Current location - Education and Training Encyclopedia - Graduation thesis - Discussion on Enterprise Network Design Based on Security Policy
Discussion on Enterprise Network Design Based on Security Policy
At present, network security technology mainly includes firewall technology, encryption technology, identity authentication, access control, antivirus software, data integrity control and security protocols. For the campus network, there is a big cost problem, and it is impossible to apply all security technologies to the network. In the network planning stage, we can design and prevent the most important security problems. Firewall technology, VLAN technology, antivirus software and website filtering technology can be used in the network design stage.

The landlord can discuss how to design the above technologies in the network planning and design stage.

The following reference! ! ! ! ! ! ! ! ! ! ! !

introduce

With the rapid development of information technology and network technology, the transmission of information is not limited to simple text data and digital data.

Transmission, followed by video, audio and other multimedia technologies are widely used. With the development of technology, the performance of network equipment and the capacity of transmission medium have been greatly improved. However, due to the increasing demand of users and the increasingly complex network environment, network planning has become an increasingly difficult topic. The success of campus network planning will directly affect the performance of school education network system, thus affecting the teaching process and teaching effect. The following mainly discusses the planning ideas of campus network.

Brief introduction of campus network planning

Campus network planning is the preparatory work of campus network engineering networking, its content involves the important steps of the whole network engineering, and it is the core and soul of network design. Excellent long-term planning and optimal implementation choice of campus network are the basis of long-term and efficient operation of campus network. At present, the application of campus network technology is mainly divided into four categories: auxiliary management, teaching and research, internet information service, and network technology exploration and application. Because there are many technical factors involved in the master plan, campus network planning should be carried out on-the-spot investigation and investigation, and combined with today's technology and development direction, the master plan idea should be put forward through repeated argumentation. Planning should not only adapt to current applications, but also reflect future needs. Planning should consider many aspects such as economy, environment, humanities and resources.

2. Campus network planning implementation plan

2. 1 Understanding users and collecting information

The purpose of network planning is to give a reasonable and feasible design scheme on the basis of collecting frontline information such as battlefield command, strategic planning and decision-making.

The key to winning a thousand miles lies in collecting information extensively. A comprehensive and reasonable campus network planning needs to seriously consider three factors:

(1) Historical network resource information of the school, current network planning and design scheme, leading technical direction, operation mechanism and management method, to meet the high expansion planning and characteristics of the future network.

(2) Who are the users of the campus network? What are their respective levels of knowledge? And their opinions and the frequency of using computers? What are their attitudes and views on the Internet now? This has a guiding role in training and arranging how many people to support and maintain the network in the future.

(3) Define the network scale: which campus, which department, how many network users, what resources are needed to access the Internet, what grade of equipment is used and within the budget, the information flow between different departments, the network traffic and peak traffic in different periods, determine the number and location of network terminals, the storage location of data and who wants to use these data.

(4) Finding out the internal relations and related information among users, users and resources, resources and resources is the premise and foundation of campus network design and the core idea of planning. As a huge campus network, how to make the designed network convenient for teaching needs and management applications, and the teaching network and management network operate safely, mutually compatible and not contradictory? This is particularly important.

2.2 Analyze the requirements and put forward the principles of network design.

2.2. 1 demand analysis

The education industry has its particularity, and the campus network requires relatively high performance of the whole network. Campus network needs to meet the wide application of digital, voice, graphics and other multimedia technologies, as well as the needs of comprehensive scientific research information transmission and processing, and can meet the requirements of various protocols. Its system should conform to international standards (such as TCP/IP protocol, Novell IPX protocol, etc.). ) and compatible with the existing network environment. Therefore, before designing the network, we should deal with all kinds of problems.

(1) Internal optical fiber backbone requirements: Planning needs to analyze the integrated wiring system and its subsystems, the locations of MDF and IDF in the main wiring closet, and the locations of different types of servers.

(2) Application management requirements: It can completely liberate managers from tedious word processing, communicate with daily things through computer information systems, and build functions such as official document system, daily office system, file system and e-mail, and it needs to be simple and easy to use. Meet the teaching needs of video on demand, voice teaching, multimedia courseware, etc., and have basic Internet access.

(3) Network traffic demand: The campus network is required to have enough network throughput to meet the teaching tasks and ensure the high-quality and efficient transmission of information. Campus network traffic involves voice teaching, multimedia courseware, server access, web browsing, video on demand and so on. This requires extremely high bandwidth and time delay.

(4) Network security requirements: The campus network must have a perfect security management mechanism, which can ensure the reliable operation inside the network, prevent illegal access and intrusion outside and inside, and ensure the storage security of key databases.

