|Place of Origin:||China|
|Certification:||CCC, CE, RoHS|
|Minimum Order Quantity:||1 SET|
|Packaging Details:||Outer Carton plus Inner Foam|
|Delivery Time:||1-3 Working Days|
|Payment Terms:||L/C, D/A, D/P, T/T, Western Union, MoneyGram|
|Supply Ability:||100 sets per month|
|Data Monitoring:||Real-time And Historical Traffic Trend Monitoring||Anti-ddos Solution:||Nanosecond Response, Separation Of Inspection And Control, Flexible Management|
|Bank Application Need Data Masking:||To Avoid The Leakage Of Sensitive Information Data By The Back-end Analysis System||Bank Customer Value:||Make Effective Use Of Network Bandwidth To Improve Enterprise Benefits, Reduce Risks, Improve User Satisfaction|
|Applications::||Ata Center Of Telecom, Broadcasting, Government, Finance, Energy, Power, Petroleum, Hospital, School, Enterprise And Other Industries||Related Solutions::||Network Visibility, Network Monitor, Network Security, Network Analytics, Data Center, Traffic Management, Traffic Optimize|
Anti DDos Attack Network Security Services,
DMAC Network Security Services,
SMAC Network Security Service
Network TAP in Bank Data Center Anti-DDos Attack for Financial Network Security
DDOS is an acronym for Distributed Denial of Service, which means "denial of service". What is Denial of Service? In other words, any behavior that may prevent legitimate users from accessing normal network services is a denial of service attack. That is to say, the purpose of the denial of service attack is very clear, that is, to prevent legitimate users from accessing normal network resources, so as to achieve the purpose of the attacker's concealment. Although it is also a denial of service attack, DOS and DDOS are different. Many "robots" (through the attacker's intrusion or indirect use of the host) focus on the DDOS attack strategy to send a large number of seemingly legitimate network packets to the victim host, causing network congestion or server resources. Exhaustion and lead to denial of service, once the distributed denial of service attack is implemented, the attack network data packets will swarm like a flood, hosted to the legitimate users of the network data packets, and the network resources cannot be accessed by normal legitimate users. Therefore, the denial of Service attacks are also known as "flood attacks". Common DDOS attacks include SYN Flood, ACK Flood, UDP Flood, ICMP Flood, TCP Flood, Connections Flood, Script Flood, and Proxy Flood. On the other hand, DDOS is mainly aimed at network stack failures, system crashes, host crashes, and host-specific vulnerabilities that cannot provide normal network service functions, resulting in denial of service. Common DOS attacks include TearDrop, Land, Jolt, IGMP Nuker, Boink, Smurf, Bonk, OOB, etc. As far as these two denial-of-service attacks are concerned, the main hazard is DDOS attacks because it is difficult to prevent. As for DOS attacks, they can be well prevented by patching the host server or installing firewall software. This article will explain how to deal with DDOS attacks.
Defense Anti-DDoS attacks
1. Filter unnecessary services and ports
Inexpress, Express, Forwarding and other tools can be used to filter out unnecessary services and ports, that is to say, filter out fake ip on the router.
2. Cleaning and filtering of abnormal flow
Clean and filter abnormal traffic through the DDoS hardware firewall, and use top-level technologies such as data packet rule filtering, data flow fingerprint detection filtering, and data packet content customization filtering to accurately determine whether external access traffic is normal, and further prohibit filtering of abnormal traffic.
3. Distributed cluster defense
This is currently the most effective way to protect the cybersecurity community from massive DDoS attacks. If a node is attacked and cannot provide services, the system will automatically switch to another node according to the priority setting, and return all the attacker's data packets to the sending point, paralyzing the source of the attack and affecting the enterprise from a deeper security protection perspective security implementation decisions.
4. High security intelligent DNS analysis
The perfect combination of intelligent DNS resolution system and DDoS defense system provides enterprises with super detection capabilities for emerging security threats. At the same time, there is also a shutdown detection function, which can disable the server IP intelligence at any time to replace the normal server IP, so that the enterprise network can maintain a never-stop service state.
2. Intelligent Traffic Processing Abilities(Part)
ASIC Chip Plus Multicore CPU
480Gbps intelligent traffic processing capabilities
Supported L2-L7 packet filtering matching, such as SMAC, DMAC, SIP, DIP, Sport, Dport, TTL, SYN, ACK, FIN, Ethernet type field and value, IP protocol number, TOS, etc. also supported flexible combination of up to 2000 filtering rules.
Real-time Traffic Trend Monitoring
Supported real-time monitoring and statistics on port-level and policy-level data traffic, to show the RX / TX rate, receive / send bytes, No., RX / TX the number of errors, the maximum income / hair rate and other key indicators.
NetTAP® Visibility Platform
Supported NetTAP® Matrix-SDN Visual Control Platform Access
1+1 Redundant Power System(RPS)
Supported 1+1 Dual Redundant Power System
4. Typical Application Structures
NetTAP® eliminates the problem of a DDoS attack on XXX bank's data center through three layers of the solution: management, detection, and cleaning.
1) Nanosecond response, fast and accurate.Business model traffic self-learning and packet by packet depth detection technology are adopted. Once abnormal traffic and message are found, the immediate protection strategy is launched to ensure that the delay between attack and defense is less than 2 seconds.At the same time, the abnormal flow cleaning solution based on layers of filter cleaning train of thought, through the seven layers of flow analysis processing, from IP reputation, the transport layer and application layer, feature recognition, session in seven aspects, the network behavior, the traffic shaping to prevent identification filtering step by step, improve the overall performance of the defense, effective guarantee of the XXX bank data center network security.
2) separation of inspection and control, efficient and reliable.The separate deployment scheme of the test center and the cleaning center can ensure that the test center can continue to work after the failure of the cleaning center, and generate the test report and alarm notification in real time, which can show the attack of XXX bank to a large extent.
3) flexible management, expansion worry-free.Anti-ddos solution can choose three management modes: detection without cleaning, automatic detection and cleaning protection, and manual interactive protection.The flexible use of the three management methods can meet the business requirements of XXX bank to reduce the implementation risk and improve the availability when the new business is launched.
1) make effective use of network bandwidth to improve enterprise benefits
Through the overall security solution, the network security accident caused by DDoS attack on the online business of its data center was 0, and the waste of network outlet bandwidth caused by invalid traffic and the consumption of server resources were reduced, which created conditions for XXX bank to improve its benefits.
2) Reduce Risks, ensure network stability and business sustainability
The bypass deployment of anti-ddos equipment does not change the existing network architecture, no risk of network cutover, no single point of failure, no impact on the normal operation of the business, and reduces the implementation cost and operating cost.
3) Improve user satisfaction, consolidate existing users and develop new users
Provide users with a real network environment, online banking, online business inquiries and other online business user satisfaction has been greatly improved, consolidate user loyalty, to provide customers with real services.
Contact Person: Jerry
Network Benefit: The safety, stability and efficiency of the Internet are directly related to operating income and business quality
Network Reliability and Security: There are more and more businesses operating on the Internet, and more and more end users, which means more and more traffic carried on the Internet, more and more complex protocols, and more and more serious security threats
NetTAP Mangement: Supported NetTAP® Matrix-SDN Visual Control Platform Access
Network Data or Packet Filtering: Supported L2-L7 packet filtering matching, such as SMAC, DMAC, SIP, DIP, Sport, Dport, TTL, SYN, ACK, FIN, Ethernet type field and value, IP protocol number, TOS, etc. also supported flexible combination of up to 2000 filtering rules.