Project Background
Adopting advanced technical means, the system can monitor the operating condition of all websites and services in the Water and Soil Machine Room’s IDC in real time, promptly discover illegal content in the IDC and carry out real-time and effective technical processing to realize "Real-time, Intelligent and Fully-automatic" IDC security audit and information supervision.
Requirement Analysis
1) The primary and backup links for the Water and Soil IDC's export bandwidth were expanded by 2*100 GE (1*100 GE for internal horizontal networks at all levels), respectively, while expanding internal network bandwidth, security protection, DPI system and information security management platform.
2) In this Phase, the development goal for the Provincial Port Execution System of the Water and Soil Machine Room was to meet the standard functions of the Ministry of Industry and Information Technology and the Group’s assessment requirements, to implement module function for EU-information security management and composition function for the IDC log of the new 400G link in combination with the actual functional needs of the end users, as well as the monitoring function for bad information (textual and pictures) on the internet.
3) According to the latest standards and assessment requirements, the complete interfaces needed to be established with other modules of the IDC Information Security Management System (CU, unified DPI, network log retention system, etc.) in the live network, to realize security audit and information supervision of the Water and Soil Computer Room’s newly-built IDC Network.
Solution
The EU Hardware-Software Integration Equipment receives filtered traffic data from the unified DPI equipment for data collection, to realize access to log management and illegal information monitoring. It has external interfaces with the CU system and the network log retention system, and internal interfaces with the unified DPI device.
Control platform CU: Responsible for interfacing with the safety supervision system, website filing management system and provincial port execution system; issuing illegal information rules, illegal websites, filter-free lists, and monitoring & filtering instructions to the EU; receiving result data and return instruction returned by the EU; sending a query instruction to the DU to access the log query and receive the log query result returned from the DU; synchronizing the website to log data and interface with the communications administration's information security system at the same time, to realize interfacing between the province-level security system and the enterprise-level security system.
System Deployment/Network Topology Diagram
Application Effect/Feedback
The solution realized network information security management, basic data management, access log management and bad information management in the internet for the Water and Soil Machine Room, playing a role in ensuring illegal information monitoring and disposal, and also meeting the needs of the Ministry of Industry and Information Technology for enterprise-level information security management monitoring.