统一安全管理平台测试方法的研究与实现
|
摘要
随着网络应用的发展,要想保障网络上大量业务运转,就必须全面考虑出现的各种问题,包括:设备故障、黑客入侵、信息安全、病毒传播等。
然而,各种安全技术产品,都只能解决局部问题;并且各类产品之间缺乏协同调度、统一管理的能力。这种局面不仅会加重网络管理人员的负担,势必也会大大增加整个网络的维护费用。为了实现在一个界面内对防火墙、VPN、入侵检测、漏洞扫描、防病毒、身份鉴别、安全审计等网络安全资源的集中监控、统一策略配置及安全设备之间的互动,于是提出一种全方位的综合网络安全管理解决方案,即统一网络安全管理平台(Unify Security Management USM)技术。本文对USM技术进行了研究和分析,并对国内外发展现状和趋势进行了了解。
在USM开发或者使用的过程中,需要有一套测试方法对每个阶段的USM产品进行评测,这样就能对USM产品有更清晰和深入的认识,这对USM的开发和使用有着指导性意义。本文对国内外各种评测方法进行了介绍,并制定了具体的测试指标。最后,搭建网络测试环境,制定测试流程,实时测试了USM的相关指标,并给出了具体测试结果和总结。
With development of the application of network into practice, we should take all kinds of the problems of securities into consideration in order to guarantee the programs well done. For example:Equipment Fault; Hackers Attack; Information Security; Virus Dissemination etc.
However, all kinds of products of security and technology can only solve a part of problems. Meanwhile, the disadvantages of them are short of capacity of collaborative scheduling and unified management with each other. The situation is not only making the network management take on heavy burden, but also increases the safeguard expenses. So we will develop a kind of technology named:Unify Security Management (USM), which is all around and comprehensive. Then centralized monitoring on security resources, unify program disposition and security equipment interact with each other at the same interface is on the basis of it. Security resources include:Firewall; VPN; USM; Vulnerability Scanning; Anti-virus; Authentication; Security Audit, etc. This paper researches and analyzes the USM technology, and knows about the situation and tendency of it in home and abroad.
In the process of development and use of USM, we are in need of methods to evaluate the products of USM at different stages so that we are able to grasp the details of USM clearly and thoroughly. It provides a meaningful instruction for our development and use. The paper introduces various evaluation methods in home and abroad, and sets a concrete index, and then builds evaluation environment, and implements the process. Finally, evaluating the certain index, we get a result and have a conclusion.
然而,各种安全技术产品,都只能解决局部问题;并且各类产品之间缺乏协同调度、统一管理的能力。这种局面不仅会加重网络管理人员的负担,势必也会大大增加整个网络的维护费用。为了实现在一个界面内对防火墙、VPN、入侵检测、漏洞扫描、防病毒、身份鉴别、安全审计等网络安全资源的集中监控、统一策略配置及安全设备之间的互动,于是提出一种全方位的综合网络安全管理解决方案,即统一网络安全管理平台(Unify Security Management USM)技术。本文对USM技术进行了研究和分析,并对国内外发展现状和趋势进行了了解。
在USM开发或者使用的过程中,需要有一套测试方法对每个阶段的USM产品进行评测,这样就能对USM产品有更清晰和深入的认识,这对USM的开发和使用有着指导性意义。本文对国内外各种评测方法进行了介绍,并制定了具体的测试指标。最后,搭建网络测试环境,制定测试流程,实时测试了USM的相关指标,并给出了具体测试结果和总结。
With development of the application of network into practice, we should take all kinds of the problems of securities into consideration in order to guarantee the programs well done. For example:Equipment Fault; Hackers Attack; Information Security; Virus Dissemination etc.
However, all kinds of products of security and technology can only solve a part of problems. Meanwhile, the disadvantages of them are short of capacity of collaborative scheduling and unified management with each other. The situation is not only making the network management take on heavy burden, but also increases the safeguard expenses. So we will develop a kind of technology named:Unify Security Management (USM), which is all around and comprehensive. Then centralized monitoring on security resources, unify program disposition and security equipment interact with each other at the same interface is on the basis of it. Security resources include:Firewall; VPN; USM; Vulnerability Scanning; Anti-virus; Authentication; Security Audit, etc. This paper researches and analyzes the USM technology, and knows about the situation and tendency of it in home and abroad.
In the process of development and use of USM, we are in need of methods to evaluate the products of USM at different stages so that we are able to grasp the details of USM clearly and thoroughly. It provides a meaningful instruction for our development and use. The paper introduces various evaluation methods in home and abroad, and sets a concrete index, and then builds evaluation environment, and implements the process. Finally, evaluating the certain index, we get a result and have a conclusion.
