统一网络安全管理数据采集与分析系统的研究及实践
摘要
统一网络安全管理系统是一套综合性的安全管理软件。网络安全管理要从网络的整体安全出发,通过对网络中各种安全设备和安全软件的集中管理和监控,把一个个原本分离的信息安全孤岛联结成有机协作互动的一个整体,实现网络安全管理过程中的实时状态监测、动态策略调整,从而有效提升网络的可管理性和安全水平。
本文在分析了目前国内外网络安全管理系统的现状之后,提出采用SNMP协议来统一采集设备信息,达到将数据格式统一化,以方便管理和分析的目的。
本文作者的主要研究工作和创新点概述如下:
1)分析了网络安全管理目前的国内外发展状况,以及目前网络管理面临的安全威胁。
2)对SNMP的关键技术,包括ASN.1、BER、SMI、MIB、VACM等进行了描述,针对SNMPv3在认证系统中所用数字摘要算法的弱安全性进行了分析,提出使用SHA-2代替SHA-1和MD5数字摘要算法的改进建议,以满足更高的安全需求。
3)对统一网络管理系统中用到的设备和软件进行了部署设计,对支持SNMP的网络连接设备进行设置设计说明,使其支持SNMP协议的读写,并部署了开源软件Snort及Ntop。
4)在SNMP协议设备和软件的部署基础上,设计和实现了一个统一网络管理的原型系统,该系统遵循FCAPS模型关于五个网络管理功能类别划分规则,给出了详尽的体系结构图和实际管理模型。
本文的研究成果对构建统一网络安全管理系统具有很好的参考价值。
Unified Network Security Management System is a comprehensive security management software. From the whole network, network security management links every originally isolated island of information security into an organic collaborative system through centralized managing and monitoring various security devices and network security software in the whole network, and realizes monitoring in time, adjusts of dynamic policy, so as to effectively enhance the user's network manageability and safety.
After analysis of the current home and overseas status of network security management system, an unification collection device information is proposed by adopting the SNMP protocol in this paper, in order to achieve the unified data format to facilitate management and analysis purposes.
The author's main research work and innovation are summarized as the followings:
1) Analysis development of current domestic and international network security management and security threats of current network facing.
2) The key technology of SNMP, including ASN.1, BER, SMI, MIB, VACM, etc. are described, analysis the weak security of the digital digest algorithm used in the SNMPv3 authentication system, proposed suggestions for improvement of using the SHA-2 instead of SHA-1 and MD5 digital digest algorithm to meet higher security needs.
3) deploy equipment and software of the unified network management system used, design specification network connected devices that support SNMP, to support read and write of the SNMP protocol, and the deployment of open source software Snort and Ntop.
4) based on the deployment of SNMP protocol equipment and software, design and implementation of a prototype of a unified network management system, which follows the FCAPS model of the five network management functions on the type of rule, the system gives a detailed diagram and the actual management model.
The result of this study to build a unified network security management system has a very good reference value.
本文在分析了目前国内外网络安全管理系统的现状之后,提出采用SNMP协议来统一采集设备信息,达到将数据格式统一化,以方便管理和分析的目的。
本文作者的主要研究工作和创新点概述如下:
1)分析了网络安全管理目前的国内外发展状况,以及目前网络管理面临的安全威胁。
2)对SNMP的关键技术,包括ASN.1、BER、SMI、MIB、VACM等进行了描述,针对SNMPv3在认证系统中所用数字摘要算法的弱安全性进行了分析,提出使用SHA-2代替SHA-1和MD5数字摘要算法的改进建议,以满足更高的安全需求。
3)对统一网络管理系统中用到的设备和软件进行了部署设计,对支持SNMP的网络连接设备进行设置设计说明,使其支持SNMP协议的读写,并部署了开源软件Snort及Ntop。
4)在SNMP协议设备和软件的部署基础上,设计和实现了一个统一网络管理的原型系统,该系统遵循FCAPS模型关于五个网络管理功能类别划分规则,给出了详尽的体系结构图和实际管理模型。
本文的研究成果对构建统一网络安全管理系统具有很好的参考价值。
Unified Network Security Management System is a comprehensive security management software. From the whole network, network security management links every originally isolated island of information security into an organic collaborative system through centralized managing and monitoring various security devices and network security software in the whole network, and realizes monitoring in time, adjusts of dynamic policy, so as to effectively enhance the user's network manageability and safety.
After analysis of the current home and overseas status of network security management system, an unification collection device information is proposed by adopting the SNMP protocol in this paper, in order to achieve the unified data format to facilitate management and analysis purposes.
The author's main research work and innovation are summarized as the followings:
1) Analysis development of current domestic and international network security management and security threats of current network facing.
