安全运维平台关键技术的研究与实现
|
摘要
现如今,我们处于一个信息技术飞速发展的时代,在这个时代中,各行业各组织的业务都在不断扩大,信息化建设的程度也在日益提高。然而多数企业为了配合其高速发展的业务,往往在信息化建设时缺少整体规划,在满足了业务需要的同时,却简化了安全需求。如何在保障企业业务连续性与可靠性的情况下,尽可能的减少网络安全威胁,是企业最关心的问题。
近年来,针对日趋复杂,层出不穷的网络安全问题,企业内部先后部署了统一威胁管理系统、防火墙、入侵检测系统、防病毒系统、漏洞扫描系统等,构建起大量的安全防线。这些安全产品在企业发展初期通常都能满足其安全需要,然而随着企业业务的发展,安全防线就变成为安全产品的简单堆砌,缺乏有效的统一管理调度机制,无法协作,因而不能充分发挥各类设备的功效。更为严重地,这些复杂的IT资源设备及其安全防御设施在运行过程中会不断产生数量庞大的安全日志和事件,其中又可能会存在大量的误报以及部分漏报。同时,有限的安全管理人员需要了解不同设备及系统的管理方法,在各种产品的管理平台上查看监控面板,审查告警事件,执行处理流程,填写结果报告,然而这些工作都可能因为处理告警重复,解决流程复杂,无法考核工作结果等导致工作效率低下,难以真正保障企业的信息安全。
本文在对企业信息安全管理的现状及安全管理平台的发展进行介绍和分析的基础上,指出传统安全管理平台的局限性,并结合安全运维管理体系,设计出一种针对业务的新型安全运维平台,详细描述了其架构及功能组成,并对其中的多源异构设备的数据采集及标准化技术、多安全域下的地图动态报警技术、流程化的安全运维进行设计、实现与测试。
多源异构设备的数据采集及标准化在监控中心的安全事件管理模块中,本文主要对该模块中数据采集的流程及字段标准进行设计与实现,并测试其结果。多安全域下的地图动态报警主要分布在运维中心的配置管理及监控中心的视图管理模块中,包括地图的配置以及报警在地图上显示,本文主要实现通过资产注册管理及地图配置管理后,将针对资产的报警快速的显示在地图上。流程化的安全运维在运维中心的工单管理以及预警告警模块中,本文对业务处理的各项流程进行了设计与实现。这些关键技术的研究与实现让新型安全运维平台更加优越于传统安全管理平台,最后在实践中也证明其不仅能保证网络安全,而且具有更好的用户体验。
Now, we are in an age of accelerating of information technology, various industry organizations are expanding business in this day and age, the degree of information construction is also increasing. However, the majority of enterprises in order to cope with the rapid development of business, often lacking in information construction overall planning, at the same time to meet the business needs, but to simplify the security needs. How to protect the enterprise business continuity and reliability, as much as possible to reduce network security threats, companies are most concerned about the issues.
In recent years, to solve the increasing complexity of the emerging network security issues, within the enterprise has deployed a unified threat management system, firewall, intrusion detection systems, anti-virus systems, vulnerability scanning system, built up a large number of security defenses. These security products in the early development of enterprises can usually meet their security needs, however, with the development of the enterprise business, security, defense becomes a simple pile of security products, the lack of effective management and dispatching mechanism can't collaborate, and therefore can't give full play the effectiveness of various types of equipment. More serious, complex IT resources and facilities and its security defense facilities during operation will continue to produce a large number of security logs and events, which may be the presence of a large number of false positives and false negatives. In the same time, the limited security managers need to understand the different devices and systems management monitoring panel, in various product management platform to see and review alarm events, perform processing process, fill out a report on the results of these efforts, however, probably because the alarm repeat, process complicated and can't be assessing the results of the work lead to inefficiency, it is difficult to really protect the enterprise's information security.
In this paper, on the basis of the presentation and analysis of the Current Situation of enterprise information security management and security management platform, pointed out the limitations of traditional security management platform, and combined with the safe operation and maintenance management system, design a business for new, safe operation and maintenance platform. Then detailed describe the structure and function, and multi-source data collection and standardization of heterogeneous devices, multi-domain dynamic map alarm technology, the safe operation of the process of dimensional design, with the test.
