Application of Redundant Backup Technology in Network Security

Similar documents
Research on the Establishment and Analysis of Small Business Networks

CCNA ROUTING & SWITCHING

CCNP SWITCH (22 Hours)

CCNA. Murlisona App. Hiralal Lane, Ravivar Karanja, Near Pethe High-School, ,

CCNA Routing and Switching (NI )

TEXTBOOK MAPPING CISCO COMPANION GUIDES

Network+ Guide to Networks 7 th Edition

Cisco Certified Network Associate ( )

"Charting the Course... TSHOOT Troubleshooting and Maintaining Cisco IP Networks Course Summary

CCNA Routing and Switching Courses. Scope and Sequence. Target Audience. Curriculum Overview. Last updated August 22, 2018

Top-Down Network Design

Exam Topics Cross Reference

Get the skills to maintain your networks and to diagnose and resolve network problems quickly and effectively.

CERTIFICATE CCENT + CCNA ROUTING AND SWITCHING INSTRUCTOR: FRANK D WOUTERS JR. CETSR, CSM, MIT, CA

CCNA Routing and Switching Course Overview

ASM Educational Center (ASM) Est Cisco CCNA Routing and Switching Certification

Interconnecting Cisco Networking Devices Part 1 (ICND1) Course Overview

Design of Coal Mine Power Supply Monitoring System

Analysis of Virtual Local Area Networking Technology. Zheng Zhang

Building Cisco Multilayer Switched Networks (BCMSN)

CCNP ROUTE. Implement an EIGRP based solution, given a network design and a set of requirements:

Analyses of Subway BAS System Network Framework and IP Address Allocation Xin-hong YANG 1,* and Yuan GAO 2

Research on Multi-service Unified Bearing Electric Power Communication Access Network Bao Feng1,a, Yang Li1, Yang Hu1, Yan Long2, Yongzhong Xie3

TSHOOT: Troubleshooting and Maintaining Cisco IP Networks

Switched Ethernet Virtual LANs

TestOut Network Pro - English 4.1.x COURSE OUTLINE. Modified

31270 Networking Essentials Focus, Pre-Quiz, and Sample Exam Answers

Introduction. Network Architecture Requirements of Data Centers in the Cloud Computing Era

3. What could you use if you wanted to reduce unnecessary broadcast, multicast, and flooded unicast packets?

Cisco CCNA (ICND1, ICND2) Bootcamp

Implementing Cisco IP Switched Networks (SWITCH)

Skills Assessment (OSPF) Student Training Exam

SWITCH Implementing Cisco IP Switched Networks

Case Study. Routing & Switching. Cisco Networking Academy Routing and Switching: Scaling Network Case Study

TestOut Routing and Switching Pro - English 6.0.x COURSE OUTLINE. Modified

CCNA Exploration Network Fundamentals

Interconnecting Cisco Network Devices: Accelerated

Scope and Sequence: CCNA Exploration v4.0

Data Center Configuration. 1. Configuring VXLAN

Certified Cisco Networking Associate v1.1 ( )

CCNA Routing and Switching Scope and Sequence

Vocational Arts Montana State Standards For Technology

Design in the Authentication and Billing System Based on Radius and 802.1x Protocol

Interconnecting Cisco Network Devices Part 1 v2.0 (ICND 1)

Problems and Countermeasures of Information Security of Electric. Power Enterprises in China

Skills Assessment (OSPF) Student Training Exam

Cisco Technologies, Routers, and Switches p. 1 Introduction p. 2 The OSI Model p. 2 The TCP/IP Model, the DoD Model, or the Internet Model p.

COURSE CONTENT CCNA. web: call: (+91) / 400,

Request for Comments: S. Gabe Nortel (Northern Telecom) Ltd. May Nortel s Virtual Network Switching (VNS) Overview

Configuring STP. Understanding Spanning-Tree Features CHAPTER

"Charting the Course... Interconnecting Cisco Networking Devices Accelerated 3.0 (CCNAX) Course Summary

CCNA. Course Catalog

Information and Network Technology Revised Date 07/26/2012 Implementation Date 08/01/2012

CCNA 3 (v v6.0) Chapter 3 Exam Answers % Full

Implementing Cisco IP Switched Networks (SWITCH) v2.0

Shared-network scheme of SMV and GOOSE in smart substation

CCDP. Design Professional. Silver Learning

CCRI LAN Design / Management CNVT 1830

Security SSID Selection: Broadcast SSID:

S Series Switch. Cisco HSRP Replacement. Issue 01. Date HUAWEI TECHNOLOGIES CO., LTD.

