Security Design

On a traditional campus network, the intranet is considered secure and threats come from the extranet. Firewalls are often deployed to ensure security on campus borders. As security challenges increase, border defense at the egress cannot meet requirements. The security model should be converted from passive into proactive and the security scope should change from the external network to the internal network to solve security problems from the source (terminals), improving information security level of the entire enterprise.

For details about how to change the security scope from the external network to the internal network, see suggestions in the egress network security design and intranet security design. For details about how to convert the security model from passive to proactive, see suggestions in the intranet intelligent security collaboration design. The following describes the egress network security design, intranet security design, and intranet intelligent security collaboration.