Escolar Documentos
Profissional Documentos
Cultura Documentos
Secospace TSM
Product Overview
With the expansion of the network scale of enterprises and implement the role-based access control, and implements the
organizations, multiple access points such as branches, mobile patch and asset management at the application layer to block
users, and guests are added to the network. Thus, the network risks, thus effectively improving the capability against risks.
vulnerabilities at each layer of the network increase greatly. Unified deployment: To defend the increasingly complex
Professional interest-driven hackers attack the terminals of the security attacks, enterprises need to deploy multiple types of
enterprise and access the key resources to intrude the core services terminal management products; however, these products are
of the system. In this way, data is intercepted or damaged, the core not associated with each other and are difficult to deploy on a
services are interrupted, and malicious codes are spread, thus, the network in a centralized manner. In this case, the procurement
services and reputation of the enterprise are affected greatly. cost is high, and the network architecture is complex and
Based on the comprehensive security evaluation on terminals difficult to maintain. To cater the requirement for simplifying
and unified terminal configuration, Huawei Secospace terminal IT solutions, the TSM provides an integrated terminal security
security management (TSM) system actively evaluates the management solution for enterprises by combining network
security statuses of terminals before they access the network, access control, security policy management, staff behavior
constructs the role-based network access mechanism, and management, patch management, asset management, and
repairs the system vulnerabilities of the insecure terminals. In software distribution. It reduces the total cost of ownership
this way, viruses are blocked, and a complete, simple, and easy- (TCO) for terminals and reduces the deployment complexity.
to-manage terminal security environment is constructed for Comprehensive protection: The internal information security
the enterprises and organizations. management is a systematic project, which takes the security
In-depth defense: By combining the terminal layer, network regulations, technologies, process, and management into
layer, and application layer, an in-depth defense system is consideration. The TSM focuses on the security policy and enhances
formed, thus, a complete security defense line is constructed for the continual PDCA defense process of checking, quarantining,
the enterprises and organizations. To be specific, the TSM actively monitoring, and remediation. It offers a comprehensive security
evaluates terminal statuses at the terminal layer, cooperates management and protection solution for intranet terminals and
with the security access control devices at the network layer to continually increases the information security level of organizations.
ID Security
Policy Recovery
authentication check
Sensitive information
Remote resources
employees
On-site
employees Core information
resources
Visitors
repair
General information
External resources
illegal users
1
Secospace TSM
Major functions:
•• The TSM provides the network security access control illegitimate external connections, peripherals of computers,
function, that is, the TSM detects and controls the access and network access behaviors, thus avoiding malicious
of the internal staff, guests, and partners, thus preventing attacks to the network, regulating the use of IT resources,
unauthorized users and insecure terminals from accessing and improving network efficiency.
the intranet. In addition, it authorizes users to access the •• The TSM provides the intelligent and efficient patch
intranet resources according to users' identities. and software distribution function, detects system
•• The TSM provides the terminal securit y baseline vulnerabilities, reduces bandwidth usage to the maximum
management function, that is, the TSM configures the extent, helps terminals to update patches in time, and
security baseline of terminals in a centralized manner, repairs system vulnerabilities.
comprehensively evaluates the terminal statuses, and •• The TSM provides enterprises with the asset security
isolates and repairs the insure terminals to increase auditing function, that is, the TSM dynamically collects
terminals' security protection level, thus ensuring sof t ware and hardware asset information of the
enterprise network security. enterprises, traces enterprises' asset changes, and helps
•• The TSM provides user behavior management, that is, administrators to comprehensively understand the asset
the TSM audits and controls the terminal users' behaviors status, thus improving the IT management capability of
that violate the enterprise management system, such as the enterprises.
Product Functions
Secospace TSM
•• SACG mode •• Cooperated anti- •• Network behavior •• WSUS cooperation •• Software distribution •• Registering assets
•• 802.1x access control virus software check management •• Customized patch tasks based on time •• Asset lifecycle
mode •• Patch check of the •• Peripheral distribution policy period management
•• Access control OS, IE, and Office management •• Patent-based quick •• Resumable •• Asset information
mode based on host •• Host security check •• USB device and efficient patch download and statistics
firewall such as system monitoring distribution integrity check •• Software license
•• AD/LDAP/CA accounts and •• Illegitimate external •• Patch filtering •• Automatic-run of management
cooperated registries connection •• Patch statistics files •• Asset change
authentication •• Check of the shared management report •• Detailed report of notification
•• Agent client files and printer •• ARP defense distribution status •• Server platform
•• Non-agent Internet •• One-click intelligent •• Network traffic monitoring
Explorer control repair monitoring •• Notification and
•• Process and service remote assistance
monitoring function
2
Secospace TSM
Product Features
Supports multiple access control modes The TSM grants appropriate access permissions to different
to satisfy the requirements on the access users including employees, guests, and partners, thus
3
Secospace TSM
Supports automatic patch management to dedicated emergency channel. The server platform monitor
repair the terminal vulnerabilities efficiently. tool is provided to monitor the running status of the server
The TSM provides the policy-based patch distribution and gateways in real-time, thus ensuring the high reliability of
mechanism, that is, the patches can be distributed according the system and service continuity of the enterprise.
4
Secospace TSM
Product Specifications
The Secospace TSM consists of the security agent (SA), security manager (SM), security controller (SC), and security access control
gateway (SACG).
External network
Pre-authentication SM SC
SA domain Third-party anti-virus
Local sever
VPN Gateway
SA
Third-party
Quarantine patch server
Local
SA domain
Core
network
Post-authentication
SACG domain3
Post-authentication
Intranet domain2
Post-authentication
domain1
Component Description
Software: The SA is installed on the terminal host for assisting identity authentication and security check and for
SA collecting the asset information and security status of the terminal. The SA uses a small amount of terminal and system
resources. The CPU usage is about 2%, and the maximum memory usage is 15 MB.
Software: The SM is the core of the TSM. It provides many service management functions including asset management,
software distribution, patch management, log auditing, terminal security policy management, identity management,
SM and reporting. The SM adopts the B/S architecture and enables the system administrator to manage the system
through Web UI. The SM can be deployed in distribution mode. An SM can manage multiple SCs. The SM and SC
compose the system server of the TSM.
Software: The SC manages the SA based on the data configured by the SM. The SC implements the management
functions of the SM. The SM sends the instructions and then the SC coordinates the related components to implement
SC
the instructions. After the user is authenticated by the SA, the SC sends instructions to the SACG to assign the access
permission.
Hardware: As a network layer device, the SACG controls the network access permission of terminals and allocates
different permissions to terminal users with different IDs and of different security statuses. SACGs are Huawei USG
series products built on carrier-class hardware platforms. Different SACGs, such as USG 2130/2220/2250/5320/5330/53
SACG
50/5360 are prepared for the scenarios with different numbers of concurrent users.
The SACG can be deployed both in centralized and distributed mode, and it supports the two-node cluster hot
backup.
5
Secospace TSM
Typical Networking
Core server
SM SC
Internet Pre-authentication
domain
Remote
user SACG Post-authentication
domain
Border router Intranet
Anti-virus server
SC SC
... ...
SA SA SA SA SA SA
Node A Node B
6
Secospace TSM
The information contained in this document is for reference purpose only, do not constitute the warranty of any kind, experss or implied. It is
subject to change or withdrawal according to specific customer requirements and conditions.
All the trademarks, pictures, and brands mentioned in this document are the property of Huawei Symantec Technologies Co., Ltd or their
respective holders.
Copyright ©2010 Huawei Symantec Technologies Co., Ltd. All rights reserved.