2.2.2 Put forward the design principles.

(1) network reliability principle:

In the process of network design, the network topology should be stable and reliable, such as dual-route network topology and ring network structure. Because they can be redundantly backed up and their security can be guaranteed, high-end switching equipment and trunk lines of optical fiber technology can be used for core layer switching, so as to achieve high fault tolerance and avoid the occurrence of single points of failure. The network structure adopts the reliable measures of double links, double core switching equipment and double routing backup, which can greatly improve the reliability and practicability of the campus network.

(2) the principle of network scalability:

The expansibility of campus network has two meanings: the new teaching department can simply access the existing network; (2) The application of the upgraded new technology can run on the existing network without accidents.

It can be seen that when planning the campus network, we should not only analyze the current technical indicators, but also make a forecast and budget for the future network growth to meet the new demand and ensure the reliability of the network, thus ensuring the normal teaching order on campus.

(3) The principles of network practicality and manageability:

The design of campus network system should reflect the practicability of the system in terms of performance-price ratio, and advanced equipment can be used, but the goal of network construction should be realized when funds permit. Campus network should be based on simple network management protocol (SNMP) and supporting management information base (MIB), and adopt graphical and visual management interface and operation mode, which is convenient for management, and at the same time, it embodies practical principles, reasonable network planning strategy and can provide strong management.

Function, can make the management integration, and facilitate the update and maintenance of campus network in the future.

(4) network security principles

1. Physical layer and network topology, operating system and application software all need corresponding security detection mechanisms. Border gateways should build firewalls, install anti-virus software, and carry out necessary security filtering on gateway routers, such as ACL configuration of access control lists, user authentication, data encryption, keys and other technologies, so as to realize the security of campus networks.

2. Use static virtual local area network technology (static VLAN) to strengthen the management of the intranet, because VLAN is based on logical division rather than physical geography division, which effectively controls the mutual access of various network segments, thus ensuring the security of the intranet, while VLAN can suppress unnecessary broadcasts, thus saving bandwidth and facilitating management.

3. Based on the TCP/IP four-layer Internet model, it is the core idea of network security management to establish a continuous operation mechanism of network security measures to maintain the network, monitor the network, test the network and improve the continuous security work of the network, as shown in the figure:

application layer

transport layer

Internet layer

Internet layer

Network access

Figure (1) Using TCP/IP model to build a lasting network security management model.

3. Summarize the failed projects and make clear the necessity of network planning.

At present, many schools have established their own campus networks, but the campus is not stable because of the incomplete and imperfect planning in the early stage of network design.

The net's income is not big, and the huge investment has not brought tangible benefits. This is more obvious in the construction of campus network in primary and secondary schools for three main reasons:

(1) is not recognized as

The school lacks understanding of the concept definition of campus network, which is blind and self-biased. There is no clear purpose of campus network construction and I don't know the school.

What kind of substantive role did the garden network play?

(B) the investment plan is unreasonable

Due to the incorrect understanding of campus network construction, many schools have appeared the phenomenon of "emphasizing hardware over software". As a result, the campus network has become a campus network networking solution based on hardware devices, and it is a pure collection of devices. However, we pay little attention to the maintenance after the network is built, and the proportion of management investment in the later period is very small. The campus network can not be well served and managed, and even the whole network tends to collapse.

(3) Lack of effective organizational management and implementation means.

The construction of campus network not only involves technical problems, but also causes deeper changes. However, when building the campus network, the school did not fully realize this point, and faced with new technologies and new ideas, it could not change its ideas in time, nor did it have effective organizational management and implementation means.

Based on the above three points, it is pointed out that blind campus network construction without reasonable planning will lead to the failure of campus network construction. A successful campus network planning should be a campus network construction process that integrates a stable and open network platform, tailor-made application software and effective organization and implementation plan.

summary

Campus network should conform to the change of educational thought of the times and have the essential characteristics of network technology response. One of the basic characteristics of education is to break the time and geographical restrictions and face all members of society, which requires that when planning the campus network, we must stand tall and look far, and always be clear about the ideological and technical orientation. This paper mainly discusses how to effectively plan a new campus network that meets all aspects of teaching, scientific research and management, and points out the planning ideas. In a word, the planning goal and direction of campus LAN in the future should be to build an operation-level multifunctional network integrating IP services, broadband optical transmission and service provision.

References: [1] Wang et al. Networking and management of campus network.

[2] Cisco Network Technology Course (III.4) published by People's Posts and Telecommunications Press in 2002.

[3]

[4] Fang Dongquan. Yang Mao. Campus Network Security and Management [J]. Network Security and Technology 2005 No.51