金融企业信息系统安全解决方案的设计与实现
|
摘要
“恐怖大享”本·拉登曾经公开表示:摧毁一个国家的最好方式就是摧毁其现有的经济运行体制,而重要的方式就是让银行资料全部毁灭。
当今时代,实现虚拟经济发展的金融业已经成为国民经济中重要的组成部分,以计算机为主要工具,在现今软件及网络的迅猛发展下,使得大量、迅及的信息共享更容实现。虚拟经济产品的无形性有别于实体经济,这是虚拟经济的一个主要特点。可以说,保证了金融机构和企业的信息安全,也就保证了虚拟经济,保全了整个社会的生产成果。
如何确保各系统安全稳定运行,防范金融风险是当前金融电子化、网络化过程中讨论的热点问题;信息安全也就成为一个全球性和世纪性的课题。
本论文的研究正是在企业日常运作日益依赖于信息系统,信息系统安全问题成为社会普遍关注的背景下展开的,以金融企业信息系统为具体的研究对象,从金融业信息系统所支持的运作过程角度入手,针对特定的金融企业--信达证券公司的具体项目涉及情况,对信息系统安全的需求识别、总体结构、具体架构和实施关键技术进行系统深入的研究,并通过具体的项目解决方案来说明了研究应用的广阔前景。
Well-known terrorist Osama Bin Laden acclaim that devastating the economical system of a country, especially all the data of bank, is the best choice to revenge.
Nowadays, to run the fictitious capital and promote the economical development has been an important part of national economy.Under the development of the software and internet,with the computer as the main tools.it's much easier to share information much more and more quickly. The main difference between Fictitious Economy and real economy is invisibility. Therefore, by ensuring the information safety of financial organization and enterprises can guarantee the fruits of fictitious economy and the society.
How to ensure the steady ongoing of every system and avoid financial risk is the focus of digitalized and networked financial industry.
The thesis starts when the daily management of enterprises depends more and more on information system and information-safety is a common social concern. Financial information system is the research object. The thesis first introduces the managing process supported by financial information system, especially the specific information about the Xin Da Securities Company. Then the recognizing ability, general structure, specific components and the key technology are analyzed and studied at depth. The examples of solution given indicate the broader future of the practical use of my thesis.
当今时代,实现虚拟经济发展的金融业已经成为国民经济中重要的组成部分,以计算机为主要工具,在现今软件及网络的迅猛发展下,使得大量、迅及的信息共享更容实现。虚拟经济产品的无形性有别于实体经济,这是虚拟经济的一个主要特点。可以说,保证了金融机构和企业的信息安全,也就保证了虚拟经济,保全了整个社会的生产成果。
如何确保各系统安全稳定运行,防范金融风险是当前金融电子化、网络化过程中讨论的热点问题;信息安全也就成为一个全球性和世纪性的课题。
本论文的研究正是在企业日常运作日益依赖于信息系统,信息系统安全问题成为社会普遍关注的背景下展开的,以金融企业信息系统为具体的研究对象,从金融业信息系统所支持的运作过程角度入手,针对特定的金融企业--信达证券公司的具体项目涉及情况,对信息系统安全的需求识别、总体结构、具体架构和实施关键技术进行系统深入的研究,并通过具体的项目解决方案来说明了研究应用的广阔前景。
Well-known terrorist Osama Bin Laden acclaim that devastating the economical system of a country, especially all the data of bank, is the best choice to revenge.
Nowadays, to run the fictitious capital and promote the economical development has been an important part of national economy.Under the development of the software and internet,with the computer as the main tools.it's much easier to share information much more and more quickly. The main difference between Fictitious Economy and real economy is invisibility. Therefore, by ensuring the information safety of financial organization and enterprises can guarantee the fruits of fictitious economy and the society.
How to ensure the steady ongoing of every system and avoid financial risk is the focus of digitalized and networked financial industry.