Multi-source heterogeneous data collection and standardization of equipment in the security monitoring center in the event management module, this paper, the module in the data collection process and field standards of design and realization, and testing its results. Map multi-domain dynamic alarm is mainly distributed in the view of the management module in the operation and maintenance center configuration management and monitoring center, including the configuration of the map and the alarm display on the map, this article is mainly to achieve asset registries, maps configuration management, and alarm displayed in real time on the map. The process of the security operation and maintenance is in the order management and early warning alarm module of the center of the operation and maintenance work, this paper focuses on the flow of business processes Design and Implementation. Research and Implementation of these key technologies for new, safe operation and maintenance platform is superior to the traditional security management platform, and finally in practice proved not only to ensure the safety of the network, but also has a better user experience.
近年来,针对日趋复杂,层出不穷的网络安全问题,企业内部先后部署了统一威胁管理系统、防火墙、入侵检测系统、防病毒系统、漏洞扫描系统等,构建起大量的安全防线。这些安全产品在企业发展初期通常都能满足其安全需要,然而随着企业业务的发展,安全防线就变成为安全产品的简单堆砌,缺乏有效的统一管理调度机制,无法协作,因而不能充分发挥各类设备的功效。更为严重地,这些复杂的IT资源设备及其安全防御设施在运行过程中会不断产生数量庞大的安全日志和事件,其中又可能会存在大量的误报以及部分漏报。同时,有限的安全管理人员需要了解不同设备及系统的管理方法,在各种产品的管理平台上查看监控面板,审查告警事件,执行处理流程,填写结果报告,然而这些工作都可能因为处理告警重复,解决流程复杂,无法考核工作结果等导致工作效率低下,难以真正保障企业的信息安全。
本文在对企业信息安全管理的现状及安全管理平台的发展进行介绍和分析的基础上,指出传统安全管理平台的局限性,并结合安全运维管理体系,设计出一种针对业务的新型安全运维平台,详细描述了其架构及功能组成,并对其中的多源异构设备的数据采集及标准化技术、多安全域下的地图动态报警技术、流程化的安全运维进行设计、实现与测试。
多源异构设备的数据采集及标准化在监控中心的安全事件管理模块中,本文主要对该模块中数据采集的流程及字段标准进行设计与实现,并测试其结果。多安全域下的地图动态报警主要分布在运维中心的配置管理及监控中心的视图管理模块中,包括地图的配置以及报警在地图上显示,本文主要实现通过资产注册管理及地图配置管理后,将针对资产的报警快速的显示在地图上。流程化的安全运维在运维中心的工单管理以及预警告警模块中,本文对业务处理的各项流程进行了设计与实现。这些关键技术的研究与实现让新型安全运维平台更加优越于传统安全管理平台,最后在实践中也证明其不仅能保证网络安全,而且具有更好的用户体验。
Now, we are in an age of accelerating of information technology, various industry organizations are expanding business in this day and age, the degree of information construction is also increasing. However, the majority of enterprises in order to cope with the rapid development of business, often lacking in information construction overall planning, at the same time to meet the business needs, but to simplify the security needs. How to protect the enterprise business continuity and reliability, as much as possible to reduce network security threats, companies are most concerned about the issues.
In recent years, to solve the increasing complexity of the emerging network security issues, within the enterprise has deployed a unified threat management system, firewall, intrusion detection systems, anti-virus systems, vulnerability scanning system, built up a large number of security defenses. These security products in the early development of enterprises can usually meet their security needs, however, with the development of the enterprise business, security, defense becomes a simple pile of security products, the lack of effective management and dispatching mechanism can't collaborate, and therefore can't give full play the effectiveness of various types of equipment. More serious, complex IT resources and facilities and its security defense facilities during operation will continue to produce a large number of security logs and events, which may be the presence of a large number of false positives and false negatives. In the same time, the limited security managers need to understand the different devices and systems management monitoring panel, in various product management platform to see and review alarm events, perform processing process, fill out a report on the results of these efforts, however, probably because the alarm repeat, process complicated and can't be assessing the results of the work lead to inefficiency, it is difficult to really protect the enterprise's information security.
