网络安全分析与监控平台安全防护关键技术
|
摘要
网络安全分析与监控平台通过收集防火墙、入侵防御系统等网络安全设备的事件日志、安全策略等信息,实现对整个网络的安全分析与监控,因此其安全性尤为重要。为了保障平台安全性,提出多重安全防护机制:利用智能密码钥匙和数字证书,实现高强度的身份鉴别;通过设置多级管理体系,实现管理权限的分割与访问控制;对每一次操作进行日志记录和数字签名,保证操作行为日志的完整性,可用于安全审计与责任追溯;采用秘密共享技术实现对对称密钥的分割存储,以保证安全策略等重要数据备份恢复的安全性。这些安全防护技术的使用,能够有效增强网络安全分析与监控平台的安全性,防止攻击者通过平台获取关键信息,或进行非法篡改等恶意攻击。
In a network security analysis and monitoring platform,various data such as event logs and security policies can be collected from firewalls,intrusion detection systems and other network security systems to acquire the analysis and monitoring of the network.Thus the security of the platform is of great significance. For protecting the platform,several security techniques are proposed. Firstly,USB smart key and digital certificates are used to implement high-security identification. Multi-level management systems are used to acquire privilege division and access control. Every operation can be logged and signed digitally to assure the integrity of the logs for security auditing and traceability. Secret sharing technique is used to store the split symmetric key respectively to assure the security of the backup and restoring of crucial data such as security policies. These security protection techniques can improve the security of the network security analysis and monitoring platform significantly and prevent the attackers from obtaining the crucial information and other attacks such as tampering.
In a network security analysis and monitoring platform,various data such as event logs and security policies can be collected from firewalls,intrusion detection systems and other network security systems to acquire the analysis and monitoring of the network.Thus the security of the platform is of great significance. For protecting the platform,several security techniques are proposed. Firstly,USB smart key and digital certificates are used to implement high-security identification. Multi-level management systems are used to acquire privilege division and access control. Every operation can be logged and signed digitally to assure the integrity of the logs for security auditing and traceability. Secret sharing technique is used to store the split symmetric key respectively to assure the security of the backup and restoring of crucial data such as security policies. These security protection techniques can improve the security of the network security analysis and monitoring platform significantly and prevent the attackers from obtaining the crucial information and other attacks such as tampering.
引文
[1]薛辉,邓军,叶柏龙,等.一种多功能网络监控与防御平台设计与实现[J].网络安全技术与应用,2011(5):67-70.
[2]李春,王之一,杨爽,等.网络流量实时监控及安全分析系统的开发应用[J].电子技术与软件工程,2018(2):47-48.
[3]李菲.网络安全审计及监控系统的设计与实现研究[J].电脑与信息技术,2017,25(6):48-50.
[4]赵文瑞,卢志刚,姜政伟,等.网络安全综合监控系统的设计与实现[J].核电子学与探测技术,2014,34(4):419-424.
[5]宁建创,杨明,梁业裕.基于大数据安全分析的网络安全技术发展趋势研究[J].网络空间安全,2017,8(12):21-24.
[6]宋岩.网络安全综合监控平台中的安全策略分析[J].硅谷,2014(13):176-177.
[7]赵颖,樊晓平,周芳芳,等.网络安全数据可视化综述[J].计算机辅助设计与图形学学报,2014,26(5):687-697.
[8]GHAFIR I,PRENOSIL V,SVOBODA J,et al.A survey on network security monitoring implementations[C].2016 IEEE 4th International Conference on Future Internet of Things and Cloud Workshops(FiCloudW),2016:77-82.
[9]王炜鑫.面向设备集成的网络安全管理平台的设计与实现[D].哈尔滨:哈尔滨工业大学,2016.
[10]霍俊生.基于B/S架构的网络安全监控系统的设计和实现[D].北京:北京邮电大学,2017.
[11]张明德.PKI/CA与数字证书技术大全[M].北京:电子工业出版社,2015.
[12]马臣云,王彦.精通PKI网络安全认证技术与编程实现[M].北京:人民邮电出版社,2008.
[13]汪朝晖,张振峰.SM2椭圆曲线公钥密码算法综述[J].信息安全研究,2016(11):972-982.
[14]王小云,于红波.SM3密码杂凑算法[J].信息安全研究,2016(11):983-994.
[15]吕述望,苏波展,王鹏,等.SM4分组密码算法综述[J].信息安全研究,2016(11):995-1007.
[16]STINSON D.密码学原理与实践[M].第3版.冯登国,等,译.北京:电子工业出版社,2016.
[17]SHAMIR A.How to share a secret[J].Communications of the ACM,1979,22(11):612-613.
[18]DAWSON E,DONOVAN D.The breadth of Shamir's secret-sharing scheme[J].Computers&Security,1994,13:69-78.
[19]庞辽军.秘密共享技术及其应用研究[D].西安:西安电子科技大学,2006.
[20]庞辽军,裴庆祺,李慧贤,等.秘密共享技术及其应用[M].北京:人民邮电出版社,2017.
[2]李春,王之一,杨爽,等.网络流量实时监控及安全分析系统的开发应用[J].电子技术与软件工程,2018(2):47-48.
[3]李菲.网络安全审计及监控系统的设计与实现研究[J].电脑与信息技术,2017,25(6):48-50.
[4]赵文瑞,卢志刚,姜政伟,等.网络安全综合监控系统的设计与实现[J].核电子学与探测技术,2014,34(4):419-424.
[5]宁建创,杨明,梁业裕.基于大数据安全分析的网络安全技术发展趋势研究[J].网络空间安全,2017,8(12):21-24.
[6]宋岩.网络安全综合监控平台中的安全策略分析[J].硅谷,2014(13):176-177.
[7]赵颖,樊晓平,周芳芳,等.网络安全数据可视化综述[J].计算机辅助设计与图形学学报,2014,26(5):687-697.
[8]GHAFIR I,PRENOSIL V,SVOBODA J,et al.A survey on network security monitoring implementations[C].2016 IEEE 4th International Conference on Future Internet of Things and Cloud Workshops(FiCloudW),2016:77-82.
[9]王炜鑫.面向设备集成的网络安全管理平台的设计与实现[D].哈尔滨:哈尔滨工业大学,2016.
[10]霍俊生.基于B/S架构的网络安全监控系统的设计和实现[D].北京:北京邮电大学,2017.
[11]张明德.PKI/CA与数字证书技术大全[M].北京:电子工业出版社,2015.
[12]马臣云,王彦.精通PKI网络安全认证技术与编程实现[M].北京:人民邮电出版社,2008.
[13]汪朝晖,张振峰.SM2椭圆曲线公钥密码算法综述[J].信息安全研究,2016(11):972-982.
[14]王小云,于红波.SM3密码杂凑算法[J].信息安全研究,2016(11):983-994.
[15]吕述望,苏波展,王鹏,等.SM4分组密码算法综述[J].信息安全研究,2016(11):995-1007.
[16]STINSON D.密码学原理与实践[M].第3版.冯登国,等,译.北京:电子工业出版社,2016.
[17]SHAMIR A.How to share a secret[J].Communications of the ACM,1979,22(11):612-613.
[18]DAWSON E,DONOVAN D.The breadth of Shamir's secret-sharing scheme[J].Computers&Security,1994,13:69-78.
[19]庞辽军.秘密共享技术及其应用研究[D].西安:西安电子科技大学,2006.
[20]庞辽军,裴庆祺,李慧贤,等.秘密共享技术及其应用[M].北京:人民邮电出版社,2017.