您好,欢迎访问三七文档
当前位置:首页 > 商业/管理/HR > 质量控制/管理 > 校园计算机系统安全及维护研究
学号:1201640132学号:12345678910本科毕业论文校园计算机系统安全及维护研究ResearchOnCampusComputerSystemSecurityAndMaintenance姓名:法如克·吾买尔专业:计算机科学与技术指导教师姓名:耿庆田指导教师职称:副教授2016年5月长春师范大学本科毕业论文I摘要近年来各大专院校以及中小学分别斥资构建了属于自己的校园网,然而仅就目前的校园网络使用和维护现状来看,由于很多院校的校园网以及构建校园网的集成商在初始的设计规划中,疏于对安全体系的建设,以及对校园网络安全认识的淡漠,认为只要部署了防火墙便可万事大吉,由此导致针对校园网的入侵行为层出不穷。本文针对这一问题,作一简单的讨论。首先,介绍了校园网络的现状,论述了建设一个校园网络和构建一个安全的校园网络所需要的一切要素。从网络的构建开始,从内到外,依次论述了边界路由,核心交换,分级防火墙,入侵检测系统,服务器的安全需要,并且虚拟地构造出一个安全的校园网络的骨架;同时论述了校园网络中人这一要素,一个安全的系统不仅是一堆高效的安全设备,和完整的安全策略,它更需要一群精通入侵的安全工程师和运行维护人员以及处于上层的一个英明的决策者组成。接着论述了校园网络的安全现状和面对的主要威胁,从边界路由的过滤、防火墙的防御、IDS的检测,以及IPS的模型,现代DMZ的划分,和新型的无线网络攻击以及防御方式。最后介绍了由于配置失误可能造成的出口流量的泄密,利用SINKHOLE技术原理部署蜜罐进行攻击诱捕,从而避免可能攻击的工作,以及什么是backscatter,如何利用backscatter技术进行防御。在这些论述中,本人加入了这几年来见到的一些案例,从而简要的说明,什么是安全的校园网和如何构建安全的校园网。关键词:校园网络安全体系安全策略防火墙入侵检测系统长春师范大学本科毕业论文IIAbstractInrecentyears,tertiaryinstitutions,aswellasprimaryandsecondaryschoolsputmuchmoneyinconstructingtheirowncampusnetwork.However,intermsoftheapplicationandmaintainofcurrentcampusnetwork,thenetworkintrusionincidentsoccuragainandagain.Thisphenomenonisoncountofthenegligenceonthesecuritysystemandnetworksecurityawarenesswheninstitutionsandintegratorsinitiallydesigningandplanningtheconstructiononcampus.Theonlythingtheyconcernaboutisfirewall.Inviewofexistingsituation,thisarticlemakesabriefdiscussion.Firstofall,thisletterintroducedthestatusofcampusnetwork,discussingallelementsneededintheconstructionofasecurenetworkoncampus.Startedfromthenetworkconstruction,frominsidetooutside,itsuccessivelyexpoundsborderrouter,coreswitch,Hierarchicalfirewall,IDS,theserver’ssecurityneedsandconstructingavirtualcampusnetworksecurityframework.Italsodiscussesthehumanelementofthecampusnetwork:Itisinadequateforasecuritysystemonlypossessesasuiteofefficientsafetyequipmentandcompletesecuritypolicy;toahigherdegree,italsorequiresagroupofengineersandoperationandmaintenancepersonnelwhoproficientintheinvasionofthesecurityoperationaswellasawisedecision-makerinhigher-ups.Then,thisarticlediscussesthestatusofthecampusnetworksecurityandmainthreatsatpresent.Italsoinvolvesthebounderrouterfiltering,firewalldefense,IDS,IPSmodel,divisionofmodernDMZ,newwirelessnetworkattackanddefensestyle.Finally,itfiguresoutthepossibleleaksofexportflowcausedbyconfigurationerror.While,theutilizationofSINKHOLEprincipleinthedeploymentofhoneypotcanbeusedtotraptheattack,andtherebyavoidthepossibilities.Furthermore,itsetsforthwhatisbackscatter,andhowtouseitinthedefense.Uponthesediscourses,theauthorcitessomecasesinthepastfewyearstogiveabriefdescriptionofwhatisasafecampusnetworkandhowtobuildit.Keywords:CampusNetworkSecurityStructureSecurityPolicyBorderRouterFirewallIDS长春师范大学本科毕业论文III目录摘要··································································································IAbstract································································································II第一章绪论·························································································III第一章绪论························································································11.1中国教育科研网(CERNET)概要·····················································11.2校园网与CERNET··········································································11.3构建校园网络安全体系····································································1第二章安全的校园网的基础设施································································32.1校园网的基本服务··········································································32.1.1IP地址分配与注册··································································32.1.2自治系统号的分配与注册·························································42.2校园网辅助服务············································································42.2.1DNS服务·············································································42.2.2E-mial服务············································································42.3校园网络的路由与交换···································································52.3.1路由····················································································52.3.2交换····················································································52.4校园网络中的防火墙和入侵检测系统·················································52.4.1校园网络中的防火墙·······························································52.4.2校园网络中的入侵检测系统·····················································6第三章安全的校园网中人的因素································································7第四章校园网络面对的安全问题及其现状····················································94.1校园网面临的传统安全威胁·····························································94.1.1传统WINDOWS系统攻击·······················································94.1.2攻击式应用代码····································································104.1.3拒绝服务式攻击····································································114.2校园网面临的内部安全威胁····························································124.2.2来自内部的攻击测试···································································134.3校园网面临的外部安全威胁·····
三七文档所有资源均是用户自行上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作他用。
扫描二维码
sony4723
本文标题:校园计算机系统安全及维护研究
链接地址:https://www.777doc.com/doc-2294308 .html