引文
[1]张斌,王铭皓,王玮.我国网络犯罪现状与内部网络安全管理模式探讨.国土资源信息化,2004(4):4-6
[2]缪道期.21世纪中国计算机安全展望.网络安全技术与应用,2001(2):22-25
[3]金雷,谢立.网络安全综述.计算机工程与设计,2003,24(2):8-10
[4]张熙.多域网络安全管理系统策略一致性的研究与设计.北京邮电大学硕士学位论文,2009
[5]孟浩.计算机网络安全技术概述.中国校外教育,2010(17):31-34
[6]姜传菊.网络的安全威胁与对策,情报资料工作,2002(4):3-5
[7]黄维金,刘凤昌.综述计算机网络面临的威胁.中国人民公安大学学报,2005(2):22-24
[8]田庚林.计算机网络安全与管理.清华大学出版社,2010
[9]辛丽华.IP网网络管理及其五大功能模块.科技情报开发与经济,2006(01):112-115
[10]骆耀祖.计算机网络技术与应用.北方交通大学.2004
[11]范宝锋.统一网络安全管理平台技术研究.四川大学硕士学位论文.2005
[12]联想网御安全管理平台V3产品白皮书.联想网御科技(北京)有限公司.2007
[13]范宝锋.统一网络安全管理平台技术研究.四川大学硕士学位论文.2005
[14]史简,郭山清,谢立.统一网络安全管理平台的研究与实现.计算机应用研究,2006(09):135-136
[15]王洪君.虚拟专用网(VPN)技术概述.松辽学刊(自然科学版),2002(03):75-79
[16]周贤伟薛楠.IPSec,解析国防工业出版社.2006
[17]梁绍宇.SSL VPN技术应用研究.华南理工大学硕士论文,2010
[18]魏蓉.基于TTCN-3的防火墙测试系统.科技资讯,2009(01):36-42
[19]吕志军,金毅,赖海光,黄皓,谢立.DAPRA测试分析和IDS测试方法研究.计算机科学,2004(11):73-79
[20]石琳,火欣.网络安全审计设备性能测试方法.计算机工程与应用.2010(19):45-48
[21]海洋,寿国础,胡怡红.基于RFC2544测试的网络测试仪的设计与实现.计算机工程,2008(13):22-28
[22]陈文放,周学锋.网络安全产品测试系统一般性研究. 第二十次全国计算机安全学术交流会论文集.2005
[23]R. Dvurst, T. ChamPion, B. Witten, E.Miller and L. Spagnuolo. Testing and Evaluating Computer Intrusion Detection Systems, Communication of the ACM 1999
[2]缪道期.21世纪中国计算机安全展望.网络安全技术与应用,2001(2):22-25
[3]金雷,谢立.网络安全综述.计算机工程与设计,2003,24(2):8-10
[4]张熙.多域网络安全管理系统策略一致性的研究与设计.北京邮电大学硕士学位论文,2009
[5]孟浩.计算机网络安全技术概述.中国校外教育,2010(17):31-34
[6]姜传菊.网络的安全威胁与对策,情报资料工作,2002(4):3-5
[7]黄维金,刘凤昌.综述计算机网络面临的威胁.中国人民公安大学学报,2005(2):22-24
[8]田庚林.计算机网络安全与管理.清华大学出版社,2010
[9]辛丽华.IP网网络管理及其五大功能模块.科技情报开发与经济,2006(01):112-115
[10]骆耀祖.计算机网络技术与应用.北方交通大学.2004
[11]范宝锋.统一网络安全管理平台技术研究.四川大学硕士学位论文.2005
[12]联想网御安全管理平台V3产品白皮书.联想网御科技(北京)有限公司.2007
[13]范宝锋.统一网络安全管理平台技术研究.四川大学硕士学位论文.2005
[14]史简,郭山清,谢立.统一网络安全管理平台的研究与实现.计算机应用研究,2006(09):135-136
[15]王洪君.虚拟专用网(VPN)技术概述.松辽学刊(自然科学版),2002(03):75-79
[16]周贤伟薛楠.IPSec,解析国防工业出版社.2006
[17]梁绍宇.SSL VPN技术应用研究.华南理工大学硕士论文,2010
[18]魏蓉.基于TTCN-3的防火墙测试系统.科技资讯,2009(01):36-42
[19]吕志军,金毅,赖海光,黄皓,谢立.DAPRA测试分析和IDS测试方法研究.计算机科学,2004(11):73-79
[20]石琳,火欣.网络安全审计设备性能测试方法.计算机工程与应用.2010(19):45-48
[21]海洋,寿国础,胡怡红.基于RFC2544测试的网络测试仪的设计与实现.计算机工程,2008(13):22-28
[22]陈文放,周学锋.网络安全产品测试系统一般性研究. 第二十次全国计算机安全学术交流会论文集.2005
[23]R. Dvurst, T. ChamPion, B. Witten, E.Miller and L. Spagnuolo. Testing and Evaluating Computer Intrusion Detection Systems, Communication of the ACM 1999