The thesis starts when the daily management of enterprises depends more and more on information system and information-safety is a common social concern. Financial information system is the research object. The thesis first introduces the managing process supported by financial information system, especially the specific information about the Xin Da Securities Company. Then the recognizing ability, general structure, specific components and the key technology are analyzed and studied at depth. The examples of solution given indicate the broader future of the practical use of my thesis.
引文
1.吴应良.管理信息系统的安全问题与对策[J].计算应用研究,1999, (11):22-26.
2.启明工作室M.IS系统开发与应用[M].北京:人民邮电出版社,2005:16-19.
3.彭新光,吴兴兴.计算机网络安全技术与应用[M].北京:科学出版社,2005:31-59.
4.卿斯汉.密码学与计算机网络安全[M].北京:清华大学出版社,200:56-78.
5.高峻,李订芳.AES算法的改进用法及其在数据库加密中的应用[J].中南民族大学学报(自然科学版),2002,4(21):67-70.
6.楚狂.网络安全与防火墙技术[M].北京:人民邮电出版社,2000:137-142.
7.张小彬,严望佳.黑客分析与防范技术[M].北京:清华大学出版社,1999:89-115.
8.王兵.Internet防火墙与网络安全[M].北京:机械工业出版社,1998:36-78.
9.黄永聪.防火墙的选型、配置、安装和维护[M].北京:清华大学出版社,1999:185-236.
10.陈爱民,于康有.计算机的安全与保密[M].北京:电子工业出版社,2002:248-305.
11.朱鲁华,陈荣良.数据库加密系统的设计与实现[J].计算机工程,2002,8(28)61-63.
12. Know, Taekyoung. Digital signature algorithm for securing digital identities[J]. Information Processing Letters,2002,83(6):247-253.
13.R.M.Needham, M.D.Schroceder.Using encryption for authentication in large networks of computers[J]. Communications of the Acm,1998,(5):25-38.
14. H.Backer. Network Security:How to Plan for it and achieve it[M]. The McGraw Hill Companies, Inc,1994:76-86.
15.Oleg Sheyner, Somesh Jha, M.Wing. Automated Generation and Analysis of Attack Graphs[J]. Proceedings of the IEEE,2002,(8):36-40.
16. Know, Taekyoung. Digital signature algorithm for securing digital identities[J]. Information Processing Letters,2002,83(6):247-253.
17.林碧英,曲俊华,吕洁等.Web数据库的存取技术[J].计算工程与应用,2000,(10):114-118.
18. R. Sandhu, E. J. Copne. Role-based Access Control Models IEEE Computer [J].1996, 29(2):38-47.
19. E. Yourdon, L. L. Constantine. Structured Design:foundamentals of discipline of computer program and system design[M]. MIT:Yourdon Press,1997,(8):138-163.
20.吴章勇,刘耀.基于Intranet的现代管理信息系统开发研究[J].计算机与现代化,2002,(9):15-19.
21.钟小平,张金色.网络服务器配置与应用[M].北京:人民邮电出版社,2003:234-256.
22.雷震甲,臧明相,王宝宝.计算机网络[M].西安:西安电子科技大学出版社,2003:5-13.
23.谢希仁.计算机网络[M].大连:大连理工大学出版社,2004:314-327.
24. Network Working Group[J]. RFC2104.HMAC:Keyed-hashing for Message Authentication,1997:16-30.
25.唐韶华.数字签名及其在电子商务中的应用[J].计算机工程与应用,2001, (6):12-13.
26. IBM Web Services Architecture Team. Web Services Architecture Overview[J]. IBM Technical Article,2000,(9):29-38.
27. D. Esposito. Building Web Solutions with ASP. NET and ADO[M]. NET. Microsoft Press, 2002:81-102.
28. M. Smith, H. Ray. Network security using NAT and NAPT[M]. IEEE,2002:355-360.
29. M. Smith, H. Ray. Network security using NAT and NAPT[M]. IEEE,2002:355-360.
30.王兵.Internet防火墙与网络安全[M].北京:机械工业出版社,1998:36-78.
