中小型企业网络安全问题探究分析

学科类：计算机科学与技术学号：********** 学校代码：13421 密级：

2015届本科生毕业论文中小型企业网络安全问题探究

学院：信息学院

专业：网络工程

*名：***

指导教师：**

职称：副教授

答辩日期：二〇一五年月

毕业论文诚信声明

本人郑重声明：

所呈交的毕业论文《中小型企业网络安全问题探究》是本人在指导老师的指导下，独立研究、写作的成果。论文中所引用是他人的无论以何种方式发布的文字、研究成果，均在论文中以明确方式标明。

本声明的法律结果由本人独自承担。

作者签名：

指导教师签名：

年月日

摘要

随着计算机和网络技术应用的发展，世界各国已进入信息时代。信息化建设还使企业的发展速度加快，提高企业和社会的高速发展也带来了许多网络安全问题。常见的安全问题在企业网络中的应用和内部网络的主要障碍的发生，实现企业信息。

现在很多的网络设备制造商和行业专家已经提出了各种网络安全防护技术来增强

网络的安全防护等级，但中小企业，考虑到企业经营的资金承受能力，消耗大量的人力，物力来提高整个网络的水平是不现实的，因此，研究如何充分利用现有的网络设备来提高企业信息网络的安全防护水平，最经济安全的方法和技术来使风险降到最小，这些需要探讨并且解决的问题都有重要的现实价值和意义。本文的主题，结合当前先进的信息网络安全理论和工作实践经验，实际的网络安全，对中小企业原有的信息网络安全管理系统进行了优化，升级和转型的部署，加强中小企业网络安全管理。

首先，网络信息安全和家庭的研究现状和国外的概念的内涵说明;企业信息网络安全状况和安全要求都进行了详细解析，同时也结合企业信息网络安全当前状况，依据目前发达的信息网络安全理论和网络安全技术，提出了解决信息安全的设计方案，网络优化安全系统的升级和改造，设计框架：企业网络资源和网络上的安全问题的需要合理的整合，例如调配安全技术方面的结构和安全控制上的结构，对原有的信息网络安全系统的改变，重新配置安全技术装备，完成了新系统的设计和部署信息网络安全控制系统。优化，改进的方面包括：调整安全界限，划分了多个DMZ区：改进后的配置VPN，防火墙系统，SSL认证审核系统，入侵检测系统，增强网络水平安全问题建造和改善安全管理问题的组织，安全防护人员需要责任制，优化和标准化。本报告的操作实践中，企业安全问题管理控制系统的提出，可以满足企业的网络安全信息管理需要，使企业信息网络安全安全系统改善，分层安全防护达到了信息网络的预期的安全性和集中控制的目的。

【关键词】信息网络安全信息网络安全技术管控系统

Abstract

With the development and application of computer and network technology, the world has entered the information era. Informatization construction is also injected new vitality for the development of enterprises, improve the sustainable development of enterprises and the society also brought many network security problems. Common security issues in the main obstacle in the enterprise network application and network occurs, the implement of enterprise information.

Now a lot of network equipment manufacturers and industry experts have proposed a variety of network security protection technology to enhance the level of security of the network, but the small and medium-sized enterprise, to take account of the business financial capacity, consume a large amount of manpower, material resources to enhance the network level is not realistic, therefore, study how to make full use of network the existing equipment to improve the level of security of enterprise information network, method and technology of the economic risks to the minimum, to explore these issues have important practical significance and value. The theme of this paper, combined with the current advanced information network security theory and practice experience, network security practice, to the small and medium-sized enterprise information network security management system for the original optimization, upgrading and transformation of the deployment, small and

medium-sized enterprises to strengthen network security management.

Firstly, the connotation of the concept of network information security and the research situation at home and abroad are described; the information network security situation and security requirement of enterprise are analyzed; combined with the current status of enterprise and safety technology, puts forward the design scheme of information, network optimization safety system upgrade and transformation and design framework: for enterprise resource network and security for a reasonable integration, adjust the security technology architecture and security control architecture; optimization, upgrading and transformation of the original information network security system, Optimization, upgrade and reform projects include: the security of regional was re divided, adjust the security boundary, the addition of the DMZ zone: the upgraded configuration VPN, SSL certification audit system, firewall system, intrusion detection system, improve the level of network security; establish and improve the safety organization, safety protection personnel responsibility system, optimization and standardization of safety management of enterprises. The operation practice, safety management and control system in this research is designed to meet the information network security management demands of enterprises, realize the enterprise information network security protection system upgrade, hierarchical safety protection reached the safety of information network and centralized control of the expected effect.