Main tasks: Full analysis of Jinnan Net Security Company! Discuss related issues with Willie, Sah, Layne.
The analysis report of Jinnan Net Anni
I. Analyze the basic situation of Jin Electronics:
Company Overview
Shanghai Jinbanian Technology Co., Ltd. is a subsidiary of information security in Shanghai Pudong Software Park, which is the first batch of enterprises in the national information security achievement industrialization base (eastern). The company provides secure services such as security consulting, safety assessment, safety integration; and provides first-class technical support to customers through the close cooperation with well-known companies in China. After years of development, the company has been recognized by relevant state departments and many industries, obtained a number of certificates such as "Computer Information System Integration Qualification Certificate", "Software Enterprise Certification", and Software Enterprise Certificate.
More than 95% of the company's employees came from domestic universities, including senior talents such as Dr., Master's degree, as high as 25%, is a high-level, high-quality professional security team. Jin Power Network Announcement has established information and network security architecture laboratories; and established SME Soft Information Security Postdoctoral R & D Workstation Shanghai Sub-station and Information Security Laboratory Shanghai Sub-center, further improved Jin Dynasty's information security Information technology development capabilities, as well as the ability of information security technology services and safety technology talents. In the process of business expansion, Jin Gang An Company uses its own technical precipitation and advantages, and launched an urgent need to meet e-government and important industries, completely owned independent intellectual property rights - "Safety Isolation Information Exchange System Ferryway". Based on the effective isolation of internal important networks with external networks and other networks, the product implements security data exchange between networks. Products use advanced system structure, strict security measures, dedicated communication protocols and high-performance hardware, effectively prevent the leakage of sensitive information, hackers, illegal use of network resources, etc., can be widely used in electronics Administrative systems, banks, securities, space, etc. are highly required by the industry.
The product line of Jinnan Net Security includes: NetPryer Network Security Monitoring System, "Huatech-2000 Firewall", "Huatech VPN Safety Gateway", "Windows 2000 / XP IPSec Password Localized Product", "Windows Terminal Security System and "Website Monitoring and Integrated Management System". These security products have been widely used in e-government, finance, taxation, telecommunications, aerospace, railways, and military. Jin Electric Network Security will have been adhering to the grand goal of developing national information security industries, with truth-seeking, innovative postures, and continuous development in the field of information security.
Business philosophy
Pragmatic, integrity, innovation, benefit
Company goals
Professional information security service provider.
Second. The main customers of Jinnan Network:
Government education system
Shanghai Finance and Taxation Bureau
Shanghai Police Station
Shanghai First Intermediate People's Court
Zhejiang Provincial Bureau Affairs Administration
Hangzhou Municipal Government
Hangzhou Land Information Center
Wenzhou Local Taxation Bureau
Zhangjiagang Customs in the People's Republic of China
Beijing Municipal Management Committee
Beijing Municipal Party School
Hebei Provincial Government Information Center
Hebei Provincial Economic Information Center
Hebei Township Enterprise Bureau
Hebei City Price Bureau
Hebei Provincial Federation of Trade Unions
Hebei Municipal Health Bureau
Bengbu City Government Information Center
Qinhuangdao Municipal Government Information Center
Zhongshan Municipal Government Information Center
Guangdong Administration Administration Administration
Shanxi Provincial Government Information Center
Shanxi Provincial Government Office
Jinan City, Shandong Province
Zhengzhou Public Security Bureau
Shanghai Jiaotong University
Beijing Technical University University
Financial system
People's Bank of China
Bank of China
China Minsheng Bank
Xingtai Business Bank
China People's Bank of China UnionPay Center
People's Bank of China
large enterprise
China Petrochemical Group Corporation
China Turnot
Shanghai Mobile
Shanghai Medical Information Center
Xuzhou Cigarette Factory
Wuxi Hope Electronics Group
Hunan Radio and Television Group
Hunan Satellite TV
Shaanxi Xianyang Rainbow Group
Lanzhou Sanmei Co., Ltd., Gansu Province
Third. Major projects of Jinnan Network:
"Research and Development of" Open System Chinese Information Processing Platform "in" Some Key Software Technology and Practical "project," Research and Product Development of Internet Chinese Information Support Environment "," National Standard 'Han - Ying Computer Translation System "
