|
|
Effects of SINFOR Internet
Access Management |
|
Advantages of SINFOR Internet
Access Management |
|
Function list of SINFOR Internet
Access Management |
|
|
|
| As
Internet access prevails and bandwidth is broadened,
employees enjoys increasingly convenient conditions
to surf Internet, however, owing to absence of an effective
management system, enterprises are facing more and more
threats from Internet, abuse of Internet has become
a bigger concern of many enterprises. According
to IDC¡¯s survey about use of Internet over global
enterprises, employee¡¯s working hours are full of
various unauthorized activities associated with Internet
use, unauthorized mail, e.g. send/receive mail, visit
web sites having nothing to do with job, music/movie
BT download, enjoy dream media over Internet. To present
the status quo in figures, among all employee¡¯s Internet
activities during working hours, 30%-40% has nothing
to do with their jobs.
Furthermore, due to absence of strict management,
such Internet abuse behavior of employees result in
virus dissemination cross enterprise intranet, business
information disclosure, now it has become the biggest
threat to enterprise¡¯s network security.
According to a survey made by CSI/FBI, the loss of
enterprises and governmental agencies arising of theft
of important information, is far more than that owing
to virus and hacker attack, at least 80% risks of
security exist in inside of organizations. In the
meantime, China Ministry of Public Security publishes
its recent statistics, 70% disclosure activities are
committed by internal personnel of organization; more
than 80% organizations using computer have not yet
established security management system, technical
actions and system.
SINFOR Internet Access Management device
(SINFOR AC) provides a sound internet access management
solution.
First, to internal users of enterprise,
SINFOR AC equipment carries out strict authentication,
e.g. user name / password, Web authentication, and
it supports the third-party authentication like RADIUS,
LDAP; second, SINFOR AC device can allocate different
Internet authority for different intranet users, and
can divide all its departments into groups, each group
is allocated different access authority. In addition,
SINFOR AC device¡¯s URL filter, keyword filter, limits
of upload and download, upload and download content
test completely shield unauthorized visit to sexy
sites, game play, use of BT, QQ, etc. In addition,
its meticulous bandwidth management and flow control
allow for limiting access bandwidth of different users
and groups, thus keep enterprise¡¯s Internet bandwidth
under orderly management.
Moreover, SINFOR AC device provides meticulous visit
tracking and powerful audit functions, allowing it
to exactly log intranet users¡¯ internet activities,
present Internet logs of all users, provide true statistics
of intranet use for reference of network administrator
and decision-maker, meanwhile, it can disclaim legal
responsibilities of organizations.
|
|
|
|
Effects of SINFOR Internet
Access Management |
|
Advantages of SINFOR Internet
Access Management |
|
Function list of SINFOR Internet
Access Management |
|
|
|
| SINFOR Internet Access Management
device will help users realize robust employee Internet
Management, and achieve the following effects:
1. Correctly guide employees¡¯
Internet activities (e.g. ban chat/game play during
working hours), raise the efficiency of the Internet.
According to statistics of IDC, among
all employee¡¯s Internet activities during working
hours, 30%-40% (such as chat, game, shopping) has
nothing to do with their jobs. Broad band access allows
enterprise to access Internet 24 hours, this will
surely lead to spend more attention and time in Internet
therefore slowing down their work at hand. SINFOR
Internet Access Management device can minimize employee¡¯s
Internet activities having nothing to do with their
jobs, prevent their distraction and keep them dedicated
and attentive.
2. Flow control, bandwidth management,
improve bandwidth utilization efficiency
SINFOR AC device provides bandwidth
flow management function, which can accurately set
bandwidth or flow of service or users. In the meantime,
AC¡¯s NDC (Network Data Center) records, analyzes all
Internet activities and presents trend report. Through
the graph data and report, user can intuitively know
which services occupy valuable resources of WAN: web
surfing, send/receive mail or crazy P2P download.
Likewise, we can also know which employee is impressive
in online shopping, which department watch online
movies most frequently during working hours.
Based on these information of Internet use, the administrator
can formulate management policies the most suitable
for their organization structure and Internet visit.
3. Powerful
audit and report function protects internal data security,
prevent secret disclosure
As email has been widely used as a communication tool
in enterprises, employee can easily send out some
key information of an enterprise over Internet, the
disclosure of key commercial, technical information
will result in unrecoverable loss to enterprises.
4. Relieve legal responsibilities
of enterprises
Today, some employees may visit sexy, anti-government
web sites, release illegal comments or commit criminals
using the Internet access that enterprise provides.
Such Internet activities may lead enterprise to some
litigation. SINFOR AC¡¯s Employee Internet Management
device can successfully shield these problem or suspect
sites, free enterprises from such potential troubles.