The primary audience for this course includes Network Administrators, Network Engineers,

5 Days Course on LAN Switching & Wireless and Accessing the WAN (CCNA 3 & 4)

The Establishment of Large Data Mining Platform Based on Cloud Computing. Wei CAI

Table of Contents 1 VLAN Configuration 1-1

Lab 5-1 Hot Standby Router Protocol

TestOut Network Pro - English 5.0.x COURSE OUTLINE. Modified

Configuring Private VLANs

IT114 NETWORK+ Learning Unit 1 Objectives: 1, 2 Time In-Class Time Out-Of-Class Hours 2-3. Lectures: Course Introduction and Overview

Research on Heterogeneous Network Integration in Distribution Communication Network

Huawei GB Design Enterprise-level Networks. Download Full Version :

CISCO QUAD Cisco CCENT/CCNA/CCDA/CCNA Security (QUAD)

Document Number. Huawei AR G3 Enterprise Router Channel Sales Guide. Issue V1.0. Date HUAWEI TECHNOLOGIES CO., LTD.

Cisco Cisco ADVDESIGN. Download Full Version :

Massimiliano Sbaraglia

ICND1 v2.0 Interconnecting Cisco Networking Devices Part 1 CCENT & Part of CCNA Rout/Switch

CISCO CCNP Cisco Certified Network Professional v2.0

ProgrammableFlow White Paper. March 24, 2016 NEC Corporation

Interconnecting Cisco Networking Devices Part 2 v2.0 (ICND 2)


Chongqing, China. *Corresponding author. Keywords: Wireless body area network, Privacy protection, Data aggregation.

Migrate from Cisco Catalyst 6500 Series Switches to Cisco Nexus 9000 Series Switches

CCNA 3 (v v6.0) Chapter 4 Exam Answers % Full

New CCNP Passport. 2,895 saving 1,890 from individual courses. CCNP v6 Routing and Switching Courses

Exam: : VPN/Security. Ver :

Logical Network Design (Part II)

Network Infrastructures & Service Provisioning

Communication Redundancy User s Manual

SYSTEMS ADMINISTRATION USING CISCO (315)

1 Training Description H3C Certification Training Building Networks for Small- and Medium-Sized Businesses (v6.0)...

Open Access Research on Algorithms of Spatial-Temporal Multi-Channel Allocation Based on the Greedy Algorithm for Wireless Mesh Network

Internetwork Expert s CCNP Bootcamp. Hierarchical Campus Network Design Overview

Pass4sures. Latest Exam Guide & Learning Materials

Guide to Networking Essentials, 6 th Edition. Chapter 7: Network Hardware in Depth

Chapter 1: Enterprise Campus Architecture. Course v6 Chapter # , Cisco Systems, Inc. All rights reserved. Cisco Public

Configuring your VLAN. Presented by Gregory Laffoon

Huawei BYOD Network Solution

Pass-Through Technology

Politecnico di Torino Network architecture and management. Outline 11/01/2016. Marcello Maggiora, Antonio Lantieri, Marco Ricca

Cisco Exam Troubleshooting and Maintaining Cisco IP Networks (TSHOOT) Version: 6.0 [ Total Questions: 79 ]

HUAWEI AC PWR Access Controller Datasheet

Transcription:

2018 2nd International Conference on Systems, Computing, and Applications (SYSTCA 2018) Application of Redundant Backup Technology in Network Security Shuwen Deng1, Siping Hu*, 1, Dianhua Wang1, Limin Liu2 1 Hubei University of Science and Technology, Xianning, 430070, China 2 Luxi Town Central Primary School of Jiayu County, Xianning, 430070, China *E-mail: zjlg0001@126.com Keywords: redundant backup, virtual local area network, security authentication, fault tolerance Abstract: This paper mainly introduces the implementation of bank network design and system construction. In the era of rapid network development, the network is becoming more and more important in daily life, especially in some large facilities and institutions, the network has become a necessary means to maintain its development. Because the bank is a large financial institution, its design needs are relatively high, not only to be safe, efficient, convenient, but also to consider fault tolerance and data integrity. In terms of bank demand, the performance planning and implementation of various aspects of the banking network are described point by point. This paper also introduces the overall structure of the bank design, implementation plan and test results. 1. Introduction With the rapid development of society, banks play an indispensable role in everyone's life. Therefore, bank network construction plays a very important role. Security is extremely important for banks for banks. At the same time, it is necessary to establish reliable connections between other branches to ensure data integrity. The connectivity and security of the entire bank are determined. The foundation for the stable development of banks today. This design is the concept and implementation of these two developments. The continuous updating of information technology has made the e-commerce process faster and faster. The emergence of new business technologies based on the network platform has fundamentally changed the traditional banking management system and management system, and gradually developed and established information. A new model for automated office and scientific management. With the change of payment and transaction brought by information technology system, the banking industry has developed non-cash electronic trading methods such as online banking and e-banking, forming a new type of financial transaction mode characterized by network, rapidization and currency digitization. Expanding the bank's business, this electronic trading method is integrated into every aspect of today's society and has greatly changed people's lives. As the financial industry's reliance on network technology continues to deepen, regulators have also imposed stricter requirements on network security in related industries. However, in order to comply with the development trend of the industry, the entire banking industry has invested in building its own network system to meet the production and office needs of daily business. However, due to the huge economic interests of the financial industry, the criminals have targeted banks in a row, new information attacks have emerged in an endless stream, and the network security system is imperfect, resulting in security vulnerabilities and hidden dangers. Bank networks are often highly threatened. Accidents will not only cause direct economic losses to customers and banks, but will also bring losses to national interests. Therefore, higher and stricter standards must be imposed on the security level and security measures of the banking information network system. 2. Network technology Virtual Local Area Network Technology VLAN is a Layer 2 technology of OSI. It is the redistribution of network and network resources. Copyright (2018) Francis Academic Press, UK --44-- DOI: 10.25236/systca.18.009

