Case: The technical department, administrative department and production department of an enterprise are located in three areas. With the increase of the enterprise's demand for informatization, it is planned to upgrade the network export link from a single link to a dual link to improve the ERP system services capacity and strengthen employee online behavior control. The network administrator designed the enterprise network topology diagram as follows according to the enterprise's existing network and new network requirements, and re-planned the network address. The firewall device integrates the traditional firewall and routing functions.
Case study one:
1. In the firewall device shown above, configuring dual-exit links can improve bandwidth, link redundancy, and link load balancing .
Analysis: ① When a link is faulty or unavailable, the data on the faulty link can be automatically switched to the normal link, that is, the traffic can be switched to another link in time to avoid long-term network interruption
② The firewall is deployed at the egress of the enterprise network to isolate the internal network from the external network. When two ISP links are connected to the firewall, it can improve the total bandwidth, link redundancy and load balancing.
2. Increase the total bandwidth by configuring link aggregation , and implement link load balancing by configuring policy routing
Parse:
(1) Redirect network requests and manage content through policy routing to achieve load balancing of data on two links
(2) Link aggregation (abbreviation for Ethernet link aggregation):
① Link aggregation definition: Link aggregation refers to combining two or more data channels into a single channel that appears as a single higher-bandwidth logical link. Link aggregation is generally used to connect one or more devices with high bandwidth requirements, such as servers or server farms connected to a backbone network. In link aggregation, it should be pointed out that the LACP protocol is not equal to the link aggregation technology, but a link aggregation control method provided by IEEE802.3ad, and other aggregation control methods may also be used in specific implementation.
② Link aggregation content:
Link aggregation can increase link bandwidth by bundling multiple Ethernet physical links together into a logical link. The links with the same transmission medium type and the same transmission rate are "bundled" together to form an aggregation group, which logically appears to be a link, and the service load is shared among the ports. At the same time, these bundled links can effectively improve link reliability through mutual dynamic backup. Among the many solutions to improve network availability, link aggregation technology has the advantages of increasing network bandwidth, realizing link load sharing, and improving network reliability (providing a redundancy mechanism inside the transmission line), which has a great impact on data services. Good support and improvement have attracted great attention in recent years and have been rapidly developed and widely used.
The link aggregation function is to bundle multiple low-bandwidth switching ports of a switch into a high-bandwidth link, and perform link load balancing through several ports to avoid link congestion. In analogy, link aggregation is like a supermarket. Set up multiple checkout counters to prevent consumers from waiting too long in queue due to too few checkout counters. Aggregated links also provide redundancy and fault tolerance if each link of the aggregate follows a different physical path. Link aggregation can be used to improve access to public networks by aggregating modem links or digital lines. Link aggregation can also be used in enterprise networks to build multi-gigabit backbone links between Gigabit Ethernet switches.
③ Link aggregation advantages:
1. Improve link availability: In link aggregation, members dynamically back up each other. When a link is interrupted, other members can quickly take over its work. Unlike Spanning Tree Protocol, the process of enabling backup of link aggregation is not visible outside the aggregation, and the process of enabling backup is only within the aggregated link and has nothing to do with other links, and the switchover can be completed within milliseconds.
2. Increase link capacity: Another obvious advantage of link aggregation technology is to provide users with an economical method to increase the link transmission rate. By bundling multiple physical links, users can obtain a data link with a larger bandwidth without upgrading existing equipment, and its capacity is equal to the sum of the capacity of each physical link. The aggregation module distributes service traffic to different members according to a certain algorithm to implement link-level load sharing.
④ The difference between link aggregation and port aggregation:
1. Link aggregation technology is also called trunking technology or bonding technology. Its essence is to "combine" several physical links between two devices into a logical data path, which is called an aggregation chain. road.
2. Port aggregation is also called an ethernet channel, which refers to bundling two or more physical ports into a logical link, and connecting multiple ports of two devices to each other, thereby increasing the link bandwidth and acting as a load. Balance function, and redundant backup can be formed between multiple lines. Mainly used for connection between switches. When there are multiple redundant links between two switches, STP will close several of the links and keep only one link, which can avoid the occurrence of Layer 2 loops. However, the advantage of path redundancy is lost, because the link switching of STP will be very slow, around 50s. When using EtherChannel, the switch will combine a group of physical ports as a logical channel, that is, channel-group, so that the switch will consider this logical channel as a port.
