企业内网安全研究与应用  被引量：2

作　　者：吴红星[1] 王浩[1] 

机构地区：[1]合肥工业大学计算机与信息学院,安徽合肥230009

出　　处：《计算机技术与发展》2015年第9期154-158,共5页Computer Technology and Development

基　　金：国家自然科学基金资助项目(61273292)

摘　　要：针对当前企业内网中常见的一些安全问题进行了研究,特别是针对企业无线局域网应用中遇到的新问题进行了分析,查阅相关文献发现现有研究仅在安全域层面提出对策。文中重点对企业内网中的无线网络安全进行分析研究,梳理了企业内网中无线网络建设与使用风险方面的几种类型,找出潜在风险,提出了以网络建设的基础规范为切入点,从根本上解决无线网络安全中的一系列问题,实现企业有线网络、无线网络以及有线和无线混合网络的安全管理。通过精细化的网络管理,对网内IP、交换机Port、终端MAC实行实名分配和绑定,按照企业内部的功能要求,通过在核心层实现严格的VLAN划分和端口准入数配置,实行安全域的访问控制。无线接入点实行动态密码更新,MAC地址自动获取认证,IP可控分配,实现无线设备准入控制。通过行为插件激活无线热点发现来制止USB随身WIFI自建非法AP,消除对企业内网的安全威胁。并验证了解决方案的有效性。Study some security problems in the enterprise Intranet in this paper,especially about the new problems in the enterprise wire-less LAN application,found that some countermeasures are put forward only in the aspect of security domain according to existing litera-ture review research. Mainly analyze wireless network security in enterprise networks in this paper,combed several types of the enterprise Intranet wireless network construction and using risks,tried to identify potential risk,made network construction basic specification as the breakthrough point,solved a series of wireless network security problems fundamentally,realized the security management for enterprise wired network,wireless network,as well as the wired and wireless mixed network. Through intensification of network management,inter-nal network IP,interchanger port,terminal MAC are all implemented real-name allocation and binding. Implement strict VLAN division and port access number configuration in core layer,to achieve the access control security domain according to the functions of the enter-prise. Realize wireless access point dynamic password updating,MAC address automatic access authentication,IP address controlled to al-location,wireless device access control. Also through behavior plug-in to activate wireless hot spots,prohibit the USB WIFI self-built il-legal AP,eliminating network security threats to the enterprise. Also verify the effectiveness of the solution.

关 键 词：企业内网 无线网络 网络安全 实名绑定 

分 类 号：TP393.1[自动化与计算机技术—计算机应用技术]