| With the extensive application of computer network technology, security problem could not be ignored. Computer network, as an open system, has to face up to various threats and attacks. So the establishment of a network security system is crucial and it involves aspects from the hard ware to the soft ware of the system. In this paper, the concept of network security and security structures of OSI and Internet is introduced, and various threats confronting the computer network are also discussed. Several kinds of network information security technologies, including firewall technology, virtual private network, intrusion detection system, data encryption technology, identity authentication and security protocol etc. are also examined. The security of internal network is the biggest problem in the construction of each network. The solution to this problem lies in setting up a firewall. The theory of a firewall and the approach to its actualization is studied. Intrusion detection system (IDS), an important part of the computer network security system, has gained extensive attention. IDS monitors the computer and network traffic for intrusion and suspicious activities. It not only detects the intrusion from the extranet hacker, but also the intranet users. The emergence of virtual private network paves the way for realizing secure connection of LAN quickly and at a relatively low cost. The concept, function, key techniques, including the tunnel technology, and the ways to realize VPN are expounded in this paper. Also introduced is the data encrypt network technology, which is called the soul of computer network security, such as digital digest, digital signature, digital certificate, digital encrypt arithmetic and so on. At the same time, the principle and the process of implementing network security by digital certificate and digital signature, the basic principle and characters of security protocols, and finally, three of the security protocols, concerning the security problems in network, IPsec, SLL and SET are analyzed in detail Computer network system should be a system of dynamic defence, both dynamic and static, passive as well as active, and even offensive, combined with management and technology. Based on such a concept, the author has developed an all-round, multi-level model of network security system with different defence capabilities, which covers the whole campus. The design and construction of such a model has been completed for the campus computer network of Hunan Institute of Science and Technology after the author's thorough study of the demand of the campus computer network security system. After initial testing and operation, the model proves efficient and feasible.
|
PDF Full Text Request