多网融合下高校内网安全建设实践  被引量：1

作　　者：孔秀平 KONG Xiuping(Department of Information Center,Yangzhou Polytechnic Institute,Yangzhou 225127,Jiangsu,China)

机构地区：[1]扬州工业职业技术学院信息中心,江苏扬州225127

出　　处：《昆明冶金高等专科学校学报》2023年第6期39-45,共7页Journal of Kunming Metallurgy College

摘　　要：万物智联背景下,高校有线、无线、物联网多网并存已成常态,高校数字化的快速推进促使“多网融合”进入了实施快车道。然而,如何将网络进行合理规划与融合,减少运营及管理成本,同时确保在融合后实现整个网络的访问控制,以维护网络的安全性,这已经成为一个全新的挑战。鉴于这一背景,提出了一种“多网融合”方案来应对这一挑战。方案强调了网络的自主运营,以确保校园用户能够以受控和可管理的方式访问网络;采用一张物理网络承载有线、无线及物联网流量,同时按业务细分网络地址,采取灵活的多重认证和内网分域隔离等技术手段,实现全网不同用户及业务间权限最小化互联互通。以扬州工业职业技术学院为研究对象,对方案进行了实践,成功实现了该校园的多网安全融合,同时保证了对访问权限的管控。实际应用结果显示,所提出的方案有效且具有普适性。In the context of the Internet of Things,the coexistence of multiple networks,including wired,wireless,and IoT,has become the norm in colleges.The rapid advancement of digitalization in higher education has accelerated the swift implementation of“multi-network convergence”.However,the challenge lies in how to strategically plan and merge these networks to reduce operational and management costs.Moreover,ensuring network security by effectively controlling access across the entire network post-convergence has emerged as a new challenge.In light of these considerations,this paper introduces a“multi-network convergence”solution to address these challenges.This approach is predicated on the notion of self-operating networks,enabling controlled and manageable access for campus users.It employs a single physical network to carry wired,wireless,and IoT traffic while segmenting network address ranges based on business requirements.Flexible techniques such as multi-factor authentication and intranet subdomain isolation are implemented to achieve minimal interconnectivity of permissions among diverse users and services across the entire network.Taking Yangzhou Polytechnic Institute as a case study,the proposed solution was practically implemented,successfully achieving the secure convergence of multiple networks on the campus while maintaining control over access permissions.The results of this practical application demonstrate the effectiveness and universality of the proposed method.

关 键 词：高校 多网融合 认证 防火墙 

分 类 号：TN393.08[电子电信—物理电子学]