前言

V1.0

...3...4 1....4 2....6 3....6...7...8 1....8 1.1...8 1.2...8 1.3...10 2....10 2.1... 11 2.2...13 3....15 3.1...15 3.2...17 3.3...17 4....17 4.1...17 4.2...18 4.3 WebST...19 4.4 OA UNIX...22 4.5...22 5....23 5.1...23 5.2...23...25 1....25 2....25 Page 2 of 25

GSM Internet 1997 3000 DCE Page 3 of 25

1. GSM OMC_Subnet Billing_Subnet OA OA UNIX OA OA Internet Proxy Server Internet 1 1 OA L3 Internet IP NAT DMZ InternetWWWMail2 Kernel Layer Distribute Layer Access Layer 3 Page 4 of 25

2 3 Page 5 of 25

2. GSM GSM CA UniCenter TNG HP OpenView OA MIS Internet E-MailWWW 3. (1) Internet OA Internet Internet (2) 85% OA Page 6 of 25

1. 2. 3. WWW 4. 5. 6. 7. Internet 8. 9. Page 7 of 25

1. 1.1 1.2 DISSPDefense Wide Information System Security Program -2 X 7 Y Z ISO OSI Page 8 of 25

4 1.2.1 ISO7498-2 1) 2) 3) 4) 5) 6) 7) 1.2.2 ISO/OSI TCP/IP 1.2.3 1) 2) 3) 4) 5) Page 9 of 25

1.3 IT PC 5 2. Check Point FireWall-1 Check Point FireWall-1 Check Point FireWall-1 RealSecure Norton Page 10 of 25

Check Point OPSEC IBMHPSunCiscoBay260 OPSEC Check Point FireWall-1 OPSEC FireWall-1 OPSEC FireWall-1 2.1 IDS Internet DMZ WWW E-Mail DNS InternetProxy Server DMZ 1 2 3 4 5 6 7 8 VLAN OA L3/L2 VLAN VLAN-1 Windows PC NT VLAN-2 NT UNIX OMC-Subnet Billing-Subnet VLAN-1 PC OMC-SubnetBilling-Subnet UNIX VLAN-2 OMC-Subnet Billing-Subnet VLAN-1VLAN-2 VLAN SSR8600-1SSR8600-2 VLAN-1 VLAN-2 DMZ WWWE-MAILDNSPROXY WebST Page 11 of 25

6 CheckPoint CheckPoint FireWall-1 CheckPoint RealSecure OEM from ISS IDS Nokia Nokia IP Appliance PlatformNAP FireWall-1 CheckPoint FireWall-1 44% 100 80% CheckPoint FireWall-1 1 2 Check Point RealSecure Check Point Check Point CheckPoint RealSecure CheckPoint FireWall1 FireWall-1 RealSecure RealSecure CheckPoint RealSecure FireWall-1 E-Mail SNMP Trap Page 12 of 25

SNMP Trap CheckPoint RealSecure 150 Symantec Norton AntiVirus for CheckPoint FireWall-1 NT UNIX OPSEC CheckPoint CheckPoint CheckPoing CCSE CheckPoint FireWall-1 XKC33006 2.2 1 NT Pentium III 500MHz 256MB RAM / 2 x 18GB SCSI-2 HD 100M NIC x 2 2 NT Pentium III 500MHz 64MB RAM / 4GB HD 100M NIC x 2 3 NT Pentium III 800MHz x 2 1GB RAM / 2 x 18GB SCSI-2 HD 100M NIC x 2 4 Nokia Appliance Platform IP650 256MB RAM 10/100M NIC x 8 E1/T1 WAN Port x 1 5 Nokia Appliance Platform IP650 256MB RAM 10/100M NIC x 8 1 Check Point FireWall-1 Server 1 CheckPoint FireWall-1 RealSecureAntiVirus 1 Symantec NAV for FireWall-1 2 OA-Subnet SSR8600 CheckPoint FireWall-1 RealSecure Engine Internet IP 2 OMC-Subnet Billing-SubnetCisco 7513 Cisco 7513 Fast-Ethernet 6 Check Point FireWall-1 for Enterprise 4 NAP IP650 Page 13 of 25

7 Check Point RealSecure for Nokia 8 NAP IP650 IP IDSIP 8 Symantec Norton AntiVirus for FireWall-1 1 NT 7 Nokia NAP IP650 IDS IP650 E1/T1 Internet SSR8600DMZ VLAN DMZ 2 10/100M NICWebST Primary Secondary VLAN-2 UNIX WebST VLAN-1 WebST DMZ VLAN-2 InternetOMC-SubnetBilling-Subnet Page 14 of 25

8 3. Norton AntiVirus NT PC ISS System Scanner 3.1 : Page 15 of 25

Symantec Nonton AntiVirus Symantec Symantec IBM Lotus Notes/Domino(on AIXAS/400OS/390SUN SoralisNT)MS Exchang Server Unix Symantec IBM AIX, Linux, AS/400, OS/390SUN SolarisDos, Windows/3x, Windows 95/98, Windows NT Workstation/Server, Windows 2000,OS/2, NOVELL Netware, Macintosh Symantec Bloodhund TM, Striker32 MVPNAV SSCSymantec System Center NAVEX. NAV. Symantec Symantec Symantec 4 SARC 2000 SARC Internet SARC Symantec Symantec Symantec 40 Symantec System Center (SSC) Norton AntiVirus Enterprise Solution 4.0 Norton AntiVirus for FireWall 1.5 FireWall-1 Page 16 of 25

