基于cisco设备的企业网络设计及安全实现

【作者】 崔鑫；

【导师】 李大兴；

【作者基本信息】 山东大学 ， 计算机软件与理论， 2007， 硕士

【摘要】 企业网中,各分支机构内部网络的规划与实现和局域网技术的发展是密切相关的。此网络设计方案中采用了虚拟网技术(VLAN)。虚拟网络把交换机组成的网络在逻辑上分割成若干个广播域,减少了每个域的广播流量,进一步提高了交换网络的性能。虚拟网络技术和交换技术相结合,构成企业计算机网络的核心技术。此外根据企业网络结构,设计采用了“从内到外”的方案实施原则,首先确保企业内部网的安全,其次保证各个服务器的安全,最后保证外网接入的安全。企业的两个办公室的用户通过五类双绞线连接到内部网交换机,分别被配置到两个VLAN中,并且,为了安全考虑,设置访问控制列表禁止两个办公室之间互相访问。而企业需要对外开放的服务器,如WEB服务器、FTP服务器等,通过DMZ交换机连接到防火墙的DMZ端口,并且与DMZ交换机和防火墙一起安置在专用的服务器机房中,以进一步保证安全性。防火墙是本网络安全设计的核心部分,它的作用不仅仅是作为外网、内部网以及DMZ区的安全中转站,还需要担任VPN服务器的角色,为远程用户以及移动用户提供安全的VPN接入服务,使用户能够被授权访问企业内部网中的共享资源。同时,在防火墙上启用了IDS(入侵检测系统),任何对防火墙的攻击尝试或非正常的数据流量都将会在被防火墙阻止的同时发出警报并在Log中留下记录,以便管理员对入侵进行分析。最后,对远程VPN用户需要进行的设计进行了介绍,以方便用户使用Cisco VPN Client或Windows自带的VPN拨号组件通过安全的IPSec/PPTPVPN访问企业内部网。更多还原

【Abstract】 In the enterprise networks, the plan and the actualization of the branch office interior network is related with the development of the network technology. This network design technology used the virtual network (VLAN). The virtual Network which divided logically the network that composes with switches into several broadcast areas, reducing the flow in each area of broadcasting, further enhances the performance of the exchange network. The combination of the virtual network technology and the exchange technology is the key technology in the enterprise network .According to enterprise network structure, design adopted the principle of the program called "from the inside to outside", the first network to ensure internal security, secondly ensure that all the server’s security, the final guaranteed access to the safety net.The users of two enterprises Office connected to the internal network switches bye the five categories UTP, were dispatched to two VLAN, and, considering for safety , set access control list prohibited the visits between the two office And the corporate needs of the outside world server, such as Web servers, FTP servers. Connected to the firewall DMZ port through the DMZ switch, DMZ with switches and firewalls placed together in a dedicated server room, for further ensure safety.Firewall is the core part of the network security design. Its role is not only as external networks. Or the safe transit point of DMZ and the internal network, it is also the role as VPN server for remote users and mobile users with the security of VPN access service enables users to be empowered to corporate internal network of shared resources necessarily.At the same time, the firewall enabled IDS (Intrusion Detection System), any attempt to attack the firewall or the abnormal flow of data would have been stopped by the firewall which would alert at the same time. And in the Log, records left to managers for the invasion of analysis. Finally, the remote VPN users need for the design of the briefing, for the convenience of users of Cisco VPN Client or Windows built-in dial-up VPN components connect security IPSec/PPTP VPN to corporate internal networks.更多还原