|
| Application Cases of Security Solution |
| |
| Business Issues (Customer's Demand) |
| Present environment of customer: |
| • Web server |
| • Mail server |
| • Background servers such as Oracle |
| • Single firewall |
 |
With the application of Internet to build up new model of business in your company, the stability of network in the company and the security of Internet access are becoming more and more important. In order to keep high performance in operation of corporation and trust of partners and customers, you must not only ensure the key applications processing and data transmission effectively, but also guarantee the security and stability of them. It is also the great challenges, with which IT and network security managers are faced, that preventing the most significant server of company from being attacked. |
|
| A series of issues are listed in front of corporate IT personnel: |
| • Lack of special resources in corporate network security |
| • More and more new attacking methods results firewall in ineffective |
| • Firewall impacts the communications in corporate network |
| • How to block Junk mails incoming |
| • Internal servers may be attacked from Internet |
|
| Solutions: |
| • Build up the firewalls with failover, separate a zone which named DMZ for the servers what should be access from Internet |
| • Set the front-mail Server (Bridge-Head Server) and the rear-mail server to separate zones in firewall |
| • Install Intrusion Protection System (IPS) with multi-points monitoring with failover |
| • Set a mail filter system in front of the mail server |
|
| Framework of the solutions: |
|
 |
|
| Introduction of the project implementation: |
| You can install two Resilience DX10 firewalls with Checkpoint embedded between router and switch, functions of failover and load balance will be carry out by iHA of Resilience DX10 firewall. Meanwhile, Mail Server and Web Server will be place in DMZ zone of Resilience DX10 to keep the safety of internal network. Also you can setup VPN tunnels in the firewall to implement authorized users access corporate network from Internet safely. |
|
| You can divide mail server into bridge-head server and background server, put the bridge-head mail server in the DMZ zone for mail exchanges between internal and external access, and put the background mail server in internal network to store the mail box. Meanwhile, you can install anti-spam (mail filter) system to scan incoming/outgoing the mails. |
|
| In order to prevent the active and real-time attacks, you can install McAfee IntruShield with HA function between the firewall and switch to prevent and analyze the attack in real time. McAfee IntruShield can find out the attack before any unauthorized activities start the actions and prevent it to access resources in important servers. Through IntruShield configuration, you can set a special protecting plan so that the server will get stronger protections for the important resources. |
|
| Profits of the project and comments of customers: |
| This solution is one of facing middle or large enterprises with high serviceability. It can protect the securities of your corporate network effectively, and ensure higher security and stability of corporate network by patent hardware technologies with high serviceability. |
|
| In addition to special system structure of McAfee IntruShield, this solution integrates several patent technologies: character checking, abnormity checking, DoS analyzed technology. So it can do checking and protection exactly and intelligently under thousands of megabit network flows. In that way, it can protect your company from the influence of known attack, first unknown attack and DoS. |
|
| Meanwhile, junk mails will be efficiently controlled after the mail filter system applied. Amount of the junk mails received will reduce dramatically, and also working performance will be higher and bring up more profits to your enterprise. |