Case study two:
1. Firewall working mode:
(1) The firewall has three working modes: routing mode, transparent mode, and mixed mode: if the firewall connects externally at the third layer (the interface has an IP address), it is considered that the firewall works in routing mode. If the firewall connects externally through the second layer ( interface without IP address), the firewall works in transparent mode; if the firewall has interfaces working in routing mode and transparent mode at the same time (some interfaces have IP addresses, some interfaces have no IP addresses), the firewall works in mixed mode
(2) Routing mode: ACL packet filtering, ASPF dynamic filtering, NAT conversion and other functions can be completed. However, routing mode requires modifications to the network topology (internal network users need to change gateways, routers need to change routing configuration, etc.), which is quite a laborious task, so there are trade-offs when using this mode.
(3) Transparent mode: Just insert the firewall device like a bridge in the network without modifying any existing configuration. Same as routing mode, IP packets also go through relevant filtering checks (but the source or destination addresses in IP packets will not change), and internal network users are still protected by firewalls.
(4) Hybrid mode: The Trust zone interface of the active/standby firewall is connected to the company's internal network, and the Untrust area interface is connected to the external network. The active/standby firewalls are connected to each other through the HUB or LAN Switch, and run the VRRP protocol for backup. It should be noted that the internal network and the external network must be in the same subnet.
2. If the firewall interfaces in the above figure are equipped with IP addresses, the firewall works in routing mode .
Analysis: (1) There are three modes of the firewall: routing mode, transparent mode, and mixed mode. If the firewall interface is configured with an IP address and connected to the outside through the third layer, it is considered that the firewall works in routing mode.
(2) If the firewall interface is not configured with an IP address and connects externally through the second layer, the firewall works in transparent mode
(3) If the firewall has interfaces working in both routing mode (some interfaces have IP addresses) and transparent mode (some interfaces have no IP addresses), the firewall works in mixed mode
3. In routing mode , the ERP server is deployed in the intranet area of the firewall
Parse:
(1) When the firewall is located between the internal and external networks, the firewall is divided into three areas:
① Internal network (Trust): It includes all the internal network devices and user hosts of the enterprise, and is the trusted area of the firewall.
② External network (Untrust): including external Internet hosts and devices, this area is the untrusted network area of the firewall.
③ Demilitarized Zone (DMZ): DMZ is the abbreviation of "demilitarized zone" in English, and the Chinese name is "isolation zone", also known as "demilitarized zone". It is to solve the problem that the external network cannot access the internal network server after installing the firewall, and establishes a buffer between the non-secure system and the security system. This buffer is located in the small network between the internal network of the enterprise and the external network. In this small network area, you can place some server facilities that must be exposed, such as enterprise Web servers, FTP servers, and forums. On the other hand, through such a DMZ area, the internal network is more effectively protected, because this network deployment has one more barrier for attackers than the general firewall solution.
(2) In routing mode, the ERP server is deployed in the internal area of the firewall for internal user access. The server does not provide external access services, ensuring the security of internal data.
(3) The Web site provides services to both external users and internal users, and should be deployed in the demilitarized DMZ area of the firewall
Case study three:
If the address planning is as shown in the figure below, what are the possible considerations for the address configuration from the IP planning scheme?
answer:
1. The division of user Internet IP is divided according to geographical location, which is convenient for maintenance and security management
Resolution: Allocate IP addresses of the same network segment to departments in the same geographical area, which facilitates the configuration of the same security policy and facilitates troubleshooting and maintenance of network faults.
2. The monitoring is independently divided into VLANs according to the business type, and the use of fixed IP is convenient for flexible management
Analysis: Divide the monitoring services scattered in different geographical locations into the same IP network segment, use a fixed IP address through VLAN networking, and facilitate flexible management
Case study four:
In this network topology, is the location of the online behavior management device appropriate? Please explain why
Answer: Appropriate, the online behavior management equipment has serial connection and bypass methods, which can realize online behavior management and control.
Parse:
1. Definition and content of Internet behavior management:
① Internet behavior management: refers to helping Internet users to control and manage the use of the Internet, including web page access filtering, Internet privacy protection, network application control, bandwidth traffic management, information sending and receiving audit, user behavior analysis, etc.
② Background of the emergence of online behavior management: With the rapid development of computer and broadband technology, online office is becoming more and more popular, and the Internet has become an indispensable, convenient and efficient tool for people to work, live and study. However, while enjoying the convenience brought by computer office and the Internet, the phenomenon of employees surfing the Internet during non-work is becoming more and more prominent, and enterprises generally have serious problems of computer and Internet abuse. Online shopping, online chat, online listening to music and movies, P2P tool downloads and other behaviors unrelated to work occupy limited bandwidth and seriously affect normal work efficiency.
