Overview

The desktop management system of AnySecura can audit and strictly control computer operations in detail. However, some users still try to bypass behavior monitoring by methods such as reformatting and reinstalling the operating system, setting up personal firewalls, etc. Even when administrators identify such activities, redeploying the desktop management client can be a tedious and frustrating task. Additionally, due to management requirements, enterprises often mandate that computers meet certain criteria, such as installing antivirus software or running designated processes, before granting access to the network.

The Access Gateway Control System was created to address these issues.

The Access Gateway system is a specialized hardware-software integrated solution that works in conjunction with the desktop management system. It effectively prevents internal PCs from bypassing the desktop management system's control, enhances network access monitoring, ensures the enforcement of internal security policies, and eliminates the risk of data leaks caused by unauthorized access.

38.1 Network Architecture

The control functionality of the Access Gateway system relies primarily on the hardware gateway access controller (hereinafter referred to as the Access Device). The Access Device operates in two modes: Bridge Mode and Routing Mode.

Bridge Control Mode

In Bridge Mode, no changes are required to the network structure or configuration. The Access Device is simply connected in series to the part of the network that needs control, typically at critical application servers or gateways, to monitor and control the network communications passing through them.

Bypass Control Mode

Routing Mode

In Routing Mode, policy routing is enabled on the core switch to control cross-segment access. This method of control does not affect the existing network architecture but requires the core switch to support policy-based routing.

Bypass Mirroring Mode

In this mode, a mirror port and an observation port are set up on the core switch. Access control is implemented by analyzing the data from the mirror port. This control method does not affect the existing network architecture but requires the core switch to support port mirroring functionality.