Class B guarantee (3) - Asset survey

Mobile 2024-01-08 23:50:10 views: null

Class B guarantee (3) - Asset survey

Table of contents

Class B guarantee (3) - Asset survey

Common system deployment architecture

Three deployment modes

The management network and business network must be separated (not on the same network segment)

Management port (MGMT) (in-band management, out-of-band management)

Vrf:

Asset survey process

Common system deployment architecture

1. From single unit to multiple units

  • Single-server deployment (the application business system and database are placed on the same server, which is very harmful and rare now)
  • Separate deployment of library and site (1 application + 1 database server) (unless it is moved laterally, the harm is very small)
  • Separate deployment of database and site (n applications + n database servers)

2. Original network architecture (has been eliminated and is rare. The Cybersecurity Law was promulgated in 2017 and is generally a Class-A guaranteed network security architecture)

3. Class-protected network security architecture

(The core remains the same, just with additional safety equipment)

Three deployment modes

  • Series deployment: normal deployment mode of writing IP (the disadvantage is that there are too many network segments and resources are a bit wasteful)
  • Transparent deployment/bridge deployment: No IP configuration is required, similar to network cables, and does not participate in packet receiving and sending. It will only detect and intercept passing traffic (such as IPS, AV, core firewall, WAF)
  • Bypass deployment: No need to configure IP, the core switch is configured with a mirror port, which can only monitor traffic and has no blocking function (such as bastion host, daily review, digital review)

 

The management network and business network must be separated (not on the same network segment)

  • Management network: mainly involves the management and monitoring of network equipment, network performance and service quality. The main goal is to ensure the efficient operation of the network and to troubleshoot problems when they occur, but not to directly affect the business network.
  • Business network: It is a network in which organizations are connected to each other through business relationships. This kind of network is mainly for creating and exploiting business opportunities, promoting business, sharing information and finding potential business partners.

Management port (MGMT) (in-band management, out-of-band management)

(The default address is 192.168.1.1)

  • Out-of-band management: The management network segment does not involve business
  • In-band management: related to business

Addresses cannot be configured on layer 2 switches, but occasionally some devices have vlan1 (vlan1 itself). Although some IPs can be configured in vlan1, data cannot be forwarded and can only be managed.

Vrf:

Isolation of data or services is achieved by creating multiple routing tables on a layer 3 forwarding device. It is often used in MPLS VPN, firewall and other application scenarios that require isolation.

 

Asset survey process

 

Guess you like

Origin blog.csdn.net/qq_61562251/article/details/135223311
Recommended
Ranking
SpringBoot Learning (Five) - springboot rapid integration Druid
map / reduce + lambda allow simplification program
Zookeeper distributed reliable coordination system
How to use GPU to run tensorflow 2.12 on Windows WSL
Use numpy to generate random multidimensional matrices and perform dimension conversion
169. Tower of Hanoi
Basic attribute mapping
About JS traversing ul li
C++ extern “C“
PIM (on)
Daily
More
2024-06-12(0)
2024-06-11(0)
2024-06-10(0)
2024-06-09(0)
2024-06-08(0)
2024-06-07(0)
2024-06-06(0)
2024-06-05(0)
2024-06-04(0)
2024-06-03(1)

Code World

© 2018 codetd.com