Abstract： With the development of network technology， computer systems of colleges and universities gradually use network management and services， which provides comprehensive and convenient information access and management conditions. However， in the network environment， the security of the system faces security threats like virus， malicious software and human attack， which may make the network data of the computer system damaged and tampered， or even lead to network system paralysis， breakdown of system concerning management and payment， missing and stealing of confidential documents. Therefore， it is of important application significance to promote the security of computer network systems of collegg91ijhJHIX5ebtT5ga53KZ1IFM02DZclzYpcGodhMHo=es and universities. This paper conducts comprehensive analysis on the security system of computer network systems of colleges and universities， elaborates its R&D and application status and puts forward specific schemes of prevention and solutions， which provides suggestions and reference for its construction.

Key words： Colleges and Universities； Computer Network； Security System； Prevention

中圖分類號(hào)：TP3 文獻(xiàn)標(biāo)識(shí)碼：A 文章編號(hào)：1009-3044（2013）02-0266-03

At present， campus network has become a necessary system of teaching， living and management in colleges and universities. With the application expansion of the campus network， it has become obviously open and potential safety hazards of the system following it increase gradually. Among them， typical hazards like network paralysis， confidential data stolen are likely to cause serious harms， so it is important work to improve the security of the network system in network construction and management of colleges and universities. In terms of the practical operation and application of the network system， the number of potential security dangers is increasing and is more difficult to be discovered with the increasing complication of the network system. Meanwhile， separate interval processing scheme is also very difficult to be arranged and carried out and there will also be big impact once breakdown or problem takes place. Therefore， it is of great importance to strengthen and improve the network security system of colleges and universities both from application requirements and the operation of the system.

1 Application Status of the Computer Network Security System of Colleges and Universities

Safety awareness of network constructors and managers increases gradually with the development of the network technology. At the beginning of the construction of the campus network of colleges and universities， it usually has a basic security system， and its security considerations are based on fundamental virus prevention and network connections security. With the development of network technology and the frequent emerging of internet virus and hacker attack， security problems of the network gradually become more serious and thus campus network security systems of colleges and universities have been improved continuously.

As far as outside factors are concerned， current network security systems of colleges and universities own typical characteristics as below.

First， the openness of the network is too high， which has insufficient consideration on the potential network security dangers. The problem of high open network is almost the common one of all colleges and universities. At the beginning， colleges and universities network provided internal network service to facilitate electronic borrowing， small amount electronic fare payment， teaching and network administration system. However， with the increasing of network application needs， most universities provided external network access service which is convenient for teachers and students to collect teaching or learning materials that they need through the net or provides students with entertainment conditions at their leisure time. The scope of colleges and universities’ campus network is very large， so the topology redundancy designed at the beginning of construction may not be able to meet the need of security isolation for a long time and incomplete isolation of internal and external network access exists in some universities which makes it difficult to guarantee the security of the campus network. Of course， some universities have noticed such kind of problems， reconstructed network system and isolated internal and external network， but they did not take internal security hidden dangers of the network into account when it comes to the prevention scope of network security hidden dangers， such as the increasingly serious Trojan problem. With college students’ increasing understanding of computer basic knowledge as well as their curious psychology of network novelties， they may attack their campus network system， steal confidential documents and try to use uncomprehending Internet tools occupying network resources. Problems of this kind are also very serious.

Secondly， average speed of single terminal access to the network is very low， which is a common problem of colleges and universities’ network system. Currently external network access of most colleges and universities in our country is through education network which was established to serve for academic research and information sharing and communication at the beginning. Therefore， the external network access bandwidth allocated by education network at early stage to a college or university is relatively low， but now the bulk velocity of education network has been increased by a large extent even though some colleges and universities still use old access port. Even if we don’t consider the old access port， the problem of low-speed external network access still exists in colleges and universities that have new access port. The most important reason is that network management department doesn’t set limitations on the speed of mid-terminal access and the phenomenon that some end users waste network resources through occupying bandwidth with a number of illegal software exists at the same time.

2 Network Security System Problems from the Perspective of Technology

2.1 Ordinary virus， Trojan horse and vulnerability problems

Ubiquity of computer system vulnerability and the overflow of worm virus and various Trojan & virus cause serious threat to the normal operation and data security. Problems of this kind are the most common ones of computer network system and also easiest to solve. At present， what the most difficult to prevent are attacks from internal virus and Trojan horse of the network. Because campus network provides relative open network access conditions， this kind of problem is usually prevented through terminal security software. There are a number of individual terminals in campus network terminals， so improvement should be conducted on the security of the server.

2.2 Special charging and authentication module problems of campus network

Campus network provides some campus departments with resource access， module access， charging and other services. Services of this kind include users’ authorization access and protection demand of charging system， but the safeguard system of the authorization system and that of the charging system of many colleges and universities’ network system need to be further improved， security authentication is mainly according to the IP address， which allows existence of intentional and unintentional attack. Therefore， computer network security systems of colleges and universities can’t recognize internet users’ identity and fall short of unified management of network outlets， which is the direct reason for potential safety hazards of the whole campus network. In addition， colleges have certain problemfPU7GMmvko+FZ3xTDPzB1w==s on the management of electronic documents. Because limiting conditions of access right is poor， problems of unauthorized access and access with a false name， and abnormal use and unauthorized use of network equipment and information resources will emerge. Some people illegally get permission of legal users by various fake or cheating methods to occupy legal users’ resources， illegally delete and modify some important information and damage integrity of data， which seriously impedes users’ normal use. Some students with certain computer knowledge cause problems of network resources occupancy by using unexplained network software because of curiosity， which is also mentioned above and may influence network fluency to some extent.

