Network security project of a large-size enterprise

Project background

A large-size enterprise that enjoys a leading share in the sports supplies market for many years running. Its information security project aims to establish a complete network and information security system to guarantee the physical security, platform security, data and information content security and information infrastructure security of the computer network. The focus of the project is to guarantee the security of the data center and Tier-1 trunk network and the goal is to protect against malicious damages and attacks on the system caused by hackers, worms, viruses and malicious code.

In order to control illegal accesses to the network and prevent Tier-2 to Tier-4 attacks on the network, it is necessary to deploy a firewall to check and filter the flows in the Tier-1 trunk network and prevent worm viruses and DOS and DDOS attacks.

Project scale

After the project was implemented, dual-core switch redundancy was realized for the nodes at the operating headquarters and the factory headquarters. Two redundant network firewalls were added at Jinjiang node for control of accesses to the core server zone;

An Internet exit was provided at the nodes of the operating headquarters and the factory headquarters. Redundant multifunctional security networks were also provided for Internet border access control, DMZ zone access control, IPSEC VPN access and intrusion defense;

The operating headquarters node was furnished with two additional SSL VPN devices for SSL VPN access. They can support 6,000 concurrent users;

The operating headquarters node is furnished with two additional Internet behavior management systems to manage Internet access behavior of internal users;

Two network intrusion detection devices were added to monitor and control the flows of core switches at the operating headquarters and the factory headquarters and also to detect possible security events;

One weak point scanning system is added for security checks of core network equipment and servers;

One security log auditing system is added for collection and analysis of security-related logs of key network equipment, servers and relevant security equipment.

Topology