Copyright © Huawei Technologies Co., Ltd. 2011. All...
Transcript of Copyright © Huawei Technologies Co., Ltd. 2011. All...
Copyright © Huawei Technologies Co., Ltd. 2011. All rights reserved.
Trademark Notice
General Disclaimer
, HUAWEI, and are trademarks or registered trademarks of Huawei Technologies Co., Ltd.Other trademarks, product, service and company names mentioned are the property of their respective owners.
The information in this document may contain predictive statements including, without limitation, statements regarding the future financial and operating results, future product portfolio, new technology, etc. There are a number of factors that could cause actual results and developments to differ materially from those expressed or implied in the predictive statements. Therefore, such information is provided for reference purpose only and constitutes neither an offer nor an acceptance. Huawei may change the information at any time without notice.
No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd.
Cam
pus Netw
ork Security Solution
1
OverviewEnterprise campus networks are facing increasing
security issues in applications and services, such as
malicious intrusions, Trojan horses, viruses, phishing,
overuse of P2P applications, and threats from
internal users. These issues impact campus network
efficiency and service security. In the information era,
a network must provide very high bandwidth for
emerging applications, such as Web 2.0, P2P video,
and broadband access over cable networks. It has
become a trend to use gigabit switches as desktop
switches and 10G routers or switches as backbone
devices, and many switches and routers provide 10G
ports. As more services are deployed on large-scale
enterprise networks and the network capacity keeps
expanding, traditional security systems have become
a vulnerability on campus networks and cannot
guarantee enterprises' information security.
On a campus network, informat ion leakage,
unauthorized access, slow response or crashing
of devices, interruption of core services, network
breakdown, and other security or availability issues
cause losses to the enterprise. Traditional desktop/
terminal security management solutions cannot force
user terminals to install the authentication client or
effectively prevent attacks. IT administrators have to
spend a lot of time in taking anti-attack measures.
Enterprises require a security solution that can force
user terminals to install the authentication client.
Huawei has an industry-leading network protocol
analysis team and a complete protocol library. Based
on in-depth understanding of security threats to
various network protocols, Huawei endeavors to
provide comprehensive network security solutions and
technical support for customers to deal with security
threats. Huawei information security products and
professional security solutions help build a complete
security system for enterprise campus networks.
PrincipleThrough in-depth understanding of campus network
construction and services, and rich experience in
network and terminal security management, Huawei
has developed a systematic approach to information
security system construction, following the principle of
"creating values for customers."
Cam
pus Netw
ork Security Solution
2
Huawei has a world-leading security capability center
and excellent security solution teams. They use
carrier-grade security hardware products and versatile
software products to provide an environmentally
adaptive and user-friendly security solution with the
following advantages:
Retains original user network topologies and devices • and secures campus networks without degrading network performance and reliability.
Provides better user experience through refined designs • of solutions that are easy to deploy and manage.
Supports flexible configuration of security policies and • reports.
Supports flexible configuration of security policies and • reports and updates them using a cloud knowledge base.
Ensures secure and reliable network operation using • a service continuity design, patented file network fast forwarding technique, and real-time intelligent security monitoring platform.
The Huawei campus network security solution consists
of the following components.
Customer service
High availability
Traffic cleaning
Clear structure
Simple man agement
Disaster recovery
Service in spection gateway(SIG)
Security Routing Gateway
Edge security
Reliable business
Terminal security and data protection soution
Reliable connection
VRN remote access solution
Reliable service
UTM& Firewall edge security solution
Improve efficiencyVisible
Man
agea
ble
Low
cos
t
Increaseprofit
Availability Integration
Acti
ve
protec
tion
Glo
bal
secu
rity
Com
ply
with
st
anda
rds
Protectasset
Rel
iabl
e s
ervi
ceSim
plem
anagement
Security Solution Components
Cam
pus Netw
ork Security Solution
3
Advantages
Campus Edge Security Solution
High performance and reliability
The advanced “NP+mult i -core+distr ibuted” • architecture dramatically improves network performance.
The large capacities of edge devices ensure fast • transmission of key services.
The most stable and reliable security gateways • are deployed at the network edge to ensure service continuity.
High VPN performance allows a large number of • services to be encrypted and transmitted in a timely manner.
Industry-leading UTM features
A comprehensive intrusion protection system (IPS) is • used to prevent various security threats. The signature library can save more than 2500 signature rules, allowing users to identify and analyze attacks efficiently.
Powerful and stable antivirus features are provided, • which can quickly obtain the latest virus characteristics and antivirus engines.
