摘要
随着网络时代的飞速发展,Internet和Intranet日益普及,网络安全问题也
日益突出,如何在开放网络环境中保证数据和系统的安全性已经成为众多业内
人士关心的问题,并越来越迫切和重要。虽然目前对安全技术的研究也越来越
深入,但目前的技术研究重点都放在了某一个单独的安全技术上,却很少考虑
如何对各种安全技术加以整合,构建一个完整的网络安全防御系统。
本论文以作者的实际工作为基础,重点论述了构建一个网络安全防御系统
的方案设计和实现过程。
在方案设计部分,本文重点论述了设计过程中的两个关键阶段,即安全策
略与风险分析,在安全策略部分中详细描述了作者在设计一个完整的网络防御
系统中所考虑的方方面面,而风险分析部分则以生动的实例说明了如何分析一
个系统所面临的风险并将其量化的过程和算法。
在实现部分,本文重点论述了作者所设计的网络安全防御系统采用的网络
拓扑结构及其中采用的各种安全技术和安全产品的具体细节。最后则详细描述
了该网络安全防御系统中的一个重要组件—网络安全监测仪的功能及技术细
节,以及为其可用性而开发的远程控制台,并在此基础上提出了安全监控中心
的概念及实现计划。
With the development of network society and the extension of
internet and intranet,the problem of network security becomes more and
more acute,and how to protect the data and system in the open network
environment has became a more and more important and imminent
question.Although the research about the security technology has also
gained some achievement,but most of them put their emphasis on one
kind of security technology,few consider how to integrate all kind of
security technology into one perfect network security defense system.
This thesis discusses the design and implement process of a network
security defense system on the basis of the work of author own.
In the part of design ,this thesis put the emphasis on the critical phasis
of design process,they are security diplomatic and risk analysis.The part
of security diplomatic discuss every aspect need to consider when design
a network security defense system.and the part of risk analysis discuss
how to analysis the risk of a network system and how to quantify it.
In the part of implement ,this thesis put the emphasis on the security
topology of network and all kinds of security technology adopt in this
security network envirionment.then this thesis discuss the important
component of this network security defense system-network security
monitor,include its function and detail of its technology,at last, this thesis
discuss the remote control panel of the network security monitor,and
present the concept of security monitor center.
引文
1. Sean boran, Security cook book, 1996-2000
2. Clinton Pierce,Perl 24小时编程,机械工业出版社
3. 严望佳,黑客分析与防范技术,清华大学出版社
4. HackersLab, N-Patrol System Managed Security Service, Warren Wang, Byung-Hak Kim, October, 2000
5. Chris Hare,Karanjit Siyan,Internet防火墙与网络安全,机械工业出版社
6. 拉斯.克兰德,挑战黑客-网络安全的最终解决方案,电子工业出版社
7. Mc.clure, Secmbary, Kurtz, Hacker Exposed, OSBORNE
8. (美)匿名,MAXIM SECURITY,机械工业出版社
9. 张建军,风险管理与信息系统安全工程
10. Marcus Ranum "Intrusion Detection System Expections,Ideals and Realities",Computer Security Journal,Volume XIV, Number 4
11. Michelle Maxim Security, A Hacker's Guide to Protecting Your Internet Site and Network
12. Steve Lodin "Intrusion Detection Product Evaluation Criteria",Computer Security Journal, Volume XIV, Number 2
13. Brochure "IT Security-It's your business, A business guide to ITSEC" ,DTI (UK ITSEC scheme)
14. ITSEC Information Technology Security Evaluation Criteria F/GB/D/ NL Local copy June 1991
15. Firewalls Internet and Security Cheswick / Bellovin 1994
16. Risk Management is Where the Money Is Daniel E. Geer Nov.98
17. www.cert.org
18. www. security focus .com
19. mitre.cve.org
20. www.nsfocus.com