鞍山科技大学毕业设计(论文)
第 I页
校园网安全设计
摘 要
校园网是当今信息社会发展的必然趋势。它是以现代网络技术、多媒体技术及
Internet 技术等为基础建立起来的计算机网络,一方面连接学校内部子网和分散于校
园各处的计算机,另一方面作为沟通校园内外部网络的桥梁。校园网为学校的教学、
管理、办公、信息交流和通信等提供综合的网络应用环境。要特别强调的是,不能把
校园网简单的理解为一个物理意义上的由一大堆设备组成的计算机硬件网络,而应该
把校园网理解为学校信息化、现代化的基础设施和教育生产力的劳动工具,是为学校
的教学、管理、办公、信息交流和通信等服务的。要实现这一点,校园网必须有大量
先进实用的应用软件来支撑,软硬件的充分结合是校园网发挥作用的前提。
一个好的校园网,安全问题是至关重要的。随着互联网的飞速发展,网络安全逐
渐成为一个潜在的巨大问题。网络安全性是一个涉及面很广泛的问题,其中也会涉及
到是否构成犯罪行为的问题。在其最简单的形式中,它主要关心的是确保无关人员不
能读取,更不能修改传送给其他接收者的信息。此时,它关心的对象是那些无权使用,
但却试图获得远程服务的人。安全性也处理合法消息被截获和重播的问题,以及发送
者是否曾发送过该条消息的问题。
大多数安全性问题的出现都是由于有恶意的人试图获得某种好处或损害某些人
的利益而故意引起的。可以看出保证网络安全不仅仅是使它没有编程错误。它包括要
防范那些聪明的,通常也是狡猾的、专业的,并且在时间和金钱上是很充足、富有的
人。同时,必须清楚地认识到,能够制止偶然实施破坏行为的敌人的方法,以最有效
的措施来进行防范。
关键词:网络规划设计,防火墙技术,网络攻击,网络安全与防护技术
鞍山科技大学毕业设计(论文)
第 II页
目 录
第 1 章 绪 论 ················································································ 1
第 2 章 校园网络的需求分析及设计规则 ····································2
2.1 需求分析 ······················································································2
2.2 设计原则 ······················································································2
第 3 章 网络规划设计 ···································································· 4
3.1 现有网络状况 ················································································4
3.2 网络规模 ······················································································4
3.3 信息点分布情况 ·············································································4
第 4 章 网络系统设计 ···································································· 5
4.1 系统需求 ······················································································5
4.1.1 IP 地址划分 ············································································5
4.1.2 服务组件的配置 ····································································· 5
4.1.3 路由器的配置 ········································································ 7
4.2 网络拓扑结构 ················································································9
第 5 章 网络安全与防护技术 ·······················································11
5.1 计算机网络安全 ··········································································· 11
5.1.2 网络安全的目的和功能 ·························································· 11
5.1.3 网络安全的潜在威胁 ····························································· 12
5.1.4 网络安全的策略 ····································································14
5.2 数据加密技术 ·············································································· 14
5.2.1 基本概念 ·············································································14
5.2.2 对称密码体制 ·······································································14
5.2.3 公钥密码体制 ·······································································15
5.2.4 数字签名 ·············································································15
5.2.5 密钥管理 ·············································································15
5.3 防火墙技术 ················································································· 16
鞍山科技大学毕业设计(论文)
第 III页
5.3.1 防火墙的概念 ·······································································16
5.3.2 防火墙的作用和特性 ····························································· 16
5.3.3 实现防火墙的主要技术 ·························································· 17
5.3.4 防火墙的体系结构 ·································································18
5.3.5 防火墙选择原则 ····································································19
5.3.6 防火墙的配置 ·······································································19
5.4 网络病毒与防范 ··········································································· 19
5.4.1 网络病毒概述 ·······································································19