2.3 Network security protection technology doesn’t match with network service conditions

With the development of network technology， campus network can provide more and more services， but safety protection is not improved at the same time. The typical problem is that， with the increasing network services， the stability of the network is influenced. Meanwhile， low security protection level and poor technology level of administrators make service ability out of date， which results in that the stability of the network goes down and cannot be able to keep sustainable and stable network connections. At present， colleges and universities’ network gradually emerges and closes up with internet and fundamentally forms functions similar to internet， only containing various internal and external network data through fire firewall， all kinds of accesses and other measures. Campus network users have a higher demand of network and need higher speed and more stable network resources， but the service ability of campus network is limited at the beginning of construction and it is difficult to guarantee the stability of the network if universities don’t conduct expansion of the backbone network. Now university teachers and students’ network entertainments occupy a large number of network resources and network system is under great pressure， which may result in insufficient network transmission capacity and low efficiency of terminal access or network paralysis. Besides， with weak awareness of network security protection， colleges and universities usually have inefficient management team with administers at ordinary technical level， depend too much on software and others with low prevention awareness and cannot conduct thorough security settings and management， all of which may result in problems that documents cannot be recovered at a safe state quickly when the network has trouble.

3 Suggestions for Improvement of Computer Network Security Systems of Colleges and Universities

3.1 Design open network schemes and restrict terminal access speed

This suggestion aims at external factors mentioned above， i.e. potential network security factors caused by high openness of the network and disfluent problems of external access of other terminal caused by unlimited speed of terminal access. Both of the two problems can be solved through a whole scheme：

First， restrict external network access and restrict campus users’ access to some addresses that are useless for teachers and students’ learning and working and need large flow through restricting Ip and domain name and other methods. On the one hand， it will avoid virus inflow during the access process； and on the other hand， it will also restrict total flow of external network access to some extent.

Secondly， design control scheme of terminal access speed to restrict terminal access speed， and to avoid certain terminal using software with functions similar to P2P to occupy too much bandwidth， which will cause serious waste of bandwidth resources and will result in low access efficiency of other users.

3.2 Understand network security needs and expand security management perspectives

In terms of colleges and universities’ network security management applications at present， its needs mainly include the following aspects： First， network isolation access. Some network documents in colleges and universities are confidential and these documents shouldn’t be exposed to outside， so it needs to isolate internal and external network， forbid external users to get access to universities’ confidential data without permission and realize safety protection of data and network； secondly， the stability of the network connection. With the increasing number of campus network users， network load also increases and old network system may not be able to provide more stable services. Universities can consider extending， transforming and rebuilding network system during vacations to guarantee the stability of network connections and the basic security of the network； thirdly， guarantee the security of internal data and prevent damage from insiders. Conduct access isolation among departments and systems and conduct special thorough protection of network modules of administrative system， charging system and other high security systems to prevent outsiders from free access without authorization； fourthly， network monitoring. At present， some software of teachers and students terminal often robs and occupies too much network bandwidth and some even attacks data server and network server in colleges and universities， which will influence the stability of the network， so it needs to understand terminal behavior and effectively avoid behaviors that impact the stability or security of the network through network monitoring.

3.3 Improve virus， Trojan horse， vulnerability， fire firewall and other protection systems

Virus， Trojan horse and vulnerability are the most obvious problems that cause network security hidden dangers， so this scheme is the basic way to improve network security.

When it comes to prevention of virus and Trojan horse， network security system can be improved through bilateral control： First， in terms of terminal， monitor teachers-and-students intensive non-working and learning terminal and control virus and Trojan horse invasion threat at the source as well as enhance supervision and control over students-intensive computer room. Require teachers and students using public terminal to pay attention to their operation and avoid to visit unsafe website or portable storage tools without antivirus， and monitor the public terminal to monitor weather there are security threats in downloading and software， access addresses and transmittal documents or not； secondly， establish concentrated and independent virus killing system at the server and universities are suggested to purchase office network antivirus tools with costs which usually have high security， wide antivirus scope and so on that personal antivirus products don’t have. At present， most of commercial antivirus systems can timely release virus prevention information， automatically update and upgrade virus database with scientific virus warning mechanism. Besides， ksg-v of e-mail or virus engine function are also provided to assemble with e-mail system to filter virus e-mails.

In term of vulnerability repair， it can repair system vulnerability through external network to adopt copyrighted server system and terminal system. However， there are special piracy problems in our country and many teachers and students terminals are installed with piracy systems that can’t repair vulnerability in time， which may cause decreasing of security and influence the security of the whole network system. To solve this problem， network security management department can establish special download server of vulnerability repair patching for teachers and students to repair system vulnerabilities of individual terminal and improve system security.

As far as the construction of fire firewall is concerned， colleges and universities are suggested to use safer hardware firewall. Now， many colleges and universities still use software firewall which is enough for security requirements of early campus network， but software firewall can’t effectively maintain network security as a result of diversification of campus network services. Hardware firewall has many advantages， for example， it can more flexibly set location and more directly detect and filter high threat information. Effective firewall settings can divide campus network into clearer safety area and public area and provide more effective protection.

References：

[1] Wu Lijun.Discussion on Construction of Campus Network Security Protection System[J].China Education Innovation Herald，2008（7）.

[2] Chi Yun.Campus Network Security Management Strategies[J].Journal of Liaoning School of Administration College，2009（6）.

[3] Qian Jun.Research and Design of Campus Network Security System[J].Science and Education Journal （Educational Research），2011（2）.

[4] Ye Qing.Brief Analysis on Campus Network Security Technologies[J].Primary and Middle School Educational Technology，2010（9）.

[5] Zhang Hao.Problems Needing Attention in Network Security Work of Colleges and Universities[J].Journal of Luohe Vocational Technology College，2009（2）.