"Domestic Open System Software Platform COSA V1.1"
"Based on reusable technology, large-scale shopping mall management information system development platform" National 973 Project, "Research on Information and Network Security System", No .: G1999035801
National Key Science and Technology Project (Tag) Program, "Security Evaluation Technology of Information Network", No .: 2000-A32-06
National Natural Science Foundation of China, "Bidirectional Authentication System Research], INTERNET Electronic Payment System", No .: # 69773013
National eight-six-three plan, "Key Technologies in Safety Electronic Payment System", No .: 863-306-ZT
02-06-3
Public Security Department 99 Research on the Research, Design and Development of Network Monitoring System
Shanghai e-commerce research topic "Safety payment gateway" research, design and development
The overall planning, design and implementation of the "Zhonghao E-commerce Trading System" "China E-Commerce Trading System"
National Social Security Card System Pilot Project "Shanghai Social Security Card System"
Four. The advantage of Jinnan Net Security:
Shanghai Pudong Software Park Co., Ltd. is a representative of the China Electronic Information Industry Group, and Shanghai Zhangjiang High-tech Park Development Company represents the establishment and management of Shanghai Pudong Software Park on behalf of the Shanghai Pudong Software Park. One of the two national software park projects. China Computer Software and Technology Services Corporation (China Soft Corporation) is a large-scale state-owned high-tech enterprise engaged in software and information product development, system integration, and technical services. Since the establishment of the company, it has entered the ranks of the national electronic funds for many years, and has been rated as a top ten excellent system integrators several times. In 1999, the company entered the country's 520 key enterprises assessing the Economic and Trade Commission, the first batch passed the national software development, system integration services and training ISO9001 quality system certification and national "software enterprises" certification. 2000 applied for the first batch of system integrated level (highest level) enterprise qualification certification. Jin Grid has gained strong support from the cooperation with Software Park and ChinaSoft Corporation, from brand, technology and funds.
Rich security service practice experience
Golden Grid Security can provide customers with more reliable, more standardized security projects, technical training and services based on the experience of the previous security consulting services and engineering implementation.
Get strong support from government departments
Under the current market and research conditions, research on information and network security technology If there is no government support and funding, it is difficult to sustain opportunities and momentum. Jin Gang An Company's research on information and network security technology and product as the main industry of company development, and has received strong support and funding of government departments in industrial policies, funds, and has become the basic research of national information and network security technology. The key units of product development have become the industrialization base of information and network security products. Jin Power Network Security has received the relevant Chinese Academy of Sciences, China Institute of Engineering, Information Industry, Ministry of Science and Technology, National Economic and Trade Commission, National Information Security Management Group, National 973 Project Management Committee, National 973 Project Management Committee, National 973 Project Management Committee, National 973 Project Management Committee, National 973 Project Management Committee, National 973 Project Management Committee, Support and funding of the Shanghai Municipal People's Government and other units.
Committed to the national information network security key project, theoretical foundation is solid, forward-looking
We have been engaged in the basic theory and technical project of national information network security over the years, collecting a large number of safety information, made a large number of strategic prospective research, trend towards network technology, the development trend of network security technology It is possible to accurately grasp, and can provide design to the company's information and network system, facing future security system frameworks, providing a comprehensive consultant service for corporate information and network systems.
5. Qualification of Jinnan Net Announcement:
Software corporate identification certificate
Computer Information System Integration Qualification Certificate, National Secret
Shanghai National Secrecy Bureau security isolation products uniquely recommended certificates
Software Product Registration Certificate
Ministry of Public Security sales license
National Secrecy Bureau Science and Technology Achievement Identification Certificate
Six. Partner:
Beijing Sino-Soft Huatai Information Technology Co., Ltd.
