【正文】 2020 屆本科畢業(yè)論文 信息網(wǎng)絡(luò)平臺(tái)安全防護(hù)技術(shù) 系 院：計(jì)算機(jī)科學(xué)系 學(xué)生姓名： 學(xué) 號(hào)： 專 業(yè)：計(jì)算機(jī)科學(xué)與技術(shù) 年 級(jí)： 2020 級(jí) 完成日期： 2020 年 5 月 指導(dǎo)教師： 摘要 I 摘 要 網(wǎng)絡(luò)安全問(wèn)題越來(lái)越引起世界各國(guó)的嚴(yán)密關(guān)注，隨著計(jì)算機(jī)網(wǎng)絡(luò)在人類生活各個(gè)領(lǐng)域的廣泛應(yīng)用，不斷出現(xiàn)網(wǎng)絡(luò)被非法入侵，重要資料被竊取，網(wǎng)絡(luò)系統(tǒng)癱瘓等嚴(yán)重問(wèn)題，網(wǎng)絡(luò)、應(yīng)用程序的安全 漏洞越來(lái)越多 ,各種病毒泛濫成災(zāi)。這一切，已給各個(gè)國(guó)家以及眾多商業(yè)公司造成巨大的經(jīng)濟(jì)損失，甚至危害到國(guó)家安全，加強(qiáng)網(wǎng)絡(luò)安全管理已刻不容緩，而網(wǎng)絡(luò)安全的重點(diǎn)在于網(wǎng)絡(luò)防護(hù)技術(shù)。 本文第二三章節(jié)先從物理安全、網(wǎng)絡(luò)結(jié)構(gòu)、系統(tǒng)安全、應(yīng)用系統(tǒng)安全等方面分析了網(wǎng)絡(luò)安全方面的隱患，然后介紹了幾種網(wǎng)絡(luò)安全防護(hù)技術(shù)以及其優(yōu)缺點(diǎn)。其中最為有效、方便和應(yīng)用最為廣泛的是防火墻技術(shù)， 防火墻技術(shù)的核心思想是在不安全的網(wǎng)際環(huán)境中構(gòu)造一個(gè)相對(duì)安全的子網(wǎng)環(huán)境。 文章在第四章節(jié)中詳細(xì)介紹了防火墻的基本構(gòu)件、分類和功能， 討論了實(shí)現(xiàn)防火墻的兩種主要技術(shù) 手段：一種是基于分組過(guò)濾技術(shù) (Packet filtering)，它的代表是在篩選路由器上實(shí)現(xiàn)的防火墻功能；一種是基于代理技術(shù) (Proxy)，它的代表是在應(yīng)用層網(wǎng)關(guān)上實(shí)現(xiàn)的防火墻功能。分析了常用防火墻的設(shè)計(jì)策略和需要注意的問(wèn)題，對(duì)現(xiàn)有防火墻的不足之處進(jìn)行了分析。在第五章節(jié)中 ,結(jié)合上文討論提出了本人對(duì)現(xiàn)代網(wǎng)絡(luò)安全防護(hù)方面的個(gè)人見(jiàn)解 ,網(wǎng)絡(luò)安全防護(hù)要有全程防護(hù)的觀念 ,要有一個(gè)反應(yīng)快速的防護(hù)體系 ,要有一個(gè)全面的管理機(jī)制 ,要有建立一個(gè)數(shù)據(jù)容災(zāi)系統(tǒng)。 關(guān)鍵詞： 網(wǎng)絡(luò)安全；防火墻；分組過(guò)濾技術(shù)；數(shù)據(jù)包過(guò)濾 Abstract II Abstract Network security problem has got more and more country’s close attention around the world. With the Inter’s wide use in various field, the figure of the security problems that gradually emerging being more and more large, swamping with all kinds of viruses. For example, illegal intrusion, theft of important information and paralysis of work. All this has been to various countries, as well as many mercial panies have enormous economic losses, and even endangers the national security. It’s the very time to strengthen the work security management, but the work security key point lies in the work protection technology. The this article second and third chapters from aspects and so on physical security, work architecture, system safety, application system security have first analyzed the work security aspect hidden danger, then introduced several kind of work security protection technology as well as its good and bad points. In which most is effective, convenient and applies widely is the firewall technology, the nuclear idea of firewall technology is to construct a relatively safe environment of the subwork in the general unsafe environment. The article introduced the firewall basic ponent, the classification and the function in detail in the fourth chapter, and discussed the two main types of firewall techniques: one is based on the Packet filtering technology (Packet filtering), which is represented by the screening router firewall implementation function。 agent technology is based on a (Proxy), its representative is the function of the firewall implementation that realized in the application layer gateway. Has analyzed the question which the monly used firewall design strategy and needs to pay attention, has carried on the analysis to the existing firewall deficiency. In the fifth chapter, the union preceding text discussion proposed myself to the modern work security protection aspect individual opinion, the work security protection must have the idea which the entire journey protects, must have a response fast protection system, must have a prehensive management mechanism, must have establishes a data to acmodate the disaster system. Abstract III Key words : Network security。 