校园网络安全工程的实践与研究
|
摘要
随着互联网的普及和国内各高校网络建设的不断发展,目前高校大多建立了校园网,它已经成为高校信息化的重要组成部分。但随着黑客的入侵增多及网络病毒的泛滥,校园网的安全已成为不容忽视的问题,如何在开放网络环境中保证系统的安全性已经成为十分迫切的问题。网络安全系统的构建是一个非常重要的课题,它涉及到从系统硬件到软件,从单机到网络的各个方面。本文系统地介绍了网络安全的概念、讨论了校园网面临的各种安全威胁、网络的系统风险分析;针对校园网的安全系统的建设目标,提出了网络系统的安全体系架构和具体解决方案。该方案从物理安全、访问控制、病毒防护和安全管理等方面对校园网络安全解决方案进行了分类研究;并结合井冈山学院校园网的实际情况,根据现有网络设备条件,运用VLAN技术、NAT技术、路由器访问列表以及采用了PPPOE拨号方式实现对校园网的基本安全防护。
该方案在井冈山学院校园网实施后,结果表明,该方案设计合理,能基本满足校园网的安全需求。
With the popularization of internet and the development of domestic universities network construction, the campus network has been mostly established, which nowadays has became the important component of university information. However, with the increase of hacker's invasion and the overflow of network virus, the security of campus network" has become the intractable question. Therefore, it is" urgent to maintain the system's security in the opening network. The construction of network security system is a quite significant subject which involves various aspects: from hardware to software, from PC to network. This thesis systematically introduces the concept of network security, discusses various threats to security of campus network, analyzes network system security, and proposes the architecture and solution of network system security according to its construction targets. This thesis also conducts the research to the campus network security solution, such as physical security, access control, viral protection, security management. According to the existing network equipment, we apply the VLAN technology, the NAT technology, the access control lists of a router, and the PPPOE digit dialing method to realize the safety protection on campus network of Jinggangshan College.
We had implemented the solution in campus network of Jinggangshan College. The result shows that the solution is well-designed and can satisfy requirements of campus network security.
该方案在井冈山学院校园网实施后,结果表明,该方案设计合理,能基本满足校园网的安全需求。
With the popularization of internet and the development of domestic universities network construction, the campus network has been mostly established, which nowadays has became the important component of university information. However, with the increase of hacker's invasion and the overflow of network virus, the security of campus network" has become the intractable question. Therefore, it is" urgent to maintain the system's security in the opening network. The construction of network security system is a quite significant subject which involves various aspects: from hardware to software, from PC to network. This thesis systematically introduces the concept of network security, discusses various threats to security of campus network, analyzes network system security, and proposes the architecture and solution of network system security according to its construction targets. This thesis also conducts the research to the campus network security solution, such as physical security, access control, viral protection, security management. According to the existing network equipment, we apply the VLAN technology, the NAT technology, the access control lists of a router, and the PPPOE digit dialing method to realize the safety protection on campus network of Jinggangshan College.
