1. VLAN division
VLAN is a virtual network. Using VLAN technology, terminals or servers of some departments with different physical locations but the same working nature can be divided into a VLAN group, which is both convenient for management and increases network security. For example, the headquarters and secondary units in different places can be divided into the same VLAN group. There can be one to more VLANs in each subnet, and no molecular networking can be divided into VLANs.
There are three methods to divide VLANs: divided by switch ports, divided by network protocols used, and divided by MAC address.
According to MAC address classification, it is mainly used in the field of mobile office, and according to network protocol classification, it is mainly used in the coexistence of multiple network protocols. According to the technical characteristics of the Internet cafe, the machine position and interface are relatively fixed, and the network is dominated by the TCP/IP protocol. We choose to divide the machine into VLANs for interfaces according to different uses and areas.
2. ACL settings
ACL is an access control list. In ACL, you can set the IP address, protocol type, port number, etc. that need to be blocked. This is a network security management tool implemented on the router. According to national regulations, the IP addresses of the corresponding websites are blocked in the ACL, such as yellow, reactionary sites.
3. Use port mirroring technology:
Port mirroring technology is a technology that uses a divided port to monitor a specified port at any time.
Port mirroring technology is used on the switch side, which realizes the monitoring function of connecting to external network ports, and monitors and limits the browsing of illegal websites to the greatest extent.
4. Monitoring within LAN:
Install professional-level monitoring software inside the LAN, such as WORKS2000 and SNIFFER, to achieve real-time monitoring of the internal LAN, and quickly discover problems such as *s, worms and illegal bandwidth preemption.
5. Firewall
Install a firewall on the VOD server and fee-based server in Internet cafes to protect them from illegal attacks and ensure their normal work.
6. Antivirus software
Install real-time monitoring antivirus software on each machine and update the virus database on time.
VLAN is a virtual network. Using VLAN technology, terminals or servers of some departments with different physical locations but the same working nature can be divided into a VLAN group, which is both convenient for management and increases network security. For example, the headquarters and secondary units in different places can be divided into the same VLAN group. There can be one to more VLANs in each subnet, and no molecular networking can be divided into VLANs.
There are three methods to divide VLANs: divided by switch ports, divided by network protocols used, and divided by MAC address.
According to MAC address classification, it is mainly used in the field of mobile office, and according to network protocol classification, it is mainly used in the coexistence of multiple network protocols. According to the technical characteristics of the Internet cafe, the machine position and interface are relatively fixed, and the network is dominated by the TCP/IP protocol. We choose to divide the machine into VLANs for interfaces according to different uses and areas.
2. ACL settings
ACL is an access control list. In ACL, you can set the IP address, protocol type, port number, etc. that need to be blocked. This is a network security management tool implemented on the router. According to national regulations, the IP addresses of the corresponding websites are blocked in the ACL, such as yellow, reactionary sites.
3. Use port mirroring technology:
Port mirroring technology is a technology that uses a divided port to monitor a specified port at any time.
Port mirroring technology is used on the switch side, which realizes the monitoring function of connecting to external network ports, and monitors and limits the browsing of illegal websites to the greatest extent.
4. Monitoring within LAN:
Install professional-level monitoring software inside the LAN, such as WORKS2000 and SNIFFER, to achieve real-time monitoring of the internal LAN, and quickly discover problems such as *s, worms and illegal bandwidth preemption.
5. Firewall
Install a firewall on the VOD server and fee-based server in Internet cafes to protect them from illegal attacks and ensure their normal work.
6. Antivirus software
Install real-time monitoring antivirus software on each machine and update the virus database on time.