With the application of automated attack tools, the technical threshold of network attack is constantly lowered, and various new attack means such as ransomware virus and mining virus emerge endlessly. How to layout network security construction has become the new mission of information construction of Yunnan Deqing Education Bureau.
Since 2018, Yunnan Deqing Education Bureau has strictly marked the key path of "Education Informatization 2.0 Action Plan" and accumulated the security cognition of "Education Network security Work Seminar". Adhering to the overall policy of "from construction and application to integration and innovation", it has begun to synchronously plan security construction in the process of information construction of education metropolitan area network. Improve the safety protection of information construction.
Focus on education MAN, implementation of network security
With years of network security practice, Ruijie based on the national "network security law" and "grade 2.0" security requirements, combined with the Deqen education MAN business needs for the overall security planning, designed a set of reasonable landing security technical measures and management measures, formed a structured security framework and a new era under the background of the new protection system, Deqing state education MAN safe and stable operation escort.
Based on the "total score" network architecture of MAN, Deqen Education Bureau has connected with several primary and secondary schools. How to meet the requirements of communication transmission security and security region border protection of isoguarantee 2.0 has become an urgent problem to be solved by Deqen Education Bureau. Low-cost traditional UTMs have weak protection capabilities, while the performance of next-generation firewalls deteriorates seriously after full protection at the application layer. Under the premise of limited budget, how to strike a balance between protection capabilities and performance?
Ruijie new next generation firewall to solve this problem, it uses advanced CPU+ASIC hardware chip fusion technology, breakthrough X86 architecture on the application layer data detection performance bottleneck. In terms of security capabilities, it not only supports traditional security functions such as NAT, ACL, and DDoS defense, but also supports various application-level security functions, including virus detection, intrusion detection, APP detection, file filtering, and malicious URL filtering.
Ruijie new next generation firewall fusion architecture
Integrate network and security to build dynamic defense system
Combined with the relevant requirements of equibao 2.0, Ruijie designed and deployed database audit, Web application firewall, intrusion detection and protection system, operation and maintenance fortress machine and big data security platform protection products for Deqen Education Bureau, and built a set of "dynamic defense system" for Deqen Education Bureau.
Based on the "dynamic security" architecture, the overall scheme integrates network and security. Based on compliance, the concept of scenario-based security is integrated into it. It provides users with "one-stop" security evolution ability from three aspects.
Execute the collection layer: execute the security policy required by the network; Collect data and information such as logs, traffic, and files for analysis by the dynamic analysis layer.
Dynamic analysis layer: Analyzes the data and information provided by the "execution collection layer", continuously provides dynamic security threats and risk assessment for users, enables users to grasp the latest security status of the entire network, makes the "security visible", provides the basis for users to make security policy decisions, and delivers security policies to the "execution collection layer" when necessary
Intelligent evolution layer: provides continuous enhancement of security capabilities for "executive collection layer" and "dynamic analysis layer", and achieves sustainable evolution of security capabilities of the whole network.
Dynamic defense system
Among them, the big data security platform RG-BDS, as a key component, associates information assets such as network equipment, server, database, middleware and security equipment in the customer network to help users quickly locate network security problems, and combines the work order system with the sharp security knowledge base to realize the responsibility to people and quickly deal with problems. Make network security events complete closed loop, and realize the dynamic protection of network security.
Big data security platform to build security management center
Meet the requirements of "equal protection", information security is never left behind
Adhering to the core idea of "one center, three protection", the program takes security technology guarantee, security management and operation, security monitoring and early warning, and security emergency response as the key points to assist users in the grading, filing, construction and rectification of isoassurance 2.0, so as to effectively guarantee users' network security. A series of security construction helps users of Deqen Education Bureau pass the isoassurance evaluation smoothly.
Deqen Education Bureau information construction responsible person said, "Through cooperation with Ruijie, we from the security communication network, security area boundary, security computing environment and security management center and other dimensions to ensure the safety, reliable and efficient operation of the Deqen MAN, smoothly passed the security assessment, in line with our security construction of the expected standards."
