0512-80682876
ada_sun@cipon.net
1. Overall project requirements:
• Realize wired and wireless access control in the headquarters campus;
• Using a certain branch of Shenzhen Airlines as a pilot to achieve network access for its internal wired and wireless users;
• Other branch offices that are interconnected with the headquarters in the form of dedicated lines and various business departments that are connected to the headquarters through IPsec VPN implement access control when accessing company resources.
2. Intelligent discovery and recognition of devices:
• Device discovery function: It is necessary to accurately locate how many terminals are on the network, and accurately locate the IP addresses of the terminals MAC、 Information on the person, department, and access location;
• Device classification: It needs to be automatically classified according to device types, including Windows terminals, IOS terminals, Android terminals, printers, access control, IP phones, etc.
3.Access control requirements:
• All terminals require the use of agentless access, and user access types include: public users, regular users, wireless users, dumb terminal users (IP phones, printers, access control, cameras), and visitors;
• Require convenient access but prevent IP address or MAC address spoofing;
• Request to implement single sign on functionality with Deep Trust AC;
•Require integration with third-party authentication systems to achieve single sign on functionality.
By centrally deploying the Lianruan IT security operation and maintenance management software, unified security control is implemented for terminals accessing the company's wired and wireless office networks, while supporting various access scenarios including internal employees, external visitors, outsourced personnel, etc. The specific control measures are as follows:
n Quick discovery and intelligent classification of n devices:
It can accurately locate all terminals on the network and automatically discover terminal IP addresses MAC、 Information on the person, department, and access location;
Terminal classification: Through DHCP feature codes and traffic analysis, the terminal type can be accurately located, and Windows terminals, IOS terminals, Android terminals, printers, access control, IP phones, etc. can be automatically identified and classified.
n Implement seamless authentication for the entire company's Portal:
Intelligent design of different access solutions for different user types to meet the complex control needs of Shenzhen Airlines, as follows:
• Ordinary user access: For the first access, enter the AD username and password for identity verification. After successful verification, the system automatically obtains fingerprint information. Within the validity period of the fingerprint, the user does not need to authenticate again;
• VIP customer access: Fingerprint information can be obtained through DHCP, and administrators can manually add them to the whitelist. VIP customers do not need authentication;
• Mute terminal access: The backend of Lianruan automatically discovers mute terminal devices and adds them to the fingerprint database, thereby achieving authentication free access;
• Static IP terminal access: Through IP address release, IP address spoofing can be achieved based on IP+MAC binding;
•Support linkage with Deep Trust AC to achieve single sign on;
• Classifyable settings for visitor and internal employee fingerprint validity period and network access permissions
This solution is developed by Lianruan Technology in combination with the relevant needs of Shenzhen Airlines, through the design of access control, centralized operation and maintenance of office terminals, and security strategies for office terminals. It is a complete set of terminal security solutions that can fully meet the risk control, regulatory compliance, and daily operation and maintenance needs of Shenzhen Airlines' terminal environment. By implementing this plan, the following effects can be achieved:
n Compliance access control:
• Can achieve wired, wireless, and visitor access control for Shenzhen Airlines office network, avoiding illegal personnel and terminals with security risks from accessing the network;
• Each terminal can be managed and must be subject to management;
• Through centralized management of access control and desktop security, ensure that the management requirements related to Shenzhen Airlines' network security are "implementable, executable, verifiable, and optimizable".
n Terminal security guarantee:
• Strengthen the security of Shenzhen Airlines' office network computers, reduce security vulnerabilities, effectively reduce various security risks in the office network, and improve the continuity of office network business;
• By using security status as a prerequisite for terminal access control, access control technology ensures that the terminal is in good security condition before accessing office network resources;
• Through terminal self inspection, real-time monitoring of terminal security status helps administrators clearly understand the current network health status.
n Improved operational efficiency:
• Implement centralized terminal management to ensure real-time management, controllability, and auditability of Shenzhen Airlines' terminal security; Administrators are fully aware of the allocation and changes of all assets at any time, and branch administrators can also timely understand the terminal operation status of their respective companies through the platform;
• Automatically identify terminal types and dynamically issue security control strategies to improve operational efficiency.