Zhejiang Zhongxin Information Technology Co., Ltd.
China Government Purchasing Network
China Software Network
Seven. Golden Grid Network Security Products: Ferryway White Paper.
Eight. Golden grid security solution:
Safety Isolation and Information Switching System Ferryway 2.0 Application Concentration unit Ferryway App Ferryway uses a dedicated system to perform data exchange, and is responsible for completing security confidential inspection by the arbitration machine. Therefore, Ferryway can realize effective, safe, controlled data exchange between internal and external networks on the basis of safety isolation. The system is primarily applied to the following occasions: 1, between different networks; 2, between different security domains of the same thread; 3, between networks and secret level networks that are physically isolated from the Internet; 4 Networks that are not connected to the network connected to the Internet; 5, the presence of the manual copy transfer data. Safety isolation and information exchange system can completely allow only one-way information exchange, which prevents the internal network from leaking the outbound network, further ensuring the security of interlanguage. The "Secure Isolation and Information One-way Transmission System" will be used to import Internet information into the confidential network, which will be safer than the manual copy of data. The reasons are as follows: (1) Only allowing information from being transmitted from outside to the internal order, not leaking; (2) Adopting a dedicated hardware and a private protocol to prevent network attacks of the Internet; (3) integrate on the outer end Intrusion detection module, and does not provide any service, automatically perform security check per transmission, can prevent attacks on computer viruses, denial services such as intranet. Of course, the security isolation and information exchange system applied to what extent in e-government network systems, mainly related to the division of security domains in e-government, and documentation No. 17 documents. The document pointed out that the e-government network consists of government network and government external networks, and the two networks are physically isolated, and the government external network is logically isolated between the Internet. The government's internal network is mainly the office network of government affairs departments above the provincial level, and is physically isolated from the office network of the sub-provincial government. Administrative Internet Network is the government's business special network, mainly running the government agency for professional service business and business that is required to run online.
Important Network Ferryway Application In addition, Ferryway can also be widely used in isolation between industry data networks, isolation between different nature business networks in the industry, and isolation between internal networks and external networks. The data exchange service on this platform is a flexible configuration and rapid customization, and the data exchange can be two-way in one orientation.
Internal core network and internal general business networks The internal core network and internal general business network are different from the nature of the business, and their database nature is also different, but there is often data exchange. Open right directly to the other party is unsafe. Even with firewall devices, in order for the other party to access, the other party must be connected to the open business. The safety isolation platform can develop the application communication protocol with the network application provider on the basis of network security isolation, and the data stream of the protocol will be arbitrated to achieve secure data exchange and isolation.
Isolation between internal edge networks and headquarters integrated networks is a regular behavior of information exchange between geographic factors separated by geographic factors. The division and headquarters are generally connected to each other by open internet transmission facilities. Any part of the sub-department and headquarters directly open access to the Internet is unwise, even if the firewall device must open the corresponding permissions for the corresponding business, thereby bringing a variety of security hazards. On the basis of information isolation, Ferryway, the channel provided by the controlled business information can avoid the disadvantage from the open permissions to the Internet.
The information between the internal partnership network and the Isolation unit of the Isolation unit of the B sector business network is generally isolated, and at the same time, in the unified business needs, information exchange between the department often occurs, even more The department is jointly for business activities. In this case, the departments directly open various access rights are simple and straightforward, but it is also the least inaccurate behavior. Even if the firewall is used, due to the protocol of the firewall, it is also easy to cause the uneasity between the sectors. Ferryway avoids protocol-based attacks, and communications between auditors will not have concerns of information leakage. The internal network and the external network isolation internal network must guarantee its security with respect to external networks, and cannot be affected from external attacks, while avoiding internal information leakage. Information exchange between the internal network and the external network. To make the internal network for external networks, communication protocols are not reached, and security isolation and information exchange system must be used.
