基于信息系统等级保护下安全巡检系统的研究与设计
|
摘要
从1994年开始,我国在信息安全的领域里面已经慢慢逐步建立起来等级保护制度,并在实践中逐步制订了相关法律法规已经相关等级保护的技术标准。随着等级保护制度在各行各业中进一步的推进,等级保护中所要求的安全巡检作用也越来越重要。安全巡检为等级保护工作在安全运行与维护工作中对系统进行整改设计提供了数据和依据。现在企业的网络环境中,加入了越来越多的安全设备,虽然安全设备的数量不断增加,但这并没有使得网络安全问题得以有效解决,并且系统资产数量庞大,对系统进行安全巡检变成了很复杂的工作。为了能够对单位信息系统中所有设备进行统一的管理,我们提出了来“统一安全巡检管理平台”的研究与开发工作,它是一种在等级保护的要求下进行安全巡检的好办法。
统一安全巡检管理平台采用分布式部署,数据采集代理被部署在客户单位的网络中对信息系统的资产进行数据采集,之后将收集完成的数据回传到安全巡检管理中心进行数据处理,计算客户单位的安全评估风险值,让进行巡检的客户单位能够看到自己信息系统安全状况。能够高效、并且对被采集系统不造成任何负担的数据采集十分重要,并且不能只针对与小规模简单信息系统,也要能够对复杂的信息系统完成安全巡检。于是,本文设计了一种分布式的数据采集框架结构,可以在面对不同的结构和规模下的信息系统进行安全巡检。
本文在针对统一安全巡检管理系统进行了分析和研究之后,以WMIC为核心采集技术,完成了数据采集代理的设计和实现工作。在之后又做了进一步的研究,对之前提出的分布式数据采集框架中的组件间通信、风险评估进行了分析和设计。最后该框架能够在不同的网络环境中使用,并且可以灵活的扩展,并能在安管平台进行统一的管理。
Since1994, in our national security field Classified Protection has been established, as the establishment of Classified Protection, a lot of work has been carried out by government, and some policies, technical standards also have been issued. As the improvement of classified protection in all kinds of industries, safety inspection based on information system classified protection has become more and more important. Safety inspection provides the data and the basis for system corrective actions designed in safe operation and maintenance work of the classified protection. In the enterprise network environment, more security devices have been put in. But the amount of security devices do not fix up the network security problems, because of they have a big number, so inspect all of the devices become a hard and complicated work. To unified manage all of the devices in the enterprise network environment, we propose research and development of Unified Safety Inspection Management Platform(USIMP), USIMP is a good way to solve the information system network security problems.
USIMP adopted distributed deployment, data collection agents deployed in the enterprise network environment, after the collection, all the data will be transferred to USIMP. USIMP will calculate the data and figure out the risk-value, so the enterprise could realize the safe condition of the information system. Efficiently data collection without making a burden to the collected devices is important, and data collection agents should be able to inspect the more complicated network environment. So, we present a distributed agent framework for data collection which could be used in different sizes of network environment.
This paper designed USIMP,and finish up the data collection agents taken WMIC as the core collection technology. Then do the future research, analysis&design the communication between components and calculate the value of risky in the distributed framework of data collection. At the end of the paper, the distributed framework could be used in different network environment, expanded flexibility, and managed unified.
统一安全巡检管理平台采用分布式部署,数据采集代理被部署在客户单位的网络中对信息系统的资产进行数据采集,之后将收集完成的数据回传到安全巡检管理中心进行数据处理,计算客户单位的安全评估风险值,让进行巡检的客户单位能够看到自己信息系统安全状况。能够高效、并且对被采集系统不造成任何负担的数据采集十分重要,并且不能只针对与小规模简单信息系统,也要能够对复杂的信息系统完成安全巡检。于是,本文设计了一种分布式的数据采集框架结构,可以在面对不同的结构和规模下的信息系统进行安全巡检。
本文在针对统一安全巡检管理系统进行了分析和研究之后,以WMIC为核心采集技术,完成了数据采集代理的设计和实现工作。在之后又做了进一步的研究,对之前提出的分布式数据采集框架中的组件间通信、风险评估进行了分析和设计。最后该框架能够在不同的网络环境中使用,并且可以灵活的扩展,并能在安管平台进行统一的管理。
Since1994, in our national security field Classified Protection has been established, as the establishment of Classified Protection, a lot of work has been carried out by government, and some policies, technical standards also have been issued. As the improvement of classified protection in all kinds of industries, safety inspection based on information system classified protection has become more and more important. Safety inspection provides the data and the basis for system corrective actions designed in safe operation and maintenance work of the classified protection. In the enterprise network environment, more security devices have been put in. But the amount of security devices do not fix up the network security problems, because of they have a big number, so inspect all of the devices become a hard and complicated work. To unified manage all of the devices in the enterprise network environment, we propose research and development of Unified Safety Inspection Management Platform(USIMP), USIMP is a good way to solve the information system network security problems.
