|
|
|
|
|
SMES Solutions |
Tax Network Security Solution |
|
Main components of solution
- VPN Core gateways
NetEye firewall + SJW20 Network cipher machine
With High-speed hardware encryption card(SJW20 network cipher machine ) approved by State Cryptography Administration , NetEye VPN gateway center can provide safety data communication for the remote access to Intranet, Extranet and Internet.Special devices are compatible with existing network systems With special software installed in the gateway ,remote configuration , management and upgrade could be easily operated by VPN administrators.
- Smart Gateway
Low-cost ,smart and ease of use. NetEye smart gateway is a boundary firewall and a VPN product as well , which is suitable for branch offices. The essence of this product is economy and availability, with its main design principle throughout the entire development process , from planning for its characteristics to designing for its interface and functions. Abstract concepts and the complexity of configuration are completely shielded by the management interface. What end users face is an intuitive interface just like windows wizard . Under the instructions, VPN network configuration can be easily finished without any related knowledge. It remains the basic functions of firewall and VPN as well as reduces the cost of entire deploy project of VPN.
- VPN Mobile Client
VPN Client + personal firewall
NetEye VPN mobile client is a windows application, Mobile user could access internal corporate sever safely via Internet with his private e-certificate ,which sets up safety tunnel between user and VPN gateway.
- NetEye Firewall
Tailormade Solutions
NetEye provides different brands of VPN products aiming at different scale network accesses, helping users with purchasing, saving cost and protecting internal data as much as possible.
|
Large scale Enterprise |
Small Scale Enterprise With Strict Security Requirement |
Small Scale Enterprise With General |
|
Firm’s Characters
- Large scale enterprise with head quarter, subsidiary, branches and offices
- Demand for remote data transmission among subsidiary ,branches and offices via Internet
- Remote access to Intranet for mobile office or mission staffs
- Strict requirement on data safety
Solution
VPN networking system consists of VPN core gateway, smart gateway and mobile clients. Headquarters and the branches (subsidiaries) can use VPN gateway, small branches and offices can use smart gateway, mobile office users can use VPN mobile client to realize seamless connection between users and VPN core gateway which provides security (firewall function) , encrypted data transmission and user’s identity authentication mechanism.
VPN networking system consists of VPN core gateway, smart gateway and mobile clients. Headquarters and the branches (subsidiaries) can use VPN gateway, small branches and offices can use smart gateway, mobile office users can use VPN mobile client to realize seamless connection between users and VPN core gateway which provides security (firewall function) , encrypted data transmission and user’s identity authentication mechanism.Smart gateway ,with VPN module installed, is generally used as border VPN equipment in many small branches of enterprise. It provides a variety of ways to access ISP ,sets up safety tunnel between users and VPN gateway. Mobile client ,in conjunction with VPN gateway, is used exclusively to provide safety data transmission service for telecommuters to access Intranet.
|
Firm’s Characters Small scale enterprise without branches or offices Few mobile office users, remote access to Intranet is not necessary. Strict security requirement with a large number of company severs.
NetEye Firewall Firewall system is one of the most widely used network security technologies . The core content of firewall technology is to construct a relatively safe environment of subnet in the not-so-safe environment. A firewall is a system that enforces an access control policy between two networks, which could limit the information access and data transmission between protected network and Internet or other networks. As an isolation control technique, firewall could be used as an access between different networks or security domains ,which could control the information flow according to the security policy of the enterprise and has a strong resist ability as well. According to the pre-set safety rules ,it also could supply safe data transmission of Internetwork by solidifying data at entry point of network. Major functions of firewall include access control, identity authentication, Log/Audit Trail, safeguard against hacking .etc.
|
Small scale enterprise without branches or offices With many mobile office users
remote access to intranet is a must General requirement on data safety
VPN networking system consists of VPN core gateway and mobile clients.
TO realize seamless connection ,VPN gateway could be used in Intranet, and for mobile office users ,mobile clients is recommended.
Intranet security as well as encrypted data transmission and user’s identity authentication mechanism is provided by VPN gateway Mobile client ,in conjunction with VPN gateway, is used exclusively to provide safety data transmission service for telecommuters to access Intranet
Small scale enterprise without branches or offices
Few mobile office users, remote access to Intranet is not necessary
Strict security requirement with a large number of company severs
NetEye Firewall
Firewall system is one of the most widely used network security technologies . The core content of firewall technology is to construct a relatively safe environment of subnet in the not-so-safe environment. A firewall is a system that enforces an access control policy between two networks, which could limit the information access and data transmission between protected network and Internet or other networks. As an isolation control technique, firewall could be used as an access between different networks or security domains ,which could control the information flow according to the security policy of the enterprise and has a strong resist ability as well.
