Security switch-the new darling of the network industry, the gatekeeper of the network entrance, is determined to raise a big knife to all unsafe factors.
The advent of the Internet era has made security issues an urgent problem to be solved; the existence of viruses, hackers, and various vulnerabilities has made security tasks extremely difficult in the Internet era.
The switch occupies an important position in the enterprise network and is usually the core of the entire network. In this era of hacker invasions and turbulent viruses, the core switch naturally takes part of the responsibility of network security. Therefore, switches must have the performance of professional security products. Security has become a top priority for network construction. The security switch came into being, and integrated security authentication and ACL (Access Control List) in the switch. With firewalls, intrusion detection and even anti-virus functions, network security really needs to be "armed to the teeth".
The meaning of Layer 3 security switch
The most important role of the switch is to forward data. Under hacker attacks and virus intrusions, the switch must be able to maintain its efficient data forwarding rate without interference from attacks. This is the most basic security function required by the switch. At the same time, the switch, as the core of the entire network, should be able to distinguish and control the users who access and access network information. More importantly, the switch should also cooperate with other network security devices to monitor and prevent unauthorized access and network attacks.
New features of security switches
802.1x enhanced security authentication
In the traditional LAN environment, as long as there is a physical connection port, unauthorized network devices can access the LAN, or unauthorized users can enter the network through the devices connected to the LAN. This poses a potential security threat to some companies. In addition, in the network of schools and smart communities, it is very important to verify the legitimacy of user access due to network charging. IEEE802.1x is the good medicine to solve this problem. It has been integrated into the Layer 2 intelligent switch to complete the user access security audit.
The 802.1x protocol is a LAN access control protocol that has just been standardized and conforms to the IEEE 802 protocol set. It is called the port-based access control protocol. It can provide a means to authenticate and authorize users connected to the local area network based on the advantages of IEEE 802 local area network, so as to achieve the purpose of accepting legal user access and protecting network security.
The 802.1x protocol and LAN are seamlessly integrated. 802.1x takes advantage of the physical characteristics of the switched LAN architecture to achieve device authentication on the LAN port. During the authentication process, the LAN port either acts as an authenticator or a requester. When acting as an authenticator, the LAN port first performs authentication before requiring users to access the corresponding service through the port. If authentication fails, access is not allowed; when acting as a requester, the LAN port is responsible for submitting access to the authentication server Service application. Port-based MAC lock only allows trusted MAC addresses to send data to the network. Data streams from any "untrusted" devices will be automatically discarded to ensure maximum security.
In the 802.1x protocol, only with the following three elements can user authentication and authorization based on port-based access control be completed.
1. The client. Generally installed on the user's workstation, when the user has Internet requirements, activate the client program, enter the necessary user name and password, the client program will send a connection request.
2. Authentication system. In the Ethernet system, it refers to the authentication switch. Its main function is to complete the upload and release of user authentication information, and to open or close the port according to the authentication result.
3. Authentication server. By checking the identity (user name and password) sent by the client to determine whether the user has the right to use the network services provided by the network system, and according to the authentication result to the switch to open or keep the port closed.
flow control
The flow control technology of the security switch limits the abnormal flow through the port to a certain range, so as to avoid the abuse of the switch's bandwidth without restriction. The flow control function of the security switch can control the abnormal flow and avoid network congestion.
Anti-DDoS
Once a large-scale distributed denial-of-service attack occurs on an enterprise network, it will affect the normal network usage of a large number of users, severely even cause network paralysis, and become the most headache attack for service providers. The security switch uses special technology to prevent DDoS attacks. It can intelligently detect and block malicious traffic without affecting normal services, thus preventing the network from being threatened by DDoS attacks.
Virtual Local Area Network VLAN
Virtual local area network is an essential function of security switches. VLAN can implement a limited broadcast domain on Layer 2 or Layer 3 switches. It can divide the network into an independent area and can control whether these areas can communicate. VLANs may span one or more switches, regardless of their physical location, as if devices are communicating on the same network. VLAN can be formed in various forms, such as port, MAC address, IP address, etc. VLAN restricts unauthorized access between different VLANs, and can set IP / MAC address binding function to restrict users' unauthorized network access.
Reflective Safety Clothing,High Visibility Work Wear,High Visibility Safety Jacket,High Visibility Winter Fleece Jackets
Xinxiang Worldbest Patron Saint Co., Ltd , https://www.xxhyhsworkwear.com