③ Internet behavior management products and technologies are specially designed to prevent the malicious spread of illegal information. Products that avoid leakage of state secrets, commercial information, and scientific research results; and can monitor and manage the use of network resources in real time to improve overall work efficiency. The online behavior management product series is suitable for the network environment that needs to implement content auditing, behavior monitoring, and behavior management, especially relevant units or departments that carry out security protection of computer information systems according to levels.
④ Almost all early online behavior management products can be turned into URL filtering All web page addresses accessed by users will be monitored, tracked and recorded by the system. If the access is set to a legal address, there will be no restrictions. If it is an illegal address, it will be banned or a warning will be issued. Monitoring is specific to each individual. This also becomes a limitation of the black and white list to a certain extent. In addition, the monitoring of email sending and receiving behavior is like URL filtering, which has become a regular online behavior management function.
2. Functions of online behavior management:
(1) Management of
Internet users Internet identity management: use IP/MAC identification methods, user name/password authentication methods, and joint single sign-on methods with existing authentication systems to accurately identify and ensure the legitimacy
of Internet users Internet terminal management: check the registration of the host The legality of the table/process/hard disk file ensures the legality and security of the terminal PC connected to the enterprise network.
Mobile terminal management: Check the mobile terminal identification code, identify the type/model of the intelligent mobile terminal, and ensure the mobile terminal connected to the enterprise network.
Internet access management: check the physical access point of the Internet terminal, identify the Internet access location, and ensure the legality of the Internet access location.
Internet browsing management and
search engine management: use the search box keyword identification, recording and blocking technology to ensure the Internet access. The legitimacy of the search content to avoid the negative impact of inappropriate keyword searches.
Web site URL management: Using webpage classification library technology, it can classify, identify, record and block a large number of URLs in advance to ensure the legitimacy of the URLs accessed online.
Web page text management: use text keyword identification, recording, blocking technology to ensure the legitimacy of browsing text
File download management: use file name/size/type/download frequency identification, recording, blocking technology to ensure the legality of web page download files (
2) Internet outgoing management
Ordinary mail management: Use in-depth identification, recording and blocking of SMTP sender/header/body/attachment/attachment content to ensure the legitimacy of outgoing
emails In-depth identification, recording and blocking of sender/title/text/attachment/attachment content of web mailboxes to ensure the legitimacy of outgoing e-mails
. Record and block to ensure the legitimacy of outgoing speeches
Instant messaging management: use the keywords of outgoing content of mainstream IM software such as MSN, Fetion, QQ, Skype, Yahoo Messenger to identify, record, and block outgoing speeches to ensure the legitimacy of outgoing speeches
Other outgoing management: identify, record and block content keywords for outgoing information of traditional protocols such as FTP and TELNET to ensure the legitimacy of outgoing information
(3) Internet application management
Internet application blocking: use applications that do not depend on ports The protocol library is used to identify and block
applications. Cumulative time limit for online applications: assign the cumulative time to each or multiple applications, and access to Internet applications will be automatically terminated when the accumulated usage time within one day reaches the limit.
Cumulative traffic limit: for each or multiple applications Allocate accumulated traffic, and access will be automatically terminated when the accumulated traffic within one day reaches the limit
(4) Internet traffic management Internet bandwidth control: Set the upper limit of virtual channel for each or multiple applications, and discard the Internet bandwidth
for the traffic that exceeds the upper limit of the virtual channel
Guarantee: Set the lower limit value of virtual channels for each or multiple applications to ensure that necessary network bandwidth is reserved for key applications
Internet bandwidth borrowing: When there are multiple virtual channels, the fully-loaded virtual channels are allowed to borrow bandwidth from other idle virtual channels to access the
Internet Average bandwidth: Each user distributes the physical bandwidth evenly to prevent the traffic of a single user from preempting the bandwidth of other users
. Internet behavior analysis
Real-time monitoring of Internet behavior: unified display of the current network speed, bandwidth allocation, application distribution, personnel bandwidth, personnel applications, etc.
