本文是计算机专业的留学生作业范例，题目是“Security System for Local Area Network（局域网安全系统）”，为了保证局域网的安全。本文分析了采用防火墙技术、加密技术、网络分段技术和VLAN技术的几种解决方案。本文介绍了建立初步局域网保护系统的三种方法:设计局域网结构、设计局域网安全管理结构和配置防火墙。
In order to ensure local area network security. This thesis analyzes several solutions which are used firewall technology, encryption technology, network segmentation and VLAN technology. The thesis introduces three ways of establishing a preliminary LAN Protection System which are: designing a LAN structure, designing LAN security management structure and configuring a firewall.
You can configure the monitor with standard performance counters from multiple machines. Or you can navigate a bit further to the Performance tab and kick off a pre-built data collector set. This is a nice way to start and get an introduction to creating your own data sets. After collecting data, Windows Server 2008 R2 will prepare a report with all the pertinent information. It’s not easier to create valuable performance and utilization reports. Amongst its many functions, Windows Server 2008 lets you define event criteria and schedule when to grab performance data. And don’t think you need to log on to a Windows Server 2008 server. You can install the Remote Server Administration Tools for Windows 7 and manage all Windows 2003, 2008 and Windows Server 2008 servers from the comfort of your own desk.
您可以从多台计算机使用标准性能计数器配置监视器。或者您可以进一步导航到Performance选项卡，并启动一个预构建的数据收集器集。这是一个很好的开始和介绍如何创建自己的数据集的方法。收集数据后，Windows Server 2008 R2将准备一份包含所有相关信息的报告。创建有价值的性能和利用率报告并不容易。在其众多功能中，Windows Server 2008允许您定义事件标准并安排何时获取性能数据。不要认为你需要登录Windows Server 2008服务器。您可以安装Windows 7的远程服务器管理工具，并管理所有Windows 2003, 2008和Windows Server 2008服务器，从舒适的自己的办公桌。
1.Protecting LAN from the external network保护局域网免受外部网络的侵害
In applications of Local Area Network, the intranet of independent external internet applications is widespread. In many enterprises and scientific research institutions, there are many computers which save national secrets, private customer information and important information within the company and these computers cannot connect to the Internet.
The purpose of illegal external monitoring is to enable administrators to understand the status of protected environment, and thus to establish a monitoring process, timely response, and alarm for illegal external access conduct on the internal LAN, to protect the internal network security, to further take effective technical means to provide support and resolve the problem.
Why we are using windows server 2008
Direct Access One particularly exciting feature in Windows Server 2008, especially as more mobile clients move to Windows 7, is Direct Access. In the past, providing secure remote access meant installing, configuring, maintaining and troubleshooting VPN connections. Speaking from personal experience — and I’m sure many of you will agree — this was never a fun task for users or IT pros, especially when something broke. In fact, users often went out of their way to avoid VPNs, thus causing security vulnerabilities and poor productivity.
With DirectAccess, remote users who have an Internet connection but don’t have a VPN can use IPSec and IPv6 to securely connect to the following types of corporate resources:
If an IPv6 native network isn’t available — which is the case for most public locations, like cafes — Windows 7 will establish an IPv6 over IPv4 tunnel. You can also integrate DirectAccess with Network Access Protection to protect your corporate environment. One great benefit of DirectAccess over solutions like VPNs is that performance is enhanced, and there’s no commingling of intranet and Internet traffic. With DirectAccess, these networks remain separate and distinct. If you have strong security requirements, you can also configure DirectAccess to use smartcards. I like that you can restrict DirectAccess traffic to specific servers and applications. This helps segment and optimize traffic and adds an additional layer of security.
But there’s another benefit to DirectAccess that anyone who manages mobile users will appreciate. Until recently, the only opportunity to properly manage or update mobile users was when they returned to the office and connected to the local network. Nobody likes this situation, and, with growing security and compliance requirements, it’s hardly practical.
2.Improvements in the Group Policy Management组策略管理的改进
Windows Server 2008 R2 introduces over 1,000 new Group Policy Objects specific to Windows Server 2008 R2 and Windows 7, along with several new components that expand on the core capabilities of Group Policy management that have been part of Windows 2000/2003 Active Directory. The basic functions of the Group Policy haven’t changed, so the Group Policy Object Editor (gpedit) and the Group Policy Management Console (GPMC) are the same, but with more options and settings available.
Windows Server 2008 R2引入了超过1000个新的组策略对象，具体到Windows Server 2008 R2和Windows 7，以及几个新的组件，扩展了组策略管理的核心功能，已经成为Windows 2000/2003活动目录的一部分。组策略的基本功能没有改变，因此组策略对象编辑器(gpedit)和组策略管理控制台(GPMC)是相同的，但提供了更多的选项和设置。
As mentioned earlier, the Group Policy Management Console can either be run as a separate MMC tool, or it can be launched off the Features branch of the Server Manager console tree, as shown in Figure 1.7. Group policies in Windows Server 2008 R2 provide more granular management of local machines, specifically having policies that push down to a client that are different for administrator and non-administrator users.
