Shenzhen Bao’an International Airport is a large, busy airport serving Southern China. Since opening to air traffic on October 12, 1991, the airport had expanded passenger and freight airline services, including over 131 national and international routes to 92 cities at home and abroad.
Accessible from land, sea, and air, Shenzhen Airport was challenged by concerns with network security and service continuity as passenger and freight transportation grew. This modern international hub and gateway urgently needed to safeguard its data systems with security protections network-wide.
Shenzhen Airport’s information center offers information and services to assist passengers. Recent plans included deploying e-commerce applications at the center. Airport executives, however, believed that the increasing number of hacking attacks worldwide threatened Internet security and were especially concerned with the security of its core applications, key data, and network and service reliability. Higher security protection measures were urgently needed to address the following risks:
The airport information center did not have devices installed to prevent large-scale Distributed Denial of Service (DDoS) attacks on outbound Internet operations. As a result, the website crashed periodically, affecting services.
No Intrusion Prevention System (IPS) devices were deployed on the airport intranet to detect and prevent system and application loopholes or attacks. Consequently, the network lacked the capability to detect and purge network viruses, or to log and query network interactions.
No access control or desktop management systems were installed for IT terminals connecting to the office network. As a result, compromised personal computers often caused the entire network to break down, resulting in exhorbitant maintenance costs and large financial losses.
The airport did not have sufficient classified security levels for its networks nor did it perform detailed risk assessments on its office network. The airport urgently needed to run a security evaluation of each system to identify potential risks and eliminate them through system enhancements.
Huawei offered a holistic security solution that covered security consultation services as well as network-wide security protection assurance. Key features of the solution included:
Huawei’s highly skilled security consultation team inspected the security levels of the aviation service portal, call center, e-card, access control system, Office Automation (OA) network, mobile office system, and official website. The team also performed a comprehensive security assessment of all service systems. From the assessment results, the team was able to identify system loopholes and close them, strengthening information systems security.
In addition, Huawei assigned dedicated engineers to periodically inspect the security of specific airport systems. Huawei also designated two engineers to monitor security performance on-site 24/7 and to resolve any problems during holidays.
Huawei’s Anti-DDoS Solution uses the Access Control List (ACL)-based packet capturing method to obtain attack evidence for subsequent security audits. The solution also supports one-click automatic attack evidence collection, including automatic packet capturing, automatic extraction, and automatic storage of attack signatures, which facilitates the auditing process.
Huawei’s Network Intelligent Police (NIP) system provides a full lineup of security functions, including virtual patches, web application protection, client protection, malicious software control, network application control, and infrastructure protection. These protections help manage network security issues in new IT environments (for example, Web 2.0 and virtualization) and protect terminals and web applications from network attacks. By leveraging Huawei’s global loophole tracking capabilities, the NIP system can promptly detect attacks and provide timely updates to the network attack signature library, thereby intercepting attacks in advance. Additionally, the NIP system accurately finds network attacks using state-of-the-art loophole detection technologies.
Huawei’s Secospace Terminal Security Management (TSM) solution offers customer-friendly access control using a carrier-class hardware security access control gateway. With the TSM solution, the customer can build a function-rich intranet security management platform that features high adaptability, easy management, flexible scalability, and high reliability. All this is possible without changing the existing network architecture, replacing equipment, or compromising network performance and reliability. Terminal user identities are authenticated based on user roles to prevent unauthorized access and fortify airport intranet security.
To further enhance terminal security control and management, the solution combines a full array of functions, including terminal security reinforcement, online behavior management, network protection, mobile storage device management, and information leakage prevention. Asset management, software deployment, remote assistance, and bulletin posting functions are also available to improve desktop service management. All these features and functions fully satisfy the customer’s requirements for terminal security protection.
Huawei’s comprehensive security solution safeguards information security for Shenzhen Bao’an International Airport, while Huawei’s professional and timely security services help the airport cope efficiently with traffic bursts during holidays.
Deployment of this solution is a key step in Shenzhen Bao’an International Airport safeguarding its information-based platforms. The airport is now able to apply comprehensive security protection policies by combining state-of-the-art technologies and management methods. Security for business operations is also ensured for terminal and service systems.
(0 scores)
Like the story? Give your score.
0/500
0 comments
You have scored successfully.
You have submitted successfully.
Evaluation failed.
Submission failed.
Please write your comment first.