语言支持(Language Support)
{{ item.label }}
{{changelanguage == "zh" ? "域名服务器" : "Domain Name Server"}}
{{changelanguage == "zh" ? "MD-1709A-100(北京润通丰华科技有限公司)" : "MD-1709A-100(BeiJing RunStone Technology Co., Ltd.)"}}
{{changelanguage == "zh" ? "路由器" : "Router "}}
{{changelanguage == "zh" ? "CL-DM-RT1810E(珠海高凌信息科技股份有限公司)" : "CL-DM-RT1810E(Zhuhai Gaoling Information Technology Co., Ltd)"}}
{{changelanguage == "zh" ? "分布式存储" : "Distributed storage"}}
{{changelanguage == "zh" ? "HD-MDS1800H(上海红阵信息科技有限公司)" : "HD-MDS1800H(Shanghai Red Array Information Technology Co., Ltd.)"}}
{{changelanguage == "zh" ? "Web服务器" : "Web Server"}}
{{changelanguage == "zh" ? "AMWS-H/T-4(上海红阵信息科技有限公司)" : "AMWS-H/T-4(Shanghai Red Array Information Technology Co., Ltd.)"}}

各个众测设备信息

一、设备简介

MD-1709A-100域名服务器是北京润通丰华科技有限公司研制的高安全等级网络基础设施设备。该设备基于动态异构冗余架构和广义鲁棒控制方法,彻底颠覆基于“挖漏洞”、“设后门”、“植病毒”和“藏木马”等传统攻击理论和方法,能够一体化实现应用服务提供、可靠性保障、安全可信防御的功能,无需频繁升级防御特征库,大幅降低全生命周期的维护成本。MD-1709A-100域名服务器采用增量部署方式,能够在不改变现有域名协议和地址解析设施的基础上,有效防御针对域名系统的域名缓存投毒、域名劫持攻击以及拒绝服务攻击等各种已知或未知域名攻击,提供“高可靠、高可用、高可信”三位一体的鲁棒域名解析服务,保障互联网核心基础设施域名解析服务安全。

二、特性指标

基于动态异构冗余架构和广义鲁棒控制方法。

支持处理来自整个网络或指定网络区间内的任意用户对授权域名的查询请求。

支持对区文件的导入导出以及增删改。

支持判断用户来源,并能够根据预定义策略返回域名解析结果。

支持EDNS0,能够以UDP承载大于512字节的数据包。

支持IPv6的AAAA记录的查询。

支持IPv4/IPv6双栈,即权威服务器自身的地址可以是IPv4和IPv6地址。

支持DNS安全协议扩展(DNSSEC)及DNSSEC旁路认证(DLV)。

支持通过网络时间协议(NTP,见IETF RFC1305)进行时间同步。

支持权威服务器设置泛解析,除指定域名外均指向www服务器。

有效防御基于漏洞后门的域名缓存投毒、域名劫持攻击以及拒绝服务攻击等各种已知或未知域名攻击。

具备对域名服务器已知/未知的威胁及攻击的实时感知能力。

三、应用场景

MD-1709A系列域名服务器产品已经在电信、金融、数据中心企业等成功部署,并即将应用于工业控制、航空航天、政府政务等具有高安全等级要求的领域,能够确保域名解析信息基础设施不受已知和未知漏洞后门威胁,具有广泛的示范推广前景。

各个众测设备信息

一、设备简介

CL-DM-RT1810E路由器是珠海高凌信息科技股份有限公司研发的高安全等级网络基础设施设备。该设备通过在架构设计中引入多个异构冗余的路由执行体、输入代理、路由裁决以及负反馈控制调度等模块,实现对基于未知漏洞后门的路由篡改攻击的发现与阻断,可提供“高可靠、高可信、高可用”三位一体的广义鲁棒性网络路由服务,是构建安全可信基础设施、扭转网络空间“易攻难守”的不对称格局和支撑我国“网络强国”战略的新一代网络核心设备。

二、特性指标

支持18个10GE接口的线速转发,背板交换能力500G;

支持静态路由、动态路由,支持动态路由协议包括OSPF/RIP/ISIS/BGP,支持策略路由和路由策略;

支持IP特性包括Ping/Trace/TCP/UDP/IP Option;

支持FTP特性包括FTP Server/FTP Client/TFTP Client;

