Government Industry

Confronting the deepening and generalized trend of network security threats, Surfilter, centering on urgent requirements of domestic and overseas governments, enterprises, and the public for a secure network environment, has concentrated on creating five network security tools based on its over ten years of technical accumulations and practical experience.

Background Overview

E-governance is a new trend in government management in this information-based society. The implementation of e-governance is an important measure to create a cost-effective and efficient government. We should strengthen construction of e-governance and speed up the establishment of an efficient government, so as to keep pace with this information age.

According to different network security and network requirements, the construction of a government network system can be divided into physically isolated intranet and extranet. The government extranet lays particular emphasis on having a unified portal site for public administration department on the internet, the separation of government affairs between various public administration departments, and an online service platform. It is a platform and window for public administration to conduct publicity, image display, and communication with the public and enterprises, and for business acceptance and consulting.

Requirements Analysis

In traditional e-governance network construction, it is easy to ignore network security in the design, and there exist many potential risks. The security risk analysis is as follows:

The core backbone network lacks intrusion prevention capabilities, and user access and core backbone links in the cloud platform lack intrusion prevention measures, leading to potential risks.

1. Lack audit means for system access. Network security administrators don’t know the system operation and access status, cannot promptly find existing security risks in the system, and don’t know who has accessed various business systems in the entire production network.

2. Lack of site-specific monitoring and management mechanisms. It is nearly impossible to control the security status of sites in real time, leading to potential security risks. The development of web applications has led to online systems exerting an increasingly important role, however, at the same time, more and more online systems are frequently attacked due to security risks. Sensitive online data and webpages are tampered and may even become the puppet to spread Trojans, eventually causing more damage to visitors and result in serious losses.

3. Internal security virtualization cluster. Data exchange between virtual machines within the same physical machine does not pass through the traditional network access layer switch, which directly leads to the failure of many traditional security methods, inability to isolate the control between virtual machines, and other problems like inability to monitor and audit traffic data between virtual machines. Furthermore, current traditional host-based security protection cannot adapt to the virtual machine environment. At the same time, the virtualized network structure makes it difficult to achieve traditional sub-domain protection, and virtualized service delivery also makes it difficult to identify, control and audit user ID, permissions and behavior.

4. Lack regulatory measures for cloud platforms. Cloud platforms host substantial business systems, so it is vital for administrators to conduct audits and maintain control of permissions on the cloud platform.

5. Hidden dangers exist in mobile applications, and it has become a trend to obtain relevant information, handle business, and make payments through mobile APPs. However, due to frequent vulnerabilities in smartphone operating systems, especially in the Android platform, such as arbitrary rooting and privilege management issues, the operating environment of mobile applications is not secure. Connection to mobile terminals and requests for data access place an additional burden on network security.


Adhering to the Implementation Opinions on the Protection of Information Security Levels (GTZ [2004] No. 66) and Notice on the Basic Investigation on Information System Security Level Protection (GXA [2005] No. 1431), the solution implemented a security level protection system in line with national standards, as well as deployed corresponding security equipment in different boundary areas.

1. A next-generation firewall and intrusion prevention system was deployed in the boundaries of backbone networks, to protect against external network attacks.

2. A network security audit system and online behavior management system were deployed in the core exchange, to analyze the application layer protocol, effectively control illegal online behavior, and perform local log retention of online behavior.

3. A web application firewall, webpage anti-tampering, and database auditing system were deployed in the server, to effectively protect against website attacks, as well as strengthen database auditing and leakage prevention mechanisms.

4. A virtual firewall was deployed within the virtualized cluster, to protect the east-west traffic inside the cloud platform.

Scheme Effect

1. Establish network-level security protection and defense system at the technical level and management level.

2. Realize visual management and protection against government network security attacks.

3. Cooperate with relevant regulatory authorities to establish effective information security notification and emergency response mechanisms.