多层次金融网络信息安全体系结构的研究
|
摘要
迅猛发展的信息技术已经把人类带入了信息社会。金融企业的发展对信息资源、信息技术和信息产业的依赖程度越来越大。在信息社会中,信息己成为人类宝贵的资源。然而,由于信息技术的发展而带来的网络系统的安全问题,正变得日益突出,并受到了越来越多的关注。因此网络安全己成为关系金融安全的重大战略问题。
本文首先讨论了当前信息系统安全体系的理论,分析了信息安全的特性,信息安全的结构层次以及当前金融企业的安全环境。理论地研究和分析了相关的重要概念、安全策略,并总结了金融企业的需求和目标,然后详细介绍了目前广泛应用的信息安全技术的实现方式。
在信息系统安全理论的指导下,基于对金融信息系统的需求和理论研究,本文提出了当前技术条件下的多层次金融信息系统安全体系及具体设计。该多层次安全体系将诸如访问控制、数据库安全、防火墙等技术与金融信息系统的业务安全需求有机地结合了起来。同时,文中还提出了体系中的安全管理办法和措施。
本文所提出的方案已经初步在作者所在单位测试,基本满足了安全需求,实施效果良好。金融行业业务安全体系是保障金融行业业务正常进行的关键,也需要在业务实际运行过程中,不断地进行检验和完善,这正是作者长期要完成的工作。
Rapid development of information technology has led human beings into an information society. The financial enterprises more and more rely on information resources, information technology, and the information industry. In the information society, information has become a valuable resource, but security problems that come with the expansion of the Internet are increasingly serious and noticeable. Now network security is a vital strategic issue of financial security.
The up-to-date theory of information system security architecture is discussed in this thesis, and then the security environment of current financial industry, and the features, structure, layer of information security are analyzed. After theoretical research and analysis on financial information system security including important concept security policy related to information security, requirements and objectives of security of financial industry are concluded. The realization methods of information system security and widely employed information security enhancement techniques are introduced in detail.
Under the direction of the theory of Information System Security, and based on these theoretical exploration and the requirement of financial information system, a multi-layered security architecture of the financial information system and a specific systematic security solutions in current technological environment are presented. That solution combines the computer technology, such as access control,database security, and firewall etc with security requirement of financial business in the financial information system well. And security management measures and regulations that are important in the whole security system have been put forward at the end of the thesis.
The presented solutions are primarily tested in author’s company and fulfill the basic requirements of the security with good effect. The mufti-layered security architecture of the financial information system is a key to the financial business; it also needs sustaining checking and correcting during the running of the financial business. This is a long term process the author will accomplish.
本文首先讨论了当前信息系统安全体系的理论,分析了信息安全的特性,信息安全的结构层次以及当前金融企业的安全环境。理论地研究和分析了相关的重要概念、安全策略,并总结了金融企业的需求和目标,然后详细介绍了目前广泛应用的信息安全技术的实现方式。
在信息系统安全理论的指导下,基于对金融信息系统的需求和理论研究,本文提出了当前技术条件下的多层次金融信息系统安全体系及具体设计。该多层次安全体系将诸如访问控制、数据库安全、防火墙等技术与金融信息系统的业务安全需求有机地结合了起来。同时,文中还提出了体系中的安全管理办法和措施。
本文所提出的方案已经初步在作者所在单位测试,基本满足了安全需求,实施效果良好。金融行业业务安全体系是保障金融行业业务正常进行的关键,也需要在业务实际运行过程中,不断地进行检验和完善,这正是作者长期要完成的工作。
Rapid development of information technology has led human beings into an information society. The financial enterprises more and more rely on information resources, information technology, and the information industry. In the information society, information has become a valuable resource, but security problems that come with the expansion of the Internet are increasingly serious and noticeable. Now network security is a vital strategic issue of financial security.
The up-to-date theory of information system security architecture is discussed in this thesis, and then the security environment of current financial industry, and the features, structure, layer of information security are analyzed. After theoretical research and analysis on financial information system security including important concept security policy related to information security, requirements and objectives of security of financial industry are concluded. The realization methods of information system security and widely employed information security enhancement techniques are introduced in detail.
