Безопасность компьютерных сетей

Автор работы: Пользователь скрыл имя, 17 Марта 2015 в 18:18, курсовая работа

Описание работы

Компьютерные сети представляют собой вариант сотрудничества людей и компьютеров, обеспечивающего ускорение доставки и обработки информации. Наличие сетевой среды в настоящее время является необходимым условием функционирования любой структуры, и от способа ее реализации зависит деятельность всей организации. Неправильно спроектированная сеть может существенно снизить производительность сервисов и приложений, что негативно повлияет на производительность труда. Сеть обеспечивает обмен информацией и ее совместное использование (разделение).

Содержание работы

1.Введение…………………………………………………………………….......3
2.Выбор топологии сети………………………………………………………....7
3.Выбор протокола маршрутизации…………………………………………....8
4 Характеристики используемого оборудовании……..…………………….....9
5.Элементы безопасности…………………………………………………….…12
6.Сервера.………………………………………………………………………...14
7.Логическая схема………………………………………………………………23
8.Конфигурирование схемы…………………………………………………….24
9.Заключение……………………………………………………………………..47
10.Список используемой литературы………………

Скачать архив (197.56 Кб) Сколько стоит заказать работу?

Файлы: 1 файл

Курсовой проект 1.doc

— 386.50 Кб (Скачать файл)

Аутентификация

Аутентентификация и авторизация через RADIUS-сервер
Проверка учётных данных пользователя (в том числе шифрованных) по запросу обслуживаемой системы

Авторизация

Выдача состояния блокировки учётной записи пользователя
Выдача разрешения к той или иной услуге
Сортировка данных на основе анализа статистической информации (например динамическая маршрутизация) и выдача результата сортировки по запросу

Учёт

Онлайн учёт через RADIUS-сервер
Онлайн-учёт средств абонента: уведомления о начале и конце сессии со стороны обслуживаемой системы
Промежуточные сообщения о продолжении сессии (Interim-пакеты)
Автоматическое принудительное завершение действия сессии на обслуживаемой системе в рамках услуги (packet of disconnection)
BOOT message — специальный пакет, который отправляется телекоммуникационной системой на RADIUS-сервер при запуске (перезапуске) системы, с целью принудительного завершения всех сессий.

В настоящее время протокол RADIUS используется для доступа к виртуальным частным сетям (VPN), точкам беспроводного (Wi-Fi) доступа, Ethernet коммутаторам, DSL и другим типам сетевого доступа. Благодаря открытости, простоте внедрения, постоянному усовершенствованию, протокол RADIUS сейчас является фактически стандартом для удаленной аутентификации.

Логическая схема

Конфигурирование схемы

Офис 1

Multilayer Switch 0:

Building configuration...

Current configuration : 977 bytes

version 12.1

no service timestamps log datetime msec

no service timestamps debug datetime msec

no service password-encryption

hostname Switch

spanning-tree mode pvst

interface FastEthernet0/1

interface FastEthernet0/2

interface FastEthernet0/3

interface FastEthernet0/4

interface Vlan1

no ip address

shutdown

line con 0

line vty 0 4

line vty 5 15

! end

Офис 2

Multilayer Switch 1:

Building configuration...

Current configuration : 977 bytes

version 12.1

no service timestamps log datetime msec

no service timestamps debug datetime msec

no service password-encryption

hostname Switch

spanning-tree mode pvst

interface FastEthernet0/1

interface FastEthernet0/2

interface FastEthernet0/3

interface FastEthernet0/4

interface Vlan1

no ip address

shutdown

line con 0

line vty 0 4

line vty 5 15

end

Офис 3

Multilayer Switch 2:

Building configuration...

Current configuration : 977 bytes

version 12.1

no service timestamps log datetime msec

no service timestamps debug datetime msec

no service password-encryption

hostname Switch

spanning-tree mode pvst

interface FastEthernet0/1

interface FastEthernet0/2

interface FastEthernet0/3

interface FastEthernet0/4

interface Vlan1

no ip address

shutdown

line con 0

line vty 0 4

line vty 5 15

end

Офис 4

Multilayer Switch 3:

Building configuration...