Online behavior log query: Accurately query the behavior logs of Internet users/terminals/locations, Internet browsing, Internet outgoing, Internet applications, Internet traffic, etc. in the network, and accurately locate problems
. Statistically analyzes traffic trends, risk trends, leak trends, efficiency trends and other intuitive reports, which is convenient for administrators to find potential problems globally
(5) Internet privacy protection
log transmission encryption: administrators use SSL encrypted tunnels to access the device's local log library, External log center to prevent hackers from eavesdropping
Separation of management powers: built-in administrator, auditor, and auditor accounts. The administrator does not have the log viewing authority, but can set the auditor account; the auditor does not have the log viewing authority, but the auditor authority can be activated after checking the validity of the auditor authority; the auditor cannot set his own log viewing scope, but can be Auditors can view the specified log content after passing the permission review.
Accurate log recording: All online behaviors can be selectively recorded according to the filtering conditions, no violations are not recorded, and privacy is recorded to a minimum extent
(6) Device fault-tolerant management and
crash protection: the device crashes/interrupts when it is powered on. It can be turned into a transparent network cable after being powered on, which does not affect network transmission.
One-key troubleshooting: After a network failure, pressing the one-key troubleshooting physical button can directly locate whether the fault is caused by the online behavior management device, shortening the network fault location time.
Dual-system redundancy: Provide hard disk + Flash card dual system, mutual Backup, the equipment can still be used normally after a single system failure.
(7) Centralized risk alarms
Alarm center: All alarm information can be displayed in a unified and centralized manner on the alarm center page.
Graded alarms: Alarms of different levels are sorted and arranged to prevent low-level alarms from flooding key high-level alarm information.
Alarm notification: Alarms can be notified to administrators by email and voice prompts, which is convenient for quickly discovering alarm risks.
Case study five:
There are wireless nodes in the network, what measures should be taken in terms of security management?
answer:
1. Configure VLANs individually
2. Terminal access authentication
3. Access control
Parse:
1. Cybersecurity Threats to Wireless Networks:
Wireless network security is not a stand-alone issue, and businesses need to recognize that attackers should be dealt with on several fronts, but there are many threats that are unique to wireless networks, including:
1. Insertion Attacks: Insertion attacks are based on the deployment of unauthorized devices or the creation of new wireless networks, often without security procedures or security checks. Access points can be configured to require clients to enter a password for access. Without the password, an intruder can connect to the internal network by enabling a wireless client to communicate with the access point. But some access points require the exact same access password for all clients. This is very dangerous.
2. Roaming attackers: The attackers do not have to be physically inside the corporate building, they can use network scanners such as Netstumbler and other tools. The ability to sniff out wireless networks with a laptop or other mobile device in a moving vehicle is called "wardriving"; walking down the street or performing the same task through a corporate website is called "warwalking".
3. Fraudulent access point: The so-called fraudulent access point refers to an access point that is set up or exists without the permission or knowledge of the wireless network owner. Some employees sometimes install fraudulent access points in order to create covert wireless networks that circumvent the security measures the company has installed. This secret network, while largely harmless, can create an unprotected network that in turn acts as an open door for intruders to enter the corporate network.
4. Double Devil Attack: This type of attack, sometimes called "wireless phishing," is actually a fraudulent access point hidden under the name of a neighboring network. Two-sided demons wait for some blindly trusting user to get into the wrong access point and then steal individual networks' data or attack computers.
5. Stealing network resources: Some users like to access the Internet from neighboring wireless networks. Even if they have no malicious intentions, they still occupy a lot of network bandwidth and seriously affect network performance. And more uninvited guests will use this connection to send mail from company-wide, or download pirated content, which creates some legal problems.
6. Hijacking and monitoring of wireless communications: As in wired networks, it is entirely possible to hijack and monitor network communications over wireless networks. It includes two situations, one is wireless packet analysis, where a skilled attacker captures wireless communications with techniques similar to wired networks. Many of these tools capture the initial part of a connection session, and the data typically includes usernames and passwords. The attacker can then use the captured information to impersonate a legitimate user, hijack the user's session, execute some unauthorized commands, etc. The second case is broadcast packet monitoring, which relies on the hub and is therefore rare.
Of course, there are other threats, such as client-to-client attacks (including denial-of-service attacks), interference, attacks on encryption systems, and misconfigurations, which are all factors that can bring risks to wireless networks.
2. Security threats faced by enterprise wireless networks
(1) Encrypted ciphertexts are frequently broken and are no longer safe:
Once upon a time, the most reliable security method for wireless communication was to encrypt wireless communication data. There are many types of encryption methods, from the most basic ones. WEP encryption to WPA encryption. However, these encryption methods have been cracked one after another. First, the WEP encryption technology was cracked by hackers within a few minutes. Then, in November, foreign researchers reversed the TKIP algorithm in the WPA encryption method to restore the plaintext.