In this paper, on the basis of the presentation and analysis of the Current Situation of enterprise information security management and security management platform, pointed out the limitations of traditional security management platform, and combined with the safe operation and maintenance management system, design a business for new, safe operation and maintenance platform. Then detailed describe the structure and function, and multi-source data collection and standardization of heterogeneous devices, multi-domain dynamic map alarm technology, the safe operation of the process of dimensional design, with the test.
Multi-source heterogeneous data collection and standardization of equipment in the security monitoring center in the event management module, this paper, the module in the data collection process and field standards of design and realization, and testing its results. Map multi-domain dynamic alarm is mainly distributed in the view of the management module in the operation and maintenance center configuration management and monitoring center, including the configuration of the map and the alarm display on the map, this article is mainly to achieve asset registries, maps configuration management, and alarm displayed in real time on the map. The process of the security operation and maintenance is in the order management and early warning alarm module of the center of the operation and maintenance work, this paper focuses on the flow of business processes Design and Implementation. Research and Implementation of these key technologies for new, safe operation and maintenance platform is superior to the traditional security management platform, and finally in practice proved not only to ensure the safety of the network, but also has a better user experience.
引文
[1]刘文良.对统一威胁管理模型的研究[J].信息安全与技术,2010-9.
[2]胡喆骞,杨璐.终端安全管理系统的研究与应用[J].信息安全与技术,2011-1.
[3]黄作明,张金城,丛秋实.信息系统审计的研究.中国会计学会审计专业委员会2010年学术年会论文集.
[4]吴笛.萨班斯法案指引下的信息技术内部控制研究[D].厦门大学硕士学位论文,2008.
[5]沈昌祥,左晓栋.信息安全等级保护的焦点[J].信息安全与保密通信,2004-4.
[6]蔡晶.基于ITIL的企业安全运维管理系统设计[D].复旦大学硕士学位论文,2010.
[7]Shuhong Yuan, Chijia Zou. The security operations center based on correlation analysis. Communication Software and Networks (ICCSN),2011 IEEE 3rd International Conference on.
[8]罗睿.统一网络安全管理平台关键技术的研究[D].华中师范大学硕士学位论文,2007.
[9]Zhao LL Research of Information Security Risk Management Based on Statistical Learning Theory. Computer Science-Technology and Applications,2009. IFCSTA'09.
[10]Modiri, N. Information Security Management, Computational Intelligence and Communication Networks (CICN),2011 International Conference on.
[11]Jian Zhang, Wei-hua Yuan, Wen-jing Qi Research on security management and control system of information system in IT governance. Computer Science and Service System (CSSS),2011 International Conference on.
[12]Yazdanifard.R.; Musa,M.G.; Molamu,T. The Basics Issues on the Security Information Management Practices in Organizational Environment. Management and Service Science (MASS),2011 International Conference on.
[13]李伟伟.而向业务的安全管理平台研究与实现[D].曲阜师范大学硕士学位论文,2012.
[14]马倩.基于SOA的安全管理平台研究[D].曲阜师范大学硕士学位论文,2012.
[15]GB/T 20894-2007.信息安全技术信息安全风险评估规范.中华人民共和国国家标准,2007.
[16]JR/T 0067-2011.证券期货业信息系统安全等级保护基本要求(试行).中华人民共和国金融行业标准,2011.
[17]王凯.金融、电信、政府行业网络安全管理[J].安防科技,2003-5.
[18]于春会,李昇.面向公安行业的信息系统安全管理系统研究[J].信息安全与保密通信,2009-9.
[19]李明明.统一网络安全管理数据采集与分析系统的研究与实践[D].东华大学硕士学位论文,2010.
[20]彭琪.统一网络安全管理系统中数据采集关键技术的研究[D].华中师范大学硕士学位论文,2008.
[21]庄欣.统一网络安全管理中数据采集代理的设计和实现[D].华中师范大学硕士学位论文,2009.
[22]吕建周,曹元大,薛静锋.安全管理平台中的日志数据格式统一与融合[J].电脑开发与应用,2003-4.
[23]周志波.结合安全域的思想建设安全运营中心[J].信息安全与保密通信,2006-6.
