| Campus network is the cradle of cultivating inter-disciplinary IT talents with high quality and creative abilities, which plays an important role in the personnel training system. Along with the continuous expansion of campus network scale and the rapid exponential growth of internet users, the conventional network environment gives some cause for worry. It appears on the flooding of network viruses, the rampancy of network attacks and the weakness of the network self-protection capability, resulting in low network performance and the frequency of network security incidents, thus making the job of network administrators hard and inefficient and increasing the management cost .Therefore, we urgently demand to build a network security system to achieve the unified management and deployment of network equipment ,and to ensure the security and credibility of all network terminal equipment access to campus network, which is the core issue studied in this thesis.With the background of Shaoxing Top Information Vocational and Technical College campus network reconstruction project in 2008, regarding the overall campus network security linkage design as the main line and based on the current research results, this thesis introduces the network design and the optimized new theory and technology into the design and reconstruction of campus network, comprehensively applies scientific theories, methods and technical means to solve practical problems, and ultimately works out solutions to campus network security system.In this thesis, the author analyzes the principle problems on campus network security, proposes solutions to these problems and describes the overall designs and theories of network security system. In the IDS linked subsystem, the linkage is presented between the traditional IDS intrusion detection equipment and the background service system, client, switches and other software and hardware to effectively achieve the initiative, automated and linked protection of network communication system. In the strongly-linked Windows patch subsystem, host access security breach issues are settled through methods of coerciveness, automaticity, efficiency and security, thereby the source of network security problems are figured out. In the Software Black & White List control subsystem, the strict detection to the integrity of networking host is realized and the health of the networking host is effectively guaranteed, and the security of entire network is upgraded. In Three-Dimensional ARP defense subsystem, this thesis puts forward Trusted ARP mechanism and establishes a neutral third-party credit system to fulfill triple defense solutions of Gateway defense, client defense and switch defense to solve the current popular viruses with ARP spoofing, Trojan Horse problems, as well as flooding caused by ARP attacks.Finally, GSN network security system based on the above-mentioned principles will be deployed to the reconstruction project of campus network. This thesis's research is valuable to other designs and reconstruction projects of campus network security system. It is a good reference for network security professionals. |
PDF Full Text Request