31.朱鲁华,陈荣良.数据库加密系统的设计与实现[J].计算机工程,2002,8(28):
32.陈爱民,于康有.计算机的安全与保密[M].北京:电子工业出版社,2002:248-305,61-63.
33.朱鲁华,陈荣良.数据库加密系统的设计与实现[J].计算机工程,2002,8(28):
34. R. William, W. Cheswick, M. Steven.Bellovin. Fire Walls And Internet Security:repelling the wily hacker[J]. AT&T Bell Laboratories, Inc.1999,(1):73-78.
35. C. Francisco, D. Matthew. Unraveling the Web Services Web:An Introduction to SOAP, WSDL and UDDI.IEEE Internet Computing[J].2001,(4):27-34.
36. S. L. Shaffer, R. A. Simon.Network security[M]. New York:Academic press,1994: 231-245.
37.Oleg Sheyner, Somesh Jha, M.Wing. Automated Generation and Analysis of Attack Graphs[J]. Proceedings of the IEEE,2002,(8):36-40.
38.胡炎,董名垂,韩英铎.电力工业信息安全的思考[J].电力系统自动化,2002,(4):38-51.
39.辛耀中,胡红升,卢长燕等.中国电力数据网络建设和运行中应该注意的四个关系[J].电力系统自动化,1998, (1):52-63.
40. R. Sandhu, E. J. Copne. Role-based Access Control Models IEEE Computer[J].1996, 29(2):38-47.
41. E. Yourdon, L. L. Constantine. Structured Design:foundamentals of discipline of computer program and system design[M]. MIT:Yourdon Press,1997,(8):138-163.
42. R. William, W. Cheswick, M. Steven.Bellovin. Fire Walls And Internet Security:repelling the wily hacker[J]. AT&T Bell Laboratories, Inc.1999,(1):73-78.
43. C. Francisco, D. Matthew. Unraveling the Web Services Web:An Introduction to SOAP, WSDL and UDDI.IEEE Internet Computing[J].2001,(4):27-34.
44. S. L. Shaffer, R. A. Simon.Network security[M]. New York:Academic press,1994: 231-245.
2.启明工作室M.IS系统开发与应用[M].北京:人民邮电出版社,2005:16-19.
3.彭新光,吴兴兴.计算机网络安全技术与应用[M].北京:科学出版社,2005:31-59.
4.卿斯汉.密码学与计算机网络安全[M].北京:清华大学出版社,200:56-78.
5.高峻,李订芳.AES算法的改进用法及其在数据库加密中的应用[J].中南民族大学学报(自然科学版),2002,4(21):67-70.
6.楚狂.网络安全与防火墙技术[M].北京:人民邮电出版社,2000:137-142.
7.张小彬,严望佳.黑客分析与防范技术[M].北京:清华大学出版社,1999:89-115.
8.王兵.Internet防火墙与网络安全[M].北京:机械工业出版社,1998:36-78.
9.黄永聪.防火墙的选型、配置、安装和维护[M].北京:清华大学出版社,1999:185-236.
10.陈爱民,于康有.计算机的安全与保密[M].北京:电子工业出版社,2002:248-305.
11.朱鲁华,陈荣良.数据库加密系统的设计与实现[J].计算机工程,2002,8(28)61-63.
12. Know, Taekyoung. Digital signature algorithm for securing digital identities[J]. Information Processing Letters,2002,83(6):247-253.
13.R.M.Needham, M.D.Schroceder.Using encryption for authentication in large networks of computers[J]. Communications of the Acm,1998,(5):25-38.
14. H.Backer. Network Security:How to Plan for it and achieve it[M]. The McGraw Hill Companies, Inc,1994:76-86.
15.Oleg Sheyner, Somesh Jha, M.Wing. Automated Generation and Analysis of Attack Graphs[J]. Proceedings of the IEEE,2002,(8):36-40.
