网络安全事件应急响应联动系统研究
|
摘要
网络安全事件应急响应联动系统的主要目的是协调应急响应组织人力与信息等资源合作应对网络安全事件,目前尚未有广泛接受的模型。因此本文以目前网络安全事件应急响应技术与目前存在的现状为基础,从该事件和状态的发展进程谈起,并分析该应急响应联动的含义、目的与原则,讨论了应急响应联动的体系结构、功能与策略等;提出了应急响应联动系统的初步模型,并以PDCERF方法学的6个阶段为线索用相关的标准和建议充实了该模型;接着,本文给出了建议的系统运行模板和事例说明;最后简要探讨了联动系统其他的关键内容。
本文侧重响应的组织与过程,对技术细节并不深究;所提出的联动系统模型并不完美但己经充分考虑了协作响应的关键问题,并着重于适应我国的实际情况,具有一定的可操作性。
Network Security Emergency Response System to respond to the main purpose is to coordinate emergency response organizations, such as human resources and information co-operation to deal with network security incidents, there are no widely accepted model. Therefore, On the basis of recent technology and organization of incident response, begin with its trend the author brings forward his production about the system. In this paper, there are analysis about the significance, the purpose and the principle of the system and argumentation about its organization, function, running and security strategy, software and some key technology. Then the author puts forward a primary model filled with correlative standards and suggestions with the clue of the six phases of PDCEIZF methodology. Then the' author shows a recommended running template and some examples of the system. At last, the author talks about other important content.
This thesis put its emphasis on the organization and the process of the response, without lots of study on the technology. Although this model is not perfect, it has dealt with most of the key problem on cooperation. Because it is adapted with the fact of our country, it's exercisable in a certain extent.
本文侧重响应的组织与过程,对技术细节并不深究;所提出的联动系统模型并不完美但己经充分考虑了协作响应的关键问题,并着重于适应我国的实际情况,具有一定的可操作性。
Network Security Emergency Response System to respond to the main purpose is to coordinate emergency response organizations, such as human resources and information co-operation to deal with network security incidents, there are no widely accepted model. Therefore, On the basis of recent technology and organization of incident response, begin with its trend the author brings forward his production about the system. In this paper, there are analysis about the significance, the purpose and the principle of the system and argumentation about its organization, function, running and security strategy, software and some key technology. Then the author puts forward a primary model filled with correlative standards and suggestions with the clue of the six phases of PDCEIZF methodology. Then the' author shows a recommended running template and some examples of the system. At last, the author talks about other important content.
This thesis put its emphasis on the organization and the process of the response, without lots of study on the technology. Although this model is not perfect, it has dealt with most of the key problem on cooperation. Because it is adapted with the fact of our country, it's exercisable in a certain extent.
引文
[1] Schafer, G. (2003). Security in Fixed and Wireless Networks: an Introduction to Securing Data Communications. Chichester: John Wiley & Sons.
[2] Bates, R. J. (2002). GPRS General Packet Radio Service. New York:McGraw-Hill. Bellovin, S. M. (1989). Security problems in the TCP/IP protocol suite. ACM SIGCOMM Computer Communication Review, 19 (2), 32 { 48. Berezdivin, R., Breinig, R., & Topp, R. (2002). Next-generation wireless communications concepts and technologies. IEEE Communications Magazine, 40 (3), 108-116.
[3] Braden, R., Clark, D., & Shenker, S. (1994). Integrated Services in the Internet Architecture: an Overview. RFC 1633. IETF. (Retrieved on Oct. 27, 2005 from http://www.ietf.org/rfc/rfc1633.txt)
[4] Guardini, I., D'Urso, P., & Fasano, P. (2000, November). The role of Internet technology in future mobile data systems. IEEE Communications Magazine, 38 (11), 68-72. Gustafsson, E., Jonsson, A., & Perkins, C. (2005). Mobile IPv4 Regional Registration. Internet-Draft. IETF. (Retrieved on Dec. 01, 2005 from ftp://ftp.is.co.za/internet-drafts/draft-ietf-mip4-reg-tunnel-01.txt)
[5] Laat, C. de, Gross, G., Gommans, L., Vollbrecht, J., & Spence, D. (2000). Generic AAA Architecture. RFC 2903. IETF. (Retrieved on Oct. 27,2005 from http://www.ietf.org/rfc/rfc2903.txt)
[6] Menezes, A. J., Van Oorschot, P. C., & Vanstone, S. A. (1997). Handbook of Applied Cryptography. Boca Raton: CRC Press. Mishra, A., Shin, M., & Arbaugh, W. (2003). An empirical analysis of the IEEE 802.11 MAC layer hando? process. ACM SIGCOMM Computer Communication Review, 33 (2), 93{102.
