1. Incomplete firewall solution Many enterprises equal firewall construction to corporate network security solutions, and take firewalls as all for their corporate network security. In fact, firewalls can only serve as the first step towards corporate network theft-proof measures. Firewalls are important, however, they are not a network security solution. To meet the needs of worry-free security, relevant security products and policies are indispensable in addition to necessary firewalls employed for network security mechanism. Some people regard firewalls as gentlemen’s agreement, they are like a gate to a house, with only a few locks maybe. Like a thief able to unlock the gate with a telephone card, some hackers can intrude upon corporate networks with a mere telephone line. Some corporate employees load data units onto their computers, so as to gain access to networks outside. They hardly realize that these data units serve as the back door for hackers to get access to the corporate networks. Without needing deciphering the firewall barriers, hackers are able to gain access to corporate networks just by dialing up to the data units with their own after the corporate employees get off work.
2. Basic elements for choosing network security solution Just as no one can conquer all karaoke parties with only one song, and no one can beat all kungfu masters with only one form of martial art, a mere network security solution cannot deal with all corporate network security problems. Let’s take visiting guests to enterprises as an example. Some companies allow anyone to find anybody in their organizations without undergoing any procedures; some companies ask guests to register with the reception, and even to present their ID cards before allowing them to access; some companies require their employees to accompany the guests after registration; some companies allow guests to be in the meeting room only, and guests can never gain access without special permission. Just like these regulations, different companies have different requirements for their Internet security. Enterprises work out regulations on meeting guests by taking into consideration their scales, possible damages that may result, financial strengths, and so on. Similarly, network security solutions are determined by the following factors: 1. Value of LAN information: the more valuable is the information on the LAN, the more it is coveted by hackers. 2. Result of being hacked: the severity of the result due to intrusion into LAN by hackers. 3. Expense for preventing hackers from intruding: if a company can bear higher expenses for network security, then it can employ better security measures. 4. Expense for remedying damages caused by hackers: it takes a lot of human resources and materials to remedy the damages brought by hackers, so, enterprises shall spend more on their network security. 5. Corporate network scale: if a corporate network is bigger in scale and has more nodes, then it has more weak points to be exploited by hackers, and it means more spending on network security. The above-mentioned factors differ with corporate network environments, time, and personal factors. For example, some enterprises did not need to develop their businesses through the Internet, however, the situation has changed now since they have to find their customers from the Internet, then, it is more important now to consider network security. Network security measures are contradictory to convenience in gaining access to the Internet. For safer networks, it takes more procedures to gain access to the Internet, at the same time, there may be more faults, and sometimes, customers cannot gain access to the Internet. So, the optimal network security solutions shall be chosen according to different corporate models and businesses.
3. Main points for total solution design Construction of network security solutions requires practical experience of designers in network security integration and planning. Specifically, in-depth study and experience is required in network security planning, firewall setup, corporate security policy definition, corporate network application, monitoring and review, as well as personnel identification authentication. In addition, designers have to be familiar with network security related services, technologies and different security product functionalities before they can present the optimal design. Network security design focuses on overall customer security policy definition, and people’s training and management. Generally speaking, the overall network environment including network architecture and application software of the customer shall be understood first, and then corporate security policies shall be discussed. After installation, network security policies’ security shall be tested one by one. Network security planning engineers shall not limit themselves to firewalls for security. Instead, they shall integrate all security products, so as to provide customers with total network security solutions.
4. Why do you need network security management system With the explosive development of network technologies, human being is embracing a quickly-changing information age. While enjoying the convenience brought by high technologies, people are also being disturbed by serious interference and damage, for example, there is one network intrusion case for every 20 seconds globally; great loss results from attacks by hackers on national security and other major administration departments, and the economic loss due to network security in the globe is up to US$100 billion; network environments are polluted by illegal websites; net cafes lack in efficient technical measures, so that network administration is often out of control… To deal with the above-mentioned problems and achieve the optimized network operation, Codex rolls out its up-to-date network security safeguarding and monitoring management system consisting of bandwidth navigation star, network safeguarding star and website navigation star, which converges bandwidth allocation and management, active prevention of attacks by hackers and illegal website and information screening. With supplementary measures to each other in terms of information security, it has been the sole all-inclusive network security solution in the globe. Bandwidth allocation and management is like traffic management in cities. In most cases, good transportation does not derive from traffic, but from road management and use. Bandwidth is in most cases enough for a majority of enterprises, however, too much bandwidth is often wasted on application services such as online chatting and network gaming. Bandwidth navigation star ensures that you can know the status of each and every computer within the network in real time, so as to management and allocate bandwidth and priorities. This provides you with rationally-functioning network services. Network safeguarding star is used for preventing hackers from intrusion. The relationship between the intrusion detection and defense system and the firewall is like that of the guard and x ray at the airport. People are only required to show boarding passes to guards when they enter the airport, however, it is difficult for guards to find whether they have dangerous belongs in their luggage, and this can be solved only by x ray. The network safeguarding star, lie a super x ray machine, provides you with a network detection and defense system of active functioning and up-to-top-layer detection. It is able to prevent all kinds of network attacks, keep a record of attacks, ensures normal network services and information security, and collect statistics of attacks. The website navigation star is able to effectively prevent users from browsing websites containing illegal contents such as porn, violence, gambling and drugs. The product employs super high-speed network processor hardware architecture to achieve the optimized screening, and supports broadband network operation environment such as gigabit networks; by employing super high-speed data packet comparison processing technique, it will not affect users’ connecting speed; with a built-in database containing information on 500 thousand illegal websites, the product can expand the number of websites to 2 million. With intelligent training models and semantics identification system, the product can under full-automatic update and block illegal websites without resorting to human power; it can find out the IP addresses of any computers attempting to gain access to illegal websites, with registered logs and report system, so as to prevent users from altering the website. If several people plot together to set up an illegal website not connected to various portal websites or related websites with altered addresses, and any one of them attempts to access, the product can actively track and record the information.
Add:A608,Shenzhen Academy of Aerospace Technology The Tenth Kejinan Road,High-tech Zone,Nanshan Dist.,Shenzhen,P.R.China TEL:86-0755-26428519、26429178 FAX:86-0755-86036769、88317687 Copyright (c) 2009 Shenzhen Condex Technologies Co.,Ltd.
