Product Details
Place of Origin: China
Brand Name: NetTAP®
Certification: CCC, CE, RoHS
Model Number: NT-FTAP-48XE
Payment & Shipping Terms
Minimum Order Quantity: 1 SET
Price: Can Discuss
Packaging Details: Outer Carton plus Inner Foam
Delivery Time: 1-3 Working Days
Payment Terms: L/C, D/A, D/P, T/T, Western Union, MoneyGram
Supply Ability: 100 sets per month
Data Monitoring: |
Real-time And Historical Traffic Trend Monitoring |
Anti-ddos Solution: |
Nanosecond Response, Separation Of Inspection And Control, Flexible Management |
Bank Application Need Data Masking: |
To Avoid The Leakage Of Sensitive Information Data By The Back-end Analysis System |
Bank Customer Value: |
Make Effective Use Of Network Bandwidth To Improve Enterprise Benefits, Reduce Risks, Improve User Satisfaction |
Applications:: |
Ata Center Of Telecom, Broadcasting, Government, Finance, Energy, Power, Petroleum, Hospital, School, Enterprise And Other Industries |
Related Solutions:: |
Network Visibility, Network Monitor, Network Security, Network Analytics, Data Center, Traffic Management, Traffic Optimize |
Data Monitoring: |
Real-time And Historical Traffic Trend Monitoring |
Anti-ddos Solution: |
Nanosecond Response, Separation Of Inspection And Control, Flexible Management |
Bank Application Need Data Masking: |
To Avoid The Leakage Of Sensitive Information Data By The Back-end Analysis System |
Bank Customer Value: |
Make Effective Use Of Network Bandwidth To Improve Enterprise Benefits, Reduce Risks, Improve User Satisfaction |
Applications:: |
Ata Center Of Telecom, Broadcasting, Government, Finance, Energy, Power, Petroleum, Hospital, School, Enterprise And Other Industries |
Related Solutions:: |
Network Visibility, Network Monitor, Network Security, Network Analytics, Data Center, Traffic Management, Traffic Optimize |
Network TAP in Bank Data Center Anti-DDos Attack for Financial Network Security
1. Overviews
DDOS is the abbreviation of Distributed Denial of Service, which means "Denial of Service". What is Denial of Service?To put it this way, any behavior that can cause legitimate users to be unable to access normal network services is a denial of service attack.That is to say, the purpose of denial of service attack is very clear, that is, to block legitimate users access to normal network resources, so as to achieve the attackers hidden purpose.Although also is the denial of service attack, DOS and DDOS is different, DDOS attack strategy focused on by many "bots" (by attackers invade or indirect use of the host) to the victim host sends a large number of seemingly legitimate network packet, resulting in network congestion or server resource depletion and cause denial of service, the distributed denial of service attack, once implemented, attack the network packet will flock to suffer like floods, host to legitimate users of the network packet, the network resources to the normal legal users can't access the server, therefore,Denial of service attacks are also known as "Flood attacks". Common DDOS attacks include SYN Flood, ACK Flood, UDP Flood, ICMP Flood, TCP Flood, Connections Flood, Script Flood and Proxy Flood.DOS, on the other hand, focuses on network stack failure, system crash, host crash and failure to provide normal network service functions by exploiting host specific vulnerabilities, resulting in denial of service. Common DOS attacks include TearDrop, Land, Jolt, IGMP Nuker, Boink, Smurf, Bonk, OOB, etc.In terms of these two kinds of denial of service attacks, the main harm is DDOS attacks, because it is difficult to prevent, as for DOS attacks, by patching the host server or installing firewall software can be well prevented, the article will explain how to deal with DDOS attacks.
Defense Anti-DDoS attacks
1. Filter unnecessary services and ports
Tools such as Inexpress, Express, Forwarding can be used to filter out unnecessary services and ports, that is, to filter out fake ips on routers.