[24]笋大伟.一种新型信息安全管理平台的设计与实现[D].北京邮电大学硕士学位论文, 2008.
[25]周毅喆.基于SOC的安全运维中心的分析与实现[D].北京邮电大学硕士学位论文,2010.
[26]徐金伟,宋建平.对国内安全管理平台研发现状的分析与建议[J].计算机安全,2008-1.
[27]赵斌,王亚弟,徐宁,李立新.网络安全运营中心关键技术研究[J].计算机工程与设计,2009-9.
[28]王雪芳,薛红荣.基于深层数据集成的统一网络安全管理关键技术研究[J].产业与科技论坛,2011-10.
[29]史简,郭山清,谢立.统一网络安全管理平台的研究与实现[J].计算机应用研究,2006.
[30]Chenghua Tang, Yi Xie. Description and Reasoning of Security Policy in Information System Based on Security Domain. Information Engineering and Electronic Commerce (IEEC),2010 2nd International Symposium on.
[31]Yan Hui, Han Weijie, Wang Yu. Research about solution for network security based on security domain. Computer Design and Applications (ICCDA),2010 International Conference on.
[32]Zhao,J; Sanchez.L; Condell,M; Lynn,C; Fredette,M; Kent,S. Domain based Internet security policy management. DARPA Information Survivability Conference and Exposition,2000. DISCEX'00. Proceedings.
[33]Smart,J. Integrated workstations for reliable, site-independent security monitoring and control. Security Technology,1988. Crime Countermeasures, Proceedings. Institute of Electrical and Electronics Engineers 1988 International Carnahan Conference on.
[34]Su Li, Qian Mo, Jianjun Zhou. A Component-Based GIS System for Policy Applied to Alarm Receipt and Disposal. Computer Science and Software Engineering,2008 International Conference on.
[35]张海亮.威胁型安全域划分指标及方法的研究和案例分析[D].重庆大学硕士学位论文,2007.
[36]张智杰.安全域划分关键理论与应用实现[D].昆明理工大学硕士学位论文,2008.
[37]张蓓,冯梅,靖小伟,刘明新.基于安全域的企业网络安全防护体系研究[J].计算机安全,2010-4.
[38]于慧龙.浅谈大型信息系统的安全域划分与等级保护建设[J].数字石油和化工,2006-5.
[39]Yi Niu, Quanju zhang, Hong Peng. Security Operation Center Based on Immune System. Computational Intelligence and Security Workshops,2007. CISW 2007. International Conference on.
[40]Kerin,Uros; Balaurescu.Rodica; Lazar.Felicia; Krebs,Rainer; Balasiu,Florin. Dynamin security assessment in system operation and planning-First experiences. Power and Energy Society General Meeting,2012 IEEE.
[41]刘兰.网络安全事件管理关键技术研究[D].华中科技大学博士学位论文,2007.
[42]郭巍.基于ITIL的电子政务IT运维服务支持流程的设计与实现[D].北京邮电大学硕士学位论文,2009.
[43]郎风华.基于人工智能理论的网络安全管理关键技术的研究[D].北京邮电大学博士学位论文,2008.
[44]王慧.网络安全管理平台的设计与实现[D].哈尔滨工程大学硕士学位论文,2006.
[45]陈思璐.一种分布式网络安全管理平台的设计与实现[D].北京邮电大学硕士学位论文,2008.
[46]王箐梅.综合安全管理平台权限管理的研究与实现[D].北京邮电大学硕士学位论文,2009.
[47]黄凯.电力行业信息安全管理平台的研究与应用[D].上海交通大学硕士学位论文,2007.
[48]王云龙,冯凯,游雄.电子政务中网络安全管理平台的关键技术[J].测绘科学,2005-2.
[49]杨杉,李云雄,曹波,高飞.基于IS013335的信息安全管理平台[J].信息安全与保密通信,2010-10.
[50]刘光伟.基于ITIL的企业信息化运行体系再设计[J].信息技术,2012-8.
[51]张李义,涂晓帆.基于ITIL的信息化运维管理平台[J].科学研究,International Conference on Engineering and Business Management (EBM 2010).
[521庞玉东,樊少明.基于ITIL的中国石油IT运维管理体系研究[J].信息技术与标准化,2012-8.
