| Hillstone Network Security Solution for Telecom Industry |
| |
| |
|
|
| |
|
| 二、Analysis of Challenges Generally Faced by Telecom Industry |
These are the information security problems and challenges faced by telecom carriers today:
1、Application Security of Internal Telecom Business
Focus Areas: Security zone separation, SSL VPN remote access, insider attack, traffic optimization, as well as virus and application layer security protection.
The DCN network of China Telecom is in charge of supporting internal Telecom business traffic. It is usually divided into four major parts, OA, BOSS, Accounting, and other business. The DCN network are facing the following critical problems: separation of different business, bandwidth guarantee for key business applications, security zone separation of different business units and security levels of users, and attack defense to both external and internal threats, among which ARP attack is the most prevalent.
2、Telecom IDC Application Security
Focus Areas: Access control, network layer attack defense, application layer intrusion prevention, bursty traffic, and traffic load balance.
In recent years, one developing trend is that IDC is becoming more and more important for enterprise IT. Large amounts of data and business are concentrated in IDC, which in turn leads to the rapid growth of IDC networks. With IDC now as the core of the fast-developing Internet industry, security issue is becoming a very serious problem for IDC. This poses an unprecedented challenge to the security and processing capacity of security devices at IDC network edge.
Problems currently faced by IDC users are summarized as follows:
1、Traditional security device have insufficient performance, particularly in new connection setup performance and small packet processing capacity cannot meet the demand of increasing traffic.
2、Lack of effective attack defense ability (including attack from network layer and application layer).
3、Lack of effective traffic management function, cannot effectively protect the IDC server when attack and abnormal traffic appears.
4、Lack of traffic load balancing function.
|
3、DNS Server Anti-DDoS Attack
The “5.19” event which led to Internet disruption lasted over 24 hours in more than 20 provinces of the nation. It sounded the alarm for telecom carriers and third-party providers. For DNS servers serving for the entire Internet, how to prevent attacks and maintain normal operation under heavy traffic pressure has drawn wide attention.
|
4、Network behavior control of broadband service
As telecom carriers easily have tens of thousands of customers, problems such as user authentication, management, accounting, and auditing needs to be resolved.
On the one hand, security threats from both inside and outside the network are quite serious. Some of the internet users are nonprofessional users, with systems that may contain various application software infected with virus. These people may not have enough security and network expertise. Their systems may become springboards for attacks. The application of the customer (P2P traffic, online video, number of sessions) needs to be monitored to help manage their network usage.
On the other hand, it is necessary to provide strict controlling and auditing of user actions such as browsing inappropriate web sites, making inappropriate posts through email, BBS, chatting room, and IM, and even engaging in illegal activities.
5.Needs for high-performance and high-reliability security appliance
Today’s Internet traffic pattern is gradually changing. Percentage of small packets are increasing, concurrent connections of single user are increasing, and UDP packets are increase rapidly. On another hand, traffic bandwidth and security functions are also increasing, putting higher and higher requirements on processing performance of security appliance.
Carriers expect to maintain the long-term stability and availability of network in a high-security environment. |
|
|
|
