【文章內(nèi)容簡介】 eases puter virus and so on. This cause data security and own benefit have received the serious threat. According to American FBI (US Federal Bureau of Investigation) investigation, the network security creates the economic loss surpasses 17,000,000,000 dollars every % corporation report finance loss is because the puter system security problem creates. More than 50% safe threat e from inside. But only 59% loss could be possible estimate. In China, the economic loss amount in view of financial domain and the bank, negotiable securities puter system security problems creates has reached as high as several hundred million Yuan, also sometimes occurs in view of other profession network security threat. Thus it can be seen, regardless of is the mean attack, or unconscious disoperation, will all be able to bring the inestimable loss to the system. Therefore, the puter network must have the enough strong security measure. Regardless of is in the local area network or in WAN, the network security measure should be Omnidirectional in view of each kind of different threat and the vulnerability, so that it can guarantee the network information’s secrecy, the integrity and the usability. Second, network security rationale. International Standardization Organization (ISO) once suggested the puter security the definition was: “The puter system must protect its hardware, the data not accidentally or reveals intentionally, the change and the destruction.” In order to help the puter user discrimination and the solution puter network security problem, the American Department of Defense announced “the orange peel book” (orange book, official name is “credible puter system standard appraisal criterion”), has carried on the stipulation to the multiuser puter system security rank division. The orange peel book from low to high divides into the puter security four kinds of seven levels: D1, C1, C2, B1, B2, B3, all,D1 level does not have the lowest safety margin rank, C1 and the C2 level has the lowest safety margin rank, B1 and the B2 level has the medium safekeeping of security ability rank, B3 and A1 belongs to the highest security rating.In the network concrete design process, it should act according to each technology standard, the equipment type, the performance requirement as well as the funds which in the network overall plan proposed and so on, the overall evaluation determines one quite reasonably, the performance high network security rank, thus realization network security and reliability.Third, the network security should have function. In order to adapt the information technology development well, the puter network application system must have following function:(1) Access control: Through to the specific webpage, the service establishment access control system, in arrives the overwhelming majority attack impediment in front of the attack goal.(2) Inspects the security loophole: Through to security loophole cyclical inspection, even if attacks may get the attack goal, also may cause the overwhelming majority attack to be invalid.(3) Attack monitoring: Through to specific webpage, service establishment attack monitoring system, but realtime examines the overwhelming majority attack, and adopts the response the motion (for example separation network connection, recording attack process, pursuit attack source and so on).(4) Encryption munication: Encrypts on own initiative the munication, may enable the aggressor to understand, the revision sensitive information.(5) Authentication: The good authentication system may prevent the aggressor pretends the validated user.(6) Backup and restoration: The good backup and restores the mechanism, may causes the losses when the attack, as soon as possible restores the data and the system service.(7) Multilayered defense: The aggressor after breaks through the first defense line delays or blocks it to reach the attack goal.(8) Sets up the safe monitoring center: Provides the security system management, the monitoring, the protection and the emergency case service for the information system.Fourth, the network system safety prehensive solution measures. If want to realize the net