Server Security Research and Achievements

With the continuous development of computer networks, global information has become the trend of human development. However, based on a computer network server and the terminal has a connection of the diversity, distribution and variation of the terminal and network openness, Apple A1189 battery interoperability and other features, while the various types of complex application code defects caused by their vulnerability resulting network overall vulnerability to hackers, geeks, malicious software and other hacking attacks, and hacker attacks from the simple ability to show off driven into the business practices of interest, so the overall network security and confidentiality of information is a vital problems, the server load and processing information security and security technology to protect particularly important.

Therefore, the server must have a strong enough safety measures, or the server network will be a huge security risk, and even endanger the social order and stability and national security. Both in the LAN or WAN, there are many other natural and man-made factors, vulnerability and potential threat. Therefore, the network's security should be able to target the full range of different threats and vulnerabilities, so as to ensure that the network of information confidentiality, integrity and usability.

Our special attention in the field of information security autonomy, control of information security technology and equipment research and production work, while major domestic events (such as the Olympic Games, National People's Congress) in the information security work is also reflected in the national emphasis on information security Recently, AP: "President Hu Jintao upon the approval of the Central Military Commission recently issued a" new situation on the strengthening of military information security work, "", "view" military information for the current outstanding problems facing the security, to accelerate the building with the characteristics of our information security system to make the overall plan.

At the national "Eleventh Five-Year", "863" Information technology in the major projects of scientific research work, the wave of commitment to high performance, fault-tolerant computing system development and application of promotion, while the server operating system, strengthening technology research and promotion of safety is also awarded Identification of the Ministry of Industry and in the process gained valuable experience both for the wave of server security technology research and has laid a solid extension of Cheng Guo Ji Chu.

December 1, 2007, the wave of the major server manufacturers in the United Nations drafted GB / T 21028-2007 "information security technology • Server Security Technical Requirements" national standards published by the National Standardization Committee, from China to design and manufacture of the security server has In accordance with uniform standards, "information security technology server security technical requirements" states: server security should include hardware, security, operations security, data security, database security and application security 5 level.

Hardware security device status monitoring indicators, which refers not only to the CPU, memory and hard disk and so a simple control, but also on the case turned on the power of the temperature, fan speed, chassis internal temperature, etc. monitoring;

Operational safety, it also includes: host security monitoring, network security monitoring, security auditing, malicious code protection, backup and recovery, support for trusted Dell Latitude D610 battery computing, trusted time stamp;

Of data security including: authentication, discretionary access control, labeling, mandatory access control, data integrity, data confidentiality, data flow control, reliable path so.

Wave Group Youxiangongsi independent research and development combined with many years of server experience producing De, Information Security Division to wave as the information security technical support Danwei's Bao Zhang, Tuichu domestic Kongbai the tide to fill the security Fu Wuqi English letters.

Letter upcoming wave of British security server main features are as follows:

1, from the physical layer to application layer of depth filtration

Wave of British letters patent security server hardware layer, high-speed IP security chip, without affecting the server performance sacrifice, on the flows through the server data Shixianshendu filtering and access controls, Ji Ke Yi Jin Chu secure servers on the data for monitoring and data Bao Shi Shi in-depth analysis, can effectively prevent from the network layer, application layer attacks and leaks of sensitive information on the server.

ASIC supports two types of search methods, and the first way: the whole packet content inspection and the second rectifier means: MEMORY-based content search, use the whole package rectification detection mechanisms, the direct examination of the underlying network and the original information, so the core can be very flexible, without application restrictions, users need to detect the rules come directly associated configuration testing, the fine-grained test to the limit; on test data from the CPU, the data can be either sent to the software of individual packets and can also be memory amidst the Shuju, this way to give CPU to provide accelerated the search function, especially in large data volume, multi-rules case, was very obvious. In the real network, because of the diversity and complexity of applications, sometimes requiring classification to analyze and process applications on the network, two types of cascade mode to use, more in-depth content accurately find and deal with

Also, because network security processing chips of its own with powerful computing capabilities, so do not take up the server itself CPU, memory, processing resources such as hardware and its security features will not affect server processing performance of the business.

2, the operating system kernel reinforcement

Through the transformation of the operating system kernel-level access control HP pavilion dv6000 battery model, system resources to realize fine-grained mandatory access control, through the rational security policy customization, gives the perfect platform to support the corresponding various application systems and effective to protect the customer's business continuity .

Reinforced by the system kernel to achieve the operating system, application, file, process, important data, replace the existing mandatory access control discretionary access control mechanism, based on the "separation of powers" of the design principle to achieve minimum operating system permissions.

3, dynamic integrated multi-security technology

Set of network / data / applications, mandatory access control, intrusion prevention, flow management, operating system kernel reinforcement, application security protection technologies in one, direct protection of business critical data and applications.

4, the server interface, security scalability

To Trusted Computing, VPN, antivirus, fingerprint identification, PKI authentication, encryption, application protection, security auditing security products and technology to provide flexible expansion interfaces.

5, based on IFA + intelligent computing architecture hardware platform with high reliability

Wave of the British believe the wave of IFA + security server, server-based hardware platform to support the Intel Xeon processor family of high-end server products, with the full range of high security protection, a very powerful computing, storage and input / output performance, apply to security require high processing speed, computing power applications with higher requirements for environment; the same time both highly reliable system design, fully qualified for critical business 7 * 24 hours running needs.

IFA + was launched in 2005 the wave of the IFA (Intelligent Flexible Architecture) as the basis to supplement and enhance the production of next-generation server after the application technology platform architecture, the architecture is caused by the Bensley platform and tides of the new self-developed technology innovative technologies blend from the fusion of high reliability, the latest hardware technology, credible, intelligent, flexible, etc., the wave of the IFA + core philosophy summarized as "performance triangle", that upgrading to the principle of balanced performance, in response to user operations strain for the purpose of the calculation, storage, I / O HP pavilion DV6 battery server based functional unit and credible, intelligent, flexibility of application of technology integration in one Ke Hu, Shifang pair of core computing performance as possible, to achieve a server in the client application in the High Neng Guo Cheng new experience.

6, security, centralized management

Secure centralized management platform for the wave of the British letter secure server tailored for the wave of server performance boost, improving server operations intelligence. Provide customers with scalable, integrated framework for automated server management, automate key management tasks, to promote IT from the daily operation and maintenance costs transferred to business systems optimization, innovative development, as well as user data protection provides an effective tool.

View through the operation can be easily managed by the British against the letter of the security server, the server management information, work status, policy configuration, security policy, alarm time, security audit, security management, monitoring and management functions.