国家开发银行企业银行信息系统安全解决方案设计与实现
|
摘要
随着我国金融业日趋激烈的竞争,各银行都加快了金融电子化、信息化和网络化建设的步伐,许多高质量的应用软件不断投入使用,这些软件已经成为提升竞争手段的关键。同时,网络化建设也迅猛发展,建立网络基础上的金融服务得到普及和社会的认同,而且,信息共享也是当今经济发展的必须。因此,网络化的金融业也成为了犯罪分子攻击的重要目标,金融计算机犯罪的发案率逐年上升。如何确保各系统安全稳定运行,防范金融风险是当前金融电子化、网络化过程中讨论的热点问题;信息安全也就成为一个全球性和世纪性的课题。
本论文对当前国内网络安全的现状和银行业普遍采用的安全技术做了较为系统的研究,其包了括物理安全、网络安全、病毒和黑客防范、加密技术、访问控制、认证技术和信息安全管理及审计等各个方面。
本论文基于作者长期从事银行项目开发和应用系统生产运行的实践,安全解决方案的实现分为两个层次,一方面首先对当前国内网络安全的现状和银行业普遍采用的安全技术做了较为系统的研究,根据系统实际情况,制定符合要求的技术选择原则,在现有的成熟的安全防范技术和软件中予以选择取舍,设计能够解决本系统存在的安全隐患的最优方案,此部分只作为整体方案的组成部分,不作为研究重点,主要涉及系统的物理安全、网络安全、病毒防范、黑客防范等内容。另一方面,在理论研究的基础上,又针对“国家开发银行企业银行信息系统”本身的特殊性,进行了具体的设计、开发和上线运行的实际应用,对该系统安全问题解决方案进行了设计与具体实现,解决了应用系统安全方面的隐患,这部分是本文论述的重点,内容主要包括数据加密、访问控制和身份验证以及系统整体规划等内容。
国家开发银行企业银行信息系统是基于行内用户专线广域网络的C/S结构和企业客户INTERNET或拨号上网的B/S结构设计的大型银行系统软件,在设计过程中,本人参阅了大量关于Web技术安全知识的书籍,并借鉴了一些电子商务安全问题的解决办法。整个方案的设计与实现,遵循经济性、标准性、层次性、灵活性等原则,是从安全和实用两方面综合考虑得出的。
“国家开发银行企业银行信息系统”是国家开发银行的核心业务系统之一,整个项目的建设是一项庞大的系统工程,也是团队合作的结果。作者与其它同事共同完成整个方案设计,具体参与了系统需求的提出、概要设计、详细设计、网络安全架构设计、项目编码组织、系统测试、试运行和上线生产的全过程,该系统的实践是本论文课题研究的基础。
软件系统安全所包含的内容非常广泛,本课题结合国家开发银行企业银行信息系统的特点,比较全面的论述了应用系统安全生产必要的条件,并且重点研究了应用系统上线运行的安全隐患;但是安全是相对的,绝对的安全是不存在的,相信国家开发银行企业银行信息安全方案认真实施后,能够防范绝大多数的安全风险;不安全的隐患随着该系统的不断完善和优化也会逐步的加以消除。
With the competition is getting more and more furious in financial industry, the banks all quicken their establishment of electronization, informatization and online business in banking areas. A mount of high quality applied softwares are put into practice, and already have become the key to promote the competitive means. Meanwhile, the establishment of webs has gotten its fast development, and the web-based financial services are popular and recognized by society. Furthermore, information sharing is a must for the contemporary economic. Therefore, the internet zed finance also became an important target of criminal, and the Crime rate from financial computer is ascending year by year. How to make sure all systems run safely and steadily, and prevent financial risks is currently becoming a hot issue in the process of banking electronization and web business development. The information security therefore becomes a global and centenary topic.
This paper makes a systematic analysis on the network security and security technology, which is adopted by financial industry widely. It conclude physical security, network security, the virus prevention & Anti-hacker, Crypto technology, the access control , the authentication technology and information security management and audit, etc.