[7] Schafer, G. (2003). Security in Fixed and Wireless Networks: an Introduction to Securing Data Communications. Chichester: John Wiley & Sons. Schiller, J. (2003). Mobile Communication. Essex: Pearson Education.
[8] Vollbrecht, J., Calhoun, P., Farrell, S., Gommans, L., Gross, G., Bruijn, B.
[9] 25LP Series Technical Specification GPS25-LVC,GPS25-LVS,GPS25-HVS,P22-24
[10] S.Kent etc.,IP Auathentication Header,BBN Corp,1998
[11] Zao, J. K., & Condell, M. (1997). Use of IPSec in mobile IP. Internet draft. IETF. (Retrieved on Sept. 7, 2005 from ftp://ftp.is.co.za/internet-drafts/draft-ietf-mobileip-ipsec-use-00.txt)
[12] Whitman, M. E., & Mattord, H. J. (2003). Principles of Information Security. Boston: Thomson Course Technology.
[13] Stemm, M., & Katz, R. H. (1998). Vertical hando?s in wireless overlay networks. Mobile Networks and Applications, 3 (4), 335-350.
[14] Rosen, E., Viswanathan, A., & Callon, R. (2001). Multiprotocol Label Switching Architecture. RFC 3031. IETF. (Retrieved on Oct. 27, 2005 from http://www.ietf.org/rfc/rfc3031.txt)
[15] Perkins, C. E. (1998, January-February). Mobile Networking Through Mobile IP. IEEE Internet Computing, 2 (1), 58-69.
[16] Fraser,B. "Site Security Handbook".RFC2196. 1997,9
[17] Malkin,G. "Internet Users' Glossary". RFC1983. 1996,8
[18] Responding to Intrusions. http://www.cert.org/security-improvement/modules/m06.html
[19] Responding to Computer Security Incidents:Guidelines for Incident Handling. ftp://ftp. cert. dfn. de/pub/docs/csir/docs hg. ps. gz
[20] BrownIee,N. ,Guttman E. . "Expectations for Computer Security Incident Response". RFC2350. 1998,6
[21] Forming an Incident Response Team. ftp://ftp.cert.dfn.de/pub/csirldocslforming.an.irt,ps.gz
[22] Creating a Computer Security Incident Response Team: A Process for Getting Started. http://www.cert.org/csirts/Creating-A-CS1RT.html
[23] Detecting Signs of Intrusion. http://www.cert.org/security-improvement/moduleslm09.html
[24] Collect and protect information associated with an intrusion. http://www.cert.org/security-improvement/practices/p048.htm1
[25] CERT/CC Steps for Recovering from a UNIX or NT System Compromise. http://www.cert.org/tech tips/win-UNIX-system_ compromise.html
[26] Andrew S.Tanenbaum.Computer Ne七works (Third Edition).清华大学出版社1997
[27] Wakita A, Yajima M, Harada T, Toriya H, Chivokura H. A compact and qualified Web3D representation based on lattice structure. [Journal Paper] Transactions of the Information Processing Society of Japan, vol. 42, no. 5, May 2001, pp.1170-81. Publisher:Inf .Process. Soc. Japan, Japan. [28]
[29] Microsoft Corporation. Network Driver Interface specifacation (NDIS) 5.0 Overview
[30] Williame Stallings. Data and Computer Communications. Princeton Hall, 2000.