3.Introducing Performance and Reliability Monitoring Tools介绍性能和可靠性监控工具
Windows Server 2008 R2 introduces new and revised performance and reliability monitoring tools intended to help network administrators better understand the health and operations of Windows Server 2008 R2 systems. Just like with the Group Policy Management Console, the new Reliability and Performance Monitor shows up as a feature in the Server Manager console .The new tool keeps track of system activity and resource usage and displays key counters and system status on screen. The Reliability Monitor diagnoses potential causes of server instability by noting the last time a server was rebooted, what patches or updates were applied, and chronologically when services have failed on the system so that system faults can potentially be traced back to specific system updates or changes that occurred prior to the problem.
Windows Server 2008 R2引入了新的和修订的性能和可靠性监控工具，旨在帮助网络管理员更好地了解Windows Server 2008 R2系统的健康和操作。与组策略管理控制台一样，新的可靠性和性能监视器在服务器管理器控制台中显示为一个特性。新工具跟踪系统活动和资源使用情况，并在屏幕上显示关键计数器和系统状态。可靠性监控诊断服务器不稳定的潜在原因并指出上次服务器重启,什么补丁或更新应用,服务失败后的顺序系统,系统故障可以追溯到具体的系统更新或更改之前发生的问题。
Windows server 2008 vs. windows server 2012
The biggest key point is 2008 has been out for a long time. They have ironed out a lot of bugs and it’s pretty stable. Coupled with the fact that there’s a ton of tutorials and troubleshooting on the web, it really has a huge amount of support available. That being said, 2008 is based on the Windows Vista platform. It’s not quite like 2003 (NT or XP style and functionality) and it’s not quite 2012 (more like Windows 7). 2012 comes with the more current features and has been simplified quite a little bit. I haven’t played much with 2012 yet but from what I’ve seen and done with it its pretty super bad!!! It does require a lot more on the processor and RAM side, you want to have at least 8GB of the RAM for it (at very least). Of course it depends on what you’re doing too, if you want to just have a file server I’d go with Free NAS or just buy a NAS device. If you want to host websites I’d honestly just go with Server 12.04 (it rocks), there’s a learning curve on it but it’s really pretty fantastic! If you’re looking to have a mail server setup (like Exchange) you could run that off of a Windows 7 workstation and stop something free like Rumble Mail. If you’re looking to host games or something like that then you’ve got to nail down a platform first then build around it, not the other way around like most folks try to do. Finally if you’re looking to do something in your home (lots of folks are for some reason) then I’d just find an easy way to do it without wasting a ton of dough on the server OS.
The public key infrastructure assumes the use ofpublic key cryptography, which is the most common method on the Internet for authenticating a message sender or encrypting a message. Traditional cryptography has usually involved the creation and sharing of a secret key for the encryption and decryption of messages. This secret or private key system has the significant flaw that if the key is discovered or intercepted by someone else, messages can easily be decrypted. For this reason, public key cryptography and the public key infrastructure is the preferred approach on the Internet. The public key infrastructure provides for a digital certificate that can identify an individual or an organization and directory services that can store and, when necessary, revoke the certificates. Although the components of a PKI are generally understood, a number of different vendor approaches and services are emerging. Meanwhile, an Internet standard for PKI is being worked on.
Perimeter network security
Perimeter Security is a solution where each endpoint device is responsible for its own security. Perimeter Security Protection allows companies of all the sizes to manage all their network perimeters in the office, for home working or on the road.
N A T
The firewall is an important security technology. It is mainly consists of software and hardware devices. The firewall establishes a safety shield that is used in the intranet and extranet of a unit and enterprise or private network and public network. The firewall establishes a security gateway between Internets to prevent illegal invasion, destruction and theft of data from outside users.
The firewall mainly consists of service access control rules, authentication policy and packet filtering and application gateway. From technical point of view, currently there are 2 more mature architectures of firewall: packet filtering firewall and proxy type firewall (application gateway-based). At present considering comprehensive security and low-cost, the firewall market is mainly dominated by packet filtering firewall products. (Micosoft, 2014)
6.Internet Information Server互联网信息服务器
IIS (Internet Information Server) is a group of Internet servers (including a Web or Hypertext Transfer Protocol server and afile transfer protocolserver) with additional capabilities for Microsoft’sWindows NT and windows 2000Server operating systems. IIS is Microsoft’s entry to compete in the Internet server market that is also addressed byapache, Sun Microsystems, O’Reilly, and others.
IIS (Internet Information Server)是一组Internet服务器(包括Web或超文本传输协议服务器和文件传输协议服务器)，为微软的windows NT和windows 2000Server操作系统提供额外的功能。IIS是微软在Internet服务器市场上竞争的开始，apache、Sun Microsystems、O 'Reilly和其他公司也解决了这个问题。
With IIS, Microsoft includes a set of programs for building and administering Web sites, a search engine, and support for writing Web-based applications that accessdatabases.
So from my point of view Windows server 2008 is better than Windows server 2012. Because there are so many things that i had mentioned above were in 2008 所以在我看来，Windows server 2008比Windows server 2012更好。因为我上面提到的很多事情都是在2008年发生的，但这些在2012年是没有的。