Firewall。 Grouping filtration technology。 Data packet filtration 目錄 IV 目 錄 1 緒論 .............................................................. 1 背景 .......................................................... 1 信息網(wǎng)絡(luò)安全防護(hù)的現(xiàn)狀 ........................................ 1 研究信息網(wǎng)絡(luò)安全防護(hù)的目的和意義 .............................. 1 2 信息網(wǎng)絡(luò)安全方面的基礎(chǔ)問(wèn)題 ........................................ 2 網(wǎng)絡(luò)安全概述 .................................................. 2 物理安全分析 .................................................. 2 網(wǎng)絡(luò)結(jié)構(gòu)的安全分析 ............................................ 3 系統(tǒng)的安全分析 ................................................ 3 應(yīng)用系統(tǒng)的安全分析 ............................................ 3 管理的安全風(fēng)險(xiǎn)分析 ............................................ 4 3 網(wǎng)絡(luò)安全防護(hù)技術(shù)特征和優(yōu)缺點(diǎn) ...................................... 5 物理措施 ...................................................... 5 訪問(wèn)控制 ...................................................... 5 數(shù)據(jù)加密 ...................................................... 5 文檔加密技術(shù) .............................................. 5 磁盤加密技術(shù) .............................................. 6 防火墻技術(shù) .................................................... 7 數(shù)據(jù)包過(guò)濾 ................................................ 7 應(yīng)用級(jí)網(wǎng)關(guān) ................................................ 7 代理服務(wù) .................................................. 8 其他措施 ...................................................... 8 4 網(wǎng)絡(luò)安全防護(hù)中防火墻技術(shù)問(wèn)題分析及應(yīng)用策略 ........................ 9 防火墻的概念與構(gòu)成 ............................................ 9 防火墻的基本構(gòu)件和技術(shù) ....................................... 10 篩選路由器 (Screening Router)............................ 10 分組過(guò)濾 (Packet Filtering) 技術(shù) ......................... 12 雙宿主機(jī) (DualHomed Host)............................... 14 目錄 V 代 理服務(wù)和應(yīng)用層網(wǎng)關(guān) ..................................... 16 防火墻的分類 ................................................. 21 靜態(tài)包過(guò)濾防火墻 ......................................... 21 動(dòng)態(tài)包過(guò)濾防火墻 ......................................... 22 代理（應(yīng)用層網(wǎng)關(guān)）防火墻 ................................. 22 自適應(yīng)代理防火墻 ......................................... 22 防火墻的功能和技術(shù) ........................................... 23 防火墻功能概述 ........................................... 23 防火墻主要技術(shù)特點(diǎn) ....................................... 23 防火墻的設(shè)計(jì)策略 ............................................. 23 防火墻設(shè)計(jì)時(shí)需要考慮的問(wèn)題 ................................... 24 現(xiàn)有防火墻的不足 ............................................. 24 5 現(xiàn)代網(wǎng)絡(luò)安全防護(hù)方面的五點(diǎn)見(jiàn)解 ................................... 26 6 結(jié)束語(yǔ) ........................................................... 27 參考文獻(xiàn) ........................................................... 28 致謝 ............................................................... 29 緒論 1