摘要
由于未采用安全网络架构,再加上部分用户病毒防范意识薄弱,未采取有效防护措施,导致园区网络遭到入侵.以园区网络为研究建模对象,在分析网络安全架构的基础上,采用扁平化三层设计架构,针对TCP/IP协议栈的缺点,加入相应的安全技术防御攻击,保证流量隔离和快速转发;针对传统网络安全建设以被动防护为主的弊端,提出主动防御的园区网络安全建设思路.分析和仿真内网ARP攻击和系统漏洞攻击等网络安全威胁,结果表明,基于新型园区网络安全建设思路可以更好、更快速地抵御网络威胁.
In the course of its construction,campus network was more likely to be invaded due to the lack of a secure network architecture and users’weak awareness of virus prevention.Taking campus network as the research modeling object,on the basis of analyzing the security architecture of the network,a flat three-tier design architecture was adopted.In view of the shortcomings of the TCP/IP protocol stack,corresponding security technologies were added to defend against attacks to ensure traffic isolation and fast forwarding.Aiming at the disadvantages of traditional network security construction based on passive protection,the idea of constructing campus network security with active defense was proposed.Network security threats such as intranet ARP attacks and system vulnerability attacks were analyzed and simulated.The results show that the idea of network security construction of new campus can do a better and faster job in resisting cyber threats.
作者
何星
张霞
HE Xing;ZHANG Xia(School of Information Engineering,Putian University,Putian 351100,China)
出处
《南京工程学院学报(自然科学版)》
2021年第1期52-57,共6页
Journal of Nanjing Institute of Technology(Natural Science Edition)
基金
莆田学院教改项目(JG201810)
莆田学院《数字信号处理》应用型课程建设项目。
关键词
网络建设
仿真
网络安全
EVE-ng
威胁分析
防御手段
campus network simulation
network security
EVE-ng
traditional security
threat analysis
defensive measures
