1.0 Intelligent Campus Network Solution
2.0 IDC Data Center Network Solution
3.0 Enterprise Cloud Solutions
4.0 Overall Information Security Solution
- 4.1 Exit Security Application Solutions
- 4.2 Branch and Mobile Internet Application Solutions
- 4.3 Data Center Security Solutions
- 4.4 Level Protection Comprehensive Solution
- 4.5 Disaster Recovery and Backup Integrated Solution
- 4.0 Overall Information Security Solution
- 4.6 CDP Local Disaster Recovery Solution
- 4.7 Dual-System Disaster Recovery Shared Storage Hot Standby Solution
- 4.8 Mirrored Hot Standby Solution for Dual-machine Disaster Recovery
- 4.9 Desktop Access Scheme
- 4.10 Anti-disclosure security management system for electronic documents
- 4.11 Email Security Overall Solution
5.0 Smart Wireless Total Solution
- 5.1 Cloud wireless solution
- 5.2 Application authentication access solution
- 5.0 Smart Wireless Total Solution
- 5.3 Smart Business Circle Solution
- 5.4 Wireless bridging solution
- 5.5 Elevator Wireless Coverage Solution
- 5.6 Hotel wireless coverage solution
- 5.7 Smart Campus Wireless Solution
- 5.8 Hospital Wireless Solution
- 5.9 Wireless retail solutions for malls
6.0 HD Video Conference Solution
7.0 IDC Computer Room Construction Solution
8.0 Intelligent Weak Current Solution
9.0 Intelligent Building Solution
10.0 Intelligent Management Center Overall Solution
项目建设目标、内容及建设周期 1 Project construction objectives, content and construction cycle
1.1 overall goal
According to the safety objectives of different rating systems, after the construction is completed, the following capabilities are required:
Has the ability to resist small-scale, weaker-level malicious attacks, the ability to resist general natural disasters, and the ability to prevent general computer viruses and malicious code; the ability to detect common attacks and record security events; the system After being damaged, it has the ability to restore the normal operating status of the system (secondary system target).
Requires the ability to resist large-scale and strong malicious attacks, the ability to resist more severe natural disasters, and the ability to prevent computer viruses and malicious code under the unified security protection strategy; have the ability to detect, detect, alert, and record intrusion behaviors Ability to respond to security incidents and track security responsibilities; After the system suffers damage, it has the ability to quickly resume normal operation; For systems with high service support requirements, it should be able to quickly return to normal Operating status; ability to centrally control system resources, users, security mechanisms, etc. (three-level system goals).
Through this safety construction rectification work, the following five goals have been achieved:
(1) Significant improvement in safety management;
(2) Obviously enhanced security capabilities;
(3) Significant reductions in hidden safety hazards and accidents;
(4) Effectively guarantee the healthy development of informatization;
(5) Effectively safeguard national security, social order and public interests.
2.2 Construction content
According to the "Basic Requirements for Network Security Level Protection", implement security guarantee measures such as physical and environmental security, network and communication security, equipment and computing security, and application and data security; implement the information security responsibility system, establish and implement various security management strategies and System, establishment of safety management agencies and personnel, safety construction management and safety operation and maintenance management. The details are as follows:
2 Overall design route
2.1 Systematic design method
Based on the equal protection and protection security framework as the basis and reference, on the premise of meeting national laws, regulations and standard systems, through the security design of one center and three protections, a comprehensive network security protection system is formed. Systematically design security solutions to fully meet the requirements of hierarchical protection security and strategic goals of unit network security. The hierarchical protection security framework is as follows:
2.2 Hierarchical design method
Level protection policies, standards, guidelines, and other documents require that the objects to be protected be divided into regions and graded, and different objects to be protected be protected from physical and environmental protection, communication network security, network border security, host device security, and applications and data Various aspects such as safety protection are designed with different levels of safety protection. At the same time, a unified security management center guarantees effective coordination and integrated management of security management measures and protection, and ensures the effective operation and implementation of security measures and management.
3 Level Protection 2.0 Framework
Based on the relevant standards and requirements of Level Protection 2.0 and the latest domestic and foreign security protection system models, the basic starting point is to ensure the safe and efficient operation of user services, and build the following framework:
The "one center, three protections" as the basic model for hierarchical and sub-domain design to ensure the compliance of the design scheme.
Superimposed three security capabilities of security visibility, dynamic perception, and cooperative defense to build an active defense system to provide continuous security protection.
Through centralized operation and maintenance, security visualization and other humanized technical means, make security operation and maintenance management simpler and more efficient, and bring more than just compliance value to the organization
4 overall network architecture design
5 Security domain division instructions
(1) Internet exit domain
It is necessary to provide multi-link load at the network exit and automatically match the optimal line to ensure network availability and achieve fast access; isolation and access control are required at the Internet exit border to protect the internal network and protect against attacks from layers 2-7 , To monitor and block intrusion events, protect the entire network security domain from common malicious attacks on the external network; identify Internet exit traffic and control traffic to improve bandwidth utilization while ensuring the user ’s online experience; use Network anti-virus, proactively scanning web and email traffic, preventing malicious software from reaching and infecting hosts on the network.
(2) Outbound server domain
This security domain mainly hosts servers and other services that provide external services, including portal front-end servers and Web business servers. An access control policy needs to be set at the DMZ zone boundary, and it must have application-layer attack detection and protection capabilities.