支持Telnet特性包括Telnet Server/Telnet Client;

支持网络时钟协议包括NTPv3/NTPv4/SNTPv3/SNTPv4;

支持VPN种类包括 IPSec VPN/IKEv1/ADVPN/GRE/L2TP;

支持本地防火墙特性包括Packet Filter/ASPF、支持接入控制ACL,支持NAT/NAPT;

支持用户管理AAA (Local Authentication, RADIUS, HWTACACS, LDAP)、RBAC,支持本地管理CLI, Automatic Configuration, File System;

支持管理维护接口包括Console Port/ SSH/Telnet;

支持网络管理方式包括SNMP/iMC/NETCONF;

支持网络监测方式包括SNMP/RMON/Syslog/ NQA/EAA;

具备内生安全能力,能够实时发现未知攻击产生的路由改动,可抵御基于未知漏洞后门的路由篡改攻击;

三、应用场景

CL-DM-RT1810E路由器可应用部署于政府、企业、金融、电力等高安全等级要求网络,提供基础设施层面的安全防护,市场空间巨大,应用前景广阔。

各个众测设备信息

一、设备简介

分布式存储HD-MDS1800H是基于拟态防御机理构造的分布式存储系统,针对分布式存储系统的核心部分——元数据管理系统,采用DHR(Dynamic Heterogeneous Redundancy,动态异构冗余)架构构造独立的元数据管理集群。分布式存储将高性能与高安全融合,为用户提供高鲁棒性的分布式存储服务。在保障用户数据的完整性和可用性的前提下,同时确保数据的安全性和私密性等。

二、特性指标

采用分布式存储架构,支持HDFS文件存储协议,兼容Hadoop大数据平台。

支持用户权限的划分和认证,支持基于文件夹的配额管理。

支持多种(>=3)执行体异构类型,异构层次涵盖硬件平台,操作系统等多个级别。

分发器最大并发连接数不小于1万,平均分发裁决时延不高于1s,调度切换时间不超过3分钟,清洗同步和状态恢复时间不超过10分钟。

读写速率与IOPS不低于同等规模与同等配置下HDFS开源存储系统的90%,存储容量支持横向扩展至PB级.

具备内生安全防护能力,能够抵御基于未知漏洞和后门的攻击。在白盒测试下,对差模攻击成功防御概率为100%;对共模攻击的成功防御概率不低于90%,解脱时间不超过30分钟。

三、应用场景

分布式存储面向党政、军工等对安全等级有特别要求的行业,适用于企业级应用、云计算、大数据处理等应用场景。后续将在现有产品基础上,丰富存储协议支持类别,扩展产品的应用领域;分布式存储通过多样化编译、定制开发、生态圈合作等手段丰富异构执行体,进一步提升安全等级。

各个众测设备信息

一、设备简介

AMWS-H/T-4型号Web服务器是上海红阵信息科技有限公司基于先进安全防御技术原理,通过构建功能等价的、多样化的、动态化的异构虚拟Web服务器池,形成“高可靠、高可信、高可用”三位一体的广义鲁棒性的Web服务体系。该产品通过Web服务裁决、动态执行体调度、执行体多层面异构化等关键技术,更智能、更简单、更准确地主动发现漏洞利用和可疑访问行为,阻断攻击通信链,增大漏洞或后门的利用难度,同时能够帮助快速定位潜在威胁。AMWS-H/T-4型号Web服务器可提供网页篡改防御、网站后门防御、网站漏洞防御、安全态势分析等多种功能,并且无需人工干预,为用户的Web服务保驾护航。

二、特性指标

支持PHP应用脚本的拟态化功能;

支持数据库指令层的拟态化功能;

支持Web应用执行体按策略动态切换;

支持灵活选配通用Web服务器软件层、操作系统层、虚拟层、硬件平台层的拟态化功能;

支持Web服务威胁的自动处置功能;

支持独立BMC管理单元、IPMI2.0网络远程管理方式;

支持有效防御网页篡改攻击;

支持有效防御网站漏洞/后门攻击;

支持有效防御PHP、SQL注入攻击;

支持安全态势分析功能;

单台服务器支持不少于10万并发;

支持 RFC 2016 HTTP1.1协议;

支持 RFC 1945 HTTP1.0协议;

支持RFC 2014 HTTP 2.0协议;