16. Know, Taekyoung. Digital signature algorithm for securing digital identities[J]. Information Processing Letters,2002,83(6):247-253.
17.林碧英,曲俊华,吕洁等.Web数据库的存取技术[J].计算工程与应用,2000,(10):114-118.
18. R. Sandhu, E. J. Copne. Role-based Access Control Models IEEE Computer [J].1996, 29(2):38-47.
19. E. Yourdon, L. L. Constantine. Structured Design:foundamentals of discipline of computer program and system design[M]. MIT:Yourdon Press,1997,(8):138-163.
20.吴章勇,刘耀.基于Intranet的现代管理信息系统开发研究[J].计算机与现代化,2002,(9):15-19.
21.钟小平,张金色.网络服务器配置与应用[M].北京:人民邮电出版社,2003:234-256.
22.雷震甲,臧明相,王宝宝.计算机网络[M].西安:西安电子科技大学出版社,2003:5-13.
23.谢希仁.计算机网络[M].大连:大连理工大学出版社,2004:314-327.
24. Network Working Group[J]. RFC2104.HMAC:Keyed-hashing for Message Authentication,1997:16-30.
25.唐韶华.数字签名及其在电子商务中的应用[J].计算机工程与应用,2001, (6):12-13.
26. IBM Web Services Architecture Team. Web Services Architecture Overview[J]. IBM Technical Article,2000,(9):29-38.
27. D. Esposito. Building Web Solutions with ASP. NET and ADO[M]. NET. Microsoft Press, 2002:81-102.
28. M. Smith, H. Ray. Network security using NAT and NAPT[M]. IEEE,2002:355-360.
29. M. Smith, H. Ray. Network security using NAT and NAPT[M]. IEEE,2002:355-360.
30.王兵.Internet防火墙与网络安全[M].北京:机械工业出版社,1998:36-78.
31.朱鲁华,陈荣良.数据库加密系统的设计与实现[J].计算机工程,2002,8(28):
32.陈爱民,于康有.计算机的安全与保密[M].北京:电子工业出版社,2002:248-305,61-63.
33.朱鲁华,陈荣良.数据库加密系统的设计与实现[J].计算机工程,2002,8(28):
34. R. William, W. Cheswick, M. Steven.Bellovin. Fire Walls And Internet Security:repelling the wily hacker[J]. AT&T Bell Laboratories, Inc.1999,(1):73-78.
35. C. Francisco, D. Matthew. Unraveling the Web Services Web:An Introduction to SOAP, WSDL and UDDI.IEEE Internet Computing[J].2001,(4):27-34.
36. S. L. Shaffer, R. A. Simon.Network security[M]. New York:Academic press,1994: 231-245.
37.Oleg Sheyner, Somesh Jha, M.Wing. Automated Generation and Analysis of Attack Graphs[J]. Proceedings of the IEEE,2002,(8):36-40.
38.胡炎,董名垂,韩英铎.电力工业信息安全的思考[J].电力系统自动化,2002,(4):38-51.
39.辛耀中,胡红升,卢长燕等.中国电力数据网络建设和运行中应该注意的四个关系[J].电力系统自动化,1998, (1):52-63.
40. R. Sandhu, E. J. Copne. Role-based Access Control Models IEEE Computer[J].1996, 29(2):38-47.
41. E. Yourdon, L. L. Constantine. Structured Design:foundamentals of discipline of computer program and system design[M]. MIT:Yourdon Press,1997,(8):138-163.
42. R. William, W. Cheswick, M. Steven.Bellovin. Fire Walls And Internet Security:repelling the wily hacker[J]. AT&T Bell Laboratories, Inc.1999,(1):73-78.
43. C. Francisco, D. Matthew. Unraveling the Web Services Web:An Introduction to SOAP, WSDL and UDDI.IEEE Internet Computing[J].2001,(4):27-34.
44. S. L. Shaffer, R. A. Simon.Network security[M]. New York:Academic press,1994: 231-245.