随着通信技术及计算机网络技术的快速发展,互联网的应用变得越来越广泛,小区经营活动的各种业务系统都立足于Internet/Intranet环境中。高效便利的操作方式带来了大量信息的交换,同时也由于互联网络的开放性带来了潜在的网络信息安全方面的威胁,网络信息安全变得日益重要。已被信息技术的各个领域所重视。
围绕着互联网络中安全性应用中若干安全问题,分别从网络安全需求以及安全技术等角度剖析,阐述实际小区网络安全方案的设计与实施,为小区提供一个可靠地、完整的方案。方案首先调整小区的网络安全系统资源,利用AAA技术对登录者身份进行认证,以及采用防火墙系统实现对内部网和广域网进行隔离保护,其次采用MPLS VPN技术实现小区与子小区之间的安全互联,利用SSL VPN实现移动小区人员进入小区主网,高效的信息传输。
关键词 网络安全;小区;防御系统;AAA技术
With the rapid development of communication technology and computer network technology, Internet applications become more widespread, various business systems business activities are based on Internet / Intranet environment. Efficient and convenient mode of operation has brought a lot of exchange of information, but also because of the openness of the Internet poses a threat potential of network information security, network information security has become increasingly important. It has been valued in all areas of information technology.
Around the Internet security applications in a number of security issues, respectively analyze network security requirements and security technology point of view to explain the design and implementation of practical enterprise network security solutions, providing a reliable and complete solution. First adjust the company’s network security system resources, technology use AAA login authentication identity, and the use of firewall systems to achieve internal and WAN isolation protection, followed by the use of MPLS VPN technology between the company and its subsidiaries to achieve Internet security using SSL VPN for mobile office workers into the company’s main network, efficient information transfer.
Keywords network security corporate prevention system AAA technology
目 录
1 绪论…………………………………………………………………………………………………………………………… 1
1.1 项目背景……………………………………………………………………………………………………………… 1
1.2 论文的研究内容…………………………………………………………………………………………………… 1
2 小区网络现状分析与需求分析……………………………………………………………………………………. 3
2.1 小区网络情况概述……………………………………………………………………………………………….. 3
2.1.1 小区规模描述………………………………………………………………………………………………… 3
2.1.2 小区架构说明………………………………………………………………………………………………… 4
2.1.3 小区需求分析………………………………………………………………………………………………… 5
2.1.4 小区网络拓扑………………………………………………………………………………………………… 5
2.2 网络安全技术分析……………………………………………………………………………………………….. 5
2.2.1 物理安全技术分析…………………………………………………………………………………………. 5
2.2.2 系统安全技术分析…………………………………………………………………………………………. 6
2.2.3 网络结构安全技术分析………………………………………………………………………………….. 6
2.2.4 病毒入侵防御技术分析………………………………………………………………………………….. 6
3 小区网络安全方案总体设计……………………………………………………………………………………….. 8
3.1 小区网络安全设计……………………………………………………………………………………………….. 8
3.1.1 防火墙…………………………………………………………………………………………………………… 8
3.1.2 虚拟专用网接入…………………………………………………………………………………………….. 8
3.1.3 入侵检测、漏洞扫描、补丁管理……………………………………………………………………. 8
3.1.4 防病毒系统……………………………………………………………………………………………………. 8
3.1.5 身份认证管理………………………………………………………………………………………………… 8
3.2 小区网络设备选择……………………………………………………………………………………………….. 9
3.2.1 基础设备……………………………………………………………………………………………………….. 9
3.2.2 网络设备……………………………………………………………………………………………………….. 9
4小区网络详细设计…………………………………………………………………………………………………….. 14
4.2 基础设计……………………………………………………………………………………………………………. 14
4.2.1 vlan管理…………………………………………………………………………………………………….. 14
4.2.2 IP地址管理…………………………………………………………………………………………………. 14
4.2.3 路由管理……………………………………………………………………………………………………… 14
4.3 网络安全配置…………………………………………………………………………………………………….. 14
4.3.1 网络设备登录身份认证………………………………………………………………………………… 14
4.3.2 交换机端口安全…………………………………………………………………………………………… 15
4.3.3 VPN设计………………………………………………………………………………………………………. 15
4.3,4 acl访问控制……………………………………………………………………………………………….. 16
4.4 冗余与负载均衡…………………………………………………………………………………………………. 16
4.4.1 Internet连接……………………………………………………………………………………………… 16
4.4.2 STP生成树协议……………………………………………………………………………………………. 16
4.4.3 HSRP协议…………………………………………………………………………………………………….. 17
4.4.4 链路聚合……………………………………………………………………………………………………… 17
5系统实现…………………………………………………………………………………………………………………… 18
5.1 设备配置……………………………………………………………………………………………………………. 18
5.1.1 接入层核心代码…………………………………………………………………………………………… 18
5.1.2 汇聚层核心代码…………………………………………………………………………………………… 18
5.1.3 核心层核心代码…………………………………………………………………………………………… 20
5.1.4 出口路由器核心代码……………………………………………………………………………………. 20
5.1.5 防火墙核心代码…………………………………………………………………………………………… 20
5.2 测试结果……………………………………………………………………………………………………………. 21
5.3 SSL VPN配置……………………………………………………………………………………………………… 23
结论…………………………………………………………………………………………………………………………….. 28
致谢…………………………………………………………………………………………………………………………….. 29
参考文献……………………………………………………………………………………………………………………… 30