支持Ipv6协议。

三、应用场景

AMWS-H/T-4型号Web服务器已经在政府、军队、金融、能源、互联网公有云等关键领域开展了应用,提供Web服务层面的安全防护,取得了显著的应用效益,具备广阔的应用前景。

Introduction of Mimic Defense

1、INTRODUCTIONS

The MD-1709A-100 domain name server is a high-security network infrastructure equipment developed by BeiJing RunStone Technology Co., Ltd.. Based on Dynamic-Heterogeneous-Redundancy architecture and generalized robust control method, the device completely overthrows traditional attack theories and methods such as "exploiting vulnerabilities", "setting back doors", "planting viruses" and "Tibetan Trojan Horse". It can integrate the functions of application service provision, reliability guarantee, security and credible defense, without frequent upgrade of defense feature library, and greatly reduces the maintenance of the whole life cycle. To ensure the security of domain name resolution service of Internet core infrastructure, the MD-1709A-100 domain name server adopts incremental deployment mode, which can effectively defend against known or unknown domain name attacks such as domain name cache poisoning, domain name hijacking and DoS attacks without changing existing domain name protocols and address resolution facilities, and provide a robust domain name resolution service of "high reliability, high availability and high trustworthiness".

2、KEY FEATURES

Supports the Dynamic-Heterogeneous-Redundancy architecture and generalized robust control method.

Supports the processing of queries for authorized domain names by any user from the entire network or within a specified network area.

Support the import and export of zone files and add, delete and modify them.

Supports the identification of user sources and the ability to return domain name resolution results according to predefined policies.

EDNS0 is supported, which can carry packets larger than 512 bytes in UDP.

Support queries of AAAA records in IPv6.

IPv4/IPv6 dual stack is supported, that is, the address of authoritative server itself can be IPv4 and IPv6 address.

Support Domain Name System Security Extensions (DNSSEC) and DNSSEC Lookaside Validation (DLV).

Supports time synchronization through Network Time Protocol (NTP, see IETF RFC 1305).

Supports authoritative server settings for pan-parsing, pointing to the WWW server except for the specified domain name.

Effective defense against known or unknown domain name attacks such as vulnerability/backdoor-based caching poisoning, domain name hijacking and denial of service attacks.

Support real-time awareness of known/unknown threats and attacks on domain name servers.

3、APPLICATION SCENARIOS

The MD-1709A series of domain name server products have been successfully deployed in telecommunication, finance, data center enterprises, and will soon be applied in industrial control, aviation/aerospace, government affairs and other areas with high security requirements, to ensure that the domain name resolution information infrastructure is not threatened by known and unknown vulnerabilities/ back doors, and has a broad demonstration and promotion prospects.

Introduction of Mimic Defense

1、INTRODUCTIONS

The CL-DM-RT1810E router is a high security level network infrastructure equipment developed by Zhuhai Gaoling Information Technology Co., Ltd. This quipment can discover and block the route tamper attack based on the back door of unknown vulnerability by introducing multiple heterogeneous redundant routing actors, input agents, route arbiter and feedback control scheduling modules. It is a new generation of network core equipment for building secure and credible infrastructure, reversing the asymmetric situation of "easy to attack but difficult to defend" in cyberspace, and supporting China's "national cyber development strategy",which can provide generalized robust network routing services with "high reliability, high creditability, high availability".

2、KEY FEATURES

18*10GEbps Interfaces and 500G Backplane switching capability;

static routing, dynamic routing, and dynamic routing protocols including OSPF/RIP/ISIS/BGP, policy routing and routing policies;

IP features including Ping/Trace/TCP/UDP/IP Option;

FTP features including FTP Server/FTP Client/TFTP Client;

Telnet features including Telnet Server/Telnet Client;

NTP protocols including NTPv3/NTPv4/SNTPv3/SNTPv4;

VPN protocols including IPSec VPN/IKEv1/ADVPN/GRE/L2TP;

Firewall features including Packet Filter/ASPF,ACL,NAT/NAPT;

User management protocols including AAA (Local Authentication, RADIUS, HWTACACS, LDAP), RBAC, CLI, Automatic Configuration, File System;

OAM interfaces including Console Port/ SSH/Telnet;

Management protocols including SNMP/iMC/NETCONF;

Network monitoring protocols including SNMP/RMON/Syslog/ NQA/EAA;

With endogenous security capability, including discovering the route alteration caused by unknown attack in real time and resisting the route tampering attack based on unknown backdoors and vulnerabilities;

3、APPLICATION SCENARIOS

The CL-DM-RT1810E router can be deployed in government, enterprises, finance, power systems and other high-security-level network, in order to provide infrastructure level security protection. Thus it has a huge market space and broad application prospects.

