计算机终端安全管理策略及应用的研究
|
摘要
随着企业和组织的信息化程度越来越深入、越来越广泛,信息安全问题逐渐成为人们越来越关注的焦点。计算机终端是大多数企业内部员工进行业务处理、数据处理及访问网络的主要工具,但是许多组织却在信息安全管理及部署中忽略了对终端的控制,通常一个企业或组织会把安全精力集中放在部署防火墙等边界安全防护上来保护其内部数据资源不受外来入侵者的非法访问,却因为对组织内部计算机终端的管理不善而造成数据丢失或系统被入侵,因此计算机终端的统一安全管理具有意义。
基于以上问题,本文具体分析了计算机终端安全威胁,并给出相应的具体安全策略建议,并且为了确保终端安全策略在企业内部的有效实施,本文研究设计了一套计算机终端安全管理架构,其中包括域管理子系统,补丁管理子系统,接入控制子系统和平台监控子系统四个部分,对各个子系统进行了全面的功能分析,详细设计了相应的管理流程和策略,阐述了各个子系统间的关系,分析了该架构与其他应用系统的接口。然后本文结合某公司具体实际情况,结合相应的技术和安全产品,设计实现了该框架及其各个子系统在实际项目中的具体应用,同时对框架本身的安全进行了详细的分析并给出了相应策略,以确保系统的正常有效运行以达到预期目的。
本文给出的计算机终端安全管理框架,不同规模的企业可以根据自身情况具体分析,以此系统框架为基础,建立企业内部计算机终端的安全管理体系,从而可以提高办公效率,减少终端安全隐患,提高软硬件资产的可管理性,降低企业运行成本。
The desktop PC or laptop is the point of entrance to the network and data for most users but many organizations fail to include these computers in their security strategy. Often the enterprise will establish a firewall and network security, focusing most of their energy on protecting their data from outside intruders and leaving their desktop and laptop computers open to intrusion, modification of system and data or even data theft. So it is very important for the enterprises to manage their computer terminals in an efficacious way.
The purpose of the essay is to solve the problems mentioned above. Firstly, this essay analyses various threats to computer terminals and introduces some technologies relating to the management of computer terminals. And then specific security policies were given for the threats analyzed above. Secondly this essay proposes an architecture of the management of desktop PCs or laptops. The architecture is made up of four subsystems, including domain management, access control, patch management and system monitor. The functions for each subsystems and the relationship among the subsystems are designed thoroughly. The interface with the system with other system is expounded too. Finally, on the basis of concrete situation of some company, this easy implements the application of the architecture using specific technologies and security products.
The architecture given in this essay can help enterprises to establish the appropriate system to manage their computer terminals, which can improve their employee's the work efficiency; reduce the risks of terminal, protect their hardware and software assets and reduce the their costs for operating business.
基于以上问题,本文具体分析了计算机终端安全威胁,并给出相应的具体安全策略建议,并且为了确保终端安全策略在企业内部的有效实施,本文研究设计了一套计算机终端安全管理架构,其中包括域管理子系统,补丁管理子系统,接入控制子系统和平台监控子系统四个部分,对各个子系统进行了全面的功能分析,详细设计了相应的管理流程和策略,阐述了各个子系统间的关系,分析了该架构与其他应用系统的接口。然后本文结合某公司具体实际情况,结合相应的技术和安全产品,设计实现了该框架及其各个子系统在实际项目中的具体应用,同时对框架本身的安全进行了详细的分析并给出了相应策略,以确保系统的正常有效运行以达到预期目的。
本文给出的计算机终端安全管理框架,不同规模的企业可以根据自身情况具体分析,以此系统框架为基础,建立企业内部计算机终端的安全管理体系,从而可以提高办公效率,减少终端安全隐患,提高软硬件资产的可管理性,降低企业运行成本。
The desktop PC or laptop is the point of entrance to the network and data for most users but many organizations fail to include these computers in their security strategy. Often the enterprise will establish a firewall and network security, focusing most of their energy on protecting their data from outside intruders and leaving their desktop and laptop computers open to intrusion, modification of system and data or even data theft. So it is very important for the enterprises to manage their computer terminals in an efficacious way.
