Huawei Campus Network Security Solution For Petroleum Industry PDF
Huawei Campus Network Security Solution For Petroleum Industry PDF
Huawei Campus Network Security Solution For Petroleum Industry PDF
Oil and gas companies apply ICT technologies to cut costs and mitigate risks, increasing revenue and enhancing efficiency. They
build campus networks that cover their own working areas, to support oil and gas prospecting, production, transportation,
processing, storage, sales, and other activities of their business. As information technologies develop, oil and gas companies are
confronted with the following challenges when building campus networks.
Mobile office: The increasing consumption of terminals threatens the border security of traditional campus networks. The prevalence
of applications may trigger more data leakage risks. The boundaries between office services and personal data are increasingly
blurred. The extensive use of smart terminals to access campus networks brings network security problems. Employees working at
remote offices may encounter security problems in service operation and data transmission.
Web-based applications: The ease-of-use of the web creates mounting security problems, so oil and gas companies are compelled
to find ways to secure their web portals and web service platforms to effectively control terminal users' web access, to effectively
resist hostile attacks and Trojan programs from web-based applications, and to protect campus networks from security threats like
information leakages through email or web-based instant messaging applications.
Segmented functional areas: Exposed to the Internet, demilitarized zones (DMZ) are battling with relentless security threats,
compelling oil and gas companies to find ways to make their multi-service campus networks more secure and reliable, to improve
the policies and systems adopted to control access between different service areas, to block virus and hostile attacks from
disseminating between different service areas, and to monitor deliberate and illegal behaviors internally.
Data explosion: Oil and gas companies have to consider how to guarantee data security when massive amounts of data are
transmitted, how to guarantee legal access to massive amounts of data related to core businesses, how to prevent data leakage
through internal and external networks, how to secure data through virtualization, and how to secure data backup.
Huawei Solution
The Campus Network Security Solution consists of five parts: border protection, terminal security, remote access, network traffic clean-up, and
application surveillance. These flexible and collaborative five parts constitute a reliable solution to secure the campus networks of oil and gas companies.
Off-site
employee
Branch office
Subsidiary
R&D base
Solutions
Products
SSL VPN
IPSec VPN
Internet
IPSec VPN
IPSec VPN
Private line
Border
security solution
MPLS
SIG9800
Remote access
security solution
HQ of oil group
SVN series
Application Server
Wi-Fi access zone
Fine-grained management
security solution
Web server
DMZ
Data center
Management
center
Application
10GE LINK
Gigabit Ethernet
(GE) LINK
iSoc
(UMA-DB)
Terminals inside
the company
FW/UTM
Router
eLog Server
VSM Server
Switch
NIP5000
ASG2600
UMA
VSM Server
Unified security
management solution
eLog Server
Customer Benefits
This solution provides robust protection for customers' campus
networks and defends against a large quantity of internal and
external attacks, to support the stable business operations of
customers, support the secure remote access from branches and
off-site employees, and provide enterprises with a panoramic view
of their network security situation, support their analysis on public
opinions, and proactively protect campus networks. This solution
can also reduce customers' expenses on managing and maintaining
confidential data.
Solution Architecture
Scenario 1: Access control
Through deploying all-in-one equipment (like firewall [FW] and unified threat management [UTM], which integrates firewall, router,
switch, VPN, antivirus device, intrusion prevention system [IPS], Wi-Fi, CDMA, and voice), this solution effectively monitors Internet
access, terminal access, and remote access, guaranteeing network access security. Through high-performance clean-up of traffic from
malicious attacks, network egress is protected from distributed denial of service (DDoS) attacks. Through isolating and protecting
enterprise networks from the Internet, this solution offers trustworthy cross-network (internal and external) access control policies. The
separated business zones prevent security threats from spreading between different business networks. Robust data security protections
are made possible with the best use access controls overall authorized users. The unified security access control policy helps to upgrade
the protection level. The defense access control system integrates the three dimensions of network, application, and data.
Through deploying security manager (SM), security controller (SC) and security access control gateway (SACG) and installing security
agent (SA) in terminals, this solution allows authorized users to access the network at any time, in any place and through any device.
Management center
Branch office
Employees on
business trips
VPN private line
SC
SM
Internet
Web
Oilfield
Application
Core network
DMZ
SACG
Office area
SACG
Subsidiary
Branch office
Data center
Branch office
VPN
VPN
private line private line
Internet
Web Application
Oilfield
OIC server
Core
network
DMC
Management center
SACG
SACG
DMZ
Office area
Subsidiary
Branch office
Data center
OIC server
Antivirus
Internet
Visualized
network
Gold
Bronze
Silver
Campus network
egress
SIG background system
SIG9800
Access layer
Game 100+
Stream 70+
P2P 70+
VoIP 60+
Video 50+
IM 50+
PeerCastin
Mobile 15+
Stock 10+
P2P Upload
P2P Download
VoIP
WebTV
Videoconferencing
Gaming
Email
Internet
Oilfield
Web
Application
Core
network
TSM server
Management
center
Office area
DMZ
Branch office
Data center
Database behavior audit
iSoc+VSM
Unified security
management platform
Management
center
Data center
Core services
Server, database
Network equipment
management