They are connected to the switch ports defined by the administrator. By creating VLANs, you can specify switch ports to serve different subnets, creating smaller broadcast domains in Layer 2 switched networks, providing inter-network segment security, and splitting large networks into small networks to address broadcast and multicast. The problem of taking up too much bandwidth. The VLAN can logically segment the connected Layer 2 port according to the requirements of the switching network, such as function, location, department, network protocol or application policy, and is not restricted by the physical location of the user. The same VLAN can communicate between a single switch or different switches. Therefore, VLAN technology is used on Layer 2 and Layer 3 switching devices. By controlling each port and resources that can be accessed through the port, network administrators can build a secure and reliable network platform. Advantages of dividing VLANs: 1) Control broadcast: A VLAN is a logical broadcast domain. By creating a VLAN, the broadcast is isolated, the broadcast range is narrowed, and broadcast storms can be controlled. 2) Security: All ports and users can be controlled by creating a broadcast domain using VLANs. It can also create VLANs based on the network resources that users need to access and configure the switch to notify network management workstations without authorized access to network resources. If you need to communicate between VLANs, you can implement these restrictions on the router to ensure communication security. You can also limit hardware addresses, protocols, and applications. This improves the overall performance and security of the switching network. 3) Flexibility and scalability: With VLAN technology, different users in different locations and different networks can be divided into logical network segments according to department functions and object functions, achieving the same flexible and convenient effect as the local LAN. On the one hand, the flexible combination mechanism of the network segment and the mechanism provided by the VLAN reduces the workload of the administrator, and on the other hand, reduces the network maintenance cost of moving or changing the geographical location of the workstation. 3. Bank network overall architecture As shown in Figure 1, the devices in the core area use two CISCO 3560 Layer 3 switches. The main function is redundant backup. The two devices back up each other. If one of the devices fails, the other one can take over. It becomes the primary forwarding device. The traffic trend is that the traffic of the access zone and the outbound zone of the device 1 is left, and the traffic of the outreach zone and the office zone of the device 2 is left, and the two devices back up each other. Two 3A servers are configured on the two core switches to authenticate users accessing the core and other devices. Figure 1 core area topology The branch aggregation layer uses two 2811 routers. The line is one branch office area partition 1 traffic, the other is office area 2 traffic, and the two devices back up each other. The branch access zone equipment also uses the 2811 router, which is the flow control and forwarding of the two partitions of the branch office area. The two access switches are configured with trunk mode through EtherChannel technology to form VLAN port aggregation, so that VLANs on different switches can access each other. The two switches use trunk mode to effectively improve data forwarding and share server pressure. This mode can effectively reduce the equipment failure rate. The outreach area consists of two 3560 Layer 3 switches and two 2811 routers. The following two PCs access the other internal devices as simulation tests, and realize the secure controlled --45--

