The Research And Application Of Security Model Based On The Public IP Network

Current Internet Security theories and methodologies are experiencing fundamental changes. With the development technology,conventional security theories are unable to adapt to the dynamic,interoperable nature of the Internet. Towards the late 1990's,a new system,featuring P2DR was established and being implemented quickly on the web as a solution to its Security issues.Established by China Telecom,the 163/169 systems,are an extension to China's Internet backbone and plays a crucial part to the development of Internet technology here in China. It has 7 nodal points (uses Ciscol2012,2*2.5G loops),38 joint nodes,that is capable of providing broadband,and narrowband access to public IP networks. Currently approaching 200 thousand users,it represents more than 3/4 of Chongqing's online population. Being a widely utilized public IP platform,it is susceptible to security attacks of all nature,as outlined in the following areas:the open nature of the IP internet systems - increase of foreign attacks,for example DOS/DDOS attacks;the current weakness of the existing operating system's Internet protocol;mainframe,and lack of an evaluation standard for back office systems,the inevitable problem of illegal internal access,the lack of guidelines for record keeping and post attack documentation processes,hi addition,still in existence,are managerial problems including the lack of security knowledge amongst the workforce and the inexistence of a complete set of Security guidelines.To guarantee China Telecom's 163/169 system's reliable functions,to protect the user's interests,at the same time,insuring quality service,it is necessary to adapt P2DR model as a solution to the current security issues.Supported by the Modern Secure Theory and made the secure implementation abundant project practices,this paper gives the general secure design for the Chongqing Public IP Network using P2DR secure model.Firstly,comparing traditional secure theory with P2DR secure model,it is pointed out that using P2DR secure model as the theory foundation for the integrated solution of the information security of Chongqing Public DP Network.Secondly,based on the P2DR secure model,the PADIMEE methodology and full consideration of characteristics of network and thorough analyze of current network secure requirement,the strategy of security is established.Thirdly,during the design of the secure system,the logical fabric of network securitysystem is pointed out. It shows the all-sided,dynamic design idea with technologies of static protection (eg. Firewall,ACL,digital encryption ) and active secure detection (eg. Inbreak detection,leak scan) used in it and corresponding design for each layer,including physical layer,network layer,system layer and application layer,applied.Fourthly,with the elaborate deploy of secure product'on and fully working,Chongqing Public IP Network will be a advanced secure operational,manageable domestic network.At last,the evaluation about the operation result of this secure design and the improvement idea for the future is given in this paper.