2) The key technology of SNMP, including ASN.1, BER, SMI, MIB, VACM, etc. are described, analysis the weak security of the digital digest algorithm used in the SNMPv3 authentication system, proposed suggestions for improvement of using the SHA-2 instead of SHA-1 and MD5 digital digest algorithm to meet higher security needs.
3) deploy equipment and software of the unified network management system used, design specification network connected devices that support SNMP, to support read and write of the SNMP protocol, and the deployment of open source software Snort and Ntop.
4) based on the deployment of SNMP protocol equipment and software, design and implementation of a prototype of a unified network management system, which follows the FCAPS model of the five network management functions on the type of rule, the system gives a detailed diagram and the actual management model.
The result of this study to build a unified network security management system has a very good reference value.
引文
[1]庄欣.统一网络安全管理中数据采集代理的设计与实现.华中师范大学硕士学位论文.2009.
[2]网络安全管理技术简介和发展现状.http://www.edu.cn/an_quan_ji_shu_1641/20080125/t20080125_278176.shtml
[3]Wikipedia:MIB http://en.wikipedia.org/wiki/MIB
[4]Mingming LI,Houqin SU. Analysis and an Improvement Proposal for the Authentication System of SNMPv3. The 2nd International Conference on Information Science and Engineering (ICISE2010), Hangzhou,China, Dec 4-6,2010, Proceedings, volume 10, pages 7200. IEEE eXplore,2010.
[5]李明江编著.简单网络管理协议[M].北京:电子工业出版社,2007.
[6]Wikipedia:ASN.1 http://en.wikipedia.org/wiki/ASN.1
[7]J. Case, M. Fedor, J. Davin. RFC1157:Simple Network Management Protocol(SNMP).1990
[8]朱峰.基于SNMP的交换机网管代理的设计与实现.西安电子科技大学硕士学位论文.2006.
[9]刘兰,李之堂,林军.安全网络管理MIB标准化研究[J].计算机工程与应用,2004.15:151.
[10]Wikipedia:SimpleNetworkManagementProtocol. http://en.wikipedia.org/wiki/Simple_Network_Management_Protocol.
[11]宋志秋SNMP技术在入侵检测系统中的应用[J].科技信息,2008:76.
[12]黄颖,张小飞.网络监控系统的设计和实现[J].计算机工程与应用,2003.22:161.
[13]梁亚声等编著.计算机网络安全技术教程[M].北京:机械工业出版社.2004.
[14]赖溪松,韩亮,张真诚著.计算机密码学及其应用[M].北京:国防工业出版社,2001:129.
[15]B. Wijnen. RFC3584:Simple Network Management Protocol version 3.2003.
[16]梁广民,王隆杰编著.思科网络实验室路由交换实验指南[M].北京:电子工业出版社,2008:100.
[17]张皓,伍云,周志杰.一种电信网管接口统一化方案的设计与实现.解放军理工大学通信工程学院硕士学位论文.2004.
[18]徐国辉.基于Linux环境的简单网络管理协议的实现[J].通信技术,2010.7:136.
[19]Windows XP安装SNMP服务 http://www.51testing.com/?uid-27526-action-viewspace-itemid-66021.
[20]SNORT users manual 2.8.6. The Snort Project.March 19,2010.
[21]安装配置Ntop. http://jlsfwq.blog.51cto.com/818700/165646/.
[22]高莉.基于统一网管平台配置管理的设计与实现.西安电子科技大学硕士学位论文.2007.
[23]郭平.基于J2EE的3G网管配置管理的研究与实现.南京邮电大学硕士学位论文.2008.
[24]张晓露,张明德,孙小菡.电信多厂商设备统一网络管理解决方案[J].电子器件,2002.9:259.
[25]彭琪.统一网络安全管理系统中数据采集关键技术的研究.华中师范大学硕士学位论文.2008.
[26]Alexander Clemm著,詹文军,杜晓峰,刘玉鹏译.网络管理技术构架[M].北京:人民邮电出版社,2008:107.
[27]殷卫红,耿新民.基于SNMP协议的网络管理实现技术[J].微计算机信息,2006:22(9-3).
[28]吕跃玲.基于SNMP协议的系统监控设计研究[J].电脑知识与基础,2010.5:3597-3598.
[29]闫晓威.基于J2EE统一电信网络管理平台系统系统管理模块的设计与实现.电子科技大学硕士论文.2007.
[30]Wikipedia:FCAPS. http://en.wikipedia.org/wiki/FCAPS.
[31]张朕,应吉康.基于SNMP的统一网管框架的设计与实现[J].计算机技术与发展,2006:16(1):28-29.