[53]温辉,徐开勇,赵斌,汪滨.网络安全事件关联分析及主动响应机制的研究[J].计算机应用与软件,2010-4.
[54]谢玉峰,梁铁柱,郑连清.网络安全综合管理平台的设计与实现[J].通信技术,2009-4.
[55]郑伟,刘旭,郑方方,郑来波.一体化信息安全管理平台设计与建设[J].数字技术与应用.
[56]李长征.国家部委IT运维管理体系案例[J].电子政务,2008-12.
[57]邢戈,张玉清,冯登国.网络安全管理平台研究[J].计算机工程,2004,137(3).
[2]胡喆骞,杨璐.终端安全管理系统的研究与应用[J].信息安全与技术,2011-1.
[3]黄作明,张金城,丛秋实.信息系统审计的研究.中国会计学会审计专业委员会2010年学术年会论文集.
[4]吴笛.萨班斯法案指引下的信息技术内部控制研究[D].厦门大学硕士学位论文,2008.
[5]沈昌祥,左晓栋.信息安全等级保护的焦点[J].信息安全与保密通信,2004-4.
[6]蔡晶.基于ITIL的企业安全运维管理系统设计[D].复旦大学硕士学位论文,2010.
[7]Shuhong Yuan, Chijia Zou. The security operations center based on correlation analysis. Communication Software and Networks (ICCSN),2011 IEEE 3rd International Conference on.
[8]罗睿.统一网络安全管理平台关键技术的研究[D].华中师范大学硕士学位论文,2007.
[9]Zhao LL Research of Information Security Risk Management Based on Statistical Learning Theory. Computer Science-Technology and Applications,2009. IFCSTA'09.
[10]Modiri, N. Information Security Management, Computational Intelligence and Communication Networks (CICN),2011 International Conference on.
[11]Jian Zhang, Wei-hua Yuan, Wen-jing Qi Research on security management and control system of information system in IT governance. Computer Science and Service System (CSSS),2011 International Conference on.
[12]Yazdanifard.R.; Musa,M.G.; Molamu,T. The Basics Issues on the Security Information Management Practices in Organizational Environment. Management and Service Science (MASS),2011 International Conference on.
[13]李伟伟.而向业务的安全管理平台研究与实现[D].曲阜师范大学硕士学位论文,2012.
[14]马倩.基于SOA的安全管理平台研究[D].曲阜师范大学硕士学位论文,2012.
[15]GB/T 20894-2007.信息安全技术信息安全风险评估规范.中华人民共和国国家标准,2007.
[16]JR/T 0067-2011.证券期货业信息系统安全等级保护基本要求(试行).中华人民共和国金融行业标准,2011.
[17]王凯.金融、电信、政府行业网络安全管理[J].安防科技,2003-5.
[18]于春会,李昇.面向公安行业的信息系统安全管理系统研究[J].信息安全与保密通信,2009-9.
[19]李明明.统一网络安全管理数据采集与分析系统的研究与实践[D].东华大学硕士学位论文,2010.
[20]彭琪.统一网络安全管理系统中数据采集关键技术的研究[D].华中师范大学硕士学位论文,2008.
[21]庄欣.统一网络安全管理中数据采集代理的设计和实现[D].华中师范大学硕士学位论文,2009.
[22]吕建周,曹元大,薛静锋.安全管理平台中的日志数据格式统一与融合[J].电脑开发与应用,2003-4.
[23]周志波.结合安全域的思想建设安全运营中心[J].信息安全与保密通信,2006-6.
[24]笋大伟.一种新型信息安全管理平台的设计与实现[D].北京邮电大学硕士学位论文, 2008.
[25]周毅喆.基于SOC的安全运维中心的分析与实现[D].北京邮电大学硕士学位论文,2010.
[26]徐金伟,宋建平.对国内安全管理平台研发现状的分析与建议[J].计算机安全,2008-1.
[27]赵斌,王亚弟,徐宁,李立新.网络安全运营中心关键技术研究[J].计算机工程与设计,2009-9.
[28]王雪芳,薛红荣.基于深层数据集成的统一网络安全管理关键技术研究[J].产业与科技论坛,2011-10.
