【作者】 郭迪新；

【导师】 章兢； 陈进；

【作者基本信息】 湖南大学 ， 控制工程， 2004， 硕士

【摘要】 随着计算机网络技术的广泛应用，网络安全问题已不容忽视，作为一个面向大众的开放系统，计算机网络面临着来自各方面的威胁和攻击。因此，网络安全系统的构建是一个非常重要的问题，它涉及到从系统硬件到软件，从单机到网络的各个方面。本文系统地介绍了网络安全的概念、OSI及Internet的安全体系结构，并讨论了计算机网络面临的各种安全威胁；内部网络的安全问题是每个建网单位面临的最大问题，可以认为防火墙技术是解决网络安全的一个主要手段，本文研究了防火墙的原理及其实现手段；作为一种主动的防御措施，入侵检测系统(IDS)作为网络系统安全的重要组成部分，得到了广泛的重视，TDS对计算机和网络资源上的恶意使用行为进行识别和响应，不仅检测来自外部的入侵行为，也监督内部用户的未授权活动；虚拟专用网(VPN)技术的出现，为实现网络间的连接提供了快速安全但又相对便宜的手段，本文较深入的探讨了实现VPN的隧道技术，并对VPN的概念、功能、实现途径、基本构成、关键技术及发展前景等问题进行了全面论述；数据加密技术是网络安全核心技术之一，本文从数据加密算法、数字摘要、数字签名及数字证书等几方面简要介绍了数据加密技术，并分析用数字证书和数字签名实现网络安全的原理和过程；对安全协议的基本原理、主要特点进行了较为深入的研究，并就网络的安全性问题剖析了三种安全协议：IPsec协议、SLL协议和SET协议。 综合应用上述研究成果，本文针对高校校园网的安全系统的需求，进行了深入的研究与开发，按照“建立的网络安全应该是动态防护体系，是动态加静态的防御；是被动加主动的防御甚至攻击，是管理加技术的完整安全观念”，提出了一个能覆盖整个校园网络的全方位、各个层次、多种防御手段的网络安全实现模型，构建了湖南理工学院数字校园网的安全系统体系结构，并完成了其中的全部设计。本安全系统经初步测试和试运行的结果，表明了上述研发成果的有效性和可行性。更多还原

【Abstract】 With the extensive application of computer network technology, security problem could not be ignored. Computer network, as an open system, has to face up to various threats and attacks. So the establishment of a network security system is crucial and it involves aspects from the hard ware to the soft ware of the system. In this paper, the concept of network security and security structures of OSI and Internet is introduced, and various threats confronting the computer network are also discussed. Several kinds of network information security technologies, including firewall technology, virtual private network, intrusion detection system, data encryption technology, identity authentication and security protocol etc. are also examined. The security of internal network is the biggest problem in the construction of each network. The solution to this problem lies in setting up a firewall. The theory of a firewall and the approach to its actualization is studied. Intrusion detection system (IDS), an important part of the computer network security system, has gained extensive attention. IDS monitors the computer and network traffic for intrusion and suspicious activities. It not only detects the intrusion from the extranet hacker, but also the intranet users. The emergence of virtual private network paves the way for realizing secure connection of LAN quickly and at a relatively low cost. The concept, function, key techniques, including the tunnel technology, and the ways to realize VPN are expounded in this paper. Also introduced is the data encrypt network technology, which is called the soul of computer network security, such as digital digest, digital signature, digital certificate, digital encrypt arithmetic and so on. At the same time, the principle and the process of implementing network security by digital certificate and digital signature, the basic principle and characters of security protocols, and finally, three of the security protocols, concerning the security problems in network, IPsec, SLL and SET are analyzed in detail Computer network system should be a system of dynamic defence, both dynamic and static, passive as well as active, and even offensive, combined with management and technology. Based on such a concept, the author has developed an all-round, multi-level model of network security system with different defence capabilities, which covers the whole campus. The design and construction of such a model has been completed for the campus computer network of Hunan Institute of Science and Technology after the author’s thorough study of the demand of the campus computer network security system. After initial testing and operation, the model proves efficient and feasible.更多还原