Online banking secure zoning project of a commercial bank
Project background
The Internet access zone of a commercial bank is primarily used to support Internet-based services, e.g. online banking and IPAD online banking.
The online banking secure zoning project of this commercial bank is expected to realize multilayered security protections through firewalls, IPS and application protection systems and hence guarantee the all-around security of online banking. Link load equalizers were deployed to provide the best routing to Internet users. Server load equalization and content acceleration also enables the release of reliable and high-performance online banking applications to Internet users.
Project scale
ØFour firewalls were adopted for the Internet access zone to isolate the internal network, the Internet server cluster and the external network;
ØWorking and standby firewalls were adopted. Firewalls of different manufacturers are adopted for the internal network and the external network;
ØThe two firewalls of the external network were embedded with IPS hardware modules to prevent intrusions;
ØWEB/transaction server cluster were deployed on DMZ2 and the middleware server cluster was deployed on DMZ1;
ØTwo load equalizers were deployed at the Internet exit;
ØA server load equalizer was deployed on DMZ2 of the online banking zone;
ØTwo WEB firewalls were deployed on DMZ2 of the online banking zone;
ØRemote security evaluation system products were deployed in the internal network administration zone.
Network topology