This paper also depends on the author's longtime fieldwork on bank item and application system operation, the realization of security solution programme include two levels, (1) make a systematic analyses on the network security and security technology, which is adopted by financial industry widely. Based on system actual situation, make suitable technology choice principles, choose under the present and mature security preventing technology and software, design the best programme which can solve the security hidden trouble. This part is only a constituent part of a whole programme, not an important study point. It mainly refers physical security, network security, the virus prevention & Anti-hacker, etc. (2) On the basis of theoretical analysis, pointing to the special feature of "CDB Enterprise Banking Information System", make specific design, development and online operation, by making design and specific realization to system security problem solution programme, solve security hidden trouble of application system. This part is the important point of this paper, mainly including data encryption, access control, the authentication and system overall planning.
CDB Enterprise Banking Information System is a big banking system software, which is designed on the basis of C/S structure of private line wide area network and B/S structure of enterprise client internet or ADSL. During the design, the author referred to amount of books, about Web technology security knowledge, and learned some solution methods of e-business security problem. The design and realization of whole programme rely on the principle of economy, standard, stratified, flexibility, etc. It is made out under the synthetic consideration of safety and practicality.
CDB Enterprise Banking Information System is one of the most key business systems; the establishment of the whole item is a huge systematic project, and also a result of team work. The author and his colleagues finished the whole programme design together, joined in the whole process of raising system demand, outline design, description design, network security architecture design, item coding organizing, system test, Operating and online production, the practice of the system is the basic of this paper.
The content of software system security is quite large, combining with the feature of CDB Enterprise Banking Information System. This paper comprehensively discusses the necessary condition of application system safe production, and studies the security hidden trouble of application system online operating emphatically; but safety is relative, there is no absolutely safe. We can believe that after the fine implement of CDB Enterprise Banking Information System security programme, it can prevent most security risks. And unsafe hidden trouble will be eliminated with the system becoming more and more perfect and optimized.
本论文对当前国内网络安全的现状和银行业普遍采用的安全技术做了较为系统的研究,其包了括物理安全、网络安全、病毒和黑客防范、加密技术、访问控制、认证技术和信息安全管理及审计等各个方面。
本论文基于作者长期从事银行项目开发和应用系统生产运行的实践,安全解决方案的实现分为两个层次,一方面首先对当前国内网络安全的现状和银行业普遍采用的安全技术做了较为系统的研究,根据系统实际情况,制定符合要求的技术选择原则,在现有的成熟的安全防范技术和软件中予以选择取舍,设计能够解决本系统存在的安全隐患的最优方案,此部分只作为整体方案的组成部分,不作为研究重点,主要涉及系统的物理安全、网络安全、病毒防范、黑客防范等内容。另一方面,在理论研究的基础上,又针对“国家开发银行企业银行信息系统”本身的特殊性,进行了具体的设计、开发和上线运行的实际应用,对该系统安全问题解决方案进行了设计与具体实现,解决了应用系统安全方面的隐患,这部分是本文论述的重点,内容主要包括数据加密、访问控制和身份验证以及系统整体规划等内容。
国家开发银行企业银行信息系统是基于行内用户专线广域网络的C/S结构和企业客户INTERNET或拨号上网的B/S结构设计的大型银行系统软件,在设计过程中,本人参阅了大量关于Web技术安全知识的书籍,并借鉴了一些电子商务安全问题的解决办法。整个方案的设计与实现,遵循经济性、标准性、层次性、灵活性等原则,是从安全和实用两方面综合考虑得出的。
“国家开发银行企业银行信息系统”是国家开发银行的核心业务系统之一,整个项目的建设是一项庞大的系统工程,也是团队合作的结果。作者与其它同事共同完成整个方案设计,具体参与了系统需求的提出、概要设计、详细设计、网络安全架构设计、项目编码组织、系统测试、试运行和上线生产的全过程,该系统的实践是本论文课题研究的基础。
软件系统安全所包含的内容非常广泛,本课题结合国家开发银行企业银行信息系统的特点,比较全面的论述了应用系统安全生产必要的条件,并且重点研究了应用系统上线运行的安全隐患;但是安全是相对的,绝对的安全是不存在的,相信国家开发银行企业银行信息安全方案认真实施后,能够防范绝大多数的安全风险;不安全的隐患随着该系统的不断完善和优化也会逐步的加以消除。
With the competition is getting more and more furious in financial industry, the banks all quicken their establishment of electronization, informatization and online business in banking areas. A mount of high quality applied softwares are put into practice, and already have become the key to promote the competitive means. Meanwhile, the establishment of webs has gotten its fast development, and the web-based financial services are popular and recognized by society. Furthermore, information sharing is a must for the contemporary economic. Therefore, the internet zed finance also became an important target of criminal, and the Crime rate from financial computer is ascending year by year. How to make sure all systems run safely and steadily, and prevent financial risks is currently becoming a hot issue in the process of banking electronization and web business development. The information security therefore becomes a global and centenary topic.
