基于远程评估分析的政务系统安全防护研究
|
摘要
政府的政务系统承载着大量的重要信息,由于专业人员和技术力量缺乏等因素的影响,政务系统存在着大量安全漏洞,发现漏洞、评估风险、修复漏洞和系统加固成为保护政务系统安全有效防护过程,漏洞和风险评估成为保护系统安全的基础条件,基于分析安全风险为基础发现政务系统存在的安全漏洞和安全威胁,以安全防护技术和《网络安全法》等为基础提出安全防护体系模型。实验结果表明,通过远程评估分析发现系统中隐藏的安全漏洞,有针对性地进行系统加固和增加安全防护设备可以有效提高系统安全性。
person and other factors,there are many security vulnerabilities in server system of government,find out vulnerabilities,risk assessment,repair vulnerabilities and system reinforcement become the safe and effective protection process of government system,Vulnerability and risk assessment become the basic condition to protect system security,based on the analysis of security risk,we find vulnerabilities and security threats in government system,with safety protection technology and network security law,a security protection system model is proposed.The experimental results show that we find out vulnerabilities in the system through remote assessment and analysis,we can effectively improve system safety through system reinforcement and additional safety protection devices.
person and other factors,there are many security vulnerabilities in server system of government,find out vulnerabilities,risk assessment,repair vulnerabilities and system reinforcement become the safe and effective protection process of government system,Vulnerability and risk assessment become the basic condition to protect system security,based on the analysis of security risk,we find vulnerabilities and security threats in government system,with safety protection technology and network security law,a security protection system model is proposed.The experimental results show that we find out vulnerabilities in the system through remote assessment and analysis,we can effectively improve system safety through system reinforcement and additional safety protection devices.
引文
[1]陈燕群,王海燕.涉密计算机信息安全使用管理探析[J].电脑知识与技术,2017,13(23).
[2]刘聪林.电子政务系统安全性研究[J].电脑知识与技术,2010,6(4):第841-842.
[3]王淼,凌捷,郝彦军.电子政务系统安全域划分技术的研究与应用[J].计算机工程与科学,2010,32(8):52-55.
[4]王清,.0day安全:软件漏洞分析技术(第2版)[M].北京:电子工业出版社,2013.
[5]Murali G,et al.Network security scanner[J].International Journal of Computer Technology&Applications,2011,02(06).
[6]康峰.网络漏洞扫描系统的研究与设计[J].电脑开发与应用,2006,19(10):27-28.
[7]Lipp,M.,et al.,Meltdown[J].2018.
[8]Kocher P,et al.,Spectre Attacks:Exploiting Speculative Execution[J].2018.
[9]OWASP,OWASP Top 10 2017 Released The Ten Most Critical Web Application Security Risks[R].2017.
[10]Vieira,M.,N.Antunes and H.Madeira,Using web security scanners to detect vulnerabilities in web services[J].2009:566-571.
[11]Microsoft.Order of Windows Firewall with Advanced Security Rules Evaluation.https://docs.microsoft.com/en-us/previousversions/windows/it-pro/windows-server-2008-R2-and-2008/cc755191(v=ws.10)
[2]刘聪林.电子政务系统安全性研究[J].电脑知识与技术,2010,6(4):第841-842.
[3]王淼,凌捷,郝彦军.电子政务系统安全域划分技术的研究与应用[J].计算机工程与科学,2010,32(8):52-55.
[4]王清,.0day安全:软件漏洞分析技术(第2版)[M].北京:电子工业出版社,2013.
[5]Murali G,et al.Network security scanner[J].International Journal of Computer Technology&Applications,2011,02(06).
[6]康峰.网络漏洞扫描系统的研究与设计[J].电脑开发与应用,2006,19(10):27-28.
[7]Lipp,M.,et al.,Meltdown[J].2018.
[8]Kocher P,et al.,Spectre Attacks:Exploiting Speculative Execution[J].2018.
[9]OWASP,OWASP Top 10 2017 Released The Ten Most Critical Web Application Security Risks[R].2017.
[10]Vieira,M.,N.Antunes and H.Madeira,Using web security scanners to detect vulnerabilities in web services[J].2009:566-571.
[11]Microsoft.Order of Windows Firewall with Advanced Security Rules Evaluation.https://docs.microsoft.com/en-us/previousversions/windows/it-pro/windows-server-2008-R2-and-2008/cc755191(v=ws.10)