| As the network attack tools and attack methods become more complex diversified, relying on traditional network security measures have been unable to meet the safety requirements on the network, so network security research is a very important task. This paper systematically introduces the concept of network security, OSI and the Internet's security architecture, and discussed a variety of computer network security threats facing; internal network security issues in building a network for each unit of the biggest problems faced by introducing firewall technology, access control technology, traffic management technology, 802.1x technologies and to study the link between them and the role of network security systems. Gives the network security solutions, from network security system strategy and the establishment of design principles, the realities of network analysis have come to this point of view: the establishment of network security protection system should be dynamic, dynamic plus static defense, passive plus active defense or even to fight, is to manage the full Canadian technology, concept of security. Thus making the network security architecture design. Network security, network security concepts and design and technology are combined and listed in Zhuhai College of Jilin University network security case.This paper is divided into six chapters, the network security technology applications, in-depth, systematic study and discussion.The first chapter is the Introduction. Describes the development history and current situation of network security analysis, and China's network security status and the existing legal measures. Also outlines the concept of network security, network security, the definition of leads from the OSI Security Architecture and Internet security architecture.Chapter II is a fire strength technology applied research. A firewall is the internal network and external networks (such as the Internet) constructed on the interface between a protective layer, and mandatory for all connections must go through this protective layer, in this inspection and connections. Only authorized traffic to pass this protective layer, thereby to protect the internal network resources from the illegal invasion purposes. Firewall can be divided into four categories: packet filtering based firewall, application-level gateway-based firewall, proxy service-oriented firewall, the firewall compound.Chapter III is the access control technology. Access control is the core of information security and content protection mechanism, which is to achieve data confidentiality and integrity of the primary means of mechanisms. Access control is to restrict access to the main (or known as the initiator, is an active entity; such as a user, processes, services, etc.), to access the object (the need to protect the resource) access, so that the computer systems within the framework of the legal use: access control mechanism to decide on certain users on behalf of the interests of users and programs can do, and to what extent. Access control is to provide the primary means of information security and security mechanisms have been widely used in firewalls, routers, core switches, file access, VPN, and many aspects such as physical security. According to different application environments, access control, mainly in the following three types: network access control, host and operating system access control, application access control. But also because the basic idea is different and is divided into: Mandatory Access Control and Di scretionary Access Control.Chapter IV is a flow control technology. Flow control and analysis in order to effectively monitor the use of network bandwidth and prevent BT and other applications take up excessive use of network bandwidth and response time problems, the application type to do priority control and optimization. Flow control technology can alleviate the bandwidth pressure to reduce the harm caused by inappropriate use of the network. Mainly through the flow identification, analysis and packet classification management realized.Chapter V 802.1x technology. 802.1x protocol is based on Client / Server access control and authentication protocol. It can restrict unauthorized users / devices through the access port (access port) to access LAN / WLAN. Switch or LAN access to the provision of various services before, 802.1x on the switch port connected to the user / device authentication. Before the adoption of the certification, 802.1x allows only EAPoL (LAN-based Extensible Authentication Protocol) data device is connected through the switch port; certification after the normal data can be smoothly through the Ethernet port.Network access technology, the core part of the PAE (Port Access Entity). In the access control process, the port access entity contains three parts: Authenticator - Access to the user / device authentication port; requestor - being authenticated user / equipment; authentication server - who according to authentication information, right requesting access to network resources, user / device authentication function of the actual device.Each physical port Ethernet is divided into controlled and uncontrolled two logical ports, physical ports are received from each frame sent to a controlled and uncontrolled ports. On the controlled port access, limited by the mandate of the state of controlled port. The PAE Authenticator authentication server authentication process according to the results of control "controlled port" of the authorized / unauthorized state. In the control of the port is not authorized by the state will reject the user / device access.802.1x technology has six kinds of advantages: simple and efficient, easy to implement, safe, reliable, industry-standard, application flexibility, ease of operation.Chapter VI is a network security system design. Network security system design should follow the 4 principles:1. Overall Situation Theory 2. Three principles of protection3. Standards and Management4. Personnel management principlesChapter VII is to analyze the network Zhuhai College, Jilin University, the status quo, according to the problems, combined with the previous chapters of the four principles of technology and re-planning and designing the network topology, and on the basis of the existing technology, with the optimal adjustment of the network traffic control equipment, bandwidth of the structure, but also through the compilation 802.1x authentication client ARP attacks and DDOS attack nipped in the bud, the last also trained a group of network administrators and the preparation of a number of technical documentation.Finally, this paper studied from various angles of computer network security, for a variety of threats and attacks on research to solve their corresponding security technology and security protocols. Next, in the general sense to develop a computer network security system design strategies and principles proposed implementation model of computer network security. And listed in Zhuhai College of Jilin University network security design cases, further elaboration of the network security design principles. While the computer network security conducted a more in-depth research, also made network security solutions.However, the computer network security issue is a permanent issue, it With computer technology, the development of computer networks there has been has been developed. Computer network threats and security of computer networks like the relationship between the "spear" and "shield" relationship, as there is no spear, no shield can not be broken. Hope that this paper for readers in the network security help. |
PDF Full Text Request