(3) Outreach domain
To interface with the peer private network data, it is necessary to identify the threats in the traffic between the private networks to detect and block intrusions in the traffic.
(4) Terminal access domain
Terminals in the security domain need to have the ability to prevent malicious code, and perform access control on user terminals that access the intranet, and clarify access permissions and accessible network ranges.
(5) Secondary system domain
This security domain mainly carries the more important business information systems of OA office and attendance systems. It is necessary to provide these business information systems with the ability to identify 2-7 layers of security threats and block attacks.
(6) Tertiary system domain
The core business information system of the main bearer unit in this security domain, including the XX information system that needs to be assessed for protection, needs to provide these business information systems with the ability to identify 2-7 layers of security threats and block attacks such as SQL injection, XSS (Cross-Site Scripting Attack), CSRF (Cross-Site Request Forgery Attack), cookie tampering, etc .; data access rights generated by the storage business information system need to be divided, and related operations on data must be audited; sensitive or important data Make a backup.
(7) Other server domains
This security domain mainly hosts general business information systems such as email services, file services, and file sharing. These business information systems need to provide the ability to identify Layer 2-7 security threats and block attacks.
(8) O & M management domain
The description of this area is as follows: This security domain performs centralized management and fine-grained auditing of network operation behaviors in a business environment; it is used to monitor traffic between security domains in the internal network, detect threats in the traffic in real time, and present them uniformly.
6 Safety visual aided decision simplifies operation and maintenance
Cybersecurity needs to "see". Only visible security is true security. Through the visualization of network risks, the security situation is displayed intuitively to achieve more accurate risk analysis and judgment, and more efficient security operation and maintenance and risk disposal.
Visibility is the foundation of security and requires full visibility: visibility of risks, protection processes and results, not fragmented attack visibility.
Provides a visual risk display function, which is enough to display and identify the security risks for website business and access users detected in real-time through graphical reports, such as intrusion risk, real-time vulnerability risk, data risk, and black chain risk. Visual network security platform.
This simple and easy-to-understand and visual security display method solves the problem that the traditional security equipment has many logs and the log display method is too technical, and users cannot quickly understand the actual security status of the organization.
At the same time, the network security level protection solution provides users with network-wide security visibility, early warning, and response to efficiently sense internal advanced security risks; externally, through a large amount of external threat intelligence, to assist in the analysis of advanced security incidents; within the network, in On key nodes in each subdomain, accurate detection information is accurately collected through probes or security equipment. Summarizing external threat intelligence and internal real-world traffic information, using behavior analysis, machine learning, and other algorithms to detect various types of advanced threats lurking inside the network, and through visual methods, finally make us feel that we are safe now? Where is it not safe? What harm it caused and how to deal with it.
7 Dynamic sensing continuous detection
Based on the industry-leading information security concept, using industry-leading big data and artificial intelligence technology security, a security-aware platform has been established to enable timely detection and adoption of effective security policies before security incidents occur, thereby reducing corporate security risks. Situational awareness needs to build a security system from four aspects: "source extraction", "detection analysis", "delivery visualization", and "disposal response".
Technical architecture diagram
(1) New or changed perception of assets
Actively identify new or changed business assets through the business identification engine.
When asset changes are found, incremental assessments are automatically performed on "change assets". Reduce the exposure time of new vulnerabilities online.
(2) Latent threats and risk perception
对绕过边界防御的进入到内网的攻击进行检测，以弥补静态防御的不足。 Collects vulnerability scan information in real time, detects the vulnerability and its hazards, and detects attacks that bypass the border defense and enter the internal network to make up for the lack of static defense.
(3) Security event awareness
Continuously detect the security incidents that have occurred in internal important business assets, and discover the security incidents that have occurred as soon as possible.
(4) Abnormal behavior perception
Continue to detect abnormal behaviors of internal users and business assets, and identify potential risks to reduce possible losses.
The network security level protection solution brings the ability of dynamic sensing and continuous detection to users, and can continuously sense business risks. First show the current status of security from the business dimension, and then let customers see the state of asset collapse from the perspective of the attack chain. Next, provide detailed proofs of the lost assets, let users see the cause and harm of the threat, and provide customers with special killing tools to deal with the recommendations. Finally, we want customers to see how big the impact of this threat is, let customers see the internal abnormal access relationship, who attacked me, and who attacked me? Portraits of the horizontal and outreach activities of the lost assets.
8 Collaborative defense, multi-level linkage
In the past security systems, each security node fought on its own, without substantial interaction. And if these security links can cooperate and complement each other, they will bring better defense effects. The Level Protection 2.0 architecture assists users in building a multi-level security defense system to form threat defense, detection, response, and prediction, forming a closed loop, and responding to various attacks. At the same time, it works in an intelligent and integrated manner to respond to advanced threats. 可以联动行为管理，发生安全事件可及时在用户端告警； 可以通过病毒发现联动，实现内网终端病毒扫描和查杀；还 可以联动数据库审计，做防泄密的分析和追踪等等。 We can link the next-generation firewall to block the communication between Trojans and hackers with one click; we can cooperate with behavior management, and we can alert users in time when security incidents occur ; we can cooperate with virus discovery to achieve intranet terminal virus scanning and killing; Database audit, analysis and tracking of anti-disclosure, etc.
(1) Multi-level response and linkage mechanism