[29]史简,郭山清,谢立.统一网络安全管理平台的研究与实现[J].计算机应用研究,2006.
[30]Chenghua Tang, Yi Xie. Description and Reasoning of Security Policy in Information System Based on Security Domain. Information Engineering and Electronic Commerce (IEEC),2010 2nd International Symposium on.
[31]Yan Hui, Han Weijie, Wang Yu. Research about solution for network security based on security domain. Computer Design and Applications (ICCDA),2010 International Conference on.
[32]Zhao,J; Sanchez.L; Condell,M; Lynn,C; Fredette,M; Kent,S. Domain based Internet security policy management. DARPA Information Survivability Conference and Exposition,2000. DISCEX'00. Proceedings.
[33]Smart,J. Integrated workstations for reliable, site-independent security monitoring and control. Security Technology,1988. Crime Countermeasures, Proceedings. Institute of Electrical and Electronics Engineers 1988 International Carnahan Conference on.
[34]Su Li, Qian Mo, Jianjun Zhou. A Component-Based GIS System for Policy Applied to Alarm Receipt and Disposal. Computer Science and Software Engineering,2008 International Conference on.
[35]张海亮.威胁型安全域划分指标及方法的研究和案例分析[D].重庆大学硕士学位论文,2007.
[36]张智杰.安全域划分关键理论与应用实现[D].昆明理工大学硕士学位论文,2008.
[37]张蓓,冯梅,靖小伟,刘明新.基于安全域的企业网络安全防护体系研究[J].计算机安全,2010-4.
[38]于慧龙.浅谈大型信息系统的安全域划分与等级保护建设[J].数字石油和化工,2006-5.
[39]Yi Niu, Quanju zhang, Hong Peng. Security Operation Center Based on Immune System. Computational Intelligence and Security Workshops,2007. CISW 2007. International Conference on.
[40]Kerin,Uros; Balaurescu.Rodica; Lazar.Felicia; Krebs,Rainer; Balasiu,Florin. Dynamin security assessment in system operation and planning-First experiences. Power and Energy Society General Meeting,2012 IEEE.
[41]刘兰.网络安全事件管理关键技术研究[D].华中科技大学博士学位论文,2007.
[42]郭巍.基于ITIL的电子政务IT运维服务支持流程的设计与实现[D].北京邮电大学硕士学位论文,2009.
[43]郎风华.基于人工智能理论的网络安全管理关键技术的研究[D].北京邮电大学博士学位论文,2008.
[44]王慧.网络安全管理平台的设计与实现[D].哈尔滨工程大学硕士学位论文,2006.
[45]陈思璐.一种分布式网络安全管理平台的设计与实现[D].北京邮电大学硕士学位论文,2008.
[46]王箐梅.综合安全管理平台权限管理的研究与实现[D].北京邮电大学硕士学位论文,2009.
[47]黄凯.电力行业信息安全管理平台的研究与应用[D].上海交通大学硕士学位论文,2007.
[48]王云龙,冯凯,游雄.电子政务中网络安全管理平台的关键技术[J].测绘科学,2005-2.
[49]杨杉,李云雄,曹波,高飞.基于IS013335的信息安全管理平台[J].信息安全与保密通信,2010-10.
[50]刘光伟.基于ITIL的企业信息化运行体系再设计[J].信息技术,2012-8.
[51]张李义,涂晓帆.基于ITIL的信息化运维管理平台[J].科学研究,International Conference on Engineering and Business Management (EBM 2010).
[521庞玉东,樊少明.基于ITIL的中国石油IT运维管理体系研究[J].信息技术与标准化,2012-8.
[53]温辉,徐开勇,赵斌,汪滨.网络安全事件关联分析及主动响应机制的研究[J].计算机应用与软件,2010-4.
[54]谢玉峰,梁铁柱,郑连清.网络安全综合管理平台的设计与实现[J].通信技术,2009-4.
[55]郑伟,刘旭,郑方方,郑来波.一体化信息安全管理平台设计与建设[J].数字技术与应用.
[56]李长征.国家部委IT运维管理体系案例[J].电子政务,2008-12.
[57]邢戈,张玉清,冯登国.网络安全管理平台研究[J].计算机工程,2004,137(3).