Both WEP and WPA encryption have been cracked, so that wireless communication can only be improved by establishing a Radius authentication server or using WPA2 to improve communication security. However, WPA2 is not supported by all devices.
(2) Wireless data sniffer makes wireless communication without privacy:
Another thing that makes users most worried is that due to the flexibility of wireless communication, as long as there is a signal, the intruder can sniff out wireless through professional wireless data sniffer tools. The content of the communication data packet, whether encrypted or unencrypted, can be viewed by other means. Methods such as hiding SSID information, modifying the signal transmission band, etc. are useless in front of wireless data sniffer tools.
However, it is unrealistic to fundamentally eliminate wireless sniffers. After all, a wide range of signal coverage is a major feature of wireless networks. Therefore, wireless data sniffer makes wireless communication without privacy, which is a main manifestation of its inherent insecurity.
(3) Modifying the MAC address makes the filtering function useless:
Although the wireless network application provides functions such as MAC address filtering, many users do use this function to protect the security of the wireless network, but because the MAC address can be modified at will, through the registry Or network card properties can forge MAC address information. Therefore, when the communication information of the MAC address with access authority is found through the wireless data sniffer tool, the MAC address of the illegal intrusion host can be forged, so that the MAC address filtering function is useless.
Three, wireless network security measures:
1. Use a strong password. As I pointed out in the article, a strong enough password can make brute force an impossible situation. Conversely, if the password is not strong enough, your system will almost certainly be compromised.
Use passwords longer than ten characters - even relatively new encryption schemes, such as WPA2, can be overcome by processes that automatically extract passwords. It is not necessary to use long and difficult passwords, but expressions such as "makemywirelessnetworksecure" can be used to replace the original shorter passwords. Or use a more complex password like "w1f1p4ss". This type of password is more secure.
In the password, add numbers, special symbols and upper and lower case letters - complex passwords increase the number of characters, which increases the difficulty of password cracking. For example, if your password contains four bytes, but you only use numbers, the possible passwords are 10 to the fourth power, or 10,000. If you only use lowercase letters, the probability of the password is 36 to the fourth power. This forces the attacker to test a huge number of passwords, increasing his decryption time.
2. Broadcasting Service Set Identifier (SSID) is strictly prohibited. Failure to protect the service set identifier, which is the name you give to the wireless network, can lead to serious security risks. Configuring wireless routers to prohibit the broadcast of service set identifiers does not bring real security, but at least mitigates the threat, because many primary malicious attacks use scanning to find those vulnerable systems. By hiding the service collection identifier, this possibility is greatly reduced. Most commercial-grade router/firewall devices provide the relevant feature set.
Don't use a standard SSID - many wireless routers come with default wireless network names, known as SSIDs, such as "netgear" or "linksys", and most users won't think to change these names. WPA2 encryption uses this SSID as part of the password. Not changing it means allowing hackers to look up the list with passwords, which will undoubtedly speed up the password cracking process, even allowing them to test passwords at a rate of several million per second. Using a custom SSID makes it more difficult for criminals to disrupt the wireless network.
3. Use effective wireless encryption. Dynamic Wired Equivalent Privacy (WEP) is not a very good encryption method. Using a free tool like aircrack, you can find vulnerabilities in a wireless network encrypted with Dynamic Wired Equivalent Privacy Mode in just a few minutes. Wireless Network Protected Access (WPA) is the universal encryption standard you most likely already use. Of course, if possible, you should choose to use some more powerful and efficient way. After all, the battle of encryption and decryption is ongoing all the time.
Use WPA2 encryption - Older security options such as WEP can be cracked instantly without special equipment or skills. Just use a browser plug-in or mobile app. WPA2 is the latest security algorithm implemented throughout the wireless system and can be selected from the configuration screen.
4. If possible, use a different type of encryption. Don't rely solely on wireless encryption to ensure the overall security of your wireless network. Different types of encryption can improve the reliability of security at the system level. For example, OpenSSH is a good choice to provide secure communication between systems on the same network, even if it needs to go through the Internet. It is very important to use encryption technology to protect all communication data in the wireless network from being stolen, just like the e-commerce website using SSL encryption technology. In fact, try not to change encryption methods unless absolutely necessary.
