Sichuan Changhong Electric Network Access Control Project

Access control requirements

The company's management regulations prohibit unauthorized access to external computers, and require high-level security access control for the company's headquarters and branches to avoid illegal access;

Effectively control terminals that have already connected to the internal network to avoid security risks and leakage incidents.

Terminal management requirements

Internal computers must be installed with antivirus software and meet security compliance requirements. It is prohibited to install illegal software or uninstall office software without authorization;

The company management regulations require registration, authorization, and management of mobile storage media, and unauthorized use of computers within the company is not allowed.

Network security management requirements

The unrestricted access of a large number of internal and external mobile smart devices to the company's wireless network, without authorization, auditing, and classified management of users and devices accessing the wireless network, poses security risks;

After the company built the network access system, the user needs to be authenticated when accessing the company's intranet, and also when accessing the Internet. The user needs to input many times, and the experience is poor. The unification of intranet authentication and internet authentication has not been achieved, and single sign on has been achieved.

Solution

1. Terminal network access control

The UniNAC system of Lianruan has been deployed in the Chengdu Science and Technology Building and Mianyang Headquarters (Science and Technology Center, Trade Center), and is linked with the existing SSO and LDAP of Sichuan Changhong to achieve unified access identity verification and compliance checks for all computers connected to the company's wired network, reject illegal access from external computers, and implement real name authentication for internal computers; And implement differentiated management of network access permissions between internal and external user computers; Strengthen the security protection of the company's network boundaries.

2.Office terminal operation and maintenance management

By deploying the UniAccess system and linking it with SSO, LDAP, and UniNAC, the UniAccess Security Assistant (UniAccessAgent) can be forcibly deployed to all internal computers of the company through network access. This enables efficient desktop operation and maintenance management of all internal terminals, such as asset management, remote assistance, software distribution, and security management of all internal terminals, including system patches, process/software blacklists, peripherals and ports, host security, and mobile storage media management.

3.Wireless device network access control

Unified network access is achieved for all devices accessing wireless networks through the UNACC5000 system, and fingerprint authentication technology is used to enable authentication without the need for repeated identity input during a single login within the validity period.