interconnection of the outer zone and the branch core zone through the ACL access control list. When the service is provided externally, the outreach service area is configured with NAT and ACL configuration, which can prevent the disclosure of important information such as its own internal IP to the external connection terminal. The production switch uses two 3560 Layer 3 switches. In the experiment, the ACL access control list is used to achieve security isolation between the production area and the core area. The production switch independently plans vlan33 for access to the production server. Ethernet technology is used for trunking between the two production switches to ensure that VLANs on different switches can communicate with each other. The production area uses a static routing protocol to implement interworking with the core switch. The floating static route is used to set up different priorities to implement link redundancy and form a backup mechanism. The two production switches are respectively connected to the host and standby of the production server. The office aggregation switch uses a 3560 Layer 3 switch, and the access layer switch uses two 2950 switches. The two switches at the aggregation layer function to isolate and forward data by two different devices. In the experiment, each department was simulated with a PC. The office area uses the ACL access control list to implement security isolation between the office area terminal and other area network segments. Other departments only allow internal access within the office area and mutual access with the office terminals of the head office and branch offices. A static routing protocol is implemented between the branch core switch and the office area to implement interworking. Bank regional network architecture This section mainly introduces the role of each department in each region, as well as the IP allocation and which VLAN it belongs to. Branch line access area: Two branch line routers access the branch branch through the office line and connect to the core switch through the LAN link. Its purpose is to connect other branches to achieve data synchronization. Outreach area: The component is the outreach aggregation layer and the access layer, which is used to provide outbound services, including service access of the supervision department, intermediate agent service, and key customers, and access to the core area of the branch through the firewall. The VLAN of the production area is set up on the Layer 3 switch. The traffic in the production area is important. The EtherChannel is used. This switch enables HSRP to implement redundant backup. The SVI is enabled on both devices. The aggregation switch 1 is the root bridge of VLAN 30 and the aggregation switch 2 is the root bridge of VLAN 40. 4. Bank Area Connectivity Test 4.1 Office Area Connection Test The network administrators in the office area manage and maintain the network equipment of the branch every day. Therefore, each time the equipment is inspected, it is a daily task. In this process, it is allowed to log in to each LAN device for inspection and maintenance. Therefore, the 3A authentication method is adopted here, and the login process must be verified by the server before being authorized to log in. Here, I test the object of the technical department of the office area, through the AAA authentication method, access the encrypted aggregation switch 4 to see if verification is needed. --46--

Figure 2 Office area test chart Test results: as shown in Figure 2. It can be seen that the PC2 in the office area has successfully accessed the aggregation router in the production area and the 3A authentication is enabled and effective. This indicates that the connectivity between the PCs in the office area and the local area is normal, and the 3A authentication configuration is successful. 4.2 Branch Access Zone Connection Test This part tests the connectivity between the branch access area and the Bank's production area. The purpose is for business needs. Some devices in the two regions require data exchange, and the two regional network devices can access each other. In the experimental test, the branch server 1 and the branch server 2 of the branch can ping the PC1 of the branch production area and the PC1 of the office area respectively, which proves that the data communication between the two departments is normal. The test results are shown in Figure 3. Figure 3 Branch access zone PC2 test chart As shown in the test results in Figure 3, the branch access area and the office area implement network interworking. Combine the test content of all the above diagrams to open, ACL configuration. OSPF configuration, VLAN division, and trunking are effective. This design implements the entire network interworking and configuration takes effect. The result reflects that the overall communication of the bank network is normal, and this solution can be initially --47--

determined to be used in real life. 5. Conclusion This article is aimed at the simplified design of some small and medium-sized banks in China. In the real situation, the network will be more complicated. This design is a reference to some of the topographical maps of bank planning on the Internet, as well as the matching of certain departments of the bank, as well as the role of various parts and the allocation of network resources. In the future development, bank network security issues will become more important, with the continuous updating of technology and the superior performance of the equipment will make the banking network diversified. Because the development of technology will make future vicious attacks more and more diverse, it is essential to design a feasible, reliable, and manageable solution. Acknowledgements This research was supported by Doctor Initial Funding of Hubei University of Science and Technology (No. 2016-19XB003 and KY12050 and 2016-XZ-016), the Scientific Research Project of Education Department of Hubei Province under Grant B2018179 and B2017181 and B2018175, the National Natural Science Foundation of China (No.51479155). References [1] Malati H., Pavan K., Vasudev K.R., et al. Experiences with a centralized scheduling approach for performance management of IEEE 802.11 wireless LANs, IEEE/ACM Transactions on Networking, 2013, 21(2):648-662. [2] Zhao J., Qiao C.M., Raghuram S.S., et al. Improve efficiency and reliability in single-hop WSNs with transmit-only nodes, IEEE Transactions on Parallel and Distributed Systems, 2013, 24(3):520-534. [3] Lei L. J., Zhou X., Chen L., et al. Modelling and analysing medium access delay for differentiated services in IEEE 802.11s wireless mesh networks, IET Networks, 2012, 1(2):91-99. [4] Chen L., Leneutre J. A game theoretic frame-work of distributed power and rate control in IEEE 802.11 WLANs, IEEE Journal on Selected Areas in Communications, 2008, 26(7): 1128-1237. [5] Hyoil K., Kang G. Admission and eviction control of cognitive radio users at Wi-Fi 2.0 hotspots, IEEE Transactions on Mobile Computing, 2012,11(11):1666-1677. --48--

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback