Depth defense system for effectively responding to APT (Advanced Persistent Threat) attacks

A defense-in-depth, firewall technology, applied in transmission systems, digital transmission systems, electrical components, etc., can solve the problems of poor network sharing capability, loss of security, heavy burden on central nodes, etc., to reduce attack paths, improve service life, The effect of reducing equipment cost

Active Publication Date: 2018-02-02
李刚
View PDF12 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] The star topology has the following disadvantages: (1) The cable length and installation workload are considerable; (2) The burden on the central node is heavy, forming a bottleneck; failure of the central node will lead to the paralysis of the network; (3) The distribution of each site The processing capacity is low; (4) The network sharing capacity is poor, and the utilization rate of communication lines is not high
The star architecture network has multiple data flows on a single link, the ACL design is more complicated, and the CPU calculation pressure is too high
High-risk services such as SSH run in the service network. A slight human error or excessive switch load cancels part of the ACL control and loses security.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Depth defense system for effectively responding to APT (Advanced Persistent Threat) attacks
  • Depth defense system for effectively responding to APT (Advanced Persistent Threat) attacks

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0037] Such as figure 1 As shown, a defense-in-depth system that effectively responds to APT attacks includes Internet access area, DMZ area, core application area, DB area, data area, backup area, and management area;

[0038] The Internet access area includes two interconnected switches, two interconnected link load balancers, two interconnected antivirus gateways, two interconnected IPSs, two interconnected firewalls, and two interconnected Core switch, a VPN gateway; the link in the Internet access area is the active and standby link;

[0039] In the Internet access zone, each switch is connected to two link load balancers, and the two link load balancers are connected to two antivirus gateways in a one-to-one manner, and each link load balancer is connected to an antivirus gateway ; Two anti-virus gateways are connected one-to-one with two IPS, and each anti-virus gateway is connected to one IPS; two IPS are connected to two core switches one-to-one, and each IPS is conn...

Embodiment 2

[0051] Such as figure 2 As shown, a defense-in-depth system that effectively responds to APT attacks includes the Internet access area, DMZ area, core application area, DB area, management area, backup area, and data area.

[0052] The Internet access area includes switches, link load balancing, antivirus gateways, IPS, firewalls, core switches, and VPN gateways connected in sequence.

[0053] The DMZ area includes firewalls, WAFs, switches, and DMZ server groups connected in sequence.

[0054] The core application area includes firewalls, WAFs, switches, the main OA in the core area connected in sequence, and the standby OA in the core area connected to the switch.

[0055] Both the firewall in the DMZ area and the firewall in the core application area are connected to the core switch in the Internet access area.

[0056] The DB area includes switches, firewalls, database firewalls, switches, and DB_Server connected in sequence. The switch in the DB area is connected to t...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a depth defense system for effectively responding to APT (Advanced Persistent Threat) attacks. The depth defense system comprises an Internet access area, a DMZ area, a core application area, a DB area, a data area, and a management area; the DMZ area is connected with the Internet access area; the core application area is connected with the Internet access area; the DB area is respectively connected with the DMZ area and the core application area; and the management area is respectively connected with the Internet access area, the DMZ area, the core application area and the DB area. The depth defense system provided by the invention adopts a deep network structure, which reduces the number of regional firewalls, reduces the equipment cost, shares the load to various hierarchical networks, realizes the function of releasing the pressure of a core switch, and improves the service life of the switch; besides, the division of functional modules is realized, and the controllability of each functional module is improved; and all functional sub-networks are of the closed loop design, and the security of the system is improved.

Description

technical field [0001] The invention belongs to the technical field of computer network topology, and in particular relates to an in-depth defense system that effectively responds to APT attacks. Background technique [0002] The most important topological structures of computer networks are bus topology, ring topology, tree topology, star topology, hybrid topology and mesh topology. Among them, ring topology, star topology, and bus topology are the three most basic topological structures. In the local area network, the most used is the star structure. Other topologies are basically not used anymore and so are not discussed further. [0003] The star topology has the following disadvantages: (1) The cable length and installation workload are considerable; (2) The burden on the central node is heavy, forming a bottleneck; failure of the central node will lead to the paralysis of the network; (3) The distribution of each site The processing capability is low; (4) The networ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L12/803
CPCH04L47/125H04L63/02H04L63/0272H04L63/145H04L63/1433H04L63/101Y02D30/50
Inventor 李刚李鹏飞
Owner 李刚
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap