The Design And Implementation Of Security Solution Of Computer Network

With the tools and methods of network attacks becoming more complicated and diversified, relying on traditional network security precautions has been unable to meet the requirements for network security, therefore, Network security is a very important study. In this paper, with an example of network security building, focus on the physical separation in cases of computer network security issues. Campus Network is divided into three overall level of security, high to low for 1-3.According to the campus network is divided into eight sub-functions, They are: financial subnet, the Senate sub-level of security for 3; Foreign Service subnet, subnet domestic services, libraries sub-level of security for the 2;Chief sub-office, faculty Subnet office, the students drive home the safety net to level 1.Various types of sub-set of their own security policy, selectively with other Internet subnet, and according to its own security policy, selective access to the Internet and local network of professional.In accordance with the design of computer network security and its goal of computer network security system master plan for computer network security issues in a comprehensive analysis of the design of the Institute of Hulun network security program.Put forward include virus protection, dynamic password authentication, message encryption strategy, the deployment of intrusion detection system, security audit management, access control, vulnerability scanning systems management and security technologies, including the full set of solutions.The purpose is to create a full, three-dimensional network security defense system, so that network security system has really been very effective.In the beginning of the paper provides an overview of the entire network security system, It includes the creation, he concept of network security and the goals of network security , the threats which network security face, developing station of Network security. Subsequently introduced a network security system of the target, that is, the integrated use of a variety of advanced network security technology, on the basis of without affecting the efficiency of the network system running , to ensure the security and interconnection of the network , to ensure the normal operation of the information systems unit.The important is the descriptions of the overall planning of the Network Security System, mainly think over the Security targets and the Security mechanism. Briefly introduct the design basis on the design of network security. Analyse the network risk having represent tativeness six kinds nowadays. Classify and describe the safety risk, of inner net network of system from the physics safety,the systematic safety,the network safety,the virus's threat, the safety of the data transfer and the administrative safety. Finally, the article demands with a view of the risk analysis and the company's reality demands, bring the concrete needs on many aspects and a basis of the design. Fifth chapters emphasized expound a analytical result of the security system, and design a scheme of network's on the result of analyze.In the safety projecting of the network in the company, based on the topology structure of network and the safety risk analysis of the network, adopt all-round safe for protecting the safety of network system effectively.Defection to virus. Virus protection: anti-virus and anti-virus invasion. Anti-virus e-mail: Trend Micro's Sac Mail for Notes. Server anti-virus: Trend Micro's Server Protect. Client anti-virus: Trend Micro's Office scan.Identification. It can identify the legal identity of the user. Develop a dynamic password authentication system.Access control. Restrict the user's authority about operation to files and dates .Deploy a firewall between the core switches and high-performance servers and between the core switches and the key departments. Different sector's network be divided into different networks by the firewall, each isolation.Encryption of information. Encryption of information prevent information be eavesdropped, leaked, tampered and destructed on communications lines . A pair of information storage encryption is of the confidential information is encrypted storage. In order to ensure the safe of the transmission of security effectively, a independent safe passage is established in a number of networks. The integrity, authentication and private of the data can be ensure by the strict encryption and authentication measures. The program is using the SJW-22 network passwords that made of Yokado Co., Ltd. Shanghai, in the three areas of the office of the total import and export configuration SJW-22 network passwords, to ensure the confidentiality and integrity of the information in the course of the transmission.Security audit. Network security for real-time monitoring, to identify the dynamics of the entire network, network intrusion and found that irregularities and faithfully record what is happening on the network, based on the evidence provided. The program is optional, "TOPSEC defender network security audit system platforms auditing the contents of TA-W" security audit system as a security auditing tool.Intrusion detection. The adoption of a number of channels on the network or computer system to collect information from the network found or whether there is a system in violation of security policy and the attacks were signs of attack if the police automatically and take corresponding measures. At the same time, attacked the course record for the network or system recovery and to trace the source of attacks on the provision of basic data. The present system based on network traffic data and protection of the importance of detectors to choose IDS in the internal configuration of the key sub-network switches Department to place the core switches to place the console, control and manage all of the detector provides a result of internal disoperation attacks and real-time protection, the network system to intercept and respond to hazards before the invasion.Vulnerability scanning. A network vulnerability scanner on the existence of the security check, the information can be 200 points more than the number of network multi-threaded high scanning speed of scanning can be achieved and the IDS, firewall linkage, in particular for In the development of a unified network-wide security strategy. At the same time, mobile network scanners can paragraph and bounds, through the firewall, distributed scanning, servers and scanners support from time to time and automatically scan IP addresses, network management personnel can scan the entire network.Security management. Security as an important part, even if there is better security measures, but also have enough management to avoid potential safety problems. Information system security management system by the management, systems analysis, software, hardware, security, systems auditing, personnel, communications, and other relevant staff.Program to use advanced network security technologies, including the proposed anti-virus, authentication, access control, encryption information, check the integrity of information security audit, intrusion detection and vulnerability scanning, security management, security technology and management measures, including A set of solutions aimed at the creation of a full, three-dimensional, multi-layered network security defense system.