There is a security data exchange cross-industry business behavior when there is data exchange requirements between the industry requires information exchange in cross-industry. All other information other than those involved in this business must be strictly isolated to prevent leakage. It is possible to effectively avoid information exchange using controlled traditional protocols (such as binding in HTTP, etc.).
IX. Application demonstration of important occasions
The following figure illustrates the application of safe isolation and information exchange system Ferryway in various important occasions. 1. Safety isolation between internal important networks and other networks; 2. Safety isolation between branches and headquarters networks; 3. Secure isolation of important servers (such as database servers); 4 security isolation between integral networks and Internet .
Ten. Solution Implementation Case:
Ningbo * Information Center
Shanghai * center
Shanghai * Institute
Zhejiang * Technology Group
Shanghai * Software Co., Ltd.
Shanghai * court
Nanjing * Information Center
* Safeguard Center
Aerospace Group Company * Institute
Jiangsu Province * Customs
Nanjing * Development Group
Jiangsu Province ** Customs
Shanghai ** asset management committee
Shanghai * New Technology Research Institute
Shanghai * Finance Bureau
Shanghai * newspaper
11. After-sales service:
Jin Electric Network has established a complete set of after-sales service system, radiated from all provinces and cities in the south of Shanghai. In order to protect the after-sales service network of Jinnong Network, the company has developed detailed technical support and after-sales service programs, including providing free technical support and a one-year warranty service to establish a complete spare parts system. Wait for content. And according to ISO9001 quality system standards, we will provide users with fast service response and quality technical services. In technical support and after-sales service, we have consistently followed the following guidelines:
Ensure the normal operation of the network system
Fully protect users' investment and benefits
Fully meet the needs of users
Full reduction of users' burden
The technical support and service content we provide include telephone support, on-site service, equipment maintenance, network security system fault report and prevention, software version upgrade and enhancement, post-technical training, email support, Internet support, regular visits, provide system emergency strategy Wait for content. (1) Service system
(2), service process
(3), quality system
We have a sound quality system, which has established effective quality management and quality assurance mechanisms for quality planning, quality control and quality improvement. During the operation of Quality Management and Quality Assurance Mechanism, the company involves the company's quality, work quality, quality of service, and identifies the company's general, according to market changes and customer needs, laws and regulations determine the company's total Quality Policy and Quality Goals, implementation, implementation, and the company also managed the various resources required by quality management and quality assurance, and training employees has implemented quality duties and training through pre-sales service system contracts. Management Sales Service System Product Development System Product Production System Project Implementation Service System fully meets customer demand, established pre-sales technical support, bidding, contract review, contract signing, production tasks, product plan, program review, development, Type, procurement, foreign, production and processing control, product commissioning, quality testing, unqualified product control, product packaging, shipping, contract implementation, engineering installation, technical training, after-sales service, etc., etc. Effective operation of quality management and quality assurance mechanism. In addition, our company has a professional training quality management team, can regularly internal audit and inspection of all the processes of the quality system, and to take corrective and preventive measures in the internal audit and inspection, eliminate the quality system Problems during operation, maintain suitability, adequacy, effectiveness, and efficiency of quality system operation. In summary, since our company has a perfect quality system, it has the ability to continue to improve the effective operation of the quality system, and the company can provide customers with high-quality products and quality services, which will make customers completely satisfaction. Twelve. Information for the first consultation
1. The hardware structure is divided into intranet machine, external network, arbitrator. There are processing functions, the arbitrator has the strongest handling capacity, followed by a foreign network, and finally the intranet machine. But the arbitration machine is main, the outer network and intranet machine are from. The processing mode is a multi-stage pipeline structure.
2. The communication speed of the three plates is 400Mbps = 50MB, and it is incorrect with white paper. (All information is this data).
3. Use two Ferry Way to do redundancy, one of which breaks the other will replace its function. The Ferry Way will alarm.