Under the direction of the theory of Information System Security, and based on these theoretical exploration and the requirement of financial information system, a multi-layered security architecture of the financial information system and a specific systematic security solutions in current technological environment are presented. That solution combines the computer technology, such as access control,database security, and firewall etc with security requirement of financial business in the financial information system well. And security management measures and regulations that are important in the whole security system have been put forward at the end of the thesis.
The presented solutions are primarily tested in author’s company and fulfill the basic requirements of the security with good effect. The mufti-layered security architecture of the financial information system is a key to the financial business; it also needs sustaining checking and correcting during the running of the financial business. This is a long term process the author will accomplish.
引文
[1] Smith, Richard E. Internet cryptography[M].eading, Mass.:Addison-Wesley, 1997
[2] Bacard, Andr. The computer privacy handbook[M]. Berkeley, CA:Peachpit Press,1995
[3] PengDaiyuan. New theoretical bounds on the aperiodic correlation functions of binary sequences[J].Science in China: Series F Information Sciences,2005(1)
[4] WuWenling. Collision attack on reduced-round Camellia[J].Science in China: Series F Information Sciences,2005(1)
[5] JiaLin. Optimal design of basic pulse waveforms for THSS UWB radio systems[J]. Journal of Systems Engineering and Electronics,2005(1)
[6] LiYanhui. Robust L1 filtering with pole constraint in a disk via parameter-dependent Lyapunov functions[J].Journal of Systems Engineering and Electronics, 2004 (2)
[7] WangZhenbin.Digital implementation of fractional order PID controller and its application[J].Journal of Systems Engineering and Electronics,2005(2)
[8] JiQingguang. A new formal model for privilege control with supporting POSIX capability mechanism. Science in China: Series F Information Sciences,2005(1)
[9] Intrusion Detection, Terry Escamilla, Wiley Computer Publishing, 1998
[10] Othmar Kyas.网络安全技术一风险分析、策略和防火墙[M].北京:中国水利水电出版社,1998. 6
[11] David J.Stang, Sylvia Moon.计算机网络安全奥秘[M].北京:电子工业出版社,1994.
[12]美国西蒙舒施特国际出版公司.网络最高安全技术指南[M].北京:机械工业出版社,1998. 5
[13] ISS公司.安全管理模型技术白皮书[S].1998
[14] NAI公司.网络整体信息安全与管理系统白皮书[S].1998
[15] Merike Kaeo.网络安全性设计.北京:人民邮电出版社,2000
[16] W. Stallings著,网络安全要素—应用与标准[S].北京:人民邮电出版社,2000
[17]杨富国等,网络安全设备与防火墙[M].北京:清华大学出版社2005
[18]夏海涛,詹志强等,新一代网络管理技术[M].北京:邮电大学出版社2005。
[19]郎国军,面向安全设备的网络管理方法,2005
[20] William Stallings,网络安全要素一应用与标准[M].北京:人民邮电出版社,2000
[21] H. Krawczyk, M. Bellare. R. Caneti HMAC Keyed-Hashing for Message Authentication[S],RFC21041997
[22] D. Levi, P. Meyer B. Stewart,SNMP Applications[S],RFC2573
[23]曲效利,计算机网络安全方案[J].中国金融电脑,2001
[24] .http://www.im54.com/protocol/2005-08 /20050803191747.htm1
[25]正军等,网络入侵检测系统的设计与实现[M].北京:电子工业出版社2002.6
