计算机技术与发展
計算機技術與髮展
계산궤기술여발전
Computer Technology and Development
2015年
9期
154-158
,共5页
企业内网%无线网络%网络安全%实名绑定
企業內網%無線網絡%網絡安全%實名綁定
기업내망%무선망락%망락안전%실명방정
enterprise intranet%wireless network%network security%real-name binding
针对当前企业内网中常见的一些安全问题进行了研究,特别是针对企业无线局域网应用中遇到的新问题进行了分析,查阅相关文献发现现有研究仅在安全域层面提出对策。文中重点对企业内网中的无线网络安全进行分析研究,梳理了企业内网中无线网络建设与使用风险方面的几种类型,找出潜在风险,提出了以网络建设的基础规范为切入点,从根本上解决无线网络安全中的一系列问题,实现企业有线网络、无线网络以及有线和无线混合网络的安全管理。通过精细化的网络管理,对网内IP、交换机Port、终端MAC实行实名分配和绑定,按照企业内部的功能要求,通过在核心层实现严格的VLAN划分和端口准入数配置,实行安全域的访问控制。无线接入点实行动态密码更新,MAC地址自动获取认证,IP可控分配,实现无线设备准入控制。通过行为插件激活无线热点发现来制止USB随身WIFI自建非法AP,消除对企业内网的安全威胁。并验证了解决方案的有效性。
針對噹前企業內網中常見的一些安全問題進行瞭研究,特彆是針對企業無線跼域網應用中遇到的新問題進行瞭分析,查閱相關文獻髮現現有研究僅在安全域層麵提齣對策。文中重點對企業內網中的無線網絡安全進行分析研究,梳理瞭企業內網中無線網絡建設與使用風險方麵的幾種類型,找齣潛在風險,提齣瞭以網絡建設的基礎規範為切入點,從根本上解決無線網絡安全中的一繫列問題,實現企業有線網絡、無線網絡以及有線和無線混閤網絡的安全管理。通過精細化的網絡管理,對網內IP、交換機Port、終耑MAC實行實名分配和綁定,按照企業內部的功能要求,通過在覈心層實現嚴格的VLAN劃分和耑口準入數配置,實行安全域的訪問控製。無線接入點實行動態密碼更新,MAC地阯自動穫取認證,IP可控分配,實現無線設備準入控製。通過行為插件激活無線熱點髮現來製止USB隨身WIFI自建非法AP,消除對企業內網的安全威脅。併驗證瞭解決方案的有效性。
침대당전기업내망중상견적일사안전문제진행료연구,특별시침대기업무선국역망응용중우도적신문제진행료분석,사열상관문헌발현현유연구부재안전역층면제출대책。문중중점대기업내망중적무선망락안전진행분석연구,소리료기업내망중무선망락건설여사용풍험방면적궤충류형,조출잠재풍험,제출료이망락건설적기출규범위절입점,종근본상해결무선망락안전중적일계렬문제,실현기업유선망락、무선망락이급유선화무선혼합망락적안전관리。통과정세화적망락관리,대망내IP、교환궤Port、종단MAC실행실명분배화방정,안조기업내부적공능요구,통과재핵심층실현엄격적VLAN화분화단구준입수배치,실행안전역적방문공제。무선접입점실행동태밀마경신,MAC지지자동획취인증,IP가공분배,실현무선설비준입공제。통과행위삽건격활무선열점발현래제지USB수신WIFI자건비법AP,소제대기업내망적안전위협。병험증료해결방안적유효성。
Study some security problems in the enterprise Intranet in this paper,especially about the new problems in the enterprise wire-less LAN application,found that some countermeasures are put forward only in the aspect of security domain according to existing litera-ture review research. Mainly analyze wireless network security in enterprise networks in this paper,combed several types of the enterprise Intranet wireless network construction and using risks,tried to identify potential risk,made network construction basic specification as the breakthrough point,solved a series of wireless network security problems fundamentally,realized the security management for enterprise wired network,wireless network,as well as the wired and wireless mixed network. Through intensification of network management,inter-nal network IP,interchanger port,terminal MAC are all implemented real-name allocation and binding. Implement strict VLAN division and port access number configuration in core layer,to achieve the access control security domain according to the functions of the enter-prise. Realize wireless access point dynamic password updating,MAC address automatic access authentication,IP address controlled to al-location,wireless device access control. Also through behavior plug-in to activate wireless hot spots,prohibit the USB WIFI self-built il-legal AP,eliminating network security threats to the enterprise. Also verify the effectiveness of the solution.
