本文選題：防火墻 + 測試��； 參考：《北京郵電大學(xué)》2017年碩士論文

【摘要】：隨著計算機和網(wǎng)絡(luò)技術(shù)的發(fā)展,存在于公共網(wǎng)絡(luò)中的安全風(fēng)險越來越多樣化,對信息安全造成了很大的威脅。如何在訪問外部網(wǎng)絡(luò)的同時保證內(nèi)部網(wǎng)絡(luò)資源的安全性是安全技術(shù)人員面臨的首要問題。因此,在眾多網(wǎng)絡(luò)安全產(chǎn)品之中,作為溝通內(nèi)部網(wǎng)絡(luò)和外部網(wǎng)絡(luò)的第一道關(guān)卡,防火墻成為了備受關(guān)注的產(chǎn)品之一。作為網(wǎng)絡(luò)安全防護手段之一,防火墻雖然可以有效保障內(nèi)部網(wǎng)絡(luò)的安全,但由于其自身在具體實現(xiàn)方式上存在著不同的安全脆弱點,對網(wǎng)絡(luò)安全的防護有著自身的局限性,不能成為絕對安全的防護手段。要想提高安全保障的級別,就需要對防火墻安全脆弱性進行分析,更加全面的了解防火墻的安全脆弱點。因此,為了保障網(wǎng)絡(luò)的安全性,有必要對防火墻設(shè)備進行脆弱性測試,并進行結(jié)果分析,從而對防火墻的脆弱性做出評估。本文首先對防火墻管理配置和過濾規(guī)則可能存在的脆弱性進行分析,并對防火墻測試國家標(biāo)準(zhǔn)、及傳統(tǒng)網(wǎng)絡(luò)測試技術(shù)進行研究,基于模糊測試技術(shù)方法,有針對性的構(gòu)造IP、ICMP、TCP、UDP等協(xié)議畸形數(shù)據(jù)包,包括標(biāo)志位置零、插入特殊字符、標(biāo)志位隨機、構(gòu)造大數(shù)據(jù)包等方式,完成對防火墻過濾規(guī)則脆弱性的測試。此外,考慮到目前硬件防火墻大多采用Web方式管理,在測試中加入對Web的測試,保證測試工作的完備性。本文重點研究防火墻脆弱性評估技術(shù),通過對傳統(tǒng)網(wǎng)絡(luò)評估技術(shù)的研究,結(jié)合防火墻測試國家標(biāo)準(zhǔn),提出了基于指標(biāo)體系的防火墻脆弱性評估模型。首先,在對防火墻脆弱性分析的基礎(chǔ)上,提出層次化的評估指標(biāo)體系,包括目標(biāo)層、屬性層和指標(biāo)層,并基于防火墻脆弱性測試結(jié)果對指標(biāo)進行量化;其次,通過專家系統(tǒng)和層次分析法,比較評估指標(biāo)的重要性并進行分析計算,從而完成對指標(biāo)的權(quán)重賦值;最后,通過灰色聚類方法,得到評估灰類和白化函數(shù),最終實現(xiàn)防火墻脆弱性定性評估。最后,本文設(shè)計并實現(xiàn)了防火墻脆弱性測試及評估系統(tǒng),闡述了該系統(tǒng)的基本組成架構(gòu),對其中的關(guān)鍵模塊的設(shè)計方案和實現(xiàn)過程進行了詳細(xì)的說明,包括控制模塊、測試模塊、評估模塊和數(shù)據(jù)庫模塊。并最終通過實驗結(jié)果分析驗證了指標(biāo)體系選取的合理性以及測試及評估系統(tǒng)的有效性。
[Abstract]:With the development of computer and network technology, the security risks in public networks are becoming more and more diversified, which pose a great threat to information security. How to access the external network while ensuring the security of internal network resources is the most important problem for security technicians. Therefore, among many network security products, firewall has become one of the most concerned products as the first level of communication between internal network and external network. As one of the means of network security protection, firewall can effectively protect the security of internal network, but it has its own limitations on the protection of network security because of its own different security vulnerabilities in the specific implementation mode. Can not be an absolute security means of protection. In order to improve the security level, it is necessary to analyze the vulnerability of firewall security, and to understand the security fragility of firewall more comprehensively. Therefore, in order to ensure the security of the network, it is necessary to test the vulnerability of firewall devices and analyze the results, so as to evaluate the vulnerability of firewalls. In this paper, the vulnerability of firewall management configuration and filtering rules is analyzed, and the national standards of firewall testing and traditional network testing techniques are studied. In order to test the vulnerability of firewall filtering rules, we construct protocol malformed data packets such as IP / ICMP / TCPU / UDP, including zero flag position, special character insertion, random flag bit, large packet construction and so on. In addition, considering that most of the hardware firewalls are managed by Web at present, the test of Web is added to the test to ensure the completeness of the test work. This paper focuses on firewall vulnerability assessment technology. Through the research of traditional network assessment technology, combined with firewall testing national standards, a firewall vulnerability assessment model based on index system is proposed. Firstly, based on the analysis of firewall vulnerability, a hierarchical evaluation index system is proposed, which includes target layer, attribute layer and index layer, and quantifies the index based on firewall vulnerability test results. Through expert system and Analytic hierarchy process (AHP), the importance of evaluation index is compared and calculated, so that the weight of the index is assigned. Finally, the grey clustering method is used to obtain the grey class and whitening function. Finally, the qualitative evaluation of firewall vulnerability is realized. Finally, this paper designs and implements the firewall vulnerability testing and evaluation system, describes the basic structure of the system, and describes the design scheme and implementation process of the key modules in detail, including the control module. Test module, evaluation module and database module. Finally, the rationality of the index system selection and the effectiveness of the test and evaluation system are verified by the analysis of the experimental results.
【學(xué)位授予單位】：北京郵電大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2017
【分類號】：TP393.08

