【作者】 王筝；

【导师】 戴宗坤； 汪心宣；

【作者基本信息】 四川大学 ， 电子与通信工程， 2003， 硕士

【摘要】 本论文应用网络安全的基本理论和基本知识，提出了分层的安全防护设计思想及其实现的问题。通过对一个企业内部(某涉密设计院)网络现有系统的深入研究，从层次结构的角度详细分析了该企业内部各个层次可能存在的安全漏洞和安全风险，根据“适度、可靠、可行、可扩展”的原则，提出了一个切合实际的网络安全目标，并在此基础上提出了整体网络安全方案。根据该研究院的具体情况，方案中重点论述了防火墙配置、入侵检测系统配置与设计、安全VPN的应用、访问控制的应用等。同时，方案还对安全设备的选型和配置、安全管理及安全制度的建立给出了说明。该方案具有高可靠性、高安全性、优良的性能价格比、系统使用性强、配置先进、可扩展性良好以及实施时可操作性强等特点，其总体方案已组织实施。更多还原

【Abstract】 The security of network systems includes physical security, network security , application security and the security management system. The design and implementation of network systems security deals with these problems.In this paper the basic theory and basic knowledge is introduced, the design concept of layered security protection described, and the problems about the establishment and implementation of the network security discussed. Through the description and analysis of the existing system of network within an secrete enterprise , from the point of view of the structure the possible security loopholes and security risk are analysis in detail at all levels of its internal network and the practical solution for the network security proposed . This solution has the following characteristics : high reliability , high security , optimum effective-cost, high system application capability , advanced system configuration , good expansion and good operability.更多还原