USIMP adopted distributed deployment, data collection agents deployed in the enterprise network environment, after the collection, all the data will be transferred to USIMP. USIMP will calculate the data and figure out the risk-value, so the enterprise could realize the safe condition of the information system. Efficiently data collection without making a burden to the collected devices is important, and data collection agents should be able to inspect the more complicated network environment. So, we present a distributed agent framework for data collection which could be used in different sizes of network environment.
This paper designed USIMP,and finish up the data collection agents taken WMIC as the core collection technology. Then do the future research, analysis&design the communication between components and calculate the value of risky in the distributed framework of data collection. At the end of the paper, the distributed framework could be used in different network environment, expanded flexibility, and managed unified.
引文
[1]国家互联网应急中心CNCERT互联网安全威胁报告2012.10http://www.cert.org.cn/publish/main/upload/File/20121127monthly10.pdf
[2]中华人民共和国国务院 国务院第147号令 中华人民共和国计算机信息系统安全保护条例1994
[3]国家信息化领导小组 中办发[2003]27号 关于加强信息安全保障工作的意见2003
[4]MDCSoft计算机网络安全应急响应中心-安全事件处置和应急预案服务http://mdcsoft.cn/service/scan.html
[5]庄欣 统一网络安全管理中数据采集代理的设计和实现[D]华中师范大学 2009
[6]鲍伟,王时龙,周锦玉等 基于EDMEF的协作式入侵检测技术研究[J]微处理机2007 28(5):34-37
[7]Mark Nicolett, Kelly M. Kavanagh Magic Quadrant for Security Information and Event Management[R] Garther G00227899 2012
[8]联想网御科技(北京)有限公司 联想网御SOC实践——走中国特色的SOC之路(3)[J]信息安全与通信保密2010(12):49
[9]陈冬雨 安全到底有多全——访启明星辰首席战略官潘柱廷[J]计算机安全2007(9):67-68
[10]绿盟科技 绿盟内容安全管理系统技术白皮书[EB/OL]北京:中联绿盟信息技术有限公司2007
[11]中国国家标准化委员会 信安字[2007]10号 信息系统安全等级保护实施指南2007
[12]中国国家标准化委员会 GB/T 22239-2008 信息系统安全等级保护基本要求2008
[13]天融信 网络管理系统TopNM[EB/OL] http://www.topsec.com.cn/aqcp/aqgl/wlglxttopnm/index.htm
[14]李枫基于控制代理模式的安全管理平台的研究与实现[D] 上海师范大学 2009
[15]搜搜百科数据采集[EB/OL] http://baike.soso.com/v276777.htm?ch=ch.bk.innerlink
[16]孙华东,李艾华基于SOC的便携式巡检仪[J]兵工自动化2007 26(6):83-84
[17]Luigi Coppolino,Salvatore D'Antonio,Valerio Formicola et al Integration of a System for Critical Infrastructure Protection with the OSSIM SIEM Platform:A dam case study[C] Computer Safety, Reliability, and Security 2011:199-212
[181宋言伟,马钦德,张健等信息安全等级保护政策和标准体系综述[J]信息通信技术2010 04(6):58-63
[19]陈伟,周继军,许德武Snort轻量级入侵检测系统全攻略[M]2009年7月第1版北京:北京邮电大学出版社2009.328.978-7-5635-1966-8
[20]Christopher D. Leidigh ETP-307 Internet Messaging Protocols[C] 2005 Embedded Systems Conference-San Francisco (ESC2005) 2005:618-628
[21](missing) LANState Pro 6.0 Offers Visual Network Monitoring with SNMP Trap Support[J] Windows IT Pro 2012 18(1):51-51
[22]openNMS openNMS Docu-overview[EB/OL] http://www.opennms.org/wiki/Docu-overview
[23]Luca Deri,Stefano Suin Practical network security; experiences with ntop[J] Computer Networks 2000 34(6):873-880 DOI:10.1016/S1389-1286(00)00158-4
[24]McShane, M. Reference Resolution Challenges for Intelligent Agents:The Need for Knowledge[J] IEEE intelligent systems 2009 24(4):47-
[25]冯乃勤,段德全,刘行兵等智能Agent核心技术及其在电子商务中的应用研究[Z]河南师范大学河南政法管理干部学院2010
[26]陈志,王汝传,孙力娟等一种无线传感器网络的多Agent系统模型[J]电子学报2007 35(2):240-243
[27]朱其胜我很丑但是我很强大IWMIC,全新的超级命令行工具2003http://d.g. wanfangdata.com.cn/ExternalResource-xdjsj-xby201015025%5e5.aspx
