一个利用CISCO设备的企业防火墙优化技术的研究与实现

 2023-03-17 10:29:38

论文总字数:17516字

摘 要

互联网诞生以来,在网络被攻击的频率和网络攻击的专业化程度越来越高的前提下,网络安全防卫技巧方法也得到了不断重视和加强。接踵而至的个人计算机的普及,防火墙设备及其技术也被普及开来。个人计算机中的防火墙不需要特定的网络设备,而是借助软件,将个人计算机和公共网络隔离开来,根据事先设定好的条件,防火墙两侧的数据包都经过防火墙的过滤,防火墙决定是拦截该数据包还是放行。

不论一个企业规模是大是小,互联网对其的重要性不言而喻。而一个企业的网络不仅仅如个人网络一样简单,不同于个人计算机的防火墙的成本低廉,效果有限。企业网络在给企业业务带来方方便的同时,也给企业带来了新的威胁。

这些威胁主要体现在大量病毒,间谍软件或者人为编写的恶意代码在网络中的传播;邮件服务器接收来互联网的大量无效的携带病毒和恶意软件的邮件,造成有限的带宽资源被占用,导致员工的工作效率降低;钓鱼网站或者诈骗信息,甚至更为高级的间谍软件进入造成企业内部成员或者企业内部资料被盗取,甚至导致部分服务中断,影响公司业务地正常进行。

思科ASA防火墙结合防火墙集成路由器和软硬件结合防火墙,使企业摆脱了购买专用设备带来的公司的高管理、操作、维护负担。iOS防火墙功能集基于集中解决威胁、ACL过滤、自适应安全算法(ASA)等技术手段,为客户提供一体化解决方案

关键词:ASA防火墙;ACL控制访问;all-in-one solution (集成解决方案)

Enterprise Firewall CISCO equipment optimization

Abstract

After the birth of the Internet, cyber attacks are increasingly frequent and professional process, network security protection technology also has been strengthen. With the popularization of personal computers, the firewall was popularized. Personal firewall does not require a specific network device on your computer, but with software, personal computer and isolated from public networks, under the conditions set in advance, packets through the firewall to filter on both sides of the firewall, the firewall decide if the packet is intercepted or release.

Whether an enterprise is large scale is small, the Internet on its importance is obvious. An enterprise"s network is not as simple as personal network, unlike low cost personal computer firewall, the effect is limited. Enterprise networks bring convenience to the business at the same time, also poses a new threat to the enterprise.

These threat main reflected in large virus, spy software or human prepared of malicious code in network in the of spread; mail server received to Internet of large invalid of carry virus and malicious software of mail, caused limited of bandwidth resources was occupied, led to employees of efficiency reduced; fishing website or fraud information, even more senior of spy software into caused enterprise internal members or enterprise internal information was steal, even led to part service interrupted, effect company business to normal for.

Cisco ASA firewall router with integrated firewall and software and hardware firewall, allow enterprises to get rid of because of the high purchase special equipment to bring the management, operation, maintenance burden. Focus on this threat on the basis of the IOS Firewall Feature Set, and ACL filtering and Adaptive Security algorithm (ASA) by means of technology, to provide customers with integrated solutions.

Keywords : ASA firewall ; Access Control List ; all-in-one solution

目录

第一章绪论 2

1.1论文背景 2

第二章各大防火墙介绍 4

2.1天融信网络卫士防火墙4000-UF 4

2.2 Cisco Secure PIX-525-R-BUN 4

2.3 华为USG-6500防火墙 6

2.4 Juniper的初学级防火墙NetScreen-5系列 7

2.5 Cisco ASA防火墙 7

第三章Cisco ASA防火墙功能概述 9

3.1安全策略概述 9

3.1.1允许或拒绝流量与访问列表 9

3.1.2应用NAT 9

3.1.3使用chap认证通过 11

3.1.4应用QoS策略 12

3.2防火墙模式概述 13

3.3状态监测概述 15

第四章Cisco ASA 5500系列配置示例 17

4.1 VPN 17

4.1.1配置DHCP地址 17

4.1.2 VPN负载均衡 18

4.2 NAT 19

4.3 ACL 20

4.4 CISCO ASA 防火墙的健状态调试 20

第五章防火墙简单实验的模拟 22

5.1实验一:基于标准访问列表的防护 22

5.1.1 实验拓补图 22

5.1.2实验步骤 22

5.1.3实验现象和目的 24

5.2实验二:利用VPN实现远程数据包的交流 25

5.2.1 实验拓补图 25

5.2.2实验步骤 25

5.2.3实验现象和目的 26

第六章论文小结 27

致谢 28

参考文献 29

附录 30

附录1.2实验二配置 30

第一章绪论

1.1论文背景

经济全球化的时代背景下,互联网以不可想象的速度在全球快速扩张。而它的神奇之处在于,互联网没有因为宗教,肤色,人种,文化的差异在全球进行化界。特别是在支付宝,微信等平台上新型交易形式的出现,在某些邻域逐渐体现出比现实流通货币更加具有优势的今天,网络的安全性不言而喻。

剩余内容已隐藏,请支付后下载全文,论文总字数:17516字

您需要先支付 80元 才能查看全部内容!立即支付

该课题毕业论文、开题报告、外文翻译、程序设计、图纸设计等资料可联系客服协助查找;