【摘要】：近年來,通信網(wǎng)絡(luò)技術(shù)正處于高速發(fā)展期,基于這些技術(shù)的各種業(yè)務(wù)不斷涌現(xiàn),使得人們對網(wǎng)絡(luò)帶寬及速率提出了更高的要求。接入網(wǎng)位于電信網(wǎng)的邊界,其傳輸數(shù)據(jù)的速率直接制約著整個網(wǎng)絡(luò)的傳輸速率,因此,接入網(wǎng)的發(fā)展成為滿足人們需求的重要環(huán)節(jié)。 當前,最常用的寬帶接入技術(shù)包括使用普通市話電纜的銅線接入網(wǎng)(xDSL)技術(shù),混合光纖與同軸電纜的接入技術(shù)(HFC),光纖接入PON技術(shù)以及無線接入的WLAN技術(shù)等。各種接入方式層出不窮,為人們接入網(wǎng)絡(luò)進行學(xué)習(xí)、工作和娛樂提供了更多選擇。然而,人們在享受其帶來的巨大便利的同時,也正遭受著其所帶來的新的安全挑戰(zhàn)。當前,接入網(wǎng)中存在的安全問題可以分為以下幾類：非法用戶的接入問題；非法報文和惡意報文傳送的問題；以及竊聽、偽裝、拒絕服務(wù)攻擊等。為了解決這些問題,人們采用身份認證、數(shù)據(jù)加密、部署網(wǎng)絡(luò)安全設(shè)備以及VPN等方式對這些問題進行解決。但就目前的一些解決方案來看,仍然存在網(wǎng)絡(luò)管理和維護成本高、難度大,網(wǎng)絡(luò)負載不均衡等問題。 為了解決這些問題,本文首先對傳統(tǒng)接入網(wǎng)中的安全解決方案進行了歸納和總結(jié),詳細分析其組網(wǎng)方式、所使用的安全技術(shù)及其應(yīng)用場景,確定各種解決方案能夠解決的問題和仍存在的問題。 然后,針對這些未解決的問題,結(jié)合SDN新型網(wǎng)絡(luò)架構(gòu)的特點及其相關(guān)技術(shù),從安全組網(wǎng)的角度,使用現(xiàn)有的安全機制,提出新的解決方案。并從設(shè)計思想、數(shù)據(jù)流的處理策略方面對該方案進行詳細介紹。 最后,針對企業(yè)網(wǎng)／校園網(wǎng)的應(yīng)用場景,對新的解決方案進行實例化,即為基于SDN的IPS部署方案。在對該實例的數(shù)據(jù)流處理策略和流程進行介紹之后,利用OpenFlow控制器、交換機及入侵防御系統(tǒng)搭建實驗環(huán)境,驗證了該方案的可行性。
[Abstract]:In recent years, the communication network technology is in a period of rapid development, and various services based on these technologies are constantly emerging, which makes people put forward higher requirements for network bandwidth and speed. The access network is located at the boundary of the telecommunication network, and the transmission rate of the data directly restricts the transmission rate of the whole network. Therefore, the development of the access network has become an important link to meet the needs of the people. At present, the most commonly used broadband access technologies include copper wire access network (xDSL) using ordinary local telephone cables, hybrid optical fiber and coaxial cable access technology, (HFC), fiber access PON technology, wireless access WLAN technology and so on. Various access methods emerge in endlessly, providing more choices for people to access the network to study, work and entertainment. However, while enjoying the great convenience, people are also facing new security challenges. At present, the security problems in access network can be divided into the following categories: access problem of illegal users; the problem of illegal message and malicious message transmission; and eavesdropping, camouflage, denial of service attack and so on. In order to solve these problems, identity authentication, data encryption, deployment of network security devices and VPN are used to solve these problems. However, there are still some problems in network management and maintenance, such as high cost, high difficulty and unbalanced network load. In order to solve these problems, the security solutions in traditional access network are summarized and summarized in this paper, and the networking methods, the security technologies used and their application scenarios are analyzed in detail. Identify problems that can be solved and problems that still exist in various solutions. Then, according to these unsolved problems, combined with the characteristics of the new SDN network architecture and its related technologies, from the point of view of secure networking, using the existing security mechanism, a new solution is proposed. And from the design idea, the data stream processing strategy aspect carries on the detailed introduction to this scheme. Finally, the new solution is instantiated for the application scenario of the enterprise network / campus network, that is, the IPS deployment scheme based on SDN. After introducing the data flow processing strategy and flow of this example, the feasibility of the scheme is verified by using OpenFlow controller, switch and intrusion prevention system to build the experimental environment.
【學(xué)位授予單位】：北京郵電大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2014
【分類號】：TN915.6

【參考文獻】

相關(guān)期刊論文 前1條

1 郎為民;焦巧;蔡理金;;寬帶無線接入(BWA)技術(shù)研究[J];郵電設(shè)計技術(shù);2009年08期

，

本文編號：2406861