Current configuration : 977 bytes

version 12.1

no service timestamps log datetime msec

no service timestamps debug datetime msec

no service password-encryption

hostname Switch

spanning-tree mode pvst

interface FastEthernet0/1

interface FastEthernet0/2

interface FastEthernet0/3

interface FastEthernet0/4

interface Vlan1

no ip address

shutdown

line con 0

line vty 0 4

line vty 5 15

! end

Офис 5

Multilayer Switch 4:

Building configuration...

Current configuration : 977 bytes

version 12.1

no service timestamps log datetime msec

no service timestamps debug datetime msec

no service password-encryption

hostname Switch

spanning-tree mode pvst

interface FastEthernet0/1

interface FastEthernet0/2

interface FastEthernet0/3

interface FastEthernet0/4

interface Vlan1

no ip address

shutdown

line con 0

line vty 0 4

line vty 5 15

! end

Офис 6

Multilayer Switch 5:

Building configuration...

Current configuration : 977 bytes

version 12.1

no service timestamps log datetime msec

no service timestamps debug datetime msec

no service password-encryption

hostname Switch

spanning-tree mode pvst

interface FastEthernet0/1

interface FastEthernet0/2

interface FastEthernet0/3

interface FastEthernet0/4

interface Vlan1

no ip address

shutdown

line con 0

line vty 0 4

line vty 5 15

! end

Multilayer Switch 6:

Building configuration...

Current configuration : 977 bytes

version 12.1

no service timestamps log datetime msec

no service timestamps debug datetime msec

no service password-encryption

hostname Switch

spanning-tree mode pvst

interface FastEthernet0/1

interface FastEthernet0/2

interface FastEthernet0/3

interface FastEthernet0/4

interface FastEthernet0/5

interface FastEthernet0/6

interface FastEthernet0/7

interface Vlan1

no ip address

shutdown

line con 0

line vty 0 4

line vty 5 15

! end

Multilayer Switch 7:

Building configuration...

Current configuration : 977 bytes

version 12.1

no service timestamps log datetime msec

no service timestamps debug datetime msec

no service password-encryption

hostname Switch

spanning-tree mode pvst

interface FastEthernet0/1

interface FastEthernet0/2

interface FastEthernet0/3

interface FastEthernet0/4

interface Vlan1

no ip address

shutdown

line con 0

line vty 0 4

line vty 5 15

! end

Роутер 1:

User Access Verification

Username: user

Password:

Router>enable

Password:

Router#sh running-config

Building configuration...

