【作者】 蔡日旭；

【导师】 郭平； 熊韦；

【作者基本信息】 重庆大学 ， 计算机技术， 2007， 硕士

【摘要】 由于网络协议的开放性,以及网络具有联结形式多样性、终端分布不均匀性及互连性等特征,致使网络易受黑客、怪客、恶意软件和其他不轨的攻击,信息被泄露、窃取、篡改、冒充和破坏,还有可能受到计算机病毒的感染。所以,信息社会中网络安全是一个至关重要的问题。网络的安全措施应是能全方位地防御各种不同的网络安全威胁,才能确保网络信息的保密性、完整性和可用性。在网络无处不在的信息时代,企业(组织)之间、企业(组织)与互联网之间的网络许多情况下需要彼此连接,才能充分发挥网络的优势。而不同网络之间的连接,受到的安全威胁及安全级别是不同的,其策略和要求也就不同。本文正是基于对当前网络安全技术及策略的分析研究以及企业网络连接的应用现状中存在的问题,做如下工作:①研究分析当前网络安全问题的起因、常见攻击和反攻击技术手段。②分析网络安全的任务、建设需求的系统性和完备性。③研究分析网络安全问题的技术及策略,包括密码技术、系统安全技术、网络安全技术。重点包括防火墙技术、访问控制技术、安全路由及策略路由技术、加密、认证和密钥管理技术、入侵检测和漏洞扫描技术、VPN / VPDN技术等。④综合运用上述技术及策略,从网络安全的各个层面综合考虑,以某大型金融企业外联网平台为例,采用区域分隔架构的策略,构建一个安全、稳健、高效的外部网接入平台。本文就网络安全现状进行了深入分析,同时分析研究了网络安全的技术及策略。在此基础上,综合运用各种安全技术,以某企业外联网平台建设为例,从网络安全的各个层面综合考虑,构建了一个安全、稳健、高效的外部网接入系统平台,具有重要的理论意义和实际应用价值。更多还原

【Abstract】 Attribute to the openness of internetwork protocol, the diversity of internetwork connection and the uneven distribution of terminals, together with other characteristics, the internet are vulnerable by hacker or malicious software and other illegal attacks. So, the information which delivered on internet are possibly leaked or steal, tampered with or counterfeited, or even destructed and infected by virus. Therefor, in information age, the network security are most important and crucial issue.Network security measures should be all-round to cope with all kinds of totally different menace coming from internet in order to ensure that the confidentiality, integrity and availability of information while they are transferred on line.Nowadays, thought as information age network exist everywhere. It is quiet common to see that connection are established between different enterprises and between enterprises and internet in order to bring in full advantages of network We’d better adopt different strategies to deal with different situation because dissimilar connection among different sub-nets of enterprise or internet need quiet diverse security level and suffered different menace. This paper has done lots of research basing on the current network security technology and strategy, as well as on analysis of drawback for the current application of network connection including following points:①Analyzing the causes of the network security problems and the normal attack ways and counter-strike means.②Analyzing the tasks of the network security and the systematics and perfectibility for constructing the demand of network. Security.③Studying the tools and strategy for network security, including cryptographic techniques, system security technology and network security technology. In detail, are firewall, access control technology, security routing ,strategy routing technology, encryption, authentication and key management technology, intrusion detection and vulnerability scanning technology, VPN / VPDN technology.④We will use a financial enterprise Extranet as a example to illustrate how to build a safe, sound and efficient external network platform taking on a regional separate framework strategy in terms of comprehensive consideration of all different technology(presented in point 3) and levels of network security. In this paper, we will analyze the present situation of network security deeply, while we will construe the technology and strategy of network security. So, It is have great theoretical and practical values to use a financial enterprise Extranet as a example to illustrate how to build a safe, sound and efficient external network platform from different technologies更多还原