3.2 ISS System Scanner ISS System UNIXNT ISS System Scanner ISS System Scanner OS OS ISS System Scanner OS ISS System Scanner OS URL 3.3 1 NT Pentium III 500MHz 256MB RAM / 2 x 18GB SCSI-2 HD 100M NIC x 2 1 Symantec AntiVirus Server ISS System Scanner Console 2 Symantec Norton AntiVirus Solution 4.0 1 NT 3 ISS System Scanner Console 1 4 ISS System Scanner Agent 10 7 4. 4.1 1 Page 17 of 25

OA OMC-Subnet Billing-Subnet UNIX 2 OMC-Subnet Billing-Subnet UNIX VLAN-2 UNIXNT UNIX Internet DMZ DMZ PROXY 2 PROXY DMZ PROXY WebST 3 1 2 3 4 5 6 7 4.2 C/S TCP B/W/D Web Page 18 of 25

WebST DCE Internet/Intranet/Extranet WebST WebST Intranet WebST WebST CA WebST WebST 4.3 WebST WebST 9 JavaConsole WebSEAL Web Web NetSEAL VPN TCP/IP C/S ObjectSEAL CORBA MQSEAL MQ NotesSEAL Notes DBSEAL EPKMS PKI 9 WebST Page 19 of 25

WebST JavaConsole WebSEAL Web Web Smart Junction Web URL Web Web 10 WebSEAL NetSEAT WebSEAL WebST WebSEAL NetSEAT Web Web WebSEAL (1) (2) JavaConsole ACLs (3) WebST (4) WebST Web (5) WebSEAL http Page 20 of 25

(6) WebSEAL ACLs ACL Web (7) WebSEAL Web http (8) Web WebSEAL (9) WebSEAL Web NetSEAL TCP/IP Internet/Intranet/Extranet VPN TCP/IP VPN VPN 11 NetSEAL NetSEAT NetSEAL WebST NetSEAL NetSEAT TCP/IP NetSEAL (1) JavaConsole (2) JavaConsole ACL ACLs (3) WebST (4) WebST (5) NetSEAL TCP/UDP (6) NetSEAL ACLs ACL (7) NetSEAL TCP/UDP Page 21 of 25

(8) NetSEAL TCP/UDP 4.4 OA UNIX OA UNIX VLAN-2 UNIX UNIX NTUNIX UNIX PC UNIX UNIX UNIX PROXY UNIX TCP/IP UNIX WebST WebST NetSEAL TCP UNIX UNIX VLAN-2 UNIX NT/UNIX TCP UNIX NT/UNIX 7 UNIXVLAN-2 NT/UNIX OMC-SubnetBilling-Subnet IPIP UNIX PC UNIX UNIX 4.5 1 PC Server SUN SPARC2 WebST for PC Pentium III 2 x 800MHz Primary WebST for SPARC Ultra-II 2 x 450MHz Secondary WebST 1GB RAM / 2 x 18GB SCSI-2 HD 100M NIC x 2 2 WebST 2 WebST 3 NeSEAL >=2 2 WWW 4 WebSEAL >=2 2 5 WebST 500 WebST 7 OMC-Subnet Billing-SubnetVLAN-1Proxy WebST WebSEALNetSEAL WebST WebST WebSEALNetSEAL NetSEAT NetSEALWebSEAL Page 22 of 25

5. 5.1 5.2 OPSECCheck Point FireWall-1 Check Point RealSecure IDS Symantec NAV Internet DMZ VLAN-1VLAN-2 OA Internet DMZ PROXY Internet PROXY PROXY DMZ PROXY WebST PROXY Check Point IP WebST PROXY VLAN-1 VLAN-2 WebST VLAN-1 OMC-SubnetBilling-Subnet VLAN-2WebST IPTCP/UDP VLAN-1 WebST VLAN-2 UNIX OMC-SubnetBilling-SubnetUNIX VLAN-2 UNIX WebST Secure Shell SSH OMC-SubnetBilling-Subnet UNIX PC WebST UNIX VLAN-2 IP OMC-SubnetBilling-SubnetUNIX VLAN-2 IP RealSecure IDS Page 23 of 25

IP 650 NIC Internet VLAN-1 OMC-Subnet Billing-Subnet IP SSR8600 X-Pedition 8600 4 ISS System Scanner Agent Scanner Console WebST WebST WebST PCNetSEATACL VLAN-1 OMC-SubnetBilling-Subnet DMZ PROXY WebST Page 24 of 25

1. 2. 1 NT Pentium III 500MHz 256MB RAM / 2 x 18GB SCSI-2 HD 100M NIC x 2 2 NT Pentium III 500MHz 64MB RAM / 4GB HD 100M NIC x 2 3 NT Pentium III 800MHz x 2 1GB RAM / 2 x 18GB SCSI-2 HD 100M NIC x 2 4 NT Pentium III 500MHz 256MB RAM / 2 x 18GB SCSI-2 HD 100M NIC x 2 5 PC Server SUN SPARC E250 for PC Pentium III 2 x 800MHz for SPARC Ultra-II 2 x 450MHz 1GB RAM / 2 x 18GB SCSI-2 HD 100M NIC x 2 6 NT Pentium III 500MHz 64MB RAM / 4GB HD 100M NIC x 2 7 10/100M X 12Ports 1 Check Point FireWall-1 Management Server Reporting Modules 1 CheckPoint FireWall-1 RealSecureAntiVirus 1 Symantec NAV for FireWall-1 1 Symantec AntiVirus Server ISS System Scanner Console 2 WebST Primary WebST Secondary WebST WebST WebST WebSEAL WebST NetSEAL 1 JAVA Console 2 Page 25 of 25