Current configuration : 1688 bytes

version 12.4

no service timestamps log datetime msec

no service timestamps debug datetime msec

no service password-encryption

hostname Router

enable secret 5 $1$mERr$3HhIgMGBA/9qNmgzccuxv0

aaa new-model

aaa authentication login default group radius none

aaa authentication login telnet group radius

ip cef

no ipv6 cef

spanning-tree mode pvst

interface FastEthernet0/0

ip address 192.168.1.1 255.255.255.0

ip helper-address 10.10.10.10

ip access-group 111 in

ip access-group 111 out

duplex auto

speed auto

interface FastEthernet0/1

ip address 10.0.0.1 255.255.255.0

duplex auto

speed auto

interface Vlan1

no ip address

shutdown

router rip

version 2

network 8.0.0.0

network 10.0.0.0

network 20.0.0.0

network 192.168.1.0

network 192.168.2.0

network 192.168.3.0

network 192.168.4.0

network 192.168.5.0

network 192.168.6.0

no auto-summary

ip classless

ip flow-export version 9

access-list 111 deny icmp any 192.168.1.0 0.0.0.255 echo-reply

access-list 111 deny icmp any 192.168.2.0 0.0.0.255 echo-reply

access-list 111 deny icmp any 192.168.3.0 0.0.0.255 echo-reply

access-list 111 deny icmp any 192.168.4.0 0.0.0.255 echo-reply

access-list 111 deny icmp any 192.168.5.0 0.0.0.255 echo-reply

access-list 111 deny icmp any 192.168.6.0 0.0.0.255 echo-reply

access-list 111 deny icmp any 8.8.8.0 0.0.0.255 echo-reply

access-list 111 permit icmp any any

access-list 111 permit ip any any

radius-server host 20.1.2.2 auth-port 1645 key secret

line con 0

password 123

line aux 0

line vty 0 4

ntp server 20.0.5.2 key 0

ntp update-calendar

end

Роутер 2:

User Access Verification

Username: user

Password:

Router>enable

Password:

Router#sh running-config

Building configuration...

Current configuration : 1688 bytes

version 12.4

no service timestamps log datetime msec

no service timestamps debug datetime msec

no service password-encryption

hostname Router

enable secret 5 $1$mERr$3HhIgMGBA/9qNmgzccuxv0

aaa new-model

aaa authentication login default group radius none

aaa authentication login telnet group radius

ip cef

no ipv6 cef

spanning-tree mode pvst

interface FastEthernet0/0

ip address 192.168.2.1 255.255.255.0

ip helper-address 10.10.10.10

ip access-group 111 in

ip access-group 111 out

duplex auto

speed auto

interface FastEthernet0/1

ip address 10.0.0.3 255.255.255.0

duplex auto

speed auto

interface Vlan1

no ip address

shutdown

router rip

version 2

network 8.0.0.0

network 10.0.0.0

network 20.0.0.0

network 192.168.1.0

network 192.168.2.0

network 192.168.3.0

network 192.168.4.0

network 192.168.5.0

network 192.168.6.0

no auto-summary

ip classless

ip flow-export version 9

access-list 111 deny icmp any 192.168.1.0 0.0.0.255 echo-reply

access-list 111 deny icmp any 192.168.2.0 0.0.0.255 echo-reply

access-list 111 deny icmp any 192.168.3.0 0.0.0.255 echo-reply

access-list 111 deny icmp any 192.168.4.0 0.0.0.255 echo-reply

access-list 111 deny icmp any 192.168.5.0 0.0.0.255 echo-reply

access-list 111 deny icmp any 192.168.6.0 0.0.0.255 echo-reply

access-list 111 deny icmp any 8.8.8.0 0.0.0.255 echo-reply

access-list 111 permit icmp any any

access-list 111 permit ip any any

radius-server host 20.1.2.2 auth-port 1645 key secret

line con 0

password 123

line aux 0

line vty 0 4

ntp server 20.0.5.2 key 0

ntp update-calendar

end

Роутер 3:

User Access Verification

Username: user

Password:

R4>enable

Password:

R4#sh running-config

Building configuration...

