保密内部网的网络与信息安全技术研究
摘要
网络的迅猛发展已经深刻的影响到国家的政治、经济、军事、文化等各个领域,与此同时网络酌开放性和安全漏洞所带来的安全风险也对网络的健康发展带来了不可忽视的影响,网络与信息安全防范技术已经在国家安全、国防、国计民生等方面发挥了重要作用。网络与信息安全问题不仅给相关单位及网民带来不便,而且已经威胁到国家的信息安全和经济发展。网络与信息安全从1995年开始成为中国信息化发展战略的重要组成部分,在十六届四中全会上通过的《关于加强党执政能力的决议》中,信息安全与政治、经济、文化安全并列为四大主题,将之提到了前所未有的高度。
本文首先阐述了国内外有关网络与信息安全技术体系和管理体系,特别是在国家信息安全方面进行了论述,包括有理论和技术应用,同时分析目前网络与信息安全技术的现状,以及国家信息安全的意义与作用,网络与信息安全需求及部分研究热点。然后结合建立保密内部网的实际工作的相关理论技术体系和管理体系,用较大篇幅分析论述了基于目前流行的防病毒技术,数据加密和密码算法,PKI/CA身份认证与SSL安全认证网关,防水墙系统,恶意代码防范,入侵检测系统,Windows2000操作系统安全配置等,经过理论分析和实际动手操作,确定并实施了建立本文涉及的保密内部网的网络拓扑结构,建立计算机病毒防范体系和PKI/CA身份认证与SSL安全认证网关认证系统,以及防水墙系统体系搭建和相关网络与信息安全体系的建设。
全文对实际工作的最大创新点在于经过本文的分析探讨,以及一系列的实际操作和建设过程,将本单位多年来建设保密内部网的难点、疑点加以解决,最终促成本文所涉及的保密内部网逐步建成。
The rapid development of the net has a profound impact on the country' s political, economic, military, cultural and other fields, At the same time the net's openness and vulnerability brought about by the security risk to the healthy development of the net has brought the impact can not be ignored, Network and information security technology in national security, national defense played an important role. Network and information security problems not only to the relevant units and cause inconvenience to users, and has been a threat to national information security and economic development. Network and Information Security from 1995 has become China' s information development strategy of an important part in the 16th through the Fourth Plenary "on strengthening the party' s ability to govern the resolution", information security and political, economic and cultural security Tied to the four major themes, to be referred to an unprecedented height.
This paper described the relevant domestic and international network and information security technology system and management system, Including the theory and application of technology, while analysis of the current network and information security technology of the status quo, and national security significance and role of network and information security needs and some research focus. And the establishment of confidential internal network with the actual work of the technical system theory and management system, with greater length on the analysis based on the popular anti-virus technology, data encryption and password algorithm, Waterproof walls, malicious code prevention, intrusion detection system, Windows2000 operating system security configuration, the theoretical analysis and practical hands-operation, identify and implement the establishment of this paper, the network of confidential internal network topology, the establishment of computer virus prevention system, System and the waterproof wall structures and related network and information security system building.
The full text of the actual work of the greatest innovation lies in the analysis of the paper, with the series of operational and construction process, the unit will be kept confidential within the network over the years building the difficult and doubtful to be addressed and ultimately contributed to this paper, the secrecy involved in the internal network Gradually built.
本文首先阐述了国内外有关网络与信息安全技术体系和管理体系,特别是在国家信息安全方面进行了论述,包括有理论和技术应用,同时分析目前网络与信息安全技术的现状,以及国家信息安全的意义与作用,网络与信息安全需求及部分研究热点。然后结合建立保密内部网的实际工作的相关理论技术体系和管理体系,用较大篇幅分析论述了基于目前流行的防病毒技术,数据加密和密码算法,PKI/CA身份认证与SSL安全认证网关,防水墙系统,恶意代码防范,入侵检测系统,Windows2000操作系统安全配置等,经过理论分析和实际动手操作,确定并实施了建立本文涉及的保密内部网的网络拓扑结构,建立计算机病毒防范体系和PKI/CA身份认证与SSL安全认证网关认证系统,以及防水墙系统体系搭建和相关网络与信息安全体系的建设。
全文对实际工作的最大创新点在于经过本文的分析探讨,以及一系列的实际操作和建设过程,将本单位多年来建设保密内部网的难点、疑点加以解决,最终促成本文所涉及的保密内部网逐步建成。
The rapid development of the net has a profound impact on the country' s political, economic, military, cultural and other fields, At the same time the net's openness and vulnerability brought about by the security risk to the healthy development of the net has brought the impact can not be ignored, Network and information security technology in national security, national defense played an important role. Network and information security problems not only to the relevant units and cause inconvenience to users, and has been a threat to national information security and economic development. Network and Information Security from 1995 has become China' s information development strategy of an important part in the 16th through the Fourth Plenary "on strengthening the party' s ability to govern the resolution", information security and political, economic and cultural security Tied to the four major themes, to be referred to an unprecedented height.