4. The redundancy of the power supply is N 1 mode, one of which works, and another power STANDBY.
5. Online capabilities are the standard of industrial computer.
6. The relationship between Ferry Way and the firewall: Ferry Way does not completely replace the firewall.
7. Customers have wanted to use a small system because the chassis is too big.
Thirteen. Data collection and analysis
8. Application layer data is peeled out from the TCP protocol, send it to the arbitration system through custom security protocol; The internet.
9. Basic algorithm principle: Efficient filtering algorithm based on the filtering algorithm based on undercut the automatic automatic automatic filtering algorithm based on the filtering algorithm based on the sub-structure storage. Specially designed data source filters are based on the strategic tree, and the number of automatic machines are built into the system, and the number of automators is dynamically determined by the policy tree structure. Implement parallel filtration on the target content. The update policy tree does not affect the existing data source filter, the filtering action after the update is automatically used as a filter basis, and the policy tree update has achieved "hot plug". The filtering algorithm is particularly suitable for large quantities of keywords simultaneously filtered, and the algorithm can also avoid common urging means, such as disassembling sensitive keywords, joining points, resolve, etc., there is a strong information filtering capacity.
10. The Ferryway exchange platform has creatively adopted a three-machine architecture, and the "safety inspector" held by the arbitration machine will be safely inspected from the application layer information peeled off from the TCP package. The arbitration system will audit the inspection results. On the other hand, prevent the attack of the external network, and on the other hand, it can also effectively control the information leakage of the intranet user, reduce the flooding and propagation of the virus, and improve the security level of the system. The outer network does not provide any service to the external network users to reduce the safety hazards of well-known services. At the same time, the operating system is maximized and has been safely optimized. Ferryway adopts embedded intrusion detection mechanism to check possible intrusion events on the external network. 11. Ferryway generated background:
As the national information construction continues to deepen, as an important part of information construction, it is also exploded in all places. In order to provide scientific decisions, regulatory control, public services, there are quite important documents on e-government platforms, which will cause great losses to the country and people. More and more experts realize that information security is the first major events in e-government construction, which is related to national security and social stability. For the division and control of the network security domain, the country has been clearly divided into internal network, external network, and Internet, internal network and external networks are physically isolated, and the external network and the Internet are logical isolation. E-government requirements are related to the country, especially the information of the core office, and the intranet and external network must be physically isolated. The physical isolation between the intranet and the outer network is three levels, the first level is physical stage, anti-electricity radiation, such as shield line, plus co-disturbance, and the like. The second level is the terminal stage, and some units may have selected a dual network. The third level is the network level, which allows the intranet and the external network to connect, and then you can do moderate information exchange and sharing. There are three types of network-level isolation, one is a moderate information exchange type, such as mail transmission; the second is moderate information sharing type, such as some website that can feed back the outside of the outside; the third is interoperability E-government services require interoperability network level isolation. Although the physical level of the internal network and the external network has cut off a large number of black chaks in the world, there is a problem, how to strengthen management to prevent internal and external information leakage, eliminate internal crime, including illegal operations or Theft of the purpose, etc. Especially in the increasingly popular information construction, this problem is more prominent. In addition, the current physical isolation program is quite high, and special hardware facilities are required on each workstation, which is almost equivalent to reconstructing a network, while giving information exchange brings great inconvenience. The safety isolation information exchange platform developed by the company is a physical isolating security device that guarantees the security of the network on the basis of allowing moderation information exchange. It can be widely used in various industries between various untrusted networks and internal trust networks, such as external networks and intranets of the e-government system and in the industry in banks, securities, space, etc.
XIV. Basic Principle:
Ferryway's data flow as shown in Figure 2, the application layer data is peeled off from the TCP protocol, sent to the arbitration system by custom security protocol; the arbitration system is processed, and the other party is sent to the TCP / IP package format. The network protocol package cannot span two networks.
Fifteen. How to protect the external network:
The outer network does not provide any service to the external network users to reduce the safety hazards of well-known services. At the same time, the operating system is maximized and has been safely optimized.
