目 录
摘 要 ······························································································ 3 前 言 ······························································································ 4 一、课程设计目的意义 ······································································· 6 二、需求分析 ···················································································· 6
1、虚拟网 ··················································································· 6 2、管理与维护 ············································································· 6 3、网络安全 ················································································ 7
1、防火墙技术 ······································································· 7 2、建立网络入侵侦测系统 ························································ 7 3、反病毒防御 ······································································· 7
三、方案设计 ···················································································· 8
1、设计原则 ················································································ 8 2、安全策略 ················································································ 8 3、安全服务 ················································································ 9 4、拓扑结构图 ············································································· 9 四、方案的实施 ················································································ 10
1、在管理方面 ············································································ 10 2、在技术方面 ············································································ 10 3、定期做好备份工作 ··································································· 10 4、定期做好网络杀毒工作 ····························································· 10 五、结束语 ······················································································ 11 附录一:参考文献 ············································································· 12
2
摘 要
随着互联网络的普及,校园网已成为每个学校必备的信息基础设施,也成了学校提高教学、科研及管理水平的重要途径和手段,它是以现代化的网络及计算机技术为手段,形成将校园内所有服务器、工作站、局域网及相关设施高速联接起来,使各种基于计算机网络的教学方法、管理方法及文化宣传得以广泛应用并能和外部互联网沟通的硬件和软件平台。
随着网络的高速发展,网络的安全问题日益突出,黑客攻击、网络病毒等层不出穷,在高校网络建设的过程中,随着网络规模的急剧膨胀,网络用户的快速增长,关键性应用的普及和深入,校园网从早先教育、科研的试验网的角色已经转变成教育、科研和服务并重的带有运营性质的网络,校园网在学校的信息化建设中已经在扮演了至关重要的角色,作为数字化信息的最重要传输载体,如何保证校园网络能正常的运行不受各种网络黑客的侵害就成为各个高校不可回避的一个紧迫问题,而如何有效地加以管理和维护,是校园网得以有效、安全运行的关键。
校园网网络的安全十分重要,它承载着学校的教务、行政、后勤、图书资料、对外联络等方面事务处理。本文从网络安全的各个方面,详细分析了威胁校园网网络安全的各种因素,提出了若干可行的安全管理的策略,从设备资源和技术角度上做了深入的探讨。
关键词 :校园网、网络安全、管理及维护策略、防火墙。
3
前 言
学校校园网由五个物理区域:办公大楼、图书馆大楼、实验楼、教学楼构成。在整个网络中,各信息点按功能又划分为行政办公、实验教室、普通教室、中心管理机房、电子阅览室等不同区域,各区域与互联网连接的目的也是不一样的,对特定区域,与互联网连接将受到一定限制。校园网采用千兆到楼,百兆到桌面的全交换网络系统,覆盖实验楼、建明楼、行政楼、图书馆、广播楼、教学楼,共计光纤链路10余条,交换机80余台,网络信息点2800多个。整个系统包括一批高性能网络交换机、路由器、防火墙、入侵检测、存储、备份和安全认证软件、网络版杀毒软件。核心采用华为S5624P千兆全智能三层交换机,汇聚采用华为三层交换机,接入桌面采用锐捷21系列。现有的活动目录服务器,ISA服务器,WEB服务器,OA办公管理系统,教务管理系统,图书管理系统,流媒体服务器,网络杀毒服务器,为全院教学办公、管理和生活等方面提供了良好的Internet应用服务与安全防护。校园主接入主干网如图一: 互联网外部路由器堡垒主机内部路由器校园网主节点 图一 校园网接入主干图 校园网承载着学校的教务、行政、教学、图书资料、对外联络等方面事务处理,它的安全状况直接影响着学校的教学、教务、行政管理、对外交流等活动。在网络建成的初期,安全问题可能还不突出.随着应用的深入.校园网上各种数
4