Introduction of "Bao Qingtian" cyber law enforcement officer in LAN

Management has been a headache since the school built a campus network. Our school has more than 300 computers connected to the Internet through optical fiber cables. Each machine is assigned a fixed reserved IP address and connected to the Internet through a Gateway Router. Computers are distributed across two campuses, including offices, school teachers' dormitories, and off-campus residential buildings. Common problems are: Some teachers modify the IP address of the NIC without permission, resulting in IP address conflict, affecting other teachers to access the Internet; some teachers do not allow unauthorized connection to the network or set up their own Proxy Server Gateway ), several of them use their agents to access the Internet. The electronic lesson preparation room can only make courseware during work hours, but some teachers use it to chat online and play games. multimedia platforms in the classroom are not allowed to access the Internet during non-work hours, some students secretly come back to use it on Saturday and Sunday. After frequent failures of Discipline Education, the leaders told me: you have handled these problems!

I tried to manage a lot of software on the Internet, but these software was either limited in functionality or unstable. It was not until the use of a LAN management software called "Network law enforcement officer" solved these problems. It is just as fair and strict as Bao Qingtian, and is a good helper for LAN Management.

Software Information: cyber law enforcement officer V2.90

Software size: 1646KB

Software language: Simplified Chinese

Software type: shared version

Application Platform: Windows9x/NT/2000/XP

Because I want to monitor the network at any time, I have to install the "cyber law enforcement officer" on the school's Web server. After the software is started, you must set the monitoring scope. Enter the IP address range of the LAN after "specifying the monitoring range": 172.16.1.1 ~ 172.16.2.254, click [Add/modify], and then click [OK]. Figure 1 is displayed on the main software interface ). Soon, the physical IP address, IP address, host name, and other information of the network card used were displayed.

Figure 1

Note: The software cannot be installed on a proxy server, gateway, or other computers.

Do not go online during work hours

To disconnect the e-preparation room from the Internet at the specified time and enable the Intranet, you must first set the school gateway as a key host. Click "Settings> key host", fill in the IP address of the Gateway: 172.16.0.1 after "specify IP", and then press [add] to set the gateway as a key host.

In the user list, right-click the computer in the e-preparation room, select "Set permissions", and select "Allow to connect to the network with specified conditions" in the window shown in figure 2 ", then select "do not allow the following period" after "time period limit ". Next we can set two periods that are not allowed to connect to the network. I will fill in the morning and afternoon work hours, select "prohibit TCP/IP connection to key hosts" under "management mode", and then click [OK]. In this way, the computer in the e-preparation room will be disconnected from the Internet at work time, but it will not affect the use of the Intranet and will no longer require supervision. In contrast, computers in the classroom can only be used during work hours.

Figure 2

Do not come to illegal computers

After the software is used for a period of time, all the computer information will be recorded. Now it's time to reject illegal computer connection. Click "Settings> Default Permissions" in the menu, and select "manage when this user is connected to the network" in the "permission settings" column ", in management mode, select "prohibit TCP/IP connection with all other hosts including key hosts ". In this way, when a new computer is connected to the network, it cannot be connected to other computers, thus prohibiting illegal computer network connection. If you also select "generate IP conflict warning", no matter what IP address is set on this computer, the IP conflict prompt will pop up continuously. The addresses of conflicting NICs are different each time.

If a new valid computer is connected to the network, click "User> register new user" and enter the physical MAC address of the new computer Nic in "NIC address, set the computer permissions as needed.

Note: When you find that you have not registered a computer connected to IOT platform, the computer you use to manage will sound uninterrupted. If you are not in the office, this noise will seriously affect your colleagues' work. Click "Settings> Security Settings" in the menu to disable "enable sound alarm when an illegal user is found, select "send a message to the Administrator when an illegal user is found or another user running the software ". Note that the messenger service must be enabled on this computer to receive an alarm.

Tip: How do I know the physical address of the Nic. Open the DOS window and enter "ipconfig/all". The details of the NIC are displayed. Here, "Physical Address" is followed by the Physical Address of the NIC.

Do not use my address

Although we can use commands to bind the physical address and IP address of the NIC, it is obviously inconvenient to operate on a single computer. Select all users in the user list, right-click and right-click, select "MAC_IP binding", and click the [bind all] button to bind the physical IP address and IP address of the NIC, there is no need to worry about conflicting IP addresses. At the same time, you can also select "prohibit connection to key hosts" under "the above user Violation Management Method". In this way, the computer with a messy IP address will be disconnected from the gateway, unable to access the Internet. If you still have Internet access time requirements for the computer bound to an IP address, you can also set figure 3 here ). Unregistered software cannot be bound in batches, but can only be bound one by one.

Figure 3

Because our IP Address has not been allocated, we need to protect the IP address that is not yet allocated. Click "Settings> IP protection", enter the IP address range to be protected under "set protected IP segments", and click the [add] button, you can add protected IP segments to a total of 64 ). You can use the [delete] button to release these IP address segments.

Do not open an illegal proxy

To prevent users from setting up proxy servers illegally, the software can perform the following settings: Right-click the user list, select "scan all agents", select "scheduled scan", and select a "scheduled interval ", fill in common proxy ports such as 80 and 8080 under "scan the following ports", and select "all servers except the key hosts have enabled the proxy service function ". After the specified time interval, the software scans all machines and automatically disconnects the machines with illegal proxies from the network.

Right-click the user list and select "detect all routers" to scan users who have illegally set up routes. This feature is only available for Enterprise Edition registration.

Tip: select a longer time interval when setting a scheduled scan. During scanning, the software sends more data packets to the network. Too frequent scanning does not have to affect the network speed.

Notes: Notes

1. The software can break through the firewall restrictions and disconnect a user from the network in the LAN. When an illegal user is used, the security of the LAN will be greatly threatened. If you find that someone is constantly accessing your port 55555, and some machines cannot access the Internet for some reason, check whether someone is using it.

2. to manage multiple CIDR blocks, you must directly connect the local machine to multiple CIDR blocks. Otherwise, the software cannot be deployed across routers, gateways, proxy servers, and other devices. If there are multiple network segments separated by routers, route a line from each network segment to a hub and connect the machine running the software to the hub, you can set multiple IP addresses to directly connect to the CIDR blocks. Run the software. You can select these CIDR blocks in the "select monitoring range" dialog box at startup.

3. by default, the software automatically backs up user data files every hour. The default backup directory is "C :\", you can modify this setting in "Data Processing> Backup file data" on the main menu. Otherwise, many files will be generated under the root directory of the C drive. The file names all start with "netrobocop.

4. Normally, after the user stops "disconnected" management, the user should be able to restore the connection immediately, but in some networks, it is necessary to restart the computer or wait for several minutes to connect. In this case, you can click "Settings> other settings" to set the disconnection mode to "one-way disconnection ".

Related Articles]

• Application of next-generation mobile communication technology in Wireless LAN

• Application of POF Optical Fiber System in LAN

• Server Load balancer Technology and Applications in Wireless LAN