According to the pre-set safety rules ,it also could supply safe data transmission of Internetwork by solidifying data at entry point of network.
Major functions of firewall include access control, identity authentication, Log/Audit Trail, safeguard against hacking .etc. |
|
|
The aim of the Neusoft tax network security system is to maintain safe and efficient network operation , and ensures the confidentiality of the information as well.
Feature of solution
- Security for all levels tax networks
- Access control among various tax networks
- Security of tax business application system
- Strict user control based on advanced identity authentication
- Integrity and confidentiality of core information transmission
- An integral combination of access control and encrypted transfers
- Monitoring and auditing various accesses of the whole net
- Reliability and usability of Network security system
Product components
- NetEye firewall: Providing protection for network perimeter and tax Intranet; offering security on application level and access control among LANs of all levels ; preventing intrusions and attacks for exterior , authenticating identities and permissions of users.
- NetEye IDS: Providing real-time monitoring , tracking on interior users, recognizing the intrusions of interior or exterior users; maintaining own database automatically without human intervention ; An integral system with network auditing ,monitoring and analyzing , easy to learn and use without bringing any interference ;Full-scope safeguards on network security , in conjunction with firewall system forming an integral solution for network safety
Based on client/server framework ,NetEye IDS 2.2 consists of inspection engine and management sever.
Inspection engine : High performance dedicated hardware with safety operation system installed , recording and analyzing all the data packets of network ; According to judgment rules ,it can determine whether unusual event has happened as well as warn and respond in time . Every event of the network is recorded so as to playback and analyze aftermath.
- NetEye IDS management sever: being capable of strategy configuration , system management and analyzing one or more inspection engines over a secure encrypted tunnel ; It can show the details and solutions of attack events as well as restore and replay happened events and it can also report network performance, generate diagrams and statements via Chinese graphical management software based on Windows.Allocation of internal VLAN and configuration of ACL. Based on the concept of logical subnet ,VLAN technology can allocate employees in different places of the same department in same VLAN. With ACL added, security of local LAN can be strengthened, fully guaranteeing the security of VIP department
- NetEye VPN system: A combination of NetEye firewall and SJW20 cipher machine. The resist ability of firewall guarantees the safety of VPN system and access to inside network resources is restricted by firewall access control ; on the other hand a reliable encryption technique provides safety and private link between offsite LANS. NetEye VPN can be applied to various network environments such as ADSL ,ISDN, Dialing ,DDN ,etc.Key management framework based on PKI enables the whole system flexible, extendable and easy to manage. A unique Flow Filtration firewall technology allows rapid development on application-level ,which guarantees timely measures to deal with all kinds of attacks. Rich application functions are offered such as spam filter, URL blocking , FTP control on command level , etc. High speed processing capability of NetEye firewall , integrating high performance encryption card, is available for application environment with high level demand on performance and stability.
- McAfee E500 virus gateway of NAI ensures normal operation of mail system and the information flow of the tax offices. Emails inspection prevents from the widespread of virus which could bring potential pitfalls to the whole tax application system.
- McAfee NetShield virus protection software of NAI: dynamic monitoring your sever; detecting and killing virus automatically or manually ; dynamic updates of the virus signatures database and of the antivirus engine ; preventing your sever from intrusion and interference of virus.
- eTrust Policy Compliance of CA has the following functions : auditing risks, determining potential security vulnerabilities , comparing existing system with pre-set security “baseline” , updates of detection library of security vulnerabilities based on web ,etc. It can assess the safety of audit system, quality of account numbers and password , security of file system as well as provide integral repair suggestion and audit reports, and it can also distinguish the potential risks in safety strategy , generate correction automatically ,periodically reproduce monitored problems.
- Considering the safety of UNIX and WINDOWS ,Neusoft security consultant adopts several measures from six aspects : access control, authorization limits, auditability, security warning, encryption, resistance.
- Distributed Sniffer: Dynamically monitoring protocol distribution , data traffic ,and package contents in the LAN ; providing administrator with trapped data which helps with reasonable network arrangement and full utilization of channel bandwidth; monitoring abnormal data transmission ,accordingly ensuring 7*24 hours uninterrupted operation.
|
|
|
|
| |