Introduction of Mimic Defense

1、INTRODUCTIONS

HD-MDS1800H system is a distributed storage system based on the Cyberspace Mimic Defense mechanism. For the core part of the distributed storage system, the metadata management system, DHR (Dynamic Heterogeneous Redundancy) architecture is used to construct independent metadata management cluster. The distributed storage combines high performance with high security to provide users with highly robust distributed storage services. It guarantees the security and privacy of user data while ensuring the integrity and availability of the data.

2、KEY FEATURES

HD-MDS1800H system adopts distributed storage architecture, it supports HDFS file storage protocol and is compatible with Hadoop's big data platform.

It supports the division and authentication of user rights and folder-based quota management.

It supports multiple (>=3) executable heterogeneous types, which cover multiple levels, such as the hardware platform, operating system, etc .

The maximum number of concurrent connections of the distributor is not less than 10,000, the average distribution ruling delay is no more than 1 s, the scheduling switching time is less than 3 minutes, and the time of cleaning synchronization and state recovery is less than 10 minutes.

The read/write rate and IOPS are not less than 90% of the HDFS open source storage system of the same size and equivalent configuration, and the storage capacity supports horizontal expansion to the PB level.

HD-MDS1800H system, which is equipped with endogenous security protection, against attacks based on unknown vulnerabilities and backdoors. Under the white box test, the probability of successful defense against differential mode attacks is 100%; the probability of successful defense against common mode attacks is not less than 90%, and the release time is no more than 30 minutes.

3、APPLICATION SCENARIOS

Distributed storage can be used in party, government and military organizations which are industries with special security requirements. It is suitable for applications such as enterprise applications, cloud computing, and big data processing. In the subsequent version, more storage protocols and industrial applications will be supported based on existing products. To further improve the level of security, the distributed storage enriches the heterogeneous executor through diversified compilation, custom development and ecosphere cooperation.

Introduction of Mimic Defense

1、Introduction

The AMWS-H/T-4 model Web server is a "high reliability, highly credible, highly available" trinity of the generalized robust Web services system formed by the highly functional, diversified and dynamic heterogeneous virtual Web server pool, and based on the principle of advanced security defense technology of Shanghai Red Array Information Technology Co., Ltd. The product has the ability of discovering exploits and suspicious behaviors. It also can block attacks on the communication chain and increase the difficulty of using the vulnerabilities or back door through key technologies such as web service voting, dynamic execution scheduling and execution of multi-layer isomerization while quickly locate potential threats on the same time. The or and website vulnerability. Security situation analysis and other fAMWS-H/T-4 model web server can defense against web page tampering, website backdounctions can be provided without manual intervention.

2、Key Features

Support for mimetic functions of PHP application scripts;

Support the mimetic function of the database instruction layer;

Support Web application execution body to dynamically switch by policy;

Supports flexible selection of mimicry functions of the general Web server software layer, operating system layer, virtual layer, and hardware platform layer;

Support automatic handling of Web service threats;

Support independent BMC management unit, IPMI2.0 network remote management mode;

Support effective defense against Web page tampering attacks;

Support effective defense against Website vulnerabilities/backdoor attacks;

Support effective defense against PHP and SQL injection attacks;

Support security posture analysis function;

A single server supports no less than 100,000 concurrent;

Support RFC 2016 HTTP1.1 protocol;

Support RFC 1945 HTTP1.0 protocol;

Support RFC 2014 HTTP 2.0 protocol;

Support for the IPv6 protocol.

3、Application Scenarios

The AMWS-H/T-4 model Web server has been applied in key areas such as government, military, finance, energy, and Internet public cloud. It provides security protection at the Web service level, achieves significant application benefits and has a broad application prospects.

{{LanguageObj.formTitle}}

{{changelanguage == 'zh' ? item.cn_name : item.en_name}} {{item}} 验证码
{{LanguageObj.formBtnTxt}}