全国住房公积金监督管理信息系统网络安全体系设计
|
摘要
住房公积金制度对加快城镇住房制度改革、完善住房供应体系,改善中低收入家庭居住条件等发挥了重要作用。本文对全国住房公积金监督管理信息系统网络安全体系进行设计,包括对物理安全、网络安全、操作系统安全、应用系统及应用系统支撑平台安全、信息安全等各个层面进行综合考虑,并对其中的用户认证与访问控制和网络隔离技术等关键技术进行了详细分析。对网络中可能存在的安全威胁、安全脆弱点、以及由此产生的安全风险进行了分析,提出了相应的网络安全体系设计方案,尤其是明确提出了网络规则。方案设计采用的关键技术,除用户认证与访问控制外已全部实施。所提出的网络规则也在系统建设中采用。此方案对建设部其他类型系统的安全建设也有参考价值。
The Housing Private Foundation System plays an important role in speeding the residential house system reform, perfecting the residential house system, improving residential conditions of mid or low-incoming families, and so on. In this paper the design of network security architecture for the State Monitor and Management Information System of Housing Private Foundation is presented, including the comprehensive consideration of physical security, network security, operation system security, application and supporting platform security, and information security, etc; it is carried on to analyze possible security threats, vulnerabilities and their risks, and a design scheme of network security architecture, especially the network regulations which have been adopted in the system implement, is proposed. The scheme can also be referenced by other systems' security implement in the Ministry of Construction.
The Housing Private Foundation System plays an important role in speeding the residential house system reform, perfecting the residential house system, improving residential conditions of mid or low-incoming families, and so on. In this paper the design of network security architecture for the State Monitor and Management Information System of Housing Private Foundation is presented, including the comprehensive consideration of physical security, network security, operation system security, application and supporting platform security, and information security, etc; it is carried on to analyze possible security threats, vulnerabilities and their risks, and a design scheme of network security architecture, especially the network regulations which have been adopted in the system implement, is proposed. The scheme can also be referenced by other systems' security implement in the Ministry of Construction.
引文
1.《国务院关于进一步加强住房公积金管理的通知》,国发[2002]12号,2002年5月
2.戴宗坤,罗万伯,唐三平等,《信息系统安全》,金城出版社,2000.9,p234—240
3. Christopher J. Alberts and Audrey J. Dorofee, OCTAVESM Method Implementation Guide Version 2.0, Networked Systems Survivability Program, June 2001
4. ISO 13335-1 Information Technology -- Security techniques Guidelines for the management of IT Security (GMITS) -- Part 1: Concepts and models for IT Security
5. ISO 13335-2 Information Technology -- Security techniques Guidelines for the management of IT Security (GMITS) -- Part 2: Managing and planning IT security
6. ISO 13335-3 Information Technology -- Security techniques Guidelines for the management of IT Security (GMITS) -- Part 3: Techniques for the management of IT security
7. ISO 13335-4 Information Technology -- Security techniques Guidelines for the management of IT Security (GMITS) -- Part 4: Selection of safeguards
8. ISO 13335-5 Information Technology -- Security techniques Guidelines for the management of IT Security (GMITS) -- Part 5: Management guidance on network security
9. BS7799-1 Code of practice for information security management
10. [ETF/RFC2196 Site security handbook
11.戴宗坤,唐三平,《VPN与网络安全》金城出版社,2000.9,p123—129
12. ISO 15408-1 Information technology - Security techniques - Evaluation criteria for IT security - Part 1.. Introduction and general model
13.关义章、蒋继红、戴宗坤,《信息系统安全工程学》,金城出版社,2000.9
14. ISO/IEC 17799, Code of practice for information security management
15. IETF/RFC2196 Site security handbook
16.[美]John Vacca著,史宗海等译,《Intranet的安全性》,电子工业出版社,2000年1月
17.杨义先、夏光升、李忠献译,《内联网与外联网安全指南》,人民邮电出版社,2001年1月
18. ISO 15408-3 Security assurance requirements
19. ISO 15408-2 Security functional requirements
20. BS7799-1 Code of practice for information security management
21. BS7799-2 Information security specification
22. ISO 15408-2 Information technology - Security techniques Evaluation criteria for IT security - Part 2
23. ISO 15408-3 Information technology - Security techniques Evaluation criteria for IT security - Part 3
24.GB/T 9387.2—1995信息处理系统开放系统互连基本参考模型第2部分:安全体系结构
25. ITSEC- Information technical security evaluation criteria
26. TCSEC- Trusted Computer Security Evaluation Criteria
27.国家保密局,《计算机信息系统国际联网保密管理规定》,2000年1月
2.戴宗坤,罗万伯,唐三平等,《信息系统安全》,金城出版社,2000.9,p234—240
3. Christopher J. Alberts and Audrey J. Dorofee, OCTAVESM Method Implementation Guide Version 2.0, Networked Systems Survivability Program, June 2001
4. ISO 13335-1 Information Technology -- Security techniques Guidelines for the management of IT Security (GMITS) -- Part 1: Concepts and models for IT Security
5. ISO 13335-2 Information Technology -- Security techniques Guidelines for the management of IT Security (GMITS) -- Part 2: Managing and planning IT security
6. ISO 13335-3 Information Technology -- Security techniques Guidelines for the management of IT Security (GMITS) -- Part 3: Techniques for the management of IT security
7. ISO 13335-4 Information Technology -- Security techniques Guidelines for the management of IT Security (GMITS) -- Part 4: Selection of safeguards
8. ISO 13335-5 Information Technology -- Security techniques Guidelines for the management of IT Security (GMITS) -- Part 5: Management guidance on network security
9. BS7799-1 Code of practice for information security management
10. [ETF/RFC2196 Site security handbook
11.戴宗坤,唐三平,《VPN与网络安全》金城出版社,2000.9,p123—129
12. ISO 15408-1 Information technology - Security techniques - Evaluation criteria for IT security - Part 1.. Introduction and general model
13.关义章、蒋继红、戴宗坤,《信息系统安全工程学》,金城出版社,2000.9
14. ISO/IEC 17799, Code of practice for information security management
15. IETF/RFC2196 Site security handbook
16.[美]John Vacca著,史宗海等译,《Intranet的安全性》,电子工业出版社,2000年1月
17.杨义先、夏光升、李忠献译,《内联网与外联网安全指南》,人民邮电出版社,2001年1月
18. ISO 15408-3 Security assurance requirements
19. ISO 15408-2 Security functional requirements
20. BS7799-1 Code of practice for information security management
21. BS7799-2 Information security specification
22. ISO 15408-2 Information technology - Security techniques Evaluation criteria for IT security - Part 2
23. ISO 15408-3 Information technology - Security techniques Evaluation criteria for IT security - Part 3
24.GB/T 9387.2—1995信息处理系统开放系统互连基本参考模型第2部分:安全体系结构
25. ITSEC- Information technical security evaluation criteria
26. TCSEC- Trusted Computer Security Evaluation Criteria
27.国家保密局,《计算机信息系统国际联网保密管理规定》,2000年1月