IDCISP Information Security Management System
With the rapid development of the Internet industry in recent years, the service patterns and diffusion channels of Internet are becoming increasingly diverse. News website, web portal, search engine, forum, blog, P2P and other service patterns coexist. The Internet has evolved into a virtual society, and the Internet security management is facing unprecedented challenges.
General
Byzoro IDCISP information security management system has the functions of basic data management, access log management, information security management, etc., and meets both MIIT's requirements for IDC/ISP information security management systems and the technical requirement specifications of IDC information security management systems of three mobile operators (China Unicom, China Mobile and China Telecom). The system also meets the requirements of behavior analysis of the access to IDC service by users in the province, analysis of the traffic and direction of key ICP in the province, precise control of IDC service and traffic, etc.
Functions and Characteristics
The main functions are access log management, information security management, basic data management, etc., as described next.
(1) Access Log Management
Log Collection: Collecting quintuple information, access time, etc. from the traffic (URL of each of those belonging to the HTTP needs to be preserved);
Log Storage: Storing the logs as per the time requirement (two months);
Log Query: Querying by IP address, time, URL and other conditions.
(2) Information Security Management
Illegal Website Management: Extracting IP, domain name, service content from the traffic; determining whether an illegal behavior is present according to the record;
Illegal Information Monitoring and Filtering: Bidirectional monitoring (IP address, domain name, URL address, keyword and other monitoring rules), identifying and reporting illegal information records; filtering after receiving a disposal instruction.
(3) Basic Data Management
Basic Data Entry: Entry, storage, operation, reporting and query of IDC business unit data, computer room data and IDC user data;
Data Collection: Collecting IP usage mode (IP, domain name and time) from traffic in real time;
Violation Analysis and Reporting: Judging the conformity with registered usage modes, and reporting the inconformity.
(4) Device Collection
The collection function is involved with EU device's preprocessing module that obtains the network traffic from the network. It supports the whole machine-based load balancing function, homology and homoclinics of the whole machine, and the protocol conversion function.
(5) Strategic Management and Synchronization
Preferentially supporting the user information management strategy, and supporting the management strategy synchronization.
(6) All Application Identification and Management
Supporting the identification and recording of Web video traffic based on the number of visits to the website, visiting traffic, etc.
Supporting the statistics and recording of total upstream and downstream Web video traffic of specific user and user group, corresponding clicks ratio of Web video websites, and corresponding upstream and downstream traffic of Web video websites.
Supporting the identification and recording of names, traffic, etc. of P2PDownload applications from multiple dimensions, including specific user, user group, all users, etc. The device supports Thunder Download, BitTorrent, eMule, FlashGet, QQ Cyclone and the like, as well as DirectConnect, POCO, KuGoo and other applications.
(7) Abnormal Traffic Identification and Management
The device supports the detection of application level attacks, such as TCP SYN FLOOD, ICMP attack, CC attack, HTTP Get Flood, HTTP Post Flood, SIP Flood, DNS Query Flood, DNS Reply Flood, Connection Flood, etc., from multiple dimensions, including specific user, user group, all users, etc. It also supports the management mode of limiting the traffic rate of DDoS attacks at network layer and application layer as well as intellectual mirroring.
Solutions
Operator's IDCISP Information Security Management System
The IDCISP information security management system includes Control Units (CUs) and Execution Units (EUs). The control units are centrally deployed by province. They communicate with the Security Monitor and Management System (SMMS); receive executive instructions from the SMMS; report data to SMMS as requested; centrally manage the execution units in all IDC rooms in the province; schedule, forward and execute executive instructions; and conduct data collection, analysis and early warning. Execution units are deployed in the IDC rooms covered by the system. They are responsible for the information security management of local IDCs.
It is recommended that the control units are centrally deployed in the provincial capital. They communicate with the Security Monitor and Management System (SMMS); receive executive instructions from the SMMS; report data to SMMS as requested; centrally manage the execution units in all IDC rooms in the province; schedule, forward and execute executive instructions; and conduct data collection, analysis and early warning.