This paper described the relevant domestic and international network and information security technology system and management system, Including the theory and application of technology, while analysis of the current network and information security technology of the status quo, and national security significance and role of network and information security needs and some research focus. And the establishment of confidential internal network with the actual work of the technical system theory and management system, with greater length on the analysis based on the popular anti-virus technology, data encryption and password algorithm, Waterproof walls, malicious code prevention, intrusion detection system, Windows2000 operating system security configuration, the theoretical analysis and practical hands-operation, identify and implement the establishment of this paper, the network of confidential internal network topology, the establishment of computer virus prevention system, System and the waterproof wall structures and related network and information security system building.
The full text of the actual work of the greatest innovation lies in the analysis of the paper, with the series of operational and construction process, the unit will be kept confidential within the network over the years building the difficult and doubtful to be addressed and ultimately contributed to this paper, the secrecy involved in the internal network Gradually built.
引文
[1]http://news,xinhuanet,com/it/2005-O4/O6/content_2794433,htm.
[2]周学广,刘艺.信息安全学.机械工业出版社,2006:219
[3]胡铮.网络与信息安全.清华大学出版社,2006:149
[4]朱建军,熊兵.网络安全防范手册.人民邮电出版社,2007.
[5]李昂等译.Web安全测试/网络与信息安全技术丛书.机械工业出版社,2005.
[6]卢开澄.计算机密码学.清华大学出版社,1999.
[7]雷震甲.网络工程师教程.清华大学出版社,2004.
[8]佚名.Windows Security.Venus Information Tech Inc,2002.
[9]张宝剑.计算机安全与防护技术.机械工业出版社,2003.
[10]宋乃平,文桦.Internet网络安全管理.中天学刊,2002(2).
[11]George Danezis.Privacy enhancing technologies.天津大学业出版社,2006.
[12]刘江等译.黑客大曝光.清华大学出版社,2003.
[13]John Hawke.黑客任务实战服务器攻防篇.北京希望电子出版社,2003.
[14]John Hawke.黑客任务实战Windows全攻略.北京希望电子出版社,2003.
[15]华师傅资讯.网络安全实用宝典.中国铁道出版社,2007.
[16]凌捷.信息安全概论.华南理工出版社,2005.
[17]张钰,唐宁九.互联网时代的信息安全.计算机应用研究,1999.
[18]Microsoft.Windows Server Update Services Product Overview.Http://www.Microsoft.com/windowssertversystem/updateservices/evalution/overview,mspx,2007.
[19]吴应良,韦岗.网络入侵及其安全防范对策研究.计算机应用研究,2000.
[20]陈卓.网络安全技术.机械工业出版社,2004.
[21]孙兆林.软件加密与计算机安全技术.中国水利出版社,2001.
[22]Carlo Blundo.Security in Communication Networks.Springer,2005.
[23]Jianying Zhou.Information Security:8th International Conference.Springer,2005.
[24]李海泉,李健.计算机系统安全技术.人民邮电出版社,2001.
[25]佚名.入侵检测技术培训教材.启明星辰信息技术有限公司,2005.
[26]祁明.网络安全与保密.高等教育出版社,2001.
[27]Tomas Sander.Security and privacy in digital rights management.天津大学业出版社,2002.
[28]Colin Boyd,Juan M.Information security and privacy.北京燕山出版社,2005.
[29]佚名.加密解密方法与实例.北京滕图电子出版社,2005.
[30]赵战生,谢宗晓.信息安全风险评估.中国标准出版社,2007.
[31]Eugene Asarin,Dieter Gollmann,Jan Meier.Computer security-ESORICS 2006.天津大学业出版社,2006.
[32]骆耀祖,刘永初.计算机网络技术及应用.北方交大出版社,2003.
[33]Peng Ning.Information and communications security.天津大学业出版社,2006.
[34]Ed Dawson,Serge Vaudenay.Progress in Cryptology Mycrypt 2005.Springer,2005.
[35]曹天杰.计算机系统安全.高等教育出版社,2003.
[36]劳帼龄.网络安全与管理.高等教育出版社,2003.
[37]Hannes Federrath.Designing privacy enhancing technologies.天津大学业出版社,2001.
[38]蒋建春,杨凡,文伟平,郑生琳.计算机网络信息安全理论与实践教程.西安电子科技大学出版社,2005.
[39]Wenbo Mao.现代密码学理论与实践:英文版.电子工业出版社,2004.
[40]Hiroshi Yoshiura,Kouichi Sakurai.Advances in information and computer security.天津大学业出版社,2006.
[41]佚名.网络信息安全体系培训教材.启明星辰信息技术有限公司,2005.
[42]Helger Lipmaa.Information security and cryptology.天津大学业出版社.2006
[43]Subhamoy Maitra.Progress in Cryptology:INDOCRYPT 2005.Springer,2006.
