18岁末年禁止观看试看一分钟

1.0 Intelligent Campus Network Solution 2.0 IDC Data Center Network Solution 3.0 Enterprise Cloud Solutions 4.0 Overall Information Security Solution 5.0 Smart Wireless Total Solution 6.0 HD Video Conference Solution 7.0 IDC Computer Room Construction Solution 8.0 Intelligent Weak Current Solution 9.0 Intelligent Building Solution 10.0 Intelligent Management Center Overall Solution
solution

1.0 Intelligent Campus Network Solution

2.0 IDC Data Center Network Solution

3.0 Enterprise Cloud Solutions

4.0 Overall Information Security Solution

5.0 Smart Wireless Total Solution

6.0 HD Video Conference Solution

7.0 IDC Computer Room Construction Solution

8.0 Intelligent Weak Current Solution

9.0 Intelligent Building Solution

10.0 Intelligent Management Center Overall Solution

4.3 Data Center Security Solutions
4.3 Data Center Security Solutions
Date: 2018-07-13


Data center security background

    Large data concentration is an inevitable requirement for intensive and refined data management, and it is an effective means for enterprises to optimize business processes and management processes. The data center DC is the product of a large concentration of IT construction data. As a centralized area for business deployment, release, and storage, the data center carries the core data and confidential information of the business. For malicious attackers, the data center is always the most attractive target. Therefore, the security construction of data centers, especially "cloud data centers", is extremely important. In the past, the security construction of data centers was mainly based on the security isolation of various regions, isolating security risks from regions such as the internet, intranet, extrane, and achieving network-level access control. But this is far from enough. Anyone who knows a little bit about security can easily download hacking tools from a website, causing great damage to a poorly protected data center. As the attacks gradually moved to the application layer, the security risks of the "cloud data center" moved to the application layer. The application layer security threats faced by the data center were completely incomprehensible based on the traditional firewalls based on the L3-L4 layer. In general, the application layer security threats facing data centers include:

、利用业务开发时期没有对代码的安全进行评估,使得系统可轻易通过web攻击实现对web服务器、数据库的攻击造成数据库信息被窃取的问题 1. During the business development period, the security of the code was not evaluated, so that the system can easily implement the problem of database information being stolen by attacks on the web server and database through web attacks.

、利用服务器操作系统漏洞、应用软件漏洞通过缓冲区溢出、恶意蠕虫、病毒等应用层攻击,获取服务器权限、使服务器瘫痪导致服务器、存储等资源被攻击的问题 2, using the server operating system vulnerabilities, application software through the buffer overflow vulnerabilities, malicious worms, viruses and other application layer attacks, access to server permissions, the server to its knees causing the problem server, storage and other resources to be attacked

、来自其他安全域的病毒、木马、蠕虫的交叉感染,使得数据中心成为“养马场“ 3. Cross-infection of viruses, Trojans, and worms from other security domains, making the data center a "horse farm"

、由于访问控制权限不当、系统误配置导致的敏感信息跨区域传播的问题 4.Problems in transmitting sensitive information across regions due to improper access control permissions and system misconfiguration

、利用协议漏洞对服务器发起的拒绝服务攻击使得服务器无法提供正常服务,导致业务中断等问题 5. Denial-of-service attacks on the server by using protocol vulnerabilities make the server unable to provide normal services, resulting in business interruptions and other problems


 

 

Security data center solutions

    In order to create a secure, efficient and reliable next-generation secure data center solution, a multi-layered security protection architecture structure of the L2-L7 layer is created for the data center to help users minimize security risks and create "safe", "reliable", "Efficient" data centers.

 

Complete and reliable data center security protection system

The data center security solution can provide a complete data center application security protection system at the L2-L7 layer, helping the data center to solve the application layer threats that the traditional firewall cannot work due to the L3-L4 layer.

  • Network security: access control, DOS attack protection, IPSECVPN networking, NAT address translation

  • Application security: Vulnerability attacks, non-secure application control, malicious address protection, virus trojan and worm filtering, application access control

  • 安全:SQL注入、跨站脚本、敏感信息防泄露 Web security: SQL injection, cross-site scripting, leak prevention of sensitive information

  • The device's own security: anti-DOS / DOS attributes, administrator SSL encrypted login, separate management from business and management



Fine-grained visual data center

    The next-generation secure data center can help administrators achieve fine-grained zone division and visual access control through a visual management platform. Different from the five-tuple access control strategy of the traditional firewall, the next-generation firewall can adopt the L3-L7 integrated application control strategy formulated by combining the visualization function and user identification technology, which can provide users with a more refined and intuitive control interface. Complete the operation and maintenance of multiple sets of equipment under the interface to improve work efficiency.

Application layer high-performance data center

    Due to the large concentration of data, data centers often need high-traffic and high-throughput network architectures to support it. In order to achieve strong application-layer processing capabilities, next-generation high-performance firewalls have abandoned traditional firewalls such as NP and ASIC, which are suitable for performing network-layer repetition. The hardware design of the calculation work uses a multi-core parallel processing technology that is more suitable for the flexible computing capabilities of the application layer, which greatly improves the analysis ability of the application layer data.

    At the same time, the firewall uses a single parsing architecture to implement one parsing and one matching of packets, which avoids the problem of UTM performing multiple unpacking and parsing of packets due to multi-module overlays, which effectively improves the application layer efficiency. A key element of single-shot analysis technology is the design of the software architecture to achieve the separation of the network and application planes. By extracting data to the application plane through the "0" copy technology, unified analysis and detection of threat characteristics can be achieved to reduce redundancy. Packet encapsulation for high-performance processing.

Highly reliable data center

    After the data is concentrated, the data center becomes the core bearer area of data and services, and its service availability is a crucial goal for data center construction. To ensure uninterrupted data center business and achieve high reliability, data center security solutions have multiple high reliability guarantees:

、传统关键部件冗余:包括电源、风扇1+1冗余,且支持热插拔 1. Traditional key component redundancy: including 1 + 1 redundancy of power supply and fans, and support hot swap

、存储介质冗余,确保系统稳定运行:硬盘+CF卡,实现存储冗余,在硬盘故障时,CF进行无缝切换,保障系统稳定运行 2. Redundant storage media to ensure the stable operation of the system: hard disk + CF card to achieve storage redundancy. When the hard disk fails, CF seamlessly switches to ensure the stable operation of the system

、设备稳定性:可实现硬件故障bypass保证数据中心稳定性 3, the stability of the device: hardware failure may be implemented to ensure that the data center bypass stability

    The data center security solution can build the L2-L7 layer security protection system structure for the data center to achieve the complete security protection of the data center. At the same time, it uses advanced technologies in availability and reliability to ensure the normal and stable operation of the data center business. Help users build a "safe", "reliable", and "efficient" data center.


© 2016 Guangzhou Mingchuang Network Technology Co., Ltd. All rights reserved Technical support: 35