[26] White GB, Fisch EA, Pooch U W. Cooperating Security Managers :A Peer-based Intrusion Detection System[J]. IEEE Network, 1999,10
[27] Chris Hare Karan Siyan, Internet防火墙与网络安全[M].北京:机械工业出版社,1998.6
[28] CHRIS HARE KARANIIT SIYAN. K,Internet防火墙与网络安全[M].,北京:机械工业出版社,1998.5
[29] MARCUS GONCALVES.防火墙技术指南[M].北京:机械工业出版社,2000
[30]黄允聪,严望佳著,防火墙的选型、配置、安装和维护[M].北京:清华大学出版社,1999
[31]胡华平,陈海涛,黄辰林等,入侵检测技术的研究现状与发展趋势[J],计算机工程与科学,2001.6
[32] http:/lwww.combat.cnlarticleview/2006-3-3/article view, 22841.htm#top
[33] http://kj.bicea.edu.cn:9090/jisuanjilei.wlkc/duomeitijishu(chuanda)/MMT/MmtltO1_2.htm
[2] Bacard, Andr. The computer privacy handbook[M]. Berkeley, CA:Peachpit Press,1995
[3] PengDaiyuan. New theoretical bounds on the aperiodic correlation functions of binary sequences[J].Science in China: Series F Information Sciences,2005(1)
[4] WuWenling. Collision attack on reduced-round Camellia[J].Science in China: Series F Information Sciences,2005(1)
[5] JiaLin. Optimal design of basic pulse waveforms for THSS UWB radio systems[J]. Journal of Systems Engineering and Electronics,2005(1)
[6] LiYanhui. Robust L1 filtering with pole constraint in a disk via parameter-dependent Lyapunov functions[J].Journal of Systems Engineering and Electronics, 2004 (2)
[7] WangZhenbin.Digital implementation of fractional order PID controller and its application[J].Journal of Systems Engineering and Electronics,2005(2)
[8] JiQingguang. A new formal model for privilege control with supporting POSIX capability mechanism. Science in China: Series F Information Sciences,2005(1)
[9] Intrusion Detection, Terry Escamilla, Wiley Computer Publishing, 1998
[10] Othmar Kyas.网络安全技术一风险分析、策略和防火墙[M].北京:中国水利水电出版社,1998. 6
[11] David J.Stang, Sylvia Moon.计算机网络安全奥秘[M].北京:电子工业出版社,1994.
[12]美国西蒙舒施特国际出版公司.网络最高安全技术指南[M].北京:机械工业出版社,1998. 5
[13] ISS公司.安全管理模型技术白皮书[S].1998
[14] NAI公司.网络整体信息安全与管理系统白皮书[S].1998
[15] Merike Kaeo.网络安全性设计.北京:人民邮电出版社,2000
[16] W. Stallings著,网络安全要素—应用与标准[S].北京:人民邮电出版社,2000
[17]杨富国等,网络安全设备与防火墙[M].北京:清华大学出版社2005
[18]夏海涛,詹志强等,新一代网络管理技术[M].北京:邮电大学出版社2005。
[19]郎国军,面向安全设备的网络管理方法,2005
[20] William Stallings,网络安全要素一应用与标准[M].北京:人民邮电出版社,2000
[21] H. Krawczyk, M. Bellare. R. Caneti HMAC Keyed-Hashing for Message Authentication[S],RFC21041997
[22] D. Levi, P. Meyer B. Stewart,SNMP Applications[S],RFC2573
[23]曲效利,计算机网络安全方案[J].中国金融电脑,2001
[24] .http://www.im54.com/protocol/2005-08 /20050803191747.htm1
[25]正军等,网络入侵检测系统的设计与实现[M].北京:电子工业出版社2002.6
[26] White GB, Fisch EA, Pooch U W. Cooperating Security Managers :A Peer-based Intrusion Detection System[J]. IEEE Network, 1999,10
[27] Chris Hare Karan Siyan, Internet防火墙与网络安全[M].北京:机械工业出版社,1998.6
[28] CHRIS HARE KARANIIT SIYAN. K,Internet防火墙与网络安全[M].,北京:机械工业出版社,1998.5
[29] MARCUS GONCALVES.防火墙技术指南[M].北京:机械工业出版社,2000
[30]黄允聪,严望佳著,防火墙的选型、配置、安装和维护[M].北京:清华大学出版社,1999
[31]胡华平,陈海涛,黄辰林等,入侵检测技术的研究现状与发展趋势[J],计算机工程与科学,2001.6
[32] http:/lwww.combat.cnlarticleview/2006-3-3/article view, 22841.htm#top
[33] http://kj.bicea.edu.cn:9090/jisuanjilei.wlkc/duomeitijishu(chuanda)/MMT/MmtltO1_2.htm