[44]张玉清等译.公钥基础设施(PKI):实现和管理电子安全.清华大学出版 社,2002.
[45]罗守山主编.入(?)检测.北京邮电大学出版社,2004.
[46]袁蒲佳.计算机应用基础.上海财经大学出版社,2006.
[47]凌捷.计算机数据安全技术.科学出版社,2004.
[48]陈圣琳等译.数字证据与计算机犯罪(第二版).电子工业出版社,2004.
[49]王立斌等译.计算机安全学-安全的艺术与科学.电子工业出版社,2005.
[2]周学广,刘艺.信息安全学.机械工业出版社,2006:219
[3]胡铮.网络与信息安全.清华大学出版社,2006:149
[4]朱建军,熊兵.网络安全防范手册.人民邮电出版社,2007.
[5]李昂等译.Web安全测试/网络与信息安全技术丛书.机械工业出版社,2005.
[6]卢开澄.计算机密码学.清华大学出版社,1999.
[7]雷震甲.网络工程师教程.清华大学出版社,2004.
[8]佚名.Windows Security.Venus Information Tech Inc,2002.
[9]张宝剑.计算机安全与防护技术.机械工业出版社,2003.
[10]宋乃平,文桦.Internet网络安全管理.中天学刊,2002(2).
[11]George Danezis.Privacy enhancing technologies.天津大学业出版社,2006.
[12]刘江等译.黑客大曝光.清华大学出版社,2003.
[13]John Hawke.黑客任务实战服务器攻防篇.北京希望电子出版社,2003.
[14]John Hawke.黑客任务实战Windows全攻略.北京希望电子出版社,2003.
[15]华师傅资讯.网络安全实用宝典.中国铁道出版社,2007.
[16]凌捷.信息安全概论.华南理工出版社,2005.
[17]张钰,唐宁九.互联网时代的信息安全.计算机应用研究,1999.
[18]Microsoft.Windows Server Update Services Product Overview.Http://www.Microsoft.com/windowssertversystem/updateservices/evalution/overview,mspx,2007.
[19]吴应良,韦岗.网络入侵及其安全防范对策研究.计算机应用研究,2000.
[20]陈卓.网络安全技术.机械工业出版社,2004.
[21]孙兆林.软件加密与计算机安全技术.中国水利出版社,2001.
[22]Carlo Blundo.Security in Communication Networks.Springer,2005.
[23]Jianying Zhou.Information Security:8th International Conference.Springer,2005.
[24]李海泉,李健.计算机系统安全技术.人民邮电出版社,2001.
[25]佚名.入侵检测技术培训教材.启明星辰信息技术有限公司,2005.
[26]祁明.网络安全与保密.高等教育出版社,2001.
[27]Tomas Sander.Security and privacy in digital rights management.天津大学业出版社,2002.
[28]Colin Boyd,Juan M.Information security and privacy.北京燕山出版社,2005.
[29]佚名.加密解密方法与实例.北京滕图电子出版社,2005.
[30]赵战生,谢宗晓.信息安全风险评估.中国标准出版社,2007.
[31]Eugene Asarin,Dieter Gollmann,Jan Meier.Computer security-ESORICS 2006.天津大学业出版社,2006.
[32]骆耀祖,刘永初.计算机网络技术及应用.北方交大出版社,2003.
[33]Peng Ning.Information and communications security.天津大学业出版社,2006.
[34]Ed Dawson,Serge Vaudenay.Progress in Cryptology Mycrypt 2005.Springer,2005.
[35]曹天杰.计算机系统安全.高等教育出版社,2003.
[36]劳帼龄.网络安全与管理.高等教育出版社,2003.
[37]Hannes Federrath.Designing privacy enhancing technologies.天津大学业出版社,2001.
[38]蒋建春,杨凡,文伟平,郑生琳.计算机网络信息安全理论与实践教程.西安电子科技大学出版社,2005.
[39]Wenbo Mao.现代密码学理论与实践:英文版.电子工业出版社,2004.
[40]Hiroshi Yoshiura,Kouichi Sakurai.Advances in information and computer security.天津大学业出版社,2006.
[41]佚名.网络信息安全体系培训教材.启明星辰信息技术有限公司,2005.
[42]Helger Lipmaa.Information security and cryptology.天津大学业出版社.2006
[43]Subhamoy Maitra.Progress in Cryptology:INDOCRYPT 2005.Springer,2006.
[44]张玉清等译.公钥基础设施(PKI):实现和管理电子安全.清华大学出版 社,2002.
[45]罗守山主编.入(?)检测.北京邮电大学出版社,2004.
[46]袁蒲佳.计算机应用基础.上海财经大学出版社,2006.
[47]凌捷.计算机数据安全技术.科学出版社,2004.
[48]陈圣琳等译.数字证据与计算机犯罪(第二版).电子工业出版社,2004.
[49]王立斌等译.计算机安全学-安全的艺术与科学.电子工业出版社,2005.