【參考文獻】

相關(guān)期刊論文 前10條

1 劉健;趙剛;鄭運鵬;;基于AHP-貝葉斯網(wǎng)絡(luò)的信息安全風(fēng)險態(tài)勢分析模型[J];北京信息科技大學(xué)學(xué)報(自然科學(xué)版);2015年03期

2 王化中;強鳳嬌;祝福云;;重構(gòu)灰色聚類決策步驟及灰類調(diào)整系數(shù)[J];統(tǒng)計與決策;2014年14期

3 張亞威;徐其崗;;淺談防火墻技術(shù)[J];無線互聯(lián)科技;2014年07期

4 陳芳;趙海;黃鎮(zhèn);;基于信息資產(chǎn)的風(fēng)險評估方法的研究與實現(xiàn)[J];信息技術(shù)與標(biāo)準(zhǔn)化;2014年06期

5 呂康;;網(wǎng)絡(luò)安全評估技術(shù)的探討[J];河南科技;2014年09期

6 王歡;;軟件測試技術(shù)研究[J];電子技術(shù)與軟件工程;2013年24期

7 楊武俊;;多層次模糊綜合評判法在信息安全風(fēng)險評估中的應(yīng)用[J];網(wǎng)絡(luò)安全技術(shù)與應(yīng)用;2013年11期

8 洪健;;基于防火墻的網(wǎng)絡(luò)安全技術(shù)分析[J];網(wǎng)絡(luò)安全技術(shù)與應(yīng)用;2013年10期

9 武琳杰;;基于AHP-灰色聚類的大學(xué)生綜合素質(zhì)評估[J];價值工程;2013年08期

10 陳恢明;陳文;梁剛;;一種基于網(wǎng)絡(luò)安全風(fēng)險評估的入侵檢測方法[J];計算機安全;2012年10期

相關(guān)碩士學(xué)位論文 前1條

1 黃奕;基于模糊測試的軟件安全漏洞發(fā)掘技術(shù)研究[D];中國科學(xué)技術(shù)大學(xué);2010年

，

本文編號：1906116