2. Cleaning and filtering of abnormal flow
Through the DDoS hardware firewall to clean and filter abnormal traffic, through the packet rules filtering, data flow fingerprint detection filtering, and packet content customization filtering and other top technology can accurately determine whether the external access flow is normal, further prohibit the filtering of abnormal traffic.
3. Distributed cluster defense
This is currently the most effective way to defend the network security community against large-scale DDoS attacks.If one node is attacked and cannot provide services, the system will automatically switch to another node according to the priority setting, and return all the attacker's packets to the sending point, so that the attack source becomes paralyzed, affecting the security implementation decision of the enterprise from the perspective of deeper security protection.
4. High security intelligent DNS resolution
The perfect combination of intelligent DNS resolution system and DDoS defense system provides enterprises with super detection function against emerging security threats.At the same time there is downtime detection function, at any time can be disabled server IP intelligence to replace the normal server IP, for the enterprise network to maintain a never down state of service.
2. Intelligent Traffic Processing Abilities(Part)
ASIC Chip Plus Multicore CPU
480Gbps intelligent traffic processing capabilities
Data Filtering
Supported L2-L7 packet filtering matching, such as SMAC, DMAC, SIP, DIP, Sport, Dport, TTL, SYN, ACK, FIN, Ethernet type field and value, IP protocol number, TOS, etc. also supported flexible combination of up to 2000 filtering rules.
Real-time Traffic Trend Monitoring
Supported real-time monitoring and statistics on port-level and policy-level data traffic, to show the RX / TX rate, receive / send bytes, No., RX / TX the number of errors, the maximum income / hair rate and other key indicators.
NetTAP® Visibility Platform
Supported NetTAP® Matrix-SDN Visual Control Platform Access
1+1 Redundant Power System(RPS)
Supported 1+1 Dual Redundant Power System
NT-FTAP-48XE Network TAP NPB.pdf
4. Typical Application Structures
NetTAP® eliminates the problem of a DDoS attack on XXX bank's data center through three layers of the solution: management, detection, and cleaning.
1) Nanosecond response, fast and accurate.Business model traffic self-learning and packet by packet depth detection technology are adopted. Once abnormal traffic and message are found, the immediate protection strategy is launched to ensure that the delay between attack and defense is less than 2 seconds.At the same time, the abnormal flow cleaning solution based on layers of filter cleaning train of thought, through the seven layers of flow analysis processing, from IP reputation, the transport layer and application layer, feature recognition, session in seven aspects, the network behavior, the traffic shaping to prevent identification filtering step by step, improve the overall performance of the defense, effective guarantee of the XXX bank data center network security.
2) separation of inspection and control, efficient and reliable.The separate deployment scheme of the test center and the cleaning center can ensure that the test center can continue to work after the failure of the cleaning center, and generate the test report and alarm notification in real time, which can show the attack of XXX bank to a large extent.
3) flexible management, expansion worry-free.Anti-ddos solution can choose three management modes: detection without cleaning, automatic detection and cleaning protection, and manual interactive protection.The flexible use of the three management methods can meet the business requirements of XXX bank to reduce the implementation risk and improve the availability when the new business is launched.
Customer Value
1) make effective use of network bandwidth to improve enterprise benefits
Through the overall security solution, the network security accident caused by DDoS attack on the online business of its data center was 0, and the waste of network outlet bandwidth caused by invalid traffic and the consumption of server resources were reduced, which created conditions for XXX bank to improve its benefits.
2) Reduce Risks, ensure network stability and business sustainability
The bypass deployment of anti-ddos equipment does not change the existing network architecture, no risk of network cutover, no single point of failure, no impact on the normal operation of the business, and reduces the implementation cost and operating cost.
3) Improve user satisfaction, consolidate existing users and develop new users
Provide users with a real network environment, online banking, online business inquiries and other online business user satisfaction has been greatly improved, consolidate user loyalty, to provide customers with real services.