This paper makes a systematic analysis on the network security and security technology, which is adopted by financial industry widely. It conclude physical security, network security, the virus prevention & Anti-hacker, Crypto technology, the access control , the authentication technology and information security management and audit, etc.
This paper also depends on the author's longtime fieldwork on bank item and application system operation, the realization of security solution programme include two levels, (1) make a systematic analyses on the network security and security technology, which is adopted by financial industry widely. Based on system actual situation, make suitable technology choice principles, choose under the present and mature security preventing technology and software, design the best programme which can solve the security hidden trouble. This part is only a constituent part of a whole programme, not an important study point. It mainly refers physical security, network security, the virus prevention & Anti-hacker, etc. (2) On the basis of theoretical analysis, pointing to the special feature of "CDB Enterprise Banking Information System", make specific design, development and online operation, by making design and specific realization to system security problem solution programme, solve security hidden trouble of application system. This part is the important point of this paper, mainly including data encryption, access control, the authentication and system overall planning.
CDB Enterprise Banking Information System is a big banking system software, which is designed on the basis of C/S structure of private line wide area network and B/S structure of enterprise client internet or ADSL. During the design, the author referred to amount of books, about Web technology security knowledge, and learned some solution methods of e-business security problem. The design and realization of whole programme rely on the principle of economy, standard, stratified, flexibility, etc. It is made out under the synthetic consideration of safety and practicality.
CDB Enterprise Banking Information System is one of the most key business systems; the establishment of the whole item is a huge systematic project, and also a result of team work. The author and his colleagues finished the whole programme design together, joined in the whole process of raising system demand, outline design, description design, network security architecture design, item coding organizing, system test, Operating and online production, the practice of the system is the basic of this paper.
