FinNet - Security Features



		Sitemap \| FAQs \| Contact Us \|

:. Application Services

			home >> Technologies -> Security Features

................................................................................................. FinNet adopts a "layered security approach" in its network security design. With such design, protections are directly applied against the expected threats with risk mitigation at each layer. As a result, failure of a single security component will not lead to the compromise of the whole network resources. Conceptually, three separate layers are applied with 7 x 24 real-time monitoring and alert management through the Network Management Centre managed by the Wharf T&T : - Client Layer : Customer Premise Equipment (CPE) - Core Layer : Backbone Network - Server Layer : FinNet Server Farm
			Related Topic
			+ Infrastructure + Connectivity

...........................................................................................................................

Protection of FinNet starts from the customer premise end, i.e. the router and its circuit to FinNet. For security control, each CPE router is specially configured accordingly to the FinNet Security Design Specification to ensure its availability and integrity. Major security controls include the following:

Only supported traffic types are enabled
anti-IP-Address-Spoofing to prevent Denial-of-Service Attacks
Use of fixed IP Addresses for traceability of problem source if required
Use of private IP Addressing Scheme suggested by RFC1918
Restriction on broadcast amplification
Monitoring and alert on unauthorized configuration change and unplanned outage
Dual virtual circuits connecting to separate network centre for better resilence

On top of the security protection by FinNet, all members are highly recommended to review and implement additional security measures based on your own application/information needs.

. . . Top

.................................................................................................

FinNet backbone is an IP-based routing network that supports data transmission among members , service providers and the FinNet server farm.

A set of IP packet filtering rules is configured on routers to prevent inappropriate packets coming from CPE and, on the other hands, to stop packets flooding to CPE. Moreover, access control lists are enabled on each Backbone Router to preserve the integrity of routing table. As a result, there is no way to propagate incorrect routing information from CPE to backbone to corrupt routing tables. To prevent unauthorized users from accessing FinNet by connecting a cable to a wire closet, Backbone Routers are specially configured to allow only packet routing from a predefined path.

Major security controls include the following:

- Physically isolated from Internet access
- Co-located network facility with intersite links for automatic failover
- 7 x 24 x 365 real-time monitoring and alert on utilization, performance and availability

. . . Top

.................................................................................................

FinNet Server Farm hosts the FinNet owned system servers for email, DNS, network access control and web portal services etc. These support services are critical for FinNet members to locate related service providers, share information, enable peer-to-peer communications and authenticate themselves to the peers etc. Major security controls applied at this layer including:

Firewall protection
Anti-virus control
Physical security/access control
Co-located host facility to maximize system availability
7 x 24 x 365 host monitoring and alert on utilization, performance and availability
Logical access control with RADIUS and LDAP integration

. . . Top

Home | Legals | Sitemap | FAQs | Contact Us

Hotline : 121 389 | Fax : 2293 5824 | Email : info@finnet.hk