[28]Michael Kofler The Definitive Guide to MySQL5[M] NY:Springer-Verlag 2005
[29]Oracle and/or its affiliates MySQL 5.1 Reference Manual [OL] http://dev.mysql.com/doc/refman/5.1/zh/index.html
[30]吕志军,郑璟,黄皓等高速网络下的分布式实时入侵检测系统[J]计算机研究与发展2004 41(4):667-673
[31]Yi Ping,Jiang Xinghao,Wu Yue Distributed intrusion detection for mobile ad hoc networks[J]系统工程与电子技术(英文版) 2008 19(4):851-859
[32]吕桃霞,刘培玉,郭鸿雁等 结合信息熵的多Agent网络安全审计模型[J]济南大学学报(自然科学版) 2011 25(1):15-18
[33]孙延涛,杨芳南,石志强等 负载均衡的分布式网络管理系统[J]通信学报 2009 30(3):34-41
[34]李志芳,潘军,孙辉等SSL协议及WEB安全实现[J]煤炭技术2011 30(5):116-117
[2]中华人民共和国国务院 国务院第147号令 中华人民共和国计算机信息系统安全保护条例1994
[3]国家信息化领导小组 中办发[2003]27号 关于加强信息安全保障工作的意见2003
[4]MDCSoft计算机网络安全应急响应中心-安全事件处置和应急预案服务http://mdcsoft.cn/service/scan.html
[5]庄欣 统一网络安全管理中数据采集代理的设计和实现[D]华中师范大学 2009
[6]鲍伟,王时龙,周锦玉等 基于EDMEF的协作式入侵检测技术研究[J]微处理机2007 28(5):34-37
[7]Mark Nicolett, Kelly M. Kavanagh Magic Quadrant for Security Information and Event Management[R] Garther G00227899 2012
[8]联想网御科技(北京)有限公司 联想网御SOC实践——走中国特色的SOC之路(3)[J]信息安全与通信保密2010(12):49
[9]陈冬雨 安全到底有多全——访启明星辰首席战略官潘柱廷[J]计算机安全2007(9):67-68
[10]绿盟科技 绿盟内容安全管理系统技术白皮书[EB/OL]北京:中联绿盟信息技术有限公司2007
[11]中国国家标准化委员会 信安字[2007]10号 信息系统安全等级保护实施指南2007
[12]中国国家标准化委员会 GB/T 22239-2008 信息系统安全等级保护基本要求2008
[13]天融信 网络管理系统TopNM[EB/OL] http://www.topsec.com.cn/aqcp/aqgl/wlglxttopnm/index.htm
[14]李枫基于控制代理模式的安全管理平台的研究与实现[D] 上海师范大学 2009
[15]搜搜百科数据采集[EB/OL] http://baike.soso.com/v276777.htm?ch=ch.bk.innerlink
[16]孙华东,李艾华基于SOC的便携式巡检仪[J]兵工自动化2007 26(6):83-84
[17]Luigi Coppolino,Salvatore D'Antonio,Valerio Formicola et al Integration of a System for Critical Infrastructure Protection with the OSSIM SIEM Platform:A dam case study[C] Computer Safety, Reliability, and Security 2011:199-212
[181宋言伟,马钦德,张健等信息安全等级保护政策和标准体系综述[J]信息通信技术2010 04(6):58-63
[19]陈伟,周继军,许德武Snort轻量级入侵检测系统全攻略[M]2009年7月第1版北京:北京邮电大学出版社2009.328.978-7-5635-1966-8
[20]Christopher D. Leidigh ETP-307 Internet Messaging Protocols[C] 2005 Embedded Systems Conference-San Francisco (ESC2005) 2005:618-628
[21](missing) LANState Pro 6.0 Offers Visual Network Monitoring with SNMP Trap Support[J] Windows IT Pro 2012 18(1):51-51
[22]openNMS openNMS Docu-overview[EB/OL] http://www.opennms.org/wiki/Docu-overview
[23]Luca Deri,Stefano Suin Practical network security; experiences with ntop[J] Computer Networks 2000 34(6):873-880 DOI:10.1016/S1389-1286(00)00158-4
[24]McShane, M. Reference Resolution Challenges for Intelligent Agents:The Need for Knowledge[J] IEEE intelligent systems 2009 24(4):47-
[25]冯乃勤,段德全,刘行兵等智能Agent核心技术及其在电子商务中的应用研究[Z]河南师范大学河南政法管理干部学院2010
[26]陈志,王汝传,孙力娟等一种无线传感器网络的多Agent系统模型[J]电子学报2007 35(2):240-243
[27]朱其胜我很丑但是我很强大IWMIC,全新的超级命令行工具2003http://d.g. wanfangdata.com.cn/ExternalResource-xdjsj-xby201015025%5e5.aspx
[28]Michael Kofler The Definitive Guide to MySQL5[M] NY:Springer-Verlag 2005
[29]Oracle and/or its affiliates MySQL 5.1 Reference Manual [OL] http://dev.mysql.com/doc/refman/5.1/zh/index.html
[30]吕志军,郑璟,黄皓等高速网络下的分布式实时入侵检测系统[J]计算机研究与发展2004 41(4):667-673
[31]Yi Ping,Jiang Xinghao,Wu Yue Distributed intrusion detection for mobile ad hoc networks[J]系统工程与电子技术(英文版) 2008 19(4):851-859
[32]吕桃霞,刘培玉,郭鸿雁等 结合信息熵的多Agent网络安全审计模型[J]济南大学学报(自然科学版) 2011 25(1):15-18
[33]孙延涛,杨芳南,石志强等 负载均衡的分布式网络管理系统[J]通信学报 2009 30(3):34-41
[34]李志芳,潘军,孙辉等SSL协议及WEB安全实现[J]煤炭技术2011 30(5):116-117