Hello everyone, today I will introduce network security related content.
introduction
With the continuous growth of network scale and business applications, and the gradual increase of security incidents, in the aspect of network security construction, users often realize the effective protection of information network through multiple security equipment. In many security devices, consider how to network, can better efficient protection of enterprise network.
Network security equipment
Common network security devices can be divided into three levels, security management, network and technology security and terminal security.Among them, we can comb through in detail:ESight: Manages network, equipment room facilities, servers, storage devices, applications, communication cooperation, and video surveillance devices in a unified manner.LogCenter: Comprehensively and accurately manages and presents security events in a unified manner.FireHunter: The new generation of high-performance APT threat detection system launched by Huawei company detects the files transmitted on the network in a virtual environment by restoring the network traffic mirrored by switches or traditional security devices, and realizes the detection of unknown malicious files.WAF: Web application protection.UMA: A platform for unified IT core resource o&M management and security audit. Through centralized management and control of accounts, authentication, authorization, and audit of VARIOUS IT resources, the UMA implements centralized o&M access, authentication, authorization, and audit functions, meeting users' requirements for O&M management, internal control, and external audit.AntiDDoS: anti-ddos defense system.NGFW: next-generation firewall.VNGFW: software NGFW deployed on a VM.SVN: secure access gateway, an integrated VPN solution.NIP: Huawei next-generation intrusion prevention system.Agile Controller: User - and application-based automation control system for network resources.
NGFW
The USG6000 is a 10-gigabit campus next-generation firewall developed by Huawei for medium - and large-sized enterprises and next-generation data centers.
The USG6000 supports 6300+ application identification, which is the largest in the industry, and combines VPN intrusion prevention and virus prevention with traditional firewalls Data leakage prevention and other security functions in one, open multiple protection still maintain high performance, help enterprises to build the future of the next generation network security protection more.
vNGFW
The virtualized NGFW provides features such as elastic extension, flexible orchestration, and tenant - oriented security.
In short, vNGFW addresses virtualization security challenges.
With the development and application of cloud computing technology, traditional data centers are changing to cloud data centers. At the same time, new virtual network security problems, such as VM attacks on hypervisors, attacks and sniffs between VMS, and availability loss of virtual networks, appear.The Huawei USG6000V is a pure software product that runs on standard server VMS. It provides comprehensive software-based virtual network security protection for cloud data centers and NFV scenarios. Rapid deployment of security capabilities is achieved through software-defined security. Rich next-generation firewall features provide rich security service operation and protection for customers' virtual networks.
With the rapid development of today's network business, enterprise must extend its Intranet applications such as OA, ERP, CRM, SCM services access field of resources and data resources, in order to satisfy the demands of more and more remote access, access, such as branch partners access, client access, employee access, mobile access, home office access, etc. The network environment for access is increasingly complex. In addition to managed branch network and partner network access, there is also the need to consider access from decentralized, poorly managed home networks and public WiFi, 3G/4G networks; More and more access devices are used. In addition to traditional fixed access terminals (including PCS and laptops), the demand for intelligent terminals to access enterprise networks is increasing. To provide fast and timely business capabilities, enterprises must ensure that legitimate users in various complex network environments and using different access terminals can access enterprise information resources on the Intranet quickly, conveniently and securely. At the same time, enterprises must ensure the security of the Intranet.The SVN5600/5800 is a new-generation secure access gateway marketed by Huawei for large and medium-sized enterprises, governments, and carriers. It supports up to 100,000 concurrent online users, offering comprehensive security protection, rich terminal support, agile access experience, flexible networking adaptability, and carrier-class reliability. It can meet the needs of enterprises of different scales, such as remote access, mobile office, and branch interconnection, improve enterprise work efficiency, and ensure consistent user experience.
NIP6000
The NIP6000 plays a key role in Internet border protection, IDC/ server farms, branch interconnection, and department internal protection[1].
The NIP6000 is huawei's next-generation intrusion prevention system. It is mainly applied to enterprise, IDC, campus, and carrier networks to ensure application and traffic security for customers.Based on the traditional Intrusion Prevention System (IPS) product, the NIP6000 series can detect the protected network environment, deep application, content, and defend against unknown threats, achieving more accurate detection and optimized management experience. To better protect the security of customer applications and services, and protect the network infrastructure, servers, clients, and network bandwidth performance.
References
[1] Huawei. HUAWEI NIP6600 series[EB/OL]. [2019]. https://support.huawei.com/enterprise/zh/security/nip6600-pid-21107678.
