Firewall function based on access control list Folding Pocket Knife,Small Folding Pocket Knife,Foldable Pocket Knife,Army Pocket Knife YangJiang Junxiong Trading & Industry Company Co.,Ltd , https://www.cn-sundo.com
The security switch uses an access control list ACL to implement the security function of the packet filtering firewall and enhance the security defense capability. Access control lists were previously used only on core routers. In security switches, access control filtering measures can be implemented based on source / destination switch slot, port, source / destination VLAN, source / destination IP, TCP / UDP port, ICMP type, or MAC address.
Not only can ACLs be used by network managers to formulate network policies to allow or deny control of individual users or specific data streams, they can also be used to strengthen network security shielding so that hackers cannot find specific hosts in the network for detection , So that the attack cannot be launched.
IDS
The IDS function of the security switch can be detected based on the reported information and the content of the data stream. When a network security event is discovered, it performs targeted operations and sends these actions to the security event to the switch. The port is disconnected. To achieve this kind of linkage, the switch needs to be able to support functions such as authentication, port mirroring, forced flow classification, process number control, and port reverse checking.
Device redundancy is also important
Physical security, that is, redundancy capability is the guarantee for the safe operation of the network. No manufacturer can guarantee that their products will not fail, and whether they can quickly switch to a good device when a failure occurs is a matter of concern. Redundant equipment such as back-up power supply, back-up management module, redundant ports, etc. can ensure that even if the equipment fails, the back-up module is immediately given to ensure the operation of the network.
Deployment of security switches
The emergence of security switches has greatly enhanced the network's security capabilities at the switch level. Security switches can be equipped at the core of the network, just like the Cisco Catalyst 6500, a modular core switch, with security functions at the core. The advantage of this is that the security policy can be uniformly configured on the core switch to achieve centralized control, and it is convenient for network administrators to monitor and adjust. And the core switches all have powerful capabilities, and security performance is a task that requires a lot of processing power. The core switches can do all they can by doing this.
Putting the security switch at the access layer or aggregation layer of the network is another option. The way to equip the security switch in this way is to decentralize the core to the edge, and implement the performance of the security switch at each edge, blocking intrusion and attack and suspicious traffic outside the edge to ensure the safety of the entire network. In this way, security switches need to be equipped at the edge. Many manufacturers have introduced various security switches used at the edge or at the aggregation layer. They are like fortresses one by one, building a solid security line around the core.
Security switches sometimes cannot work alone. For example, the PPPoE authentication function requires the support of the Radius server. In addition, some other switches that can be linked with intrusion detection devices require the support of other network devices or servers.
Security switch upgrade
There are many new security switches on the market. They are inherently equipped with some security functions when they leave the factory. So how can some old switches get security guarantees? Generally speaking, for modular switches, this problem is well solved. The common solution is to insert a new security module on the old modular switch, such as the Cisco Catalyst 6500 with a firewall module, intrusion detection IDS module, etc. security module; China Digital 6610 switch is equipped with PPPoE authentication module Plugging in old switches will allow these "old revolutions" to solve new problems.
If the previously purchased switch is a fixed switch, some capable models need to be upgraded with firmware to implant new security features.
The prospect of security switches
As users have higher and higher demands on the network environment, there is an increasing demand for switches with security functions. Many users believe that a certain investment in the security of the switch is worth the improvement of the robustness and security of the entire network. Especially for users in some industries, their network needs are never connected. Such as banks, securities and large enterprises, the loss caused by a network virus outbreak or invasion is enough to exceed the additional investment in security switches. Security switches have become a new bright spot in the switch market.