With the rapid development of information networking, the status of critical information infrastructure as an important strategic resource related to national security and social stability has become increasingly prominent。In order to better deal with the network malicious scanning, intrusion and other network attack events that threaten the critical information infrastructure，We will implement the requirements of the Cybersecurity Law of the People's Republic of China and the Regulations on Graded Protection of Cybersecurity to improve the protection of critical information infrastructure, Critical information infrastructure network operating units should have the ability to check the integrity of network boundaries，It can check the behavior of internal network users to connect to the external network privately，Pinpoint the location，And effectively dispose of them。 Illegal external channels break the integrity of the network boundary, so the First Research Institute of the Ministry of Public Security designed and developed the "Network Violation External Inspection System". (referred to as Netlink E01), changes the traditional client Agent inspection mode, based on Intranet traffic analysis and monitoring, users can be from the "trusted domain" to the "non-trusted domain" unauthorized behavior of the daily, non-awareness inspection, can be found in time, prevent problems。

Government, ministries and commissions, key enterprises and institutions

Critical information infrastructure network operation unit network boundary integrity inspection, daily non-perception inspection, timely detection of hidden dangers, improve protection capabilities。

Cyberspace Administration, public security and other industry authorities

From a regulatory perspective, critical information infrastructure and key industries should be viewed, routine cybersecurity law enforcement inspections should be carried out, and regulatory responsibilities for critical information infrastructure protection should be implemented。

In off-line deployment, users can be identified only by normal access traffic

Rich and accurate knowledge base matching information, improve the recognition rate

At the application layer, Intranet services and user experience are not affected

Using TCP and UDP detection technologies, the system can detect illegal external hosts accurately

The network E01 is deployed next to the core switch. Each switch corresponds to one network E01

Each network E01 needs to connect to three core switch network ports

PS: The management port and the detection injection port can be the same network port

The network E01 is deployed next to the core switch. Each switch corresponds to one network E01

Each networked E01 needs to connect to two core switch network ports and one mirroring port on the NetworkTAPs device

PS: The management port and the detection injection port can be the same network port

It will not affect terminal equipment and application systems, users have no perception of deployment, simple implementation, does not change the network structure, does not affect the existing environment monitoring range, 100% accuracy, "0" false positives Support group/province/city multi-level deployment, unified management, flexible expansion

Netunion E01 has been running stably in the public security network for 3 years Daily monitoring and auditing of border and illegal outreach activities in transportation, finance, energy, power, and operator industries