We had implemented the solution in campus network of Jinggangshan College. The result shows that the solution is well-designed and can satisfy requirements of campus network security.
引文
[1] CERNET建设背景,http://www.edu.cn/cernet_jian_jie_1327/20060323/t20060323_3808.shtml,2006
[2] Cernet简介,http://www.edu.cn/cernet_jian_jie_1327/2006032,/t20060323_3802.shtml, 2006
[3] 国家计委办公厅关于印发《西部大学校园计算机网络建设工程项目管理暂行办法》的通知.http://www.fa15.cn/fagui/hangye/hy3/200603/99126_2.html
[4] 高校校园网解决方案,http://hi.baidu.com/zhimahei/blog/item/baef5b666bd21e24ab184cb2.html
[5] 王锐,网络最高安全技术指南[M].机械工业出版社,1998.10
[6] 孔琳俊.校园网络安全分析及安全体系方案设计[D].复旦大学.2006
[7] 蒋先华,许以臣,卻云江.校园网络组建与应用[M].科学出版社,2003
[8] 张尧学等.计算机网络与Internet教程,北京:清华大学出版社,2002
[9] 郭顺利.信息系统管理和控制目标体系COBIT研究及应用,www.cnki.net. 2003.5
[10] 黄元飞.信息技术安全性评估准则研究[J].www.cnki.net. 2002.5
[11] 李守鹏.信息安全及其模型与评估的几点新思路[J].www.cnki.net 2002.5
[12] 梁晖.在制造系统中的信息网络安全[J].www.cnki.net 2002.5
[13] 马永祥.信息系统的安全研究[J].www.cnki.net 2002.5
[14] 吴世忠.基于风险管理的信息安全保障的研究[J].www.cnki.net 2002.5
[15] 谢彬.IT项目风险管理理论与实践[J].www.cnki.net 2003,5
[16] 卞莹.基于BS7799风险评估数据库系统设计与实现[J].中国科学技术大学2003.5
[17] 阳柳.校园网络安全体系的解决方案[J].计算机安全.2007.3
[18] 李腊元,李春林.计算机网络技术[M].北京:国防工业出版社,2001
[19] 黄允聪.网络安全基础[M].清华大学出版社,1999
[20] 刘荫铭等.计算机安全技术[M].清华大学出版社,2000
[21] 李海泉.计算机系统安全技术与方法[M].西安电子科技大学出版,1997
[22] 周海刚等.网络安全技术基础[M].清华大学出版社,2004
[23] 冯登国.网络安全原理与技术[M].科学出版社,2003
[24] 孙峰.网络安全与防黑技术[M].机械工业出版社,2004
[25] 张宝剑.计算机安全与防护技术[M].机械工业出版社,2003
[26] Terry William(美).防火墙原理与实施[M].电子工业出版社,2001
[27] 刘占全.网络管理与防火墙技术[M].人民邮电出版社,2000
[28] 刘渊等.因特网防火墙技术[M].机械出版社,1998
[29] 刘庆红等.校园网的建设[J].情报科学.2004.9
[30] 冯登国等译.公开密钥基础设施一概念、标准和实施[M].人民邮电出版社,2001
[2] Cernet简介,http://www.edu.cn/cernet_jian_jie_1327/2006032,/t20060323_3802.shtml, 2006
[3] 国家计委办公厅关于印发《西部大学校园计算机网络建设工程项目管理暂行办法》的通知.http://www.fa15.cn/fagui/hangye/hy3/200603/99126_2.html
[4] 高校校园网解决方案,http://hi.baidu.com/zhimahei/blog/item/baef5b666bd21e24ab184cb2.html
[5] 王锐,网络最高安全技术指南[M].机械工业出版社,1998.10
[6] 孔琳俊.校园网络安全分析及安全体系方案设计[D].复旦大学.2006
[7] 蒋先华,许以臣,卻云江.校园网络组建与应用[M].科学出版社,2003
[8] 张尧学等.计算机网络与Internet教程,北京:清华大学出版社,2002
[9] 郭顺利.信息系统管理和控制目标体系COBIT研究及应用,www.cnki.net. 2003.5
[10] 黄元飞.信息技术安全性评估准则研究[J].www.cnki.net. 2002.5
[11] 李守鹏.信息安全及其模型与评估的几点新思路[J].www.cnki.net 2002.5
[12] 梁晖.在制造系统中的信息网络安全[J].www.cnki.net 2002.5
[13] 马永祥.信息系统的安全研究[J].www.cnki.net 2002.5
[14] 吴世忠.基于风险管理的信息安全保障的研究[J].www.cnki.net 2002.5
[15] 谢彬.IT项目风险管理理论与实践[J].www.cnki.net 2003,5
[16] 卞莹.基于BS7799风险评估数据库系统设计与实现[J].中国科学技术大学2003.5
[17] 阳柳.校园网络安全体系的解决方案[J].计算机安全.2007.3
[18] 李腊元,李春林.计算机网络技术[M].北京:国防工业出版社,2001
[19] 黄允聪.网络安全基础[M].清华大学出版社,1999
[20] 刘荫铭等.计算机安全技术[M].清华大学出版社,2000
[21] 李海泉.计算机系统安全技术与方法[M].西安电子科技大学出版,1997
[22] 周海刚等.网络安全技术基础[M].清华大学出版社,2004
[23] 冯登国.网络安全原理与技术[M].科学出版社,2003
[24] 孙峰.网络安全与防黑技术[M].机械工业出版社,2004
[25] 张宝剑.计算机安全与防护技术[M].机械工业出版社,2003
[26] Terry William(美).防火墙原理与实施[M].电子工业出版社,2001
[27] 刘占全.网络管理与防火墙技术[M].人民邮电出版社,2000
[28] 刘渊等.因特网防火墙技术[M].机械出版社,1998
[29] 刘庆红等.校园网的建设[J].情报科学.2004.9
[30] 冯登国等译.公开密钥基础设施一概念、标准和实施[M].人民邮电出版社,2001