Network Security Solution for Inner Mongolia Daily Media Group

Pain points and needs

Legal and compliant：Network construction must meet the requirements of the Cybersecurity Law and Level 3 Security Protection 2.0.

Risk positioning：Provide effective detection and interception measures for new types of network attacks represented by ransomware, which can locate risks in a timely manner and provide solutions.

Dynamic collaborative defense：Multiple security devices can dynamically collaborate for defense, enhance comprehensive risk detection and disposal capabilities, and simplify security operations and management work.

The solution

In order to assist Inner Mongolia Daily in implementing various safety requirements for level protection, meet compliance with level protection regulations, and maximize the protection capabilities of security measures, we provide users with a level protection 2.0 solution in accordance with the principle of "one center, triple protection". Firstly, partition the security domains strictly according to the importance of regional functions and the logical characteristics of network usage. Based on the requirements of boundary isolation and access control between security domains, as well as overall planning requirements, security design and protection are carried out to ensure the security of enterprise data and business systems from multiple levels of protection, including external business security, business access and boundary security, and business carrying environment security. On this basis, corresponding solutions will be provided to users at various levels according to the Equal Protection 2.0.

Secure Communication Network：We use DeepTrust SSL VPN devices to ensure secure transmission during communication, meeting the security needs of users for remote access and mobile office. The use of SSL and other communications between terminals and servers and between servers can prevent internal data from being intercepted and stolen during Internet transmission.

Safe zone boundary：The next generation firewall of Shenzhen Shenxin Service is deployed at the Internet exit to provide L2-L7 layer security protection for the business system. At the same time, strict access control policies are configured to achieve comprehensive protection against known threats and ensure the safe operation of the system. Deploy a deep trust internet behavior management device to ensure that the bandwidth of various parts of the network meets the needs of peak business hours, and to visually and controllably monitor user internet behavior. Deploy deep trust link load balancing, deploy server load balancing at server boundaries, and ensure high availability of links and computing devices.

Secure computing environment：Deploy operation and maintenance bastion machines, database audit systems, baseline checks, log audits, and other equipment to ensure the rapid implementation of data center equipment in access control, security auditing, intrusion prevention, and other control points.

Security Management Center：Dividing security management and operation areas, deploying bastion machines, providing secure information transmission paths, and managing security devices or components in the network; The "detection probe+security perception platform" should be able to identify, alert, and analyze various security incidents that occur in the network. At the same time, the "detection probe+security perception platform" can be linked with devices such as the next-generation firewall, internet behavior management, database auditing, etc. of DeepTrust; Deploy a baseline verification system, conduct regular security baseline checks on devices, and scan for vulnerabilities in network assets to identify unsafe configuration items for rectification and reinforcement, ensuring the effectiveness of device security policies.

Program value

Starting from the overall security concept and user demands, we are convinced to build a "perceptible and easy to operate" network wide security brain for Inner Mongolia Daily locally. Based on AC and AF, we will construct a new type of security boundary that integrates security, simplicity, and effectiveness. Under the requirement of compliance, a dynamic protection system with local collaboration and cloud linkage will be established for Inner Mongolia Daily through the linkage of defense, detection, response, cloud protection, and threat intelligence.

Through the service of "Internet hosting service+threat analysis and disposal", we will build a comprehensive "dynamic defense" security system for websites that integrates "defense, detection and response", provide nanny type security services for users, and deliver more effective security capabilities.