With the rise of cloud computing, the Internet of things, big data, 5G and other emerging technologies, the network information security boundary is weakening, the security protection content is increasing, the data security, information security poses a great challenge, but also for the network information security market opened up a new incremental space.

In addition to economic globalization, data security, privacy protection and other issues are more and more attention, network security market size continues to grow.

Network security is essentially the information security on the network.

Mainly refers to the network system in the hardware, software and the data in the protection, not due to accidental or malicious factors and damage, change, leak, system continuous and reliable normal operation, network service is not interrupted.

Broadly speaking, all related technologies and theories concerning the confidentiality, integrity, availability, authenticity and controllability of information on the network are the research fields of network security.

Network threats emerge in an endless stream, the frequent emergence of ransomware and its variants, seriously threaten the Internet security of ordinary users, people's demand for information security products and services continues to grow, more and more enterprises involved in information security, information security industry market size is also rising year by year.

It is reported that in 2018, the scale of China's network security industry is close to 50 billion yuan, maintaining a growth rate of more than 20%, and is expected to reach 60 billion yuan in 2019.

In network security, the hardware devices often used are optical splitter, small TAP, network splitter, etc.

Beijing Xingyutong Optical Technology network shunt has SPACECOM 10/100/1000 adaptive small TAP, there are also 10G, 25G, 40G, 100G network shunt equipment.

The biggest characteristic of these network shunt is that it is independent and transparent. It can help the user directly connect it to the network. It can also be used as a network communication device to transmit information to other devices.

1. Protocol conversion

Because the mainstream Internet data communication used by ISPs has a variety of interfaces:

100G Ethernet, 40G POS, 10G POS/WAN/LAN, 2.5g POS, GE, etc. The data receiving interfaces of application servers are generally GE and 10GE LAN interfaces. Therefore, protocol conversion mentioned in Internet communication interfaces mainly refers to 100G.

40G POS, 10G POS, and 2.5g POS to 10GE LAN or GE, and 10GE WAN to 10GE LAN or GE bidirectional coconversion.

2. Data collection and distribution.

Most data collection applications simply extract the traffic they care about and discard the traffic they don't care about.

The quintuple (source IP address, destination IP address, source port, destination port, and protocol) converges the traffic of a specific IP address, protocol, and port.

When output, ensure the same source and same destination based on the specific HASH algorithm and the output is load balanced.

3. Feature code filtering

For THE collection of P2P traffic, the application system is likely to only pay attention to some specific traffic, such as PPStream, BT, thunderbolt, and the common keywords on HTTP, such as GET and POST, etc., which can be extracted and converged by feature code matching.

Shunt supports fixed position feature code filtering and floating feature code filtering.

The floating feature code is the offset specified on the basis of the fixed position feature code. It is applicable to the application where the feature code to be filtered is clear, but the specific position of the feature code is not clear.

4. Session management

Traffic is identified for session connections, and the N value of session forwarding (N=1 to 1024) can be flexibly configured.

That is, the first N packets of each session are extracted and forwarded to the back-end application analysis system. The packets after the N value are discarded, saving resources for the downstream application analysis platform.

In general, when monitoring events with IDS, there is no need to process all packets of the entire session, and only need to extract the first N packets of each session to complete the analysis and monitoring of events.

5. Data mirroring and replication

The shunt can mirror and copy the data on the output interface, ensuring the data access of multiple application systems.

6. 3G network data collection and distribution

Data collection and distribution on A 3G network is different from traditional network analysis mode. Packets on a 3G network are encapsulated in multiple layers and transmitted on the backbone link. The packet length and encapsulation format are different from those on a common network.

The splitter provides the multi-layer encapsulation format analysis function to accurately identify and process packets of tunnel protocols such as GTP and GRE as well as multi-layer MPLS and VLAN labels. It can extract IUPS signaling packets, GTP signaling packets, and Radius packets to a specified port based on the packet features. In addition, it can split packets based on the inner IP address.

Support for oversized packages (MTU>

1522 Byte), which can perfectly realize the application of 3G network data collection and distribution.

Network shunt is can help user to check system, can also be used as a network of sensors and network analyzer, of course, this is not its biggest advantages, our common network shunt can also help the Internet to collect data, this is the best collection of security systems, many hardware can be done?

Presumably other than network shunt, and no one can replace it.

Want to use network splitter correctly, must install seriously, look for professional personnel to help you install it easily.