Current configuration : 1730 bytes

version 12.4

no service timestamps log datetime msec

no service timestamps debug datetime msec

no service password-encryption

hostname R4

enable secret 5 $1$mERr$3HhIgMGBA/9qNmgzccuxv0

aaa new-model

aaa authentication login default group radius none

aaa authentication login telnet group radius

ip cef

no ipv6 cef

spanning-tree mode pvst

interface FastEthernet0/0

ip address 192.168.3.1 255.255.255.0

ip helper-address 10.10.10.10

ip access-group 111 in

ip access-group 111 out

duplex auto

speed auto

interface FastEthernet0/1

ip address 10.0.0.4 255.255.255.0

ip helper-address 10.10.10.10

duplex auto

speed auto

interface Vlan1

no ip address

shutdown

router rip

version 2

network 8.0.0.0

network 10.0.0.0

network 20.0.0.0

network 192.168.1.0

network 192.168.2.0

network 192.168.3.0

network 192.168.4.0

network 192.168.5.0

network 192.168.6.0

no auto-summary

ip classless

ip flow-export version 9

access-list 111 deny icmp any 192.168.1.0 0.0.0.255 echo-reply

access-list 111 deny icmp any 192.168.2.0 0.0.0.255 echo-reply

access-list 111 deny icmp any 192.168.3.0 0.0.0.255 echo-reply

access-list 111 deny icmp any 192.168.4.0 0.0.0.255 echo-reply

access-list 111 deny icmp any 192.168.5.0 0.0.0.255 echo-reply

access-list 111 deny icmp any 192.168.6.0 0.0.0.255 echo-reply

access-list 111 deny icmp any 8.8.8.0 0.0.0.255 echo-reply

access-list 111 permit icmp any any

access-list 111 permit ip any any

radius-server host 20.1.2.2 auth-port 1645 key secret

line con 0

password 123

line aux 0

line vty 0 4

password 1234

ntp server 20.0.5.2 key 0

ntp update-calendar

end

Роутер 4:

User Access Verification

Username: user

Password:

Router>enable

Router#sh running-config

Building configuration...

Current configuration : 1639 bytes

version 12.4

no service timestamps log datetime msec

no service timestamps debug datetime msec

no service password-encryption

hostname Router

aaa new-model

aaa authentication login default group radius none

aaa authentication login telnet group radius

ip cef

no ipv6 cef

spanning-tree mode pvst

interface FastEthernet0/0

ip address 192.168.4.1 255.255.255.0

ip helper-address 10.10.10.10

ip access-group 111 in

ip access-group 111 out

duplex auto

speed auto

interface FastEthernet0/1

ip address 10.0.0.5 255.255.255.0

duplex auto

speed auto

interface Vlan1

no ip address

shutdown

router rip

version 2

network 8.0.0.0

network 10.0.0.0

network 20.0.0.0

network 192.168.1.0

network 192.168.2.0

network 192.168.3.0

network 192.168.4.0

network 192.168.5.0

network 192.168.6.0

no auto-summary

ip classless

ip flow-export version 9

access-list 111 deny icmp any 192.168.1.0 0.0.0.255 echo-reply

access-list 111 deny icmp any 192.168.2.0 0.0.0.255 echo-reply

access-list 111 deny icmp any 192.168.3.0 0.0.0.255 echo-reply

access-list 111 deny icmp any 192.168.4.0 0.0.0.255 echo-reply

access-list 111 deny icmp any 192.168.5.0 0.0.0.255 echo-reply

access-list 111 deny icmp any 192.168.6.0 0.0.0.255 echo-reply

access-list 111 deny icmp any 8.8.8.0 0.0.0.255 echo-reply

access-list 111 permit icmp any any

access-list 111 permit ip any any

radius-server host 20.1.2.2 auth-port 1645 key secret

line con 0

password 123

line aux 0

line vty 0 4

ntp server 20.0.5.2 key 0

ntp update-calendar

End

Роутер 5:

User Access Verification

Username: user

Password:

Router>enable

Password:

Router#sh running-config

Building configuration...