The content of software system security is quite large, combining with the feature of CDB Enterprise Banking Information System. This paper comprehensively discusses the necessary condition of application system safe production, and studies the security hidden trouble of application system online operating emphatically; but safety is relative, there is no absolutely safe. We can believe that after the fine implement of CDB Enterprise Banking Information System security programme, it can prevent most security risks. And unsafe hidden trouble will be eliminated with the system becoming more and more perfect and optimized.
引文
[1]JAMES EKUROSE,KEITH W.ROSS,计算机网络-自顶向下方法与INTERNET特色(第3版影印版),北京,高等教育出版社,2005
[2]Andrew S.Tanenbaum,计算机网络(第4版)(中文版),北京,清华大学出版社,2006
[3](美)William Stallings著,孟庆树译,密码编码学与网络安全-原理与实践(第四版),北京,电子工业出版社,2006
[4]顾巧论 高铁杠 贾春福,计算机网络安全,北京,清华大学出版社,2007
[5]甘刚 曹荻华 王敏 王祖俪 张永波,网络攻击与防御,北京,清华大学出版社,2008
[6]蒋睿 胡爱群 陆哲明,网络信息安全理论与技术,武汉,华中科技大学出版社,2007
[7]张蒲生,网络安全应用技术,北京,电子工业出版社,2008
[8]刘晓洁,网络安全引论与应用教程,
[9](美)Charles P.Pfleeger;Shari Lawrence Pfleeger著,李毅超;蔡洪斌;谭浩译,信息安全原理与应用(第四版),北京,电子工业出版社,2007
[10]关振胜,公钥基础设施PKI及其应用,北京,电子工业出版社,2007
[11]陆宝华王楠,信息系统安全原理与应用,北京,清华大学出版社,2007
[12]马恒太 李鹏飞 毅学雄 洪志国,Web服务安全,北京,电子工业出版社,2007
[13]张红旗 王新昌 杨英杰 唐慧林,信息安全管理,北京,人民邮电出版社,2007
[14]中国信息协会信息安全专业委员会,中国信息安全年鉴(2007年),北京,中国水利水电出版社,2007
[15]陈克非 黄征,信息安全技术导论,北京,电子工业出版社,2007
[16]王淑江,网络安全,北京,机械工业出版社,2007
[17]贺思德 申浩如,计算机网络安全与应用,北京:,科学出版社,2007
[18]万振凯,网络安全与维护,北京,北京交通大学出版社,2005
[19](美)William Stallings著,白国强译,网络安全基础--应用与标准(第3版),北京,清华大学出版社,2007
[20]王英梅,信息安全风险评估,北京,电子工业出版社,2007
[21]李龙景,计算机信息加密与解密,北京,中国政法大学出版社,2007
[22]杨坚争 赵雯 杨立钒,电子商务安全与电子支付,北京,机械工业出版社,2007
[23]徐茂智 游林,信息安全与密码学,北京,清华大学出版社,2007
[24]张仁斌 李钢 侯整风,计算机病毒与反病毒技术,北京,清华大学出版社,2007
[25]王曦 杨健,网络安全技术与实务,北京,电子工业出版社,2006
[26]张爱菊 熊平 朱平 陆安生,电子商务安全技术,北京,清华大学出版社,2006
[27]中国人民银行,银行计算机信息系统安全技术规范》,北京,电子工业出版社,2007
[28]国家开发银行,国家开发银行文件法规汇编,2007
[29]国家开发银行,国家开发银行信息安全手册,2007
[30]国家开发银行,国家开发银行信贷管理手册,2008
[2]Andrew S.Tanenbaum,计算机网络(第4版)(中文版),北京,清华大学出版社,2006
[3](美)William Stallings著,孟庆树译,密码编码学与网络安全-原理与实践(第四版),北京,电子工业出版社,2006
[4]顾巧论 高铁杠 贾春福,计算机网络安全,北京,清华大学出版社,2007
[5]甘刚 曹荻华 王敏 王祖俪 张永波,网络攻击与防御,北京,清华大学出版社,2008
[6]蒋睿 胡爱群 陆哲明,网络信息安全理论与技术,武汉,华中科技大学出版社,2007
[7]张蒲生,网络安全应用技术,北京,电子工业出版社,2008
[8]刘晓洁,网络安全引论与应用教程,
[9](美)Charles P.Pfleeger;Shari Lawrence Pfleeger著,李毅超;蔡洪斌;谭浩译,信息安全原理与应用(第四版),北京,电子工业出版社,2007
[10]关振胜,公钥基础设施PKI及其应用,北京,电子工业出版社,2007
[11]陆宝华王楠,信息系统安全原理与应用,北京,清华大学出版社,2007
[12]马恒太 李鹏飞 毅学雄 洪志国,Web服务安全,北京,电子工业出版社,2007
[13]张红旗 王新昌 杨英杰 唐慧林,信息安全管理,北京,人民邮电出版社,2007
[14]中国信息协会信息安全专业委员会,中国信息安全年鉴(2007年),北京,中国水利水电出版社,2007
[15]陈克非 黄征,信息安全技术导论,北京,电子工业出版社,2007
[16]王淑江,网络安全,北京,机械工业出版社,2007
[17]贺思德 申浩如,计算机网络安全与应用,北京:,科学出版社,2007
[18]万振凯,网络安全与维护,北京,北京交通大学出版社,2005
[19](美)William Stallings著,白国强译,网络安全基础--应用与标准(第3版),北京,清华大学出版社,2007
[20]王英梅,信息安全风险评估,北京,电子工业出版社,2007
[21]李龙景,计算机信息加密与解密,北京,中国政法大学出版社,2007
[22]杨坚争 赵雯 杨立钒,电子商务安全与电子支付,北京,机械工业出版社,2007
[23]徐茂智 游林,信息安全与密码学,北京,清华大学出版社,2007
[24]张仁斌 李钢 侯整风,计算机病毒与反病毒技术,北京,清华大学出版社,2007
[25]王曦 杨健,网络安全技术与实务,北京,电子工业出版社,2006
[26]张爱菊 熊平 朱平 陆安生,电子商务安全技术,北京,清华大学出版社,2006
[27]中国人民银行,银行计算机信息系统安全技术规范》,北京,电子工业出版社,2007
[28]国家开发银行,国家开发银行文件法规汇编,2007
[29]国家开发银行,国家开发银行信息安全手册,2007
[30]国家开发银行,国家开发银行信贷管理手册,2008