A URL library with more than 55 million URLs ensures
fast filtering and classification of URLs.
A network integrating the routing, switching, Wi-Fi,
3G, and security, reducing network construction costs
Support for flexible expansion and smooth upgrade
An open Encapsulation Security Protocol (ESP)
platform, supporting multi-service expansion
Huawei campus network security
solutionTraffic Cleaning Solutiom
Terminal Security Management Solution
Icache SolutionDIP-based Fine-grained Management Solution
Campus Edge Security Solution
Remote Access Security Solution
Cam
pus Netw
ork Security Solution
4
Terminal Security Management Solution
Comprehensive terminal security management
The admission control feature applies to various • terminals, providing consistent and user-friendly operating environments.
Terminal security is easy to manage, reducing the • overall operation and maintenance workload.
Security policy updates can be obtained from a cloud • knowledge base, making network evolution more flexible.
Powerful file permission management
Dynamic file encryption enhances file security.•
Dynamic file permission control protects files during • transfer and storage.
Various permissions allow for flexible authorization.•
Group policies and policy templates help manage file • permission consistently.
Versatile file formats meet various service requirements.•
This solution provides user management functions • and supports all existing directory management and authentication services.
Remote Access Security Solution
Rich functions
IP VPN functions, including Security Socket Layer (SSL) • VPN and IPS VPN
Virtual VPN gateway •
Flexible configuration
A series of security products help achieve the optimal • configuration.
The maximum number of concurrent users and tunnels • will increase when products are upgraded.
High reliability
Enhanced security features are provided, including •
CA authentication, UKEY authentication, and RSA authentication.
Well-designed hardware and software are capable of • providing 24/7 services.
Easy maintenance
Supports unified security management of remote • access devices.
Supports multiple management modes, such as CLI,
web, and SNMP.
Traffic Cleaning Solution
Most excellent solution
Excellent performance: 160 Gbit/s capacity to defend • against large-scale attacks
Excellent fault detection: DPI technology, effectively • protecting the network against DDoS attacks
Excellent response speed: quick response to attacks in • seconds, ensuring stable network operation
Excellent reliability: 99.9999% availability, providing a • reliable network environment
Easiest solution
Easy to manage: low OPEX•
Easy to expand: low network expansion costs•
DPI-based Fine-grained Management Solution
Powerful traffic identification
Multiple DPI features are provided, including • feature identification, association identification, behavior identification, and dynamic decryption. These DPI features can identify more than 20 types of services (such as P2P, VoIP, instant messaging, video, game, and stock), 850 protocols, and 1000 applications.
Cam
pus Netw
ork Security Solution
5
The knowledge base supports manual upgrade and • automatic upgrade. Automatic upgrade does not require manual operations of administrators and will not interrupt running services, facilitating management.
Fine-grained traffic management
Analyzes traffic on the entire campus network.•
Controls traffic rate based on applications and users.•
Reducing network congestions and reducing costs on
egress bandwidth expansion
ICache Solution
Combination of traffic control and traffic caching
The iCache devices work with Huawei DPI devices to • combine traffic control and traffic caching. This prevents low-value traffic from occupying bandwidth of high-value traffic, improving user experience.
High scalability
The iCache solution uses a distributed network • structure. The iCache system performance can be improved quickly by simply increasing iCache devices on the network. Upgrade of the iCache system does not affect running services. Functions on one iCache device can be migrated to other iCache devices flexibly, improving device utilization.
Comprehensive traffic caching
The iCache system platform can identify various • protocols and cache traffic of services such as web browsing, P2P downloading, HTTP downloading, and online video. As the platform develops, it will be able to cache the traffic of more services.
Uniform and simple management
Huawei provides an NMS to manage the DPI and •
iCache systems. The NMS has user-friendly GUIs that are easy to navigate and provides various traffic statistical reports.
High reliability
The P2P and video traffic caching system is connected • to the carrier network in bypass mode and cache traffic using port mirroring or optical splitters. This deployment mode does not change the carrier network structure or deteriorate the carrier network performance. Key components work in redundancy mode; therefore, services will not be interrupted when a disk or a device fails.
Energy conservation
Following the principle of environmental protection, • the iCache solution uses mult iple energy-saving technologies, including hard disk soft start, hard disk sleeping, and intelligent fan speed control. In addition, iCache devices use highly efficient power modules, low-power interface cards, and low-power chips. These energy-saving technologies and components dramatically reduce customers' OPEX.