How to maintain campus network security, with the popularization of campus network, the security of campus network directly affects the development of various educational and teaching activities in schools, and campus network security has been paid more and more attention. How to maintain campus network security? Let's take a look with everyone!

How to maintain campus network security 1 network edge security zone

The network edge security zone is located at the junction of the campus network and the external network, and is in the boundary area of the whole campus network. The main function of physical equipment in this area is to access the Internet through telecommunications. The second is to access China Education Network through schools. The third is to connect the school intranet to realize online resource sharing. The fourth is to publish external servers and provide remote access services. The security area on the edge of the network directly faces the external high-risk connection, and the physical devices in this network area should ensure the connection with the external network and the normal operation of the campus network. So the network edge security area

Network edge security area

The main requirements are:

External users are prohibited from illegally accessing campus network resources. Campus network access traffic record information. Hide the IP address of the campus network. Conditionally provide secure remote access services. Have the ability to detect and resist intrusion. Ensuring the authenticity and reliability of campus network user identity is the most basic requirement to ensure campus network security. Of course, legitimate users will also do things that threaten campus network security. It is necessary to record users' access behavior and access information to network resources in detail, so as to facilitate follow-up audit and traceability.

Ensure that the identity of campus network users is true and reliable

Core fusion security zone

The equipment in the core convergence security zone is the key node of the whole campus network, which ensures the high-speed and stable transmission of the backbone network connected in the campus network. As the gathering center of campus network traffic, core convergence equipment plays an important role in controlling data transmission. The main requirements of the core fusion security zone are:

Divide VLAN segments according to specific purposes. Access control is implemented between network segments. Bind the device port according to the purpose. Limit the maximum number of connections for device ports. Prevent the spread of virus traffic. Dividing VLAN mainly narrows the broadcasting field. On the one hand, it prevents broadcast-based viruses from infecting the whole campus network. For example, the recent ransomware is a broadcast-based virus. On the other hand, it can achieve access control for a certain purpose to control data transmission between VLAN, such as office area, dormitory area and campus card area.

Campus network topology diagram

Access layer security area

The main threat faced by the access layer security zone is that the virus infected by the access host uses the related vulnerabilities of the Layer 2 protocol to attack, such as MAC address flooding attack and ARP spoofing attack. The access layer equipment is directly connected to the user's host, and how to identify the legitimacy of the user identity of the access host is also the work to be done when the access layer equipment is deployed and configured. In addition, the campus network provides a large number of access points, and the composition of users is different, which may artificially cause port loop phenomenon. Therefore, the requirements of the access layer security area are:

Configure the VLAN segment corresponding to the access host. Host port binding. Adopt secondary authentication. Limit on the number of hosts that the device can access. Prevent ARP attacks. Port loop detection. Server farm security zone

The servers of the campus network are mainly concentrated in the computer center room, including the school portal server, VP N server and various application system servers. In order to ensure the security of these servers, we mainly start from three aspects: management, technology and prevention. According to the purpose of the server, it can be divided into two security areas: external services and campus services. Compared with the servers in the campus intranet, the servers placed in the external server area belong to the high-risk area, so the communication between the external server area and the campus intranet must be controlled. In addition, the security of various application servers in the campus network is also different. In order to prevent the invaded server from becoming a "broiler" and further attacking other servers, it is necessary to implement isolation between servers. The requirements of the server security zone are:

Server isolation. Port access control. Set the DMZ area. Antivirus. Vulnerability scanning. Patch upgrade. Establish a log server. At present, there is no special information server to collect logs of various network devices for post-audit and traceability. If you want to view the logs of network equipment, you must access the query through the interface provided by the equipment, which is relatively troublesome. Therefore, establishing a log server and auditing the log server regularly can find security risks in time and put an end to security loopholes.

Eliminate security vulnerabilities

Host security area

The security threats brought by each client in the campus network are mainly viruses and trojans, which can be used as access points of the campus network and pose a threat to the campus network. The main requirement of the host security zone is to install network security software, such as antivirus software, desktop firewall software, vulnerability scanning tools and patch upgrade software, so as to ensure the security of accessing the host as much as possible.

Ensure the security of the host.

