Status campus network
校园网作为学校的重要基础设施,在教学,研究,管理和×××方面发挥着重要作用。随着应用程序的深入和用户规模的不断扩大,校园网络上的各种数据急剧增加。互联网上的用户数量,带宽和计算机数量稳步上升。出现了各种典型的网络安全问题。管理的难度越来越难以实现网络的可管理目标。例如,用户可以随意修改自己的IP地址来扰乱普通的互联网用户,ARP病毒和***难以控制,学校网络出口带宽被P2P和网络视频应用过度滥用,校园网用户很难接入网络,网络收取费用,管理效率低。用户数难以统计,用户的在线行为不受控制,在线记录无法有效保存,校园卡应用需要加深。
另外,根据教育部《关于进一步加强高等学校校园网络管理工作的意见》,《新疆维吾尔自治区信息化促进条例》,《新疆师范大学校园网络安全管理办法》等精神,根据自治区教育厅,公安厅,市公安局网络监督办公室,实施网络实名认证系统,校园系统在线行为审计与监控等相关网络安全要求,加强校园网管理,提高校园网服务水平,实现校园网“可管理,可控”,确保校园网络和信息安全,确保校园网络健康有序发展,进一步为教师和学生提供稳定可靠的互联网接入环境迫在眉睫。Equipment manufacturers and end the test case selection
为了有效地解决上述问题,我们花了将近一年的时间在提供在线行为监控和审计系统的制造商:杭州华三,北京网康技术,深圳深度技术,以及提供认证计费供应商的计费系统:北京城市时讯公司的城市热点计费系统,管理人性化,服务响应能力,技术研发实力,系统集成能力和未来扩展方面我们的学校的功能经过严格的测试,通过中心技术人员的努力和不断的努力以及制造商的密切合作,Wiradius计费系统+瞻博BRAS设备+网康行为审核系统最终被确定为当前和未来校园的解决方案我们学校的网络安全。校园网络可以管理和控制目标解决方案。Implementation of the road
为了有效解决我校现有校园网存在的问题,有效提高网络运营管理,服务质量和服务效率,信息管理中心充分利用现有网络环境和网络设备,掌握了大量的测试经验。在仔细分析和认真研究的基础上,提出了以下实施方案:1. Online behavior audit and monitoring systems deployed on the export of dual-link school record and review the online process station users.
2. Based on the original campus network, dormitory area through a combination of technology and Qinq PPPoE. The BRAS (Broadband Access) server and the RADIUS server is used for the average user to achieve a PoE network campus network access, to achieve real-name authentication. Combined charging system, a charging control station network; binding behavior of audit monitoring system, real-time recording and monitoring of user online behavior audit.
3. In view of users in the teaching area and the home area of relative stability and strong user a sense of security in the region (including the electronic reading room, computer room) real-name WEB authentication or client authentication, user can quickly access the Internet.
4. For a private network (such as finance, private network card, security systems, etc.), will continue to use the original mode, private network dedicated to ensuring that users of Internet access quality and maintain the integrity of the existing network structure.
Principle 5. campus network users to implement pay the deposit fee network, the network for free and pay access charge on the network, providing the campus card credit card payment, payment methods deposit machine rings, etc., online self-service payments, in order to improve the user access to the network. Network, network disconnection and reporting efficiency can improve the efficiency and quality of service.
6. Adoption of the linkage authentication and billing systems and online behavior monitoring and auditing systems, and online behavior monitoring and auditing system and Xi'an trusted authentication system linkage, to achieve design school online behavior monitoring and double outlet link. Users can implement content filtering and application. Control, bandwidth management, Web filtering, traffic analysis, monitoring, design and other functions, to achieve online behavior management, make the network to be controlled.
Feasibility Analysis
1. A more complete existing network environment
Currently, two quarters prior campuses redundant cable, a conventional network access successfully can handover to the access PPPOE manner, both can coexist simultaneously, network failure. Switching convenient. School egress link specification, easy device deployment and integration.
2. access technology is mature, easy, highly integrated
PoE access technology as an effective user access and authentication solutions, since 2003 has been widely used in China's major network operators and universities, high PoE access authentication, client deployment simple, without a third party. software. PoE access authentication gateway authentication and accounting systems and audit monitoring system behavior linked together. Authentication can be carried out once, the entire network is released, and at the same time record gathering real-name authentication information of the user, and the user's online behavior in real-time record.
3. Advanced technology, leadership and excellent scalability
Newsletter BARS network device (broadband router) not only meets the requirements of the switcher VLAN management, but also to meet the isolation requirements of the PoE port access, and advanced technology. It has good links with the billing system, the industry leader. Wiradius billing systems, network health monitoring Internet behavior auditing system deployment flexibility, manufacturers have continued strong development capabilities, as well as excellent upgrade feature. Further, the systems support IPv6, the convenience of CNGI (NGI) transition.
Effect after the implementation of the program
1. Completely solve ARP *** and IP address allocation
ARP *** and IP address assignment and other issues has been the campus network management and operations problems, there is no effective solution. On the other hand, PoE prevent access ARP ***. On the other hand, IP addresses PoE access authentication solves the problem of users assigned IP address management.
2. an effective solution to the user access to the network, payment management and other issues, improve the efficiency of users access the network, user-friendly online update at any time and update the machine. At the same time, you can expand the campus card use efficiency, increase user awareness of the use of the card, effectively solve the cash problem link. And the trouble, such as change, counterfeit currency, and so on.
3, effective solution to the campus network operation and management issues, such as user network access fees, suspend network, network management, to avoid the problems caused by artificial management, improve service quality and efficiency.
4. The user-friendly query Internet access charges, increase the transparency of tariffs to use, easy to implement school network tariff management systems.
5. Real-time understand the students' online habits, master students of online behavior. Audit monitoring system and identity authentication and accounting system through the network of health behavior of organic integration, students can understand the students in real-time online availability and online behavior, which can control and manage the network, network traffic to prevent abuse, to guide students in online behavior.
6. laid the foundation for the expansion of ease of use and campus networks
User accounts can roam between multiple campus and all areas of the campus, the campus network users can access anytime, anywhere, and provide flexible access to wireless campus network users, enabling wireless PPPoE verify the identity of the campus visit. Compared with conventional wireless LAN mode, it is more secure, completely eliminates unauthorized access, ensure the campus network and information security. Well above the system supports IPv6 Features, campus network has laid a good foundation for the overproduction of the Internet.
-------------------------------------------------- ----------
Wiradius user authentication and accounting management system, using the international standard RADIUS protocol as the basic support, can achieve certification to provide VOIP telephone, Internet access, instant messaging, e-commerce sites, accounting, roaming, virtual billing services. Newsletter by the Beijing Science and Technology Co., Ltd. developed the travel network!