Current configuration : 1688 bytes

version 12.4

no service timestamps log datetime msec

no service timestamps debug datetime msec

no service password-encryption

hostname Router

enable secret 5 $1$mERr$3HhIgMGBA/9qNmgzccuxv0

aaa new-model

aaa authentication login default group radius none

aaa authentication login telnet group radius

ip cef

no ipv6 cef

spanning-tree mode pvst

interface FastEthernet0/0

ip address 192.168.5.1 255.255.255.0

ip helper-address 10.10.10.10

ip access-group 111 in

ip access-group 111 out

duplex auto

speed auto

interface FastEthernet0/1

ip address 10.0.0.6 255.255.255.0

duplex auto

speed auto

interface Vlan1

no ip address

shutdown

router rip

version 2

network 8.0.0.0

network 10.0.0.0

network 20.0.0.0

network 192.168.1.0

network 192.168.2.0

network 192.168.3.0

network 192.168.4.0

network 192.168.5.0

network 192.168.6.0

no auto-summary

ip classless

ip flow-export version 9

access-list 111 deny icmp any 192.168.1.0 0.0.0.255 echo-reply

access-list 111 deny icmp any 192.168.2.0 0.0.0.255 echo-reply

access-list 111 deny icmp any 192.168.3.0 0.0.0.255 echo-reply

access-list 111 deny icmp any 192.168.4.0 0.0.0.255 echo-reply

access-list 111 deny icmp any 192.168.5.0 0.0.0.255 echo-reply

access-list 111 deny icmp any 192.168.6.0 0.0.0.255 echo-reply

access-list 111 deny icmp any 8.8.8.0 0.0.0.255 echo-reply

access-list 111 permit icmp any any

access-list 111 permit ip any any

radius-server host 20.1.2.2 auth-port 1645 key secret

line con 0

password 123

line aux 0

line vty 0 4

ntp server 20.0.5.2 key 0

ntp update-calendar

End

Роутер 6:

User Access Verification

Username: user

Password:

Router>enable

Router#sh running-config

Building configuration...

Current configuration : 1819 bytes

version 12.4

no service timestamps log datetime msec

no service timestamps debug datetime msec

no service password-encryption

hostname Router

aaa new-model

aaa authentication login default group radius none

aaa authentication login telnet group radius

no ip cef

no ipv6 cef

spanning-tree mode pvst

interface FastEthernet0/0

ip address 10.0.0.7 255.255.255.0

ip access-group 111 in

ip access-group 111 out

duplex auto

speed auto

interface FastEthernet0/1

ip address 192.168.6.1 255.255.255.0

ip helper-address 10.10.10.10

ip access-group 111 in

duplex auto

speed auto

interface FastEthernet1/0

ip address 20.0.5.1 255.255.255.0

duplex auto

speed auto

interface FastEthernet1/1

ip address 10.10.10.11 255.255.255.0

duplex auto

speed auto

interface Vlan1

no ip address

shutdown

router rip

version 2

network 8.0.0.0

network 10.0.0.0

network 20.0.0.0

network 192.168.1.0

network 192.168.2.0

network 192.168.3.0

network 192.168.4.0

network 192.168.5.0

network 192.168.6.0

no auto-summary

ip classless

ip flow-export version 9

access-list 111 deny icmp any 192.168.1.0 0.0.0.255 echo-reply

access-list 111 deny icmp any 192.168.2.0 0.0.0.255 echo-reply

access-list 111 deny icmp any 192.168.3.0 0.0.0.255 echo-reply

access-list 111 deny icmp any 192.168.4.0 0.0.0.255 echo-reply

access-list 111 deny icmp any 192.168.5.0 0.0.0.255 echo-reply

access-list 111 deny icmp any 192.168.6.0 0.0.0.255 echo-reply

access-list 111 deny icmp any 8.8.8.0 0.0.0.255 echo-reply

access-list 111 permit icmp any any

access-list 111 permit ip any any

radius-server host 20.1.2.2 auth-port 1645 key secret

line con 0

password 123

line aux 0

line vty 0 4

ntp update-calendar

End

Роутер 7:

User Access Verification

Username: user

Password:

R7>enable

R7#sh running-config

Building configuration...

Current configuration : 2391 bytes

version 12.4

no service timestamps log datetime msec

no service timestamps debug datetime msec

no service password-encryption

hostname R7

aaa new-model

aaa authentication login VPNAUTH group radius local

aaa authentication login default group radius none

aaa authentication login telnet group radius

aaa authorization network VPNAUTH local

no ip cef

no ipv6 cef

crypto isakmp policy 10

encr aes 256

authentication pre-share

group 2

crypto isakmp client configuration group ciscogr

key ciscogr

pool VPNCLIENTS

netmask 255.255.255.0

crypto ipsec transform-set mytrans esp-3des esp-sha-hmac

Информация о работе Безопасность компьютерных сетей