Other safety requirements

Safety of transmission lines. The physical location of campus network transmission line must be far away from data signal interference sources such as electromagnetic interference and radiation interference. (For example, China Mobile in the east and China Unicom's dual stations). Safe transmission of campus network cable. Corresponding detection methods must be adopted to reduce data interception, theft, QoS degradation and deception in transmission lines. Strengthen the management of network maintenance personnel. Configure access control system and monitoring system, enhance the safety of related facilities, manage the personnel entering the computer room (such as swiping campus cards), and establish a log of access records of the computer room.

Investigate the present situation of campus network. Through the network security assessment method based on expert scoring, the risk assessment of campus network is carried out, and the result shows that campus network security is in a high-risk state. In view of the security situation and exposed security problems of campus network, the campus network is divided into five areas: network edge security area, core convergence security area, access layer security area, server group security area and host security area through topological structure, and the security requirements are analyzed respectively. Finally, other security requirements are supplemented, and finally the security requirements of the campus network are improved.

How to maintain campus network security 2 Campus network is divided into intranet and extranet, that is to say, you can access the school intranet or Internet at the same time. College students usually play games and shop, and the school itself has its own servers to maintain.

In the big environment, firewall equipment should be installed between the campus network and its Internet access point to prevent external attacks, and it should be updated frequently to resist external attacks.

In order to protect the security of all users of the campus network, we should strengthen the security. Besides the firewall, we should also add anti-virus intrusion detection devices such as ips and ids to analyze and detect external data to ensure the security of the campus network.

Protective measures should be taken both outdoors and indoors. Because some students' computers may be taken home or infected outside, vlan isolation should be set on the internal core switch, and security devices should be hung to detect and protect the ports.

There may be ddos attack or arp virus spread in the intranet, so we need to install anti-virus software on the server or computer, especially the school server system, to protect the safety of important computers;

For the server itself, we need to ensure the system security of the server version, often fix vulnerabilities and update security software. Ordinary computers usually dial-up the Internet. If there is abnormal upper-level equipment monitoring, it will generally not affect other computers. Take safety precautions and plan ahead.

How to maintain campus network security 3 campus network security and preventive measures

Campus network security and preventive measures The purpose of campus network construction is to serve teaching, scientific research and management, and its construction principles are nothing more than advanced, practical, high performance, openness, expansibility, maintainability and operability, but most people ignore the network security or pay insufficient attention to it in the process of building campus network. According to the statistics of the Federal Bureau of Investigation, the economic loss caused by network security problems in the United States is as high as $7.5 billion every year, and an Internet computer intrusion occurs every 20 seconds on average in the world. In China, the losses caused by hackers and computer viruses to enterprises every year are shocking. While enjoying the advantages of network, people pay more and more attention to network security. Because the school is a place centered on teaching activities, network security also has its own characteristics.

Mainly manifested in:

1. Spread bad information. After the campus network is connected to the Internet, both teachers and students can access the Internet on their own machines through the campus network. At present, all kinds of information on the Internet are mixed, and websites related to pornography, violence and cult content are flooded. These toxic information violate human moral standards and relevant laws and regulations, and do great harm to students whose world outlook and outlook on life are forming. If security measures are not good, some students will not only visit these websites, but also spread this information on campus.

2. The harm of virus. Viruses spread through the network are incomparable in speed, destructiveness and scope. Especially after the school is connected to the Internet, it opens the door for external viruses to enter the school, and downloaded programs and emails may contain viruses.

3. Illegal visit. There are not many secrets involved in the school, and it is less likely that the outside world will illegally obtain them. The key is illegal entry from the inside. Some students may get the answers to exercises through abnormal means, which makes normal teaching exercises meaningless. What's more, some students may get the exam content before the exam, which seriously undermines the management order of the school.

4. Malicious destruction. This includes destroying network equipment and network systems. Network devices include servers, switches, hubs, communication media, workstations, etc. They are distributed all over the campus and are very difficult to manage. Some people may damage them intentionally or unintentionally for various purposes, which will lead to the complete or partial paralysis of the campus network. On the other hand, it uses hacker technology to destroy the campus network system. The concrete manifestations are as follows: modifying the home page of the school website and destroying the school image; Sending a lot of information to the server will paralyze the whole network; Use the school forum to forward all kinds of illegal information.