[31]北京大学计算机科学技术系王文俊2003
[32]吴伟陵,《移动通信中的关键技术》,北京邮电大学,2000
[33]佟震亚,《现代计算机网络教程》,电子工业出版社,1999
[34]袁玉,王能,曹晓梅。IPSEC协议在VPN中的应用,计算机应用研究,2002,No.5:66-69
[35]吕光宏。虚拟专用网(VPN)发展透视。计算机应用研究,2002,No.5:139-142
[36]孙为清,赵轶群。VPN隧道技术。计算机应用研究,2000,No.8:55-57
[37]戴宗坤唐三平《VPN与网络安全》,电子工业出版社2002,9
[38]郭军网络管理[M].北京邮电大学出版社,2001
[39]李建东,黄震海。WLAN的标准与技术发展[J].中兴通信技术,pp.1-4,2003
[40]杨家海,任宪坤,王沛瑜。网络管理原理与实现技术[M].清华大学出版社,2000
[41]李嵘,IP VPN技术及实施方案,技术广角,2004年第4期
[42]卢开澄,计算机密码学,第3版,1998年,清华大学出版社,p165-170
[43]张琳网络管理与应用[M].人民邮电出版社,2000
[44]戴英侠,连一峰,王航.系统安全与入侵检测.北京:清华大学出版社.2002,3
[45]王达,虚拟专用网(VPN)精解,第一版,2004年,清华大学出版社,P32-41
[46]入侵管理技术与应急响应体系.信息安全与通信保密.2003. 10
[47]蒋建春,黄著,卿斯汉黑客攻击机制与防范.计算机工程.2002. 7 [48」王晓明.黑客攻击网站的方式及应对措施.信息化建设.2003. 1
[49]方滨兴.建设网络应急体系—保障网络安全空间.通信学报,2002 [50」北京启明星晨信息技术有限公司.如何实现动态网络安全数据通信.2002. 2
[2] Bates, R. J. (2002). GPRS General Packet Radio Service. New York:McGraw-Hill. Bellovin, S. M. (1989). Security problems in the TCP/IP protocol suite. ACM SIGCOMM Computer Communication Review, 19 (2), 32 { 48. Berezdivin, R., Breinig, R., & Topp, R. (2002). Next-generation wireless communications concepts and technologies. IEEE Communications Magazine, 40 (3), 108-116.
[3] Braden, R., Clark, D., & Shenker, S. (1994). Integrated Services in the Internet Architecture: an Overview. RFC 1633. IETF. (Retrieved on Oct. 27, 2005 from http://www.ietf.org/rfc/rfc1633.txt)
[4] Guardini, I., D'Urso, P., & Fasano, P. (2000, November). The role of Internet technology in future mobile data systems. IEEE Communications Magazine, 38 (11), 68-72. Gustafsson, E., Jonsson, A., & Perkins, C. (2005). Mobile IPv4 Regional Registration. Internet-Draft. IETF. (Retrieved on Dec. 01, 2005 from ftp://ftp.is.co.za/internet-drafts/draft-ietf-mip4-reg-tunnel-01.txt)
[5] Laat, C. de, Gross, G., Gommans, L., Vollbrecht, J., & Spence, D. (2000). Generic AAA Architecture. RFC 2903. IETF. (Retrieved on Oct. 27,2005 from http://www.ietf.org/rfc/rfc2903.txt)
[6] Menezes, A. J., Van Oorschot, P. C., & Vanstone, S. A. (1997). Handbook of Applied Cryptography. Boca Raton: CRC Press. Mishra, A., Shin, M., & Arbaugh, W. (2003). An empirical analysis of the IEEE 802.11 MAC layer hando? process. ACM SIGCOMM Computer Communication Review, 33 (2), 93{102.
[7] Schafer, G. (2003). Security in Fixed and Wireless Networks: an Introduction to Securing Data Communications. Chichester: John Wiley & Sons. Schiller, J. (2003). Mobile Communication. Essex: Pearson Education.
[8] Vollbrecht, J., Calhoun, P., Farrell, S., Gommans, L., Gross, G., Bruijn, B.
[9] 25LP Series Technical Specification GPS25-LVC,GPS25-LVS,GPS25-HVS,P22-24
[10] S.Kent etc.,IP Auathentication Header,BBN Corp,1998
[11] Zao, J. K., & Condell, M. (1997). Use of IPSec in mobile IP. Internet draft. IETF. (Retrieved on Sept. 7, 2005 from ftp://ftp.is.co.za/internet-drafts/draft-ietf-mobileip-ipsec-use-00.txt)
[12] Whitman, M. E., & Mattord, H. J. (2003). Principles of Information Security. Boston: Thomson Course Technology.