5.4.2 常见的网络病毒 ····································································21
5.5 黑客入侵与防范 ··········································································· 21
5.5.1 IP 欺骗攻击与防范 ·································································21
5.5.2 端口扫描与防范 ····································································22
5.5.3 缓冲区溢出与防范 ·································································22
5.5.4 拒绝服务攻击 ·······································································23
5.5.5 网络监听与防范 ····································································23
5.5.6 黑客攻击的一般步骤 ····························································· 23
第 6 章 网络应用技术 ···································································24
第 7 章 网络设备选型 ···································································27
第 8 章 综合布线设计 ···································································33
8.1 建筑群子系统 ·············································································· 33
8.2 水平子系统 ················································································· 34
8.3 垂直干线子系统 ··········································································· 34
8.4 设备间子系统 ·············································································· 35
8.5 工作区子系统 ·············································································· 35
8.6 管理间子系统 ·············································································· 36
第 9 章 设备清单 ···········································································37
第 10 章 接入技术 ·········································································38
鞍山科技大学毕业设计(论文)
第 IV页
结 论 ·····························································································39
致 谢 ·····························································································40
参考文献 ···························································································41
鞍山科技大学毕业设计(论文)
第 1页
第 1 章 绪 论
西华实验中学坐落在我市西郊,那里靠山邻水,风景秀丽,是省试点中学。随着
互联网技术的迅猛发展,为适应社会的需求,满足教学的需要,西华实验中学在原有
网络系统贫乏的基础上决定对校园网进行优化。
网络是信息高速发展的纽带,它不但可以带给我们信息发展的前沿,还能够帮助
我们查阅大量的信息,它所提供的信息资源几乎是无穷无尽的。网络作为一种研究工
具的出现,极大的拓展了知识的获取范围,大大地降低了我们在每一项工作上所消耗
的时间。
校园网是网络技术应用于教育事业的一种体现,改善校园网不仅可以充分的提高
教学质量,更能够让学生对学习产生兴趣,而且它也是管理、办公、信息交流和通信
等现代化的标志。
因此,对于一个省试点学府来说,扩大校园网的规模,提高信息传输质量,增添
新的设备,采用最新的技术,是事在必行的。
鞍山科技大学毕业设计(论文)
第 2页
第 2 章 校园网络的需求分析及设计规则
2.1 需求分析
校园网首先是一个内部网,建网目的就是为了实现学校办公、教学和管理的信
息化,因此应具备学校管理、教育教学资源共享、远程教学和交流等功能,同时还应
接入Internet,以使校园网内用户能访问Internet。
具体情况如下:
校内有两座教学楼,一座实验楼,一座行政楼,四座大楼形成“十”字行。1号
教学楼与2号教学楼和实验楼各间相距50米,行政楼与实验楼和2号教学楼也各相距50
米。四座大楼之间是学校的操场,是上体育课的地方,也可供学生课下嬉戏放松。
两座教学楼各分四层,2号教学楼内有预设2个多媒体教室。实验楼分四层,内预
设两个计算机实验室,楼内还有学生活动中心、校园广播站、电子实验室、物理实验
室和化学实验室以及体育教研组。行政楼分四层,都是老师以及领导的办公室。
本网络要求上百台计算机同时与Internet连接时,通信畅通无阻,下载迅速。对于
安全方面,要有绝对的保证,不可让本校的重要信息外泄,也要确保个别信息不能让
不相关的学生或老师看到。由于本校预备明年新建学生宿舍,所以此网络要有可扩充
性。
现今社会,计算机技术发展迅速,因此,在技术上要有更新措施,这样在教学环
境上才能不落后于其他院校,具有先进性。
有了这样的校园网,教学环境才是真正的提高,教学质量也会更好。时尚生动的
教学对于学生而言,学习起来也会产生兴趣,记忆会更加深刻,是快乐的教学方法。
2.2 设计原则
1、整体设计分步实施
2、稳定安全性
3、整合性
4、可扩展性
5、示范性
鞍山科技大学毕业设计(论文)
第 3页
6、技术先进成熟性
7、系统的易管理维护性
8、可靠性
9、系统的容错性
鞍山科技大学毕业设计(论文)
第 4页
第 3 章 网络规划设计
3.1 现有网络状况
本校只有领导办公室才有几台计算机。网络建设尚处于起步阶段。并无已建成的
完善的网络在运行。故并无已有的关于网络运行情况方面的资料可供参考。因此,西
华实验中学的网络使用情况以及网络设备情况均属空白,有待进一步的开发建设。这
便给我们兴建该校园的网络带来了极大的便利。我们可以充分运用当今主流的先进技
术,来建设和规划该校园的网络,将该校园的网络进行全面,整体的整合。
3.2 网络规模
本网络是具有上百台计算机的小型局域网,内设有路由器、交换机、硬体防火墙
等设备。楼内还设有设备间和管理间。1号教学楼内共24个教室,每个教室预设两个
信息点;2号教学楼内因含有两个多媒体教室,所以本座楼预设236个信息点;实验楼
内包括两个计算机实验室,因此预设楼内信息点244个;行政楼共32个办公室,预设
160个信息点。整个校园网信息点数量为688个。
3.3 信息点分布情况
表3.1 信息点分布
楼
楼层号
教室数目
信息点数(个)
1号教学楼
1,2,3,4
2号教学楼
2号教学楼
实验楼
实验楼
实验楼
实验楼
行政楼
1,3,4
2
1
2
3
4
1,2,3,4
8*4
6*4
6*3
2
4
2
6
1
6*4*2
6*3*2
2*100
4*2
2*100
6*5
1*6
8*4*5