requirement analysis
There are various terminal devices inside and outside the company (employee terminals, visitor terminals, dumb terminals, IOT terminals, etc.), which can access the intranet or wireless network without trusted authentication; And these terminals themselves may have some security risks, which pose great threats to internal network security, such as carrying viruses to access and causing virus spread.
At the same time, these terminals lack access control after connecting to the network, and there is no distinction in access control between employees and visitors. The access to certain business systems is not visible, posing a great threat to the business systems, and accidents cannot be traced back!
Therefore, there is a need for a method that can achieve both trusted access to the intranet and effective management of terminals, ensuring that untrusted and non compliant terminals cannot access the network; At the same time, it can control the user's access permissions to the business and record the user's behavior of accessing the business for retrospective purposes.
On the one hand, ensure the security of the internal network environment, verify user identity, minimize authorization for business access, and trace business access behavior records afterwards; On the other hand, it meets the national standard GB/T 22239-2008 Information Security Technology "Basic Requirements for Information System Security Level Protection".

Product Introduction
Guangzhou Mingguan Information deeply believes in the AC network access control system, which not only focuses on network access control and terminal security checks, but also emphasizes business access security control. Emphasizing human centered business access control, network access is only a crucial step, and ensuring business security is the ultimate goal.
Deeply convinced of the AC network access control system, it synchronizes user sources through HR, AD domain and other systems, verifies the legitimacy of access user identities, and checks the security of access terminals; Based on multi-dimensional business access authorization such as user groups, user attributes, user roles, locations, and times, ensure that business access permissions are minimized; At the same time, record all business access behaviors, as well as analyze and trace access behaviors.

Functional Features
Terminal security check
1. Support patch check, antivirus software installation check, operating system check, file requirement check, registry key check, software configuration check, etc; And it can be set that terminals that fail the inspection cannot access the network, while reminding end customers to repair them immediately;
2. Scripts can be written according to requirements and executed through the console to extend and meet various personalized needs.

Access authentication (admission)
1. Layer 2 access authentication, supporting 802.1x authentication and MAB authentication;
2. Three layer access authentication, supporting multiple authentication methods such as local password authentication, third-party authentication, SMS authentication, WeChat authentication, QR code authentication, etc;
3. Can cover formal employee authentication, dumb terminal authentication, and visitor authentication.

User management
1. Support integration with multiple user sources, including built-in accounts, AD domain users, email server user authentication, LDAP server user authentication, Radius servers, database servers, POP3 servers, H3C CAMS servers, and third-party authentication systems (CAS);
2. As a unified identity management center, it provides API interfaces to connect user information to third-party devices, and LADP interfaces to connect user information to third-party devices, achieving the goal of unified identity management across the entire network.

Business access behavior control
1. Support access to business based on user group authorization;
2. Support authorized access to services based on user attributes;
3. Support location-based authorization access services.

Audit of Business Access Behavior
1. Support business access behavior auditing, with audit information including domain names URL、 Page title, page content, and other information;
2. Support multiple operation and maintenance protocol audits, such as FTP, SSH, and Telnet protocol access behavior audits.

Log Center
1. When a security incident occurs, the security administrator can log in to the log center to search and find the audited user behavior at the time of the incident, in order to locate and trace the responsible person;
2. Provide rich report content, analyze and present audit data from multiple dimensions such as user, business, and location.

As an identity management center
1. Can interface with multiple systems, such as HR, AD domains, etc. to synchronize user sources;
2. Support providing API interfaces to interface user information with third-party devices;
3. Support providing LADP interface to interface user information with third-party devices.
Product advantages
Diversified authentication methods, supporting 802.1x authentication, MAB authentication, local password authentication, third-party authentication, SMS authentication, WeChat authentication, QR code authentication and other authentication methods
In addition to network access control and terminal security checks, Shenxin AC Network Access Control System focuses more on business access security, emphasizing people-centered business access control. Network access is only the key step, and ensuring business security is the ultimate goal. (1) Through business access control, support multi-dimensional business access authorization based on user groups, user attributes, user roles, locations, time, etc., to ensure minimal business access permissions; (2) Through business access auditing, it supports recording all behaviors of business access, as well as analyzing and tracing access behaviors.
Deeply convinced of the AC network access control system, it can interface with multiple user sources, manage users uniformly, and provide API interfaces to the outside world in a service-oriented manner. It can interface with multiple network devices and form a unified identity management system for the entire network.

Deployment mode (topology diagram)
1) Bypass deployment

2) Serial deployment

3) Multi branch unified authentication deployment (multiple control points)

user value
Terminal access security
By conducting compliance checks on terminals accessing the internal network, such as whether patches have been applied and whether antivirus software is secure, the network can only be accessed after passing the checks, effectively ensuring the security of the internal network environment and avoiding threats from terminals to the internal network.
User identity security
By authenticating the identity of users accessing the intranet, it ensures that both the terminals and individuals accessing the intranet are trustworthy, and records their subsequent behavior for easy analysis and traceability.
Business access security
Human centered business access authorization controls access to business based on multiple dimensions such as user groups, user roles, locations, and times; Simultaneously record all business access behaviors and provide log analysis and traceability functions.
PS： Compliant terminals, legitimate user identities, and authorized access to business provide better protection for internal network security and business security.

Some typical customers