[32]孙鑫著Servlet/JSP深入详解[M].北京:电子工业出版社,2008.
[33]陈涛.基于SNMP的网络流量监控系统设计与实现[J].煤炭技术,2010.2:229.
[34]Ntop. http://www.ntop.org/overview.html
[35]江伟.构建面向应用的统一网络管理系统平台[J].科技创业月刊,2007.2:192.
[36]Snort入侵检测系统简介.http://netsecurity.51 cto.com/art/201008/221685.htm
[2]网络安全管理技术简介和发展现状.http://www.edu.cn/an_quan_ji_shu_1641/20080125/t20080125_278176.shtml
[3]Wikipedia:MIB http://en.wikipedia.org/wiki/MIB
[4]Mingming LI,Houqin SU. Analysis and an Improvement Proposal for the Authentication System of SNMPv3. The 2nd International Conference on Information Science and Engineering (ICISE2010), Hangzhou,China, Dec 4-6,2010, Proceedings, volume 10, pages 7200. IEEE eXplore,2010.
[5]李明江编著.简单网络管理协议[M].北京:电子工业出版社,2007.
[6]Wikipedia:ASN.1 http://en.wikipedia.org/wiki/ASN.1
[7]J. Case, M. Fedor, J. Davin. RFC1157:Simple Network Management Protocol(SNMP).1990
[8]朱峰.基于SNMP的交换机网管代理的设计与实现.西安电子科技大学硕士学位论文.2006.
[9]刘兰,李之堂,林军.安全网络管理MIB标准化研究[J].计算机工程与应用,2004.15:151.
[10]Wikipedia:SimpleNetworkManagementProtocol. http://en.wikipedia.org/wiki/Simple_Network_Management_Protocol.
[11]宋志秋SNMP技术在入侵检测系统中的应用[J].科技信息,2008:76.
[12]黄颖,张小飞.网络监控系统的设计和实现[J].计算机工程与应用,2003.22:161.
[13]梁亚声等编著.计算机网络安全技术教程[M].北京:机械工业出版社.2004.
[14]赖溪松,韩亮,张真诚著.计算机密码学及其应用[M].北京:国防工业出版社,2001:129.
[15]B. Wijnen. RFC3584:Simple Network Management Protocol version 3.2003.
[16]梁广民,王隆杰编著.思科网络实验室路由交换实验指南[M].北京:电子工业出版社,2008:100.
[17]张皓,伍云,周志杰.一种电信网管接口统一化方案的设计与实现.解放军理工大学通信工程学院硕士学位论文.2004.
[18]徐国辉.基于Linux环境的简单网络管理协议的实现[J].通信技术,2010.7:136.
[19]Windows XP安装SNMP服务 http://www.51testing.com/?uid-27526-action-viewspace-itemid-66021.
[20]SNORT users manual 2.8.6. The Snort Project.March 19,2010.
[21]安装配置Ntop. http://jlsfwq.blog.51cto.com/818700/165646/.
[22]高莉.基于统一网管平台配置管理的设计与实现.西安电子科技大学硕士学位论文.2007.
[23]郭平.基于J2EE的3G网管配置管理的研究与实现.南京邮电大学硕士学位论文.2008.
[24]张晓露,张明德,孙小菡.电信多厂商设备统一网络管理解决方案[J].电子器件,2002.9:259.
[25]彭琪.统一网络安全管理系统中数据采集关键技术的研究.华中师范大学硕士学位论文.2008.
[26]Alexander Clemm著,詹文军,杜晓峰,刘玉鹏译.网络管理技术构架[M].北京:人民邮电出版社,2008:107.
[27]殷卫红,耿新民.基于SNMP协议的网络管理实现技术[J].微计算机信息,2006:22(9-3).
[28]吕跃玲.基于SNMP协议的系统监控设计研究[J].电脑知识与基础,2010.5:3597-3598.
[29]闫晓威.基于J2EE统一电信网络管理平台系统系统管理模块的设计与实现.电子科技大学硕士论文.2007.
[30]Wikipedia:FCAPS. http://en.wikipedia.org/wiki/FCAPS.
[31]张朕,应吉康.基于SNMP的统一网管框架的设计与实现[J].计算机技术与发展,2006:16(1):28-29.
[32]孙鑫著Servlet/JSP深入详解[M].北京:电子工业出版社,2008.
[33]陈涛.基于SNMP的网络流量监控系统设计与实现[J].煤炭技术,2010.2:229.
[34]Ntop. http://www.ntop.org/overview.html
[35]江伟.构建面向应用的统一网络管理系统平台[J].科技创业月刊,2007.2:192.
[36]Snort入侵检测系统简介.http://netsecurity.51 cto.com/art/201008/221685.htm