| Hillstone Network Security Solution for Telecom Industry |
| |
| |
|
|
| |
|
三、Hillstone Networks Network Optimization Solution
1、Security enhancement of DCN network
Hillstone Networks security appliance addressed various security problems in DCN network with its high performance and richsecurity functions.
- Hillstone Networks provides various operating modes such as route mode, NAT mode, transparent mode and mixed mode, in options such as HA and bypass, which can meet various deployment scenarios and guarantee the stability and reliability of the network.
- Security zone definition and policy control by stateful inspection.
- Bandwidth management and session control based on IP and application protocols.
- ARP attack defense.
- Network behavior monitor, control and audit.
- High performance in session rampup per second and large-capacity of concurrent connections to guarantee normal network operation and resist network layer attacks.
- Hillstone Anti-Virus supports virus scanning of HTTP, FTP and multiple Email protocols to reduce security threats.
- Hillstone IPS offers effective application layer attack defense to protect the security of the business and data server.
2、IDC application security
- Session rampup per second and large-capacity concurrent connection to guarantee normal network operation and resist network layer attacks.
- Hillstone Anti-Virus supports virus scanning of HTTP, FTP and multiple Email protocols to reduce security threats.
- Hillstone IPS offers effective application layer attack defense to protect the security of the business and data server.
- Hillstone supports HA, AA, and bypass card to offer high-reliability for all kinds of deployment environment.
- Third-generation SSL VPN technology – Hillstone Secure Connect provides convenient remote access.
- The virtual system technology provides virtualization of one devices into multiple virtual firewalls.
3、DNS security protection solution
Due to the hardware architecture limitation, most traditional security devices are not deployed inline when protecting DNS, web sites and application services. This mode not only has many limitations including inability of blocking bad traffic in real time. With Multi-core Plus® G2 architecture and 64-bit parallel processing system, Hillstone Networks security appliance has strong packet processing capability as well as attack identification and prevention capability. The multi-core architecture has more robust and stable performance when compared to traditional x86 and ASIC. Hillstone security appliance has been successfully deployed in front of DNS servers of many provincial level telecom carriers. The appliance not only can block network attacks, but also reduce burden on DNS servers, effectively improving the service quality of carriers.。
4、Network behavior control
Hillstone Networks security appliance provides unified management of user authentication, accounting, auditing, and behavior control for telecom carriers. With Hillstone Networks security appliance as the security access device, user can be identified through L2TP and Web authentication. Network resource allocation can be performed based on the identity of users. Administrators could manage the bandwidth allocation based on users’ package.
Outbound Message Control: control and audit of webpage browsed, outbound email, and BBS posting.
URL Filtering: Predefined and user defined URL categories for control of website based on category.
Log Auditing: Record user’s network behavior, such as online game, instant messenger, online stock transaction, FTP/HTTP, P2P download, online video, web browsing, email, content and attachment, BBS posting, etc.
Provides pluggable hardware storage module
5、Provide high-performance and high-reliability security appliance
Carrier networks have large number of users, heavy traffic, long period of sustained peak. With multi-core architecture and 64-bit security operation system, Hillstone Networks security appliance offers multi-function, high-performance solution for carrier network needs. Household customers usually access internet at several fixed periods. And there will be tens of thousands of network requests per second at these periods. Hillstone Networks security appliance can support up to hundreds of thousands of session rampup per second, meeting the demand of concentrated access requests form clients at network peak times. With many years of carrier-grade hardware innovation experience, Hillstone Networks security appliance also maintain network stability by adopting high-reliable hardware design and series of software functions such as self-monitoring alarm and HA.
6、Provide high extensibility, protect carrier investment
Some models of Hillstone Networks security appliance have modularized design. Currently, three kinds of pluggable hardware modules are available: interface module, application processing module and storage module. The modularized design can extend the interface, performance, and storage capacity of the appliance, greatly protecting customer’s investment. Interface modules enhance the connectivity of the device; application processing modules increase the security processing capability of the appliance; and storage modules can timely store logs and statistics collected by the device.
|
|
|
|