5.Powerful gateway
anti-virus function, keep enterprises away from virus
from Internet
With the rapid growth of Internet technology, enterprises
becomes more and more dependent on Internet, e.g.
visits to web pages, upload and download of information
resources, send/receive email, these may become the
media carrying virus. So enterprises may need an approach
to block virus when they visit Internet resources
so as to ensure every day¡¯s normal work and prevent
virus infection throughout LAN, in this sense, killing
virus at gateway is essential to a secure Intranet.
|
|
|
|
Effects of SINFOR Internet
Access Management |
|
Advantages of SINFOR Internet
Access Management |
|
Function list of SINFOR Internet
Access Management |
|
|
|
SINFOR M5X000£AC Internet Access Management
is a leading total solution of internet activity
management. SINFOR AC provides powerful Internet
control, effectively prevents employees abusing
Internet during working hours, therefore significantly
promote employees¡¯ working efficiency and enterprise¡¯s
productivity.
SINFOR AC can put end to employees¡¯ visit to vicious
websites and dangerous resources by properly setting
employee¡¯s Internet authority and rules of Internet
permit, stop spy software, malignant codes implanting
risks into enterprise intranet.
Second, powerful gateway anti-virus functions always
stop virus from Internet outside the door of enterprise
intranet.
Besides, SINFOR AC provides bandwidth management
and flow control function, which allows enterprises
to allocate limited bandwidth resources in reasonable
manner, give priority to the transfer of important
resources.
SINFOR AC Employee Internet Management device can
help enterprise: Regulate employee internet activities,
promote employees¡¯ working efficiency, reduce risk
of disclosure, relieve legal responsibilities, shield
virus from Internet, protect total security of intranet.
Strongest
Internet content identification ability
¡ô In-depth content detection technology: statistic-based
content test technology can conduct overall identification
over Internet contents, including identification
over encrypted contents and intelligent testing
over Internet activities.
¡ô Can identify not only non-encrypted applications,
but also encrypted applications, e.g. encrypted
IM, P2P, etc.
¡ô Can identify not only know P2P applications, but
also unknown P2P applications in the future.
¡ô Can identify not only WEB flow, but also encrypted
SSL flow.
¡ô Can realize full-facet control over instant software
such as MSN, YAHOO messenger, QQ, Flashget, SKYPE,
P2P software like BT, Emule.
¡ô Certificate link test technology, able to verify
the legality of the SSL certificate with its superior
root certificate, disable phishing software to counterfeit
a legal website to cheat users.
Higher performance
¡ô High-end device employing special network platforms
based on multiple cores, today the top-end device
is 32-core platform.
¡ô Log center is independently deployed, exerts no
impact on gateway performance, supports immense
analysis
¡ô Now it is able to support 40,000 concurrent users,
and will acquire the capacity to support 100,000
concurrent users later.
Intranet
safety protection
¡ô It protects against DOS attacks from intranet
machines, prevent gateway device suffering jam because
some machines send great deal of packs, thus avoid
this case in which other users can¡¯t visit Internet
as usual
¡ô It protects against ARP fraud by intranet machines
¡ô Auto report generation and sending function, administrator
can customize reports, including flow report, Internet
visit report, safety permit report, etc.
Exclusive
Network Access Rules (Patent)
¡ô Enterprise security risks are often caused by
network users who are lack of safety precautions.
In order to fundamentally eliminate internal network
security risks, reduce network users with spy ware,
virus risks. SINFOR innovative technology uses network
access rules technology.
¡ô Network visit permit rule is security policy of
intranet computer that administrator preset in SINFOR
AC Employee Internet Management. In other words,
security policy is a specific security standards.
For example, whether computer OS is installed with
the system patches that administrator defined; whether
user¡¯s PC is installed with appropriate anti-virus
program or firewall; whether user¡¯s PC activates
appropriate anti-virus program, firewall, all these
security standards can be fabricated into relevant
security policies.
¡ô When the data packs that user¡¯s PC request to
access pass SINFOR AC, if WEB certificate is activated,
when user passes WEB authentication, the moment
user¡¯s PC will automatically download relevant security
policy program, and boot scan program as per defined
security policies, check whether user¡¯s PC has established
relevant security policies. Only the PCs complying
with relevant security policies are allowed to access
external network, while those users¡¯ PCs below required
security conditions are forbidden to access Internet.
This radically improves the security of users¡¯ PCs,
reduces the risks of users within an enterprise
to suffer worms, virus, Trojan and spy software.
WEB authentication
technology
¡ô The Web-based user authentication function of
SINFOR AC Employee Internet Management enhances
the flexibility of administrator in user management.
When user enables Web authentication, the system
will conduct routine authentication over local ID
of client end (e.g. user name and password authentication,
LDRP, RADIUS authentication), in addition, it will
enable Web authentication.
