Two-Factor Two-Part Authentication (Version 9.0.2.3 supported)
Unlike many previous network services that use single-factor password authentication by default, Two-Factor Authentication (2FA), which combines two different authentication methods, users need to pass two or more authentication mechanisms before they can get Authorize access to the system resources provided by the service provider. There are many ways to verify, such as PIN code/fingerprint/scanning QR code/or one-time code and other auxiliary verification, and the purpose is to provide higher security for the account. This The two-factor authentication function combined with Google Authenticator uses the mobile phone owned by the user as the second authentication factor to achieve auxiliary authentication. The function is disabled by default. After enabling this function, the system will prompt you to enter a password and a one-time code. Can access your account.HERHSIANG NGS next-generation firewall has three parts, supports two-step verification: account management/Internet authentication/SSL VPN
Web Application Firewall is a product that specifically protects web server applications by implementing a series of security policies for HTTP / HTTPS.
The work of WAF is to analyze the data of the Web application layer, to force multiple conversions of different encoding methods to restore the plaintext of the attack, and to combine the deformed characters and analyze them, which can be better than the combined attacks from the Web layer.
Provide application layer rules. WEB applications are usually customized. Traditional rules for known vulnerabilities are often not effective. WAF provides dedicated application layer rules and has the ability to detect deformation attacks, such as detection of mixed attacks in SSL encrypted traffic.
Advanced Sandstorm can effectively detect unknown advanced malware attachments, such as common Microsoft, Word, Excel, Power Point or PDF; or targeted phishing emails, and even compressed files, such as ZIP and RAR.
Before scanning emails for Spam or Virus, Sandstorm Defense compares suspicious attachments, isolates problematic emails, and exposes potential malicious programs to avoid affecting users' email reception.
Provide web interface flow meter, draw the system's historical status into charts, so that managers can grasp the current system operating status at any time.
NGS 3572HF provides system status charts (including CPU load chart, memory load chart, system load), network traffic chart (LAN traffic, WAN1 ~ WAN13 traffic), and provides query conditions to quickly search the history of each traffic status .
Provides a variety of logs, such as log in/out log, system network settings, regulations and targets, network services, advanced protection, IPS, mail management, content logging, VPN, etc. and a detailed log search system.
It is used for debugging analysis, evaluation of system performance, and proof and tracing basis when it is illegally invaded.
Use IPSec, PPTP, L2TP, SSL VPN to securely connect between Site to Site, Point to Site and remote users. Through these VPN mechanisms, users can connect to different devices from different locations, including home, external public information service stations, and the Internet, such as laptops, branch offices, business locations, mobile communication devices, or home. …Wait.
Among them, SSL VPN is the most important long-distance secure transmission connection between most enterprises, customers and partners.
IDC's definition of UTM security hardware devices is: It includes multiple security functions integrated into a single hardware device, which must include network firewalls, network intrusion detection and defense, and gateway antivirus. It is not necessary to use all the functions on this device, but it must be built in, and individual components cannot be cut.
In order to test these devices, NSS Group more clearly defines UTM devices as a single device combination of firewall, VPN, IDS / IPS, anti-virus, anti-spam, URL filtering, content filtering and other functions. The detailed definitions are as follows:
* Firewall: Deployed at the network boundary, a strong stateful NAT firewall is required.
* VPN: It is often deployed in corporate WAN as a branch network solution, and basically needs to be able to establish a small number of secure VPN tunnels.
* IDS / IPS: The firewall can only enforce policies. If the policy allows inbound HTTP traffic to the web server in the DMZ zone, the firewall cannot prevent hackers from damaging the target web server from the HTTP protocol. The IPS function will detect and block intrusions that attempt to use network boundaries to prevent malicious network traffic from reaching the server. The IDS function can detect intrusions and issue alerts, but it cannot block malicious traffic.
* Anti-virus: Gateway anti-virus filtering can prevent inbound virus traffic at the network boundary, strengthen computer desktop security, and block them before they reach the desktop. The solution can also prevent internal computers from being infected by viruses from outside the corporate network. .
* Anti-Spam: Gateway Anti-Spam can mark incoming emails and allow further processing by computer-filtered solutions. The solution prevents internal hosts from sending spam to outside the enterprise.
* URL filtering: Using a constantly updated database of URL classifications, a gateway URL filtering solution prevents employees from accessing unpleasant or inappropriate websites from the corporate network.
* Content filtering: Scans specific content of web pages and email traffic. Gateway content filtering solutions can prevent unpleasant or inappropriate content from passing through or being sent out by corporate networks.
HERHSIANG Information Co., Ltd. (Uniform number: 13167798)
88673494097 88673596785 service@herhsiang.com
3F, No.5, Dinghe St., Sanmin District, Kaohsiung City Taiwan
Business hours: Monday ~ Friday 8:30 ~ 12:00 / 13:30 ~ 1800
(Except holidays and national holidays)Copyright © 2002~2025