One of the security tips: L2-L4 layer filtering
Nowadays, most new switches can achieve various filtering requirements by establishing rules. There are two modes for rule setting, one is MAC mode, which can effectively isolate data according to user needs according to source MAC or destination MAC, and the other is IP mode, which can use source IP, destination IP, protocol, source application port and The destination application port filters data packets; the established rules must be attached to the corresponding receiving or transmitting ports. When the switch receives or forwards data on this port, the packets are filtered according to the filtering rules to decide whether to forward or discard them. In addition, the switch performs logical operations on the filtering rules through the hardware "logic NAND gate" to realize the determination of the filtering rules, and does not affect the data forwarding rate at all.
Security Tip 2: 802.1X port-based access control
In order to prevent illegal users from accessing the local area network and ensure the security of the network, the port-based access control protocol 802.1X has been widely used in wired LANs or WLANs. For example, ASUS 'latest GigaX2024 / 2048 and other new-generation switch products not only support 802.1X Local and RADIUS authentication methods, but also support 802.1X Dynamic VLAN access, that is, based on VLAN and 802.1X, hold a user account Wherever users access the network, they will surpass the original port-based VLAN restrictions under 802.1Q and always access the VLAN group specified by this account. This function not only provides resources for mobile users in the network. The application provides flexibility and convenience, and at the same time guarantees the security of network resource applications. In addition, the GigaX2024 / 2048 switch also supports the Guest VLAN function of 802.1X, that is, in the application of 802.1X, if the port specifies the Guest VLAN item, this port If the access user under the authentication fails or there is no user account at all, they will become members of the Guest VLAN group and can enjoy the corresponding network resources in this group. This kind of function can also open a minimum for some groups of network applications Resources, and provides the most peripheral access security for the entire network.
Security Tip Three: traffic control (traffic control)
The flow control of the switch can prevent the abnormal load of the switch bandwidth caused by the excessive data flow of broadcast packets, multicast packets and unicast packets due to the wrong destination address, and can improve the overall efficiency of the system and keep the network safe and stable .
Security secret No. 4: SNMP v3 and SSH security network management SNMP v3 proposes a brand-new architecture, centralizing the SNMP standards of various versions together, and thus strengthening the security of network management. The security model recommended by SNMP v3 is a user-based security model, namely USM. USM encrypts and authenticates network management messages based on users. Specifically, what protocol and key is used for encryption and authentication is determined by the user name (userNmae) authoritative engine identifier (EngineID) (recommended encryption protocol CBCDES, Authentication protocols HMAC-MD5-96 and HMAC-SHA-96), providing data integrity, data source authentication, data confidentiality and message time limit services through authentication, encryption and time limit, thus effectively preventing unauthorized users from modifying and disguising management information And eavesdropping.
As for the remote network management through Telnet, because the Telnet service has a fatal weakness-it transmits the user name and password in clear text, so it is easy to be stolen by someone with ulterior motives and attacked, but when using SSH for communication, The user name and password are encrypted, which effectively prevents eavesdropping on the password and facilitates network administrators to perform remote and secure network management.
Security Tip Five: Syslog and Watchdog
The Syslog function of the switch can transmit system error, system configuration, status changes, periodic status reports, system exit and other user-set expectations to the log server. Based on this information, the network management personnel can grasp the operation status of the device, find problems early, and timely Perform configuration settings and troubleshooting to ensure safe and stable operation of the network.
Watchdog sets a timer. If the timer does not restart within the set time interval, an internal CPU restart command is generated to restart the device. This function allows the switch to intelligently and automatically in the event of an emergency failure or unexpected situation. Restart to ensure network operation.
Security Tip 6: Dual image file
Some of the latest switches, like ASU SGigaX2024 / 2048 also have dual image files. This function protects the device under normal circumstances (failure of firmware upgrade, etc.) can still start normally. The file system is saved in two parts: major and mirror. If one file system is damaged or interrupted, the other file system will rewrite it. If both file systems are damaged, the device will clear the two file systems and rewrite the factory. The default setting is used to ensure that the system starts safely.
In fact, some of the switch products that have appeared recently have made great efforts in security design-layer by layer defense, and every step of filtering, and do everything possible to exclude the possible unsafe factors to the greatest extent. If the majority of enterprise users can make full use of these network security settings and make reasonable combinations and collocations, they can maximize the prevention of various attacks and violations on the network, and hope that your enterprise network will be more stable and secure since then.
The Brushless dc motor consists of a motor body and a driver, and is a typical mechatronic product. The driver is composed of power electronics and integrated circuits, and its functions are: receiving start, stop, and brake signals of the motor to control start, stop, and brake of the motor; accepting position sensor signals and forward and reverse signals for controlling the inverse The power bridges of the variable bridges are turned on and off to generate continuous torque; the speed command and the speed feedback signal are accepted to control and adjust the speed; provide protection and display, etc.
Brushless motor,Brushless dc motor,Bldc motor,Brushless motor price,Brushless dc electric motor,Bldc motor price
Shenzhen Maintex Intelligent Control Co., Ltd. , https://www.maintexmotor.com