[13] Stemm, M., & Katz, R. H. (1998). Vertical hando?s in wireless overlay networks. Mobile Networks and Applications, 3 (4), 335-350.
[14] Rosen, E., Viswanathan, A., & Callon, R. (2001). Multiprotocol Label Switching Architecture. RFC 3031. IETF. (Retrieved on Oct. 27, 2005 from http://www.ietf.org/rfc/rfc3031.txt)
[15] Perkins, C. E. (1998, January-February). Mobile Networking Through Mobile IP. IEEE Internet Computing, 2 (1), 58-69.
[16] Fraser,B. "Site Security Handbook".RFC2196. 1997,9
[17] Malkin,G. "Internet Users' Glossary". RFC1983. 1996,8
[18] Responding to Intrusions. http://www.cert.org/security-improvement/modules/m06.html
[19] Responding to Computer Security Incidents:Guidelines for Incident Handling. ftp://ftp. cert. dfn. de/pub/docs/csir/docs hg. ps. gz
[20] BrownIee,N. ,Guttman E. . "Expectations for Computer Security Incident Response". RFC2350. 1998,6
[21] Forming an Incident Response Team. ftp://ftp.cert.dfn.de/pub/csirldocslforming.an.irt,ps.gz
[22] Creating a Computer Security Incident Response Team: A Process for Getting Started. http://www.cert.org/csirts/Creating-A-CS1RT.html
[23] Detecting Signs of Intrusion. http://www.cert.org/security-improvement/moduleslm09.html
[24] Collect and protect information associated with an intrusion. http://www.cert.org/security-improvement/practices/p048.htm1
[25] CERT/CC Steps for Recovering from a UNIX or NT System Compromise. http://www.cert.org/tech tips/win-UNIX-system_ compromise.html
[26] Andrew S.Tanenbaum.Computer Ne七works (Third Edition).清华大学出版社1997
[27] Wakita A, Yajima M, Harada T, Toriya H, Chivokura H. A compact and qualified Web3D representation based on lattice structure. [Journal Paper] Transactions of the Information Processing Society of Japan, vol. 42, no. 5, May 2001, pp.1170-81. Publisher:Inf .Process. Soc. Japan, Japan. [28]
[29] Microsoft Corporation. Network Driver Interface specifacation (NDIS) 5.0 Overview
[30] Williame Stallings. Data and Computer Communications. Princeton Hall, 2000.
[31]北京大学计算机科学技术系王文俊2003
[32]吴伟陵,《移动通信中的关键技术》,北京邮电大学,2000
[33]佟震亚,《现代计算机网络教程》,电子工业出版社,1999
[34]袁玉,王能,曹晓梅。IPSEC协议在VPN中的应用,计算机应用研究,2002,No.5:66-69
[35]吕光宏。虚拟专用网(VPN)发展透视。计算机应用研究,2002,No.5:139-142
[36]孙为清,赵轶群。VPN隧道技术。计算机应用研究,2000,No.8:55-57
[37]戴宗坤唐三平《VPN与网络安全》,电子工业出版社2002,9
[38]郭军网络管理[M].北京邮电大学出版社,2001
[39]李建东,黄震海。WLAN的标准与技术发展[J].中兴通信技术,pp.1-4,2003
[40]杨家海,任宪坤,王沛瑜。网络管理原理与实现技术[M].清华大学出版社,2000
[41]李嵘,IP VPN技术及实施方案,技术广角,2004年第4期
[42]卢开澄,计算机密码学,第3版,1998年,清华大学出版社,p165-170
[43]张琳网络管理与应用[M].人民邮电出版社,2000
[44]戴英侠,连一峰,王航.系统安全与入侵检测.北京:清华大学出版社.2002,3
[45]王达,虚拟专用网(VPN)精解,第一版,2004年,清华大学出版社,P32-41
[46]入侵管理技术与应急响应体系.信息安全与通信保密.2003. 10
[47]蒋建春,黄著,卿斯汉黑客攻击机制与防范.计算机工程.2002. 7 [48」王晓明.黑客攻击网站的方式及应对措施.信息化建设.2003. 1
[49]方滨兴.建设网络应急体系—保障网络安全空间.通信学报,2002 [50」北京启明星晨信息技术有限公司.如何实现动态网络安全数据通信.2002. 2