5. Control the Media Access Control (MAC) address. Many people will tell you that media access control (MAC) address restrictions will not provide real protection. However, things like hiding the service set identifier of the wireless network and restricting access to the network by the media access control (MAC) address can ensure that the network is not harassed by rudimentary malicious attackers. For the entire system, it is very important to provide comprehensive protection against various attacks from experts to novice to ensure the security of the system is impeccable.
6. When the network is not in use, turn it off. Whether this recommendation is adopted or not depends on the specific circumstances of the network. If you don't need to use the Internet 24 hours a day, seven days a week, you can use this measure. After all, security is at its highest when the network is down, and no one can connect to a network that doesn't exist.
7. Turn off the wireless network interface. If you use a mobile terminal such as a laptop, you should turn off the wireless network interface by default. Only turn on the relevant functions when you really need to connect to a wireless network. The rest of the time, a closed wireless network interface keeps you from being the target of malicious attacks.
Adjust the coverage of the wireless signal - The access point of the modem has multiple antennas and transmit power, so the user can adjust the coverage of the signal. Some products allow us to adjust the transmission power through menu options. This limits the range at which others can pick up your wireless signal, which can damage your network.
8. Monitor network intruders. The state of cybersecurity must remain a comprehensive focus. You need to track the development of attacks, understand how malicious tools are connected to the network, and what can be done to provide better security protection. You'll also need to analyze the logs for scans and access attempts and other relevant information to find out what's useful, and make sure you're notified when the real anomaly occurs. After all, the most dangerous time is known to be halfway through.
9. Secure the core. While you're away, be sure to have an effective firewall running on the wireless router or on the laptop you're using while connected to the wireless network. Also note that be sure to turn off unnecessary services, especially those not needed under Microsoft Windows operating systems, as the consequences of their activity by default can be unexpected. In reality, what you're trying to do is do everything possible to secure the entire system.
10. Don't waste time on ineffective security measures. I often have questions about security measures from users who are not very tech-savvy, and they get bogged down by free consultations about security. Generally speaking, counseling in this area is not only useless, but often downright harmful. The harmful advice we see most often is that when connecting on a public Wi-Fi environment like a coffee shop, you should only opt for wireless encrypted connections. Sometimes the advice is half understood, and the result is that you should only connect to wireless networks protected by Wi-Fi Protected Access Mode (WPA). In fact, public access points that use encryption don't give you extra security because the network sends the key to any endpoint that requests it. It's like locking the door of the house, but with the words "Key under the welcome mat" written on the door. If you want to make the wireless network available to everyone, anyone can access it, encryption is not required. In fact, for wireless networks, encryption is more of a deterrent. Only using a specific wireless network can increase security at the expense of convenience.
11. Change the wireless router password. It is very important to set a password for the Internet access of the wireless router. A strong password is helpful for the security of the wireless network, but do not use the default password of the original wireless router. It is recommended to change the more complex password to avoid being easily compromised.
For wireless network security, most of the tips can be said to be "common sense." But the scary thing is that there is so much "common sense" that it cannot be fully considered at the same time. Therefore, you should always check your wireless network and mobile computer to make sure you haven't missed something important, and make sure you focus on effective security measures rather than unnecessary or even completely ineffective security measures.
Case study six:
In this network, the video surveillance system and the data service share the network bandwidth. What are the disadvantages?
answer:
1. Video data will occupy more network bandwidth and affect the service data transmission rate
2. The video surveillance system does not take security precautions, and there is a risk of data leakage
Parse:
(1) Video surveillance features: information security. The complexity of the system, the diversification of users, and the business characteristics of video surveillance itself provide a strong guarantee for the information security of the system
① Multiple people visit the same monitoring point at the same time. Traditionally, a monitoring point is generally accessed by a monitoring center (user). The same monitoring point is likely to be accessed by multiple users at the same time, and there may be no relationship between these users. The complexity of user access will require the system to strengthen the management of access rights.
② Monitoring points tend to be scattered, while monitoring tends to be centralized. Monitoring points belonging to the same user are becoming more and more dispersed and are not limited by regions. For these scattered monitoring points, centralized management and control are required.
③ The monitoring system is open and expandable: the same system should support a variety of different types of monitoring equipment, and the number of users and the number of monitored points can be easily increased or decreased.
④ Mass data storage: Networking enables the traditional local recording function to be transferred to a remote server, making mass data storage possible. At the same time, the system is also required to have stronger storage, retrieval and backup functions.