The purpose of the essay is to solve the problems mentioned above. Firstly, this essay analyses various threats to computer terminals and introduces some technologies relating to the management of computer terminals. And then specific security policies were given for the threats analyzed above. Secondly this essay proposes an architecture of the management of desktop PCs or laptops. The architecture is made up of four subsystems, including domain management, access control, patch management and system monitor. The functions for each subsystems and the relationship among the subsystems are designed thoroughly. The interface with the system with other system is expounded too. Finally, on the basis of concrete situation of some company, this easy implements the application of the architecture using specific technologies and security products.
The architecture given in this essay can help enterprises to establish the appropriate system to manage their computer terminals, which can improve their employee's the work efficiency; reduce the risks of terminal, protect their hardware and software assets and reduce the their costs for operating business.
引文
[1]ISO/IEC27001,Information technology-Security techniques-lnformation security management systems-Requirements[S].ISO/IEC,2005
[2]孙强,陈伟,往东红等,信息安全管理,清华大学出版社,2004
[3]http://www.microsoft.com/china/technet/library.mspx
[4]刘远生,计算机网络安全,清华大学出版社,2006
[5]吴中服等译,网络安全性设计,人们邮电出版社,2005
[6]刘东华等,网络与通讯安全技术,人民邮电出版社,2002
[7]刘晓辉,网络安全管理实践,电子工业出版社,2007
[8]黄中砥,组网技术与网络管理,清华大学出版社,2006
[9]高海英,薛元星,辛阳等,VPN技术,机械工业出版社,2004
[10]张仁斌,李钢,候整风,计算机病毒与防病毒技术,清华大学出版社,2006
[11]Harold F.Tipton and Micki Krause,Information Security Management Handbook,CRC Press,2004
[12]戴宗坤,罗万伯,等,信息系统安全,电子工业出版社,2002.11
[13]Rand Morimoto,Michael Noel and Alex Lewis,Microsoft Windows server 2003Unleashed,Sams,2006
[14]赵彦玲译,Microsoft,UNIX及Oracle丰机和网络安全,电子工业出版社,2004
[15]Jesper M.Johansson and Steve Riley,Protect Your Windows Network:Form Perimeter to Data,Addison Wesley,2005
[16]Microsoft,微软信息安全文集,Microsoft,2005
[17]李劲,Windows 2003 sever网络管理手册,中国青年出版社,2004
[18]Rod Kruetzfeld,Pro SMS 2003,Apress,2006
[19]张文,邓芳玲等译,信息安全管理于册,电子工业大学出版社,2004
[20]Andy Dominey and Garry Meabum,Microsoft Operations Manager 2005 Field Guide,Apress,2006
[2]孙强,陈伟,往东红等,信息安全管理,清华大学出版社,2004
[3]http://www.microsoft.com/china/technet/library.mspx
[4]刘远生,计算机网络安全,清华大学出版社,2006
[5]吴中服等译,网络安全性设计,人们邮电出版社,2005
[6]刘东华等,网络与通讯安全技术,人民邮电出版社,2002
[7]刘晓辉,网络安全管理实践,电子工业出版社,2007
[8]黄中砥,组网技术与网络管理,清华大学出版社,2006
[9]高海英,薛元星,辛阳等,VPN技术,机械工业出版社,2004
[10]张仁斌,李钢,候整风,计算机病毒与防病毒技术,清华大学出版社,2006
[11]Harold F.Tipton and Micki Krause,Information Security Management Handbook,CRC Press,2004
[12]戴宗坤,罗万伯,等,信息系统安全,电子工业出版社,2002.11
[13]Rand Morimoto,Michael Noel and Alex Lewis,Microsoft Windows server 2003Unleashed,Sams,2006
[14]赵彦玲译,Microsoft,UNIX及Oracle丰机和网络安全,电子工业出版社,2004
[15]Jesper M.Johansson and Steve Riley,Protect Your Windows Network:Form Perimeter to Data,Addison Wesley,2005
[16]Microsoft,微软信息安全文集,Microsoft,2005
[17]李劲,Windows 2003 sever网络管理手册,中国青年出版社,2004
[18]Rod Kruetzfeld,Pro SMS 2003,Apress,2006
[19]张文,邓芳玲等译,信息安全管理于册,电子工业大学出版社,2004
[20]Andy Dominey and Garry Meabum,Microsoft Operations Manager 2005 Field Guide,Apress,2006