本文選題：信息安全 + 計(jì)算機(jī)網(wǎng)絡(luò)　； 參考：《西安電子科技大學(xué)》2014年碩士論文

【摘要】：隨著社會(huì)的發(fā)展,計(jì)算機(jī)和網(wǎng)絡(luò)逐漸成為人們?nèi)粘９ぷ骱蜕钪凶畛Ｒ?jiàn)的事物,每天都有無(wú)數(shù)的人,通過(guò)計(jì)算機(jī)和網(wǎng)絡(luò)進(jìn)行工作和休閑。每天,大量的數(shù)據(jù)在網(wǎng)絡(luò)中交流傳輸,并最終存儲(chǔ)到各種計(jì)算機(jī)中,這給人們的日常工作和生活帶來(lái)極大的便利。但是,在這種便利的同時(shí)也存在著一個(gè)日益嚴(yán)重的問(wèn)題,就是信息安全問(wèn)題,在如今這個(gè)信息化的社會(huì),信息已經(jīng)成為一種重要的戰(zhàn)略資源,一些關(guān)鍵的信息能夠決定一個(gè)企業(yè)的興亡,更嚴(yán)重的甚至關(guān)系到國(guó)家安全。信息安全已經(jīng)成為所有人關(guān)注的焦點(diǎn)。為了做到信息安全,大多數(shù)人都會(huì)想到在計(jì)算機(jī)上安裝一系列防御軟件,例如殺毒軟件、防火墻、防間諜軟件等。確實(shí),安裝這些軟件能夠有效的防御網(wǎng)絡(luò)上常見(jiàn)的威脅,但是,在現(xiàn)今網(wǎng)絡(luò)上,多種多樣的網(wǎng)絡(luò)威脅使得大多數(shù)計(jì)算機(jī)的使用者不了解自己使用的計(jì)算機(jī)是否具有防御的能力。因?yàn)槿狈I(yè)知識(shí),所以在現(xiàn)今,絕大多數(shù)的企事業(yè)單位將網(wǎng)絡(luò)防御的工作交給專業(yè)團(tuán)隊(duì)負(fù)責(zé),由他們?yōu)槠髽I(yè)網(wǎng)絡(luò)搭建一個(gè)完整的安全環(huán)境,稱之為“網(wǎng)絡(luò)安全解決方案”。一個(gè)完整的網(wǎng)絡(luò)安全解決方案是由多個(gè)不同的系統(tǒng)組合而成的,每個(gè)系統(tǒng)負(fù)責(zé)不同功能,相互配合完成安全任務(wù)。設(shè)備接入安全檢查系統(tǒng)是解決方案中的一個(gè)模塊系統(tǒng),也可以稱為設(shè)備接入安全檢查模塊。本文介紹了一個(gè)完整的設(shè)備接入安全檢查系統(tǒng)的設(shè)計(jì)開(kāi)發(fā)過(guò)程,包括需求分析、概要設(shè)計(jì)、詳細(xì)設(shè)計(jì)、系統(tǒng)實(shí)現(xiàn)以及最終測(cè)試。該系統(tǒng)的主要作用在于幫助用戶檢查計(jì)算機(jī)的安全狀態(tài),判斷該計(jì)算機(jī)是否能夠有效防御常見(jiàn)威脅,該系統(tǒng)本身并不具備防御能力。系統(tǒng)分為三個(gè)模塊,分別是配置臺(tái)模塊、服務(wù)器模塊、數(shù)據(jù)庫(kù)模塊。系統(tǒng)在使用時(shí),首先在配置臺(tái)上配置安全策略以及用戶信息,安全策略包含多個(gè)具體子策略,包括防病毒軟件策略、防間諜軟件策略、windows補(bǔ)丁等,并將這些配置好的數(shù)據(jù)存儲(chǔ)到數(shù)據(jù)庫(kù)中。然后,服務(wù)器在接收到客戶端的安全檢查請(qǐng)求后,根據(jù)客戶端賬號(hào)從數(shù)據(jù)庫(kù)中獲取相應(yīng)的安全策略進(jìn)行安全檢查,并給出最終處理結(jié)果。通過(guò)上述的檢查過(guò)程,可以判斷計(jì)算機(jī)是否處于安全狀態(tài),如果處于安全狀態(tài),則允許其接入網(wǎng)絡(luò),否則要求計(jì)算機(jī)按照要求進(jìn)行修改并重新進(jìn)行檢查。最終保證計(jì)算機(jī)在接入網(wǎng)絡(luò)時(shí)是處于安全狀態(tài)。
[Abstract]:With the development of society, computers and networks have gradually become the most common things in people's daily work and life, every day there are countless people, through computers and networks to work and leisure. Every day, a large amount of data is transmitted through the network and stored in various computers, which brings great convenience to people's daily work and life. However, at the same time, there is an increasingly serious problem of information security. In today's information-based society, information has become an important strategic resource. Some key information can determine the rise and fall of an enterprise, more serious and even related to national security. Information security has become the focus of attention. In order to achieve information security, most people would like to install a series of defense software on the computer, such as antivirus software, firewall, anti-spyware and so on. It is true that the installation of these software can effectively protect against common threats on the network, but in today's networks, a wide variety of network threats make most computer users do not know whether the computer they use is defensible or not. Because of the lack of professional knowledge, the vast majority of enterprises and institutions give the network defense work to the professional team, who build a complete security environment for the enterprise network, which is called "network security solution". A complete network security solution is composed of several different systems, each system is responsible for different functions, cooperate with each other to complete security tasks. The device access security inspection system is a module system in the solution, which can also be called the equipment access security inspection module. This paper introduces the design and development process of a complete equipment access security inspection system, including requirement analysis, outline design, detailed design, system implementation and final test. The main function of the system is to help users check the security status of the computer and determine whether the computer can effectively defend against common threats. The system itself is not capable of defense. The system is divided into three modules, which are configuration platform module, server module and database module. When the system is in use, it first configures the security policy and user information on the configuration platform. The security policy includes several specific sub-policies, including anti-virus software policy, anti-spyware policy and windows patch, etc. These configured data are stored in the database. Then, after receiving the security check request of the client, the server acquires the corresponding security policy from the database according to the client account, and gives the final processing result. Through the above checking process, it can be judged whether the computer is in a safe state, if it is in a secure state, it is allowed to access the network, otherwise, the computer is required to modify and re-check according to the requirements. Finally, the computer is guaranteed to be in a secure state when it is connected to the network.
【學(xué)位授予單位】：西安電子科技大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類號(hào)】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前1條

1 ;索尼公司遭黑客入侵[J];保密工作;2011年05期

，

本文編號(hào)：2048033