The Design and Implementation of Network Security Solution on Application Layer

Nowadays, the network is becoming increasingly complex, and the war between attack and defense is becoming more and more intense. Traditional network security solutions have been unable to effectively prevent and stop the increasing number of complex and volatile network application layer attacks. The traditional PDR, P2DR and P2DR2network security model used to be very effectively to safeguard the security of the network, but now has been unable to deal with the complex network environment. Therefore, this paper summed a network security solution on application layer. This paper proposes solutions from five aspects of Vulnerability Scanning, Encryption Authentication, Attack Prevention, Intrusion Detection, and Security Audit.In the first place, this paper summarized the traditional network security models and solutions, such as the classic PDR and P2DR model. Analyzed the advantages and disadvantages of these security models, and make some improve on these models and in the final proposed a new solution.After that, this paper analyzed the current network security on application layer. Firstly, introduces the basic knowledge of application-layer network security, including application layer firewall, UTM, encryption and authentication and so on. And comparative analysis of the difference between the network layer and application layer security, then mainly studied the particularity of the application-layer security. Finally, detailed analyzed the application-layer security risk, provided a theoretical foundation for the subsequent design of network security solutions.After analyzed application-layer security threats, this paper presents SCPDA network security solutions based on Vulnerability Scanning, Encryption Authentication, Attack Prevention, Intrusion Detection, and Security Audit. And interpret the key technologies in the solutions particularly. The key technologies includes the design of the unified security management platform, the design of distributed deploy of intrusion detection devices, the design of the interaction of intrusion detection and attack protection, and the design of intrusion detection and security auditing based on the honeypot net. And finally give a simple calculation and analysis of this solution.Finally, this paper introduces the deploy process of SCPDA network security solutions of Research Institute. First analyzes the network topology and the application-layer security needs of Research Institute. And point out some principle of network security. Then introduces the SCPDA network security solution’s deploy process particularly.This paper is mainly focused on network security solutions on application layer, analyzed application layer security situation, and put forward a security solution that adapt to the current network environment, and introduces the deploy process of SCPDA network security solutions of Research Institute. This network security solution is suitable for medium and large enterprises, and can provide the reference for the enterprise when making network security upgrades, network planning and deployment.