Case

Liaoning Credit Center
  18 Oct 2018From: 

Project Background


Liaoning Credit Center was established in March 2010 under the leadership of the Provincial Development and Reform Commission and the Construction Leading Group Office for Provincial Social Credit System. It is a public institution directly under the Liaoning Information Center and a collection agency for provincial credit data, designated by the provincial government. The Provincial Credit Center is responsible for construction, improvement, operation and maintenance of the whole province's credit-data exchange platform, credit evaluation system and related websites. It provides technical support and platform services for collection of social credit information, and is also responsible for collection, sorting, processing, release and management of credit information in the province. It also publishes the journal Credit Liaoning and assists municipalities and provincial departments to do a good job in constructing the social credit system.


With the rapid development of internet technology, threats such as network attacks and network viruses are becoming more diverse and there are worsening consequences. Existing network security equipment can no longer meet the needs of the Credit Center. Due to the criticality of the network system, Liaoning Credit Center decided to comprehensively develop its network system security in accordance with the Level 3 protection standards required by the government system.


Requirement Analysis


After onsite inspection by Surfilter's technical engineer, it was found that the firewall system of the Provincial Credit Center had been used for many years and the equipment’s performance was low, and couldn’t meet actual user needs. Web application systems lacked professional protection equipment. There were security vulnerabilities in the management of servers and core equipment. There was also no security audit system for post-event tracking, furthermore, there were many loopholes in the network.


Therefore, Surfilter's technical engineers suggested that Credit Center should use its next generation firewall NGSA, to form a dual-computer protection for the network exit point. The WAF system’s web firewall was set up in front of the web application to professionally protect online publishing. Bastion Host’s HAC system was deployed in the server to realize equipment security control and audit. The network audit system was deployed to conduct security audits of inbound and outbound internet data traffic. The vulnerability scanning system was deployed in the network to analyze vulnerability of the network equipment and network system.


Solution


Surfilter's two next-generation firewalls NGSA were used to establish a dual-computer system to ensure security of network exit point of the Provincial Credit Center’s network. The NGSA system not only has a firewall, but also has an IPS function, antivirus function, internet behavior management and other functional modules, to provide diversified protection for network user exits.


The web application firewall WAF system was deployed in the front-end of the web application to realize secure access to the credit platform system by online users. As the application firewall, Surfilter's SURF-WAF is designed to protect application servers such as the web server and webmail, which can be used for security modeling for security events, conduct regular scans, and protect and diagnose security vulnerabilities, attack methods and final attack results, providing a comprehensive security solution for web applications.


Bastion Host’s HAC system was deployed to manage and audit server, switch, firewall and other equipment security. Surfilter's Cloud HAC, also called Cloud Bastion Host, is a system and component used by Surfilter's Network Technology Co., Ltd. to provide security control for cloud computing based on years of research and development. It mainly includes a gateway, a management system and a log monitoring and analysis system for the Cloud Bastion Host. It supports security protection management and control for VMware Vsphere Cloud Platform, Openstack Cloud Platform, Xen Server Cloud Platform, Windows Server, Linux Server and other cloud platforms and servers.


The Network Audit System was deployed to conduct security audits of inbound and outbound internet data traffic. Surfilter's SA Equipment for Network Security Management System provides a comprehensive information security management solution. Our products can record various network activities within the network in detail. They utilize a flexible grouping strategy for control and audit of network users' behavior through various means, to realize detailed and quantitative audit and management. The solution provides in-depth log analysis to generate rich and diverse statistical reports; active and effective protection of user-focused information, enabling managers to more effectively strengthen network management; and effective basis for standardizing network management and making correct management decisions, enabling users to use the network safely, with high efficiency and in compliance with rules and regulations, ultimately leading to improved productivity. By deploying and applying Surfilter's SA products, real "compliance" management can be effectively implemented, whether it is for national laws and regulations (such as "Order 82 of the Ministry of Public Security") or internal network usage regulations.


The Vulnerability Scanning System was deployed in the network to analyze network equipment and system vulnerability. Surfilter's vulnerability scanning system, firewall and intrusion detection system work with each other and effectively improve network security. By scanning the network, the network administrator can understand security settings and application services on the network, discover security vulnerabilities in time, and objectively assess network risk level.


Typical Deployment


Solution Value


By deploying Surfilter's network security products, Liaoning Credit Center’s network system security was comprehensively improved, ensuring the network was more safely connected to the E-governance Extranet, and the security of the web application publishing system was ensured, laying a strong network security foundation for Liaoning Credit Center’s network system to successfully pass the three-level protection evaluation.