¡ô Internet¡£When client end enters any web site in
the browser, AC device will require users to enter
user name and password for authentication. Not until
a correct account No. is entered will the user be
allowed to visit.
Other extension
advantages
¡ô Supports the authentication of combination with
the third party (Additionally, LDAP supports Open
LDAP, SUN LDAP , Radius, POP3, front-end PROXY,
and supports single-point login).
¡ô Boss KEY authentication can exempt boss or senior
management of the company from monitoring, as long
as boss inserts KEY, administrator will be unable
to perform any restrictive or change set up over
this user.
|
|
|
|
Effects of SINFOR Internet
Access Management |
|
Advantages of SINFOR Internet
Access Management |
|
Function list of SINFOR Internet
Access Management |
|
|
|
|
Category |
Function |
Indicators |
| Access
authentication |
IP £¬MAC authentication |
Through LAN PC¡¯s IP or MAC for authentication
or LAN PC¡¯s IP and MAC bundled for authentication |
| User / password |
WEB certification, support for user
configuration, administrators configuration, support
third-party certification system (LDAP, Radius,
POP3, PROXY) |
| USB KEY authentication |
Support USB Key Authentication |
| Auto authentication |
Administrators do not pre-set by
the user within the network during the initial
certification |
| Batch certification |
Support batch authentication with
forms¡¢scanning network by administrator |
| Single sign on |
User without repeat login after
login domain |
| Internet activity
management |
URL Filter |
Powerful URL library, user can customize
the blocking to erotic, virus and phishing web
sites |
| Access control strategy |
Provides safe access control strategies
based on various object compositions such as group,
time, service, web site strategy, content strategy. |
| P2P blocking |
Use In-depth content detection technology
to identify and block the flow of P2P software
including QQ, MSN, SKYPE, BT etc |
| User authentication |
Provide Web login authentication
function, provide local user database and LDAP,
Radius user data integration. |
| File upload and download control |
Control type and size of upload
and download of Http, Ftp files, intercept the
files transferred through P2P software such as
QQ, MSN . |
| IPMAC binding |
Provide more flexible IPMAC binding
strategies |
| Agent identification |
Identify, prevent and stop proxy
servers bypassing firewall. |
| Sensitive data blocking |
Intercept sensitive data transferred
through application protocols such as Http, Ftp,
Smtp, Imap, so as to prevent disclosure or legal
controversy . |
| Content audit |
Mail delay audit |
Save outgoing mails in buffer, not
until they pass audit can they be sent out, so
as to keep confidential information assets. |
| Real-time monitoring |
Real-time monitor user¡¯s acts on
Internet |
| Intranet audit |
Record employees¡¯ all acts on Internet
in details, including chat records, web page they
visit, files they download and upload, so as to
monitor employees¡¯acts during working hours, prevent
internal secrets, information of enterprises being
disclosed, it also helps find the liable person
once disclosure occurs. |
| Flow analysis |
Able to form statistics and conduct
analysis over Internet flow by user, protocol
and time, so as to optimize the employees¡¯ use
of Internet resources. |
| Bandwidth management
and flow control |
Bandwidth management |
Can realize accurate bandwidth control
over the upload, download of objects including
users, IP, group, limit the bandwidth that it
can occupy, so that the bandwidth resources in
an enterprise intranet could be used at the highest
efficiency. |
| Flow management |
Can realize accurate flow control
over specific services such as P29 application. |
| Gateway anti-virus |
Gateway anti-virus |
Can kill virus existing in WEB,
mails, attachment, uploaded and downloaded contents
at gateway. |
| Reports |
Report function |
Powerful data report center, intuitive
of Internet statistical chart (Pie chart, histogram,
curve graph) |
Management
function
|
Administrator authority |
Fine-grained authority, hierarchical
management |
| Local management |
WEB mode |
| Remote management |
WEB mode |
| Configuration backup |
Use encrypted configuration files
to configure, backup and distribute files. |
| Firmware upgrade |
Obtain new software versions and
more function modules through Firmware upgrade |
High-reliability
design
|
Auto restoration |
Watch dog provides auto restoration,
configuration restoration |
| Dual-machine backup |
Supports dual-machine backup |
| Multi-line backup |
Supports backup of 2¡«4 lines |
| Log |
Log capacity |
Can use independent log server,
no limits of capacity |
| Log backup |
Supports auto timer backup |
| Log import |
Allows for conversion logs in standard
TXT format, which can be easily imported to MS
SQL or ORACLE database for secondary development
and analysis |
| Data center |
Can conduct detailed analysis using
SINFOR independent data centre
|
|
|
|
|
Effects of SINFOR Internet
Access Management |
|
Advantages of SINFOR Internet
Access Management |
|
Function list of SINFOR Internet
Access Management |
|
|
|
| |
|
