摘要
根据园区网络拓扑结构图提出不同层次的安全解决方案及网络安全认证措施。接入层基于不同部门划分,同时对S2150G的每个端口进行最大连接数设置,并绑定用户的MAC和IP地址,防止网络内部的恶意欺骗和攻击。若某一端口发生违例时间,则自动关闭该端口。汇聚层利用IP扩展访问控制列表实现对应用服务的访问限制。核心路由器上主要配置访问控制列表ACL的出栈应用。
The resolve project of computer region-network security and network security certificates on different levels, which based on the networks topology of computer region-network. The classification of access layer is based on the different department. Meanwhile, in order to prevent the malicious cheat and attacks from inner network, sets the maximal connection numbers of each port of S2150G, also binds the IP address and MAC address of users. When there is a violation, the port will be closed automatically. The aggregation layer uses the IP extend access control list to implement the access control. The main allocation access of core router controls the stack out of ACL.
出处
《兵工自动化》
2007年第4期53-55,共3页
Ordnance Industry Automation
关键词
园区网
内网
安全设置
权限认证
Region-network
Intranet
Security setting
Authority authentication
