802.1X port-based access control To prevent unauthorized users access to the local area network to ensure network security, port-based access control protocol 802.1X wired LAN or WLAN in terms of both widely used. For example, a new generation of ASUS latest GigaX2024/2048 products not only support the 802.1X switch the Local, RADIUS authentication, and support the DynamicVLAN 802.1X access, that VLAN and 802.1X based on accounts held by a user users regardless of where within the network access, will go beyond the original 802.1Q Port-based VLAN, under the restrictions, has access to this account within a specified VLAN group, this feature not only for mobile users within the network application of resources provides convenience and flexibility, while applications to protect the security of network resources; addition, GigaX2024/2048 switch also supports 802.1X's GuestVLAN function, that the application of 802.1X, if the port specified GuestVLAN item, under the port access into the user if authentication fails or if not free user account, will be GuestVLAN group members can enjoy this group to the corresponding network resources, such a function can also be applied for the network open to certain groups of minimum resources, and to the network provides the most secure external access.
Flow control (trafficcontrol) Switch flow control can be prevented because the broadcast packets, multicast packets and error because the destination address unicast packet switch bandwidth of data flow anomaly caused by excessive load, and improve overall system performance, maintaining network security stable operation.
SNMPv3 and SSH SNMPv3 security network put forward a new architecture, will focus on all versions of SNMP standards together, thus enhancing network security. SNMPv3 security model proposed is based on the user's security model, that USM.USM messages on the network encryption and authentication is based on users, and specifically, what protocols and keys for encryption and authentication by user name (userNmae ) authoritative engine identifier (EngineID) to decide (recommended encryption protocol CBCDES, authentication protocol HMAC-MD5-96 and HMAC-SHA-96), through authentication, encryption and time to provide data integrity, data origin authentication, data confidentiality and message time services, so as to effectively prevent non-authorized users to manage information changes, camouflage and eavesdropping.
The remote network management via Telnet, Telnet service as a fatal weakness?? It is transmitted in clear text user name and password, so it is easy to steal passwords by people with ulterior motives, being attacked, but were using SSH communication, the user name and password are encrypted, effectively prevent eavesdropping on passwords, network management personnel to facilitate the safety of remote network management.
Syslog and Watchdog
Syslog logging can switch the system error, system configuration, status changes, state periodic report, the system set out the expectations of other users to log messaging server, network management personnel based on that information to master the operating conditions, early problems are identified, timely configuration and troubleshooting to ensure network security and stability in operation.
I am China Products writer, reports some information about kids wheelbarrows , plastic candle mold.
0 comments:
Post a Comment