient security strength of single user name / password authentication for mobile users, VPN supports a combination of multiple authentication methods "AND" and "OR", including SMS authentication, CA authentication, LDAP, Multiple methods of RADIUS and dynamic token cards enhance the security of authentication.
2.6 Client security check: The VPN supports the client's security detection strategy. It checks the client's operating system, registry, processes, files, access line IP, access line time, login IP and other information to the client. Comprehensive detection and operations that allow / disallow access or grant access to different applications. Control the security risks brought by terminal access from the source to ensure the security of the headquarters.
2.7 Secure Desktop Technology: You can specify that some or all applications with high data security requirements must be placed in a secure desktop to access. When the client logs in to the SSL VPN, the application will be used in a closed secure desktop generated by the client through virtual technology, and the data interacted by the application with the server will be strongly encrypted. When in use, the data in this secure desktop cannot be copied to the default desktop, it cannot be communicated with the host on the LAN or the external network through the network, and it cannot be copied out through peripheral devices such as USB. When the user exits the SSL VPN, all the data in the secure desktop will be destroyed at the same time, and various data of the application accessed through the SSL VPN will be completely cleaned out of the machine, ensuring the data security during the application access process and after the SSL VPN exits.
2.8 Terminal Ease of Use: IPSec VPN builds a "Large Local Area Network" by opening network layer connections to access users, eliminating the need for any configuration on the client to achieve transparent mutual access by users. SSL VPN can access intranet resources through a browser without installing client software. It also supports single sign-on for B / S and C / S applications. After users pass the authentication and log in to the SSL VPN, they can directly open the corresponding resources for access to intranet applications. There is no need to repeatedly enter the username and password, which greatly reduces The complexity of accessing the intranet office on the terminal.
2.9 Hierarchical management of administrators: VPN supports up to 16 levels of multi-level administrators. The upper-level administrators can perform corresponding permission settings and mandatory inheritance of their lower-level administrators, which not only conforms to the structure of the organization's network management, but also ensures that Manage configuration consistency.
3 Program value
Provides security functions such as unified security access, identity authentication, data encryption, access control, and user behavior auditing based on national secret algorithms for mobile office system applications. Provide SDK tools to seamlessly interface with existing application systems and quickly improve mobile office security.
4 Solution Advantage
Data encrypted transmission
The national secret algorithm is used to implement mobile office system data transmission encryption and user identity authentication. It can support SM2, SM3, SM4, SM9, and AES, 3DES, RSA, and SHA2 algorithms.
The two-way authentication of mobile office personnel and the server is realized, which effectively avoids security threats such as impersonation login, man-in-the-middle attacks, dragging, and hitting the database.
Granular access control
Provides detailed access control functions, which can be based on access control of various objects, such as user identity, IP address, protocol, port, time, user group, etc.
Massive user access
The TLS transmission protocol is optimized to achieve high concurrent processing capabilities. A single device can handle more than 20,000 users' simultaneous access.
Diverse system support
Support Android, iOS, Linux, windows mobile office access. Mobile workers can also use USBKEY for remote secure access.
Provides rich client access SDKs, which can be integrated with existing application system APPs to achieve rapid and secure upgrade of application systems and solve the security problems faced by traditional application system data transmission and identity authentication.