【摘要】：隨著信息通信技術(shù)的快速發(fā)展,通信網(wǎng)絡數(shù)據(jù)化、終端的智能化以及業(yè)務的多媒體化都給網(wǎng)絡安全運營帶來新的挑戰(zhàn)。電信運營商作為國家基礎網(wǎng)絡運營企業(yè),在網(wǎng)絡安全方面承擔著重要的職責和責任。特別是在2008年三大運營商相繼開通3G、4G移動寬帶業(yè)務之后,互聯(lián)網(wǎng)業(yè)務發(fā)展進入快車道。運營商為滿足用戶不斷增長的業(yè)務需求,對各類信息服務系統(tǒng)加班加點進行建設,但由此所引入的網(wǎng)絡信息安全問題也隨之增長。為應對互聯(lián)網(wǎng)安全挑戰(zhàn),企業(yè)也部署相應網(wǎng)絡安全產(chǎn)品。這些安全產(chǎn)品可以從一定程度或某一個單獨的網(wǎng)絡安全方向滿足企業(yè)的安全需求,但無法滿足管理員對于網(wǎng)絡系統(tǒng)整體安全狀況的掌握需求。一方面是由安全產(chǎn)品相互獨立,缺乏集中統(tǒng)一管理;另一方面,由于現(xiàn)有資產(chǎn)脆弱性發(fā)現(xiàn)能力完全依賴于安全掃描產(chǎn)品特征庫更新及時性和主動性,如果漏洞在互聯(lián)網(wǎng)公布和安全產(chǎn)品更新的窗口期內(nèi)不能及時發(fā)現(xiàn)并通知安全管理員,管理員也無法做到及時防護,這將給企業(yè)帶來極大網(wǎng)絡安全隱患;更重要的是,網(wǎng)絡安全漏洞管理工作應具有全生命周期管控的特點,確保企業(yè)每發(fā)現(xiàn)一個安全漏洞都應該是閉環(huán)管理。但目前此項工作缺少自動化管理的手段和方法,這就造成在管理工作中很容易遺漏或出錯。加強網(wǎng)絡安全漏洞管理是電信網(wǎng)絡安全工作中極為重要的環(huán)節(jié)之一,也是主動防御網(wǎng)絡安全事件威脅,降低網(wǎng)絡安全事件帶來的影響和損失的重要手段。本論文目的在于設計一套安全漏洞管理系統(tǒng)模塊來解決上述問題。系統(tǒng)從寧夏電信的實際安全管理需求出發(fā),設計并實現(xiàn)了基于通用的SSM框架的漏洞管理模塊,該系統(tǒng)具有基礎信息管理、漏洞采集與錄入、漏洞管理、日志管理、系統(tǒng)管理等功能。漏洞管理模塊通過實時采集互聯(lián)網(wǎng)預警漏洞信息、電信內(nèi)網(wǎng)的主機漏洞掃描結(jié)果、應用軟件漏洞掃描結(jié)果、應用滲透測試結(jié)果等漏洞信息,與系統(tǒng)所提供安全服務的對象,即電信資產(chǎn)的漏洞信息進行統(tǒng)一關(guān)聯(lián)、展現(xiàn)使得管理人員可以及時、準確掌握全網(wǎng)的安全健康狀況。系統(tǒng)基于Eclipse可視化Java集成開發(fā)環(huán)境。使用SSM集成框架,實現(xiàn)系統(tǒng)的控制層代碼邏輯,后臺數(shù)據(jù)庫采用PostgreSQL數(shù)據(jù)庫管理系統(tǒng),WEB應用使用了Apache Tomcat平臺來部署。最后對實現(xiàn)的系統(tǒng)進行全面的功能測試和性能測試,保證所實現(xiàn)的漏洞管理模塊能夠滿足寧夏電信當前安全管理工作需要。
[Abstract]:With the rapid development of information and communication technology, communication network data, terminal intelligence and multimedia service bring new challenges to network security operation. Telecom operators, as national basic network operators, assume important responsibilities and responsibilities in network security. Especially after the three major operators launched 3G 4G mobile broadband service in 2008, the Internet service developed into the fast lane. In order to meet the increasing business demand of users, operators build various information service systems overtime, but the problem of network information security is also increasing. In order to deal with Internet security challenges, enterprises also deploy the corresponding network security products. These security products can meet the security requirements of enterprises to a certain extent or a single network security direction, but can not meet the needs of administrators for the overall security of the network system. On the one hand, security products are independent of each other and lack of centralized and unified management; on the other hand, because the existing asset vulnerability detection capability is completely dependent on the timeliness and initiative of updating the security scanning product signature database, If the vulnerability can not be detected and notified to the security administrator in time when the Internet is published and the security product is updated, the administrator will not be able to protect it in a timely manner, which will bring a great potential network security hazard to the enterprise; more importantly, The management of network security vulnerabilities should have the characteristics of life-cycle management and ensure that every security vulnerability found by an enterprise should be closed loop management. But at present, this work lacks the means and methods of automatic management, which makes it easy to omit or make mistakes in the management work. To strengthen the management of network security vulnerabilities is one of the most important links in the work of telecommunication network security. It is also an important means to actively defend against the threat of network security events and reduce the impact and loss of network security incidents. The purpose of this paper is to design a set of security vulnerability management system module to solve the above problems. Based on the actual security management requirements of Ningxia Telecom, the system designs and implements a vulnerability management module based on the general SSM framework. The system has basic information management, vulnerability collection and input, vulnerability management, log management. System management and other functions. The vulnerability management module collects the Internet alarm vulnerability information in real time, the host computer vulnerability scan result of the telecommunication intranet, the application software vulnerability scan result, the application penetration test result and so on vulnerability information, and the object of the security service provided by the system. That is to say, the vulnerability information of telecom assets is associated with each other so that managers can grasp the safety and health status of the whole network in time and accurately. The system is based on Eclipse visual Java integrated development environment. The SSM integrated framework is used to realize the control layer code logic of the system, and the background database is deployed using the Apache Tomcat platform in the PostgreSQL database management system. Finally, the function and performance of the implemented system are tested to ensure that the implemented vulnerability management module can meet the current security management needs of Ningxia Telecom.
【學位授予單位】：電子科技大學
【學位級別】：碩士
【學位授予年份】：2017
【分類號】：TP393.08

【參考文獻】

相關(guān)期刊論文 前10條

1 肖祥林;;基于SSM的畢業(yè)設計管理系統(tǒng)設計與實現(xiàn)[J];電子科技;2016年10期

2 白嘎力;;安全應急響應中心(SRC)是如何運作的?[J];中國信息安全;2016年07期

3 榮艷冬;;關(guān)于Mybatis持久層框架的應用研究[J];信息安全與技術(shù);2015年12期

4 徐剛;楊林海;;企業(yè)網(wǎng)絡安全控制技術(shù)分析與應用[J];信息與電腦(理論版);2015年04期

5 董紀英;燕志偉;梁正玉;;SQLite、MySQL、PostgreSQL關(guān)系型數(shù)據(jù)庫管理系統(tǒng)比較[J];電腦編程技巧與維護;2014年14期

6 李燕;曹寶香;馬兆豐;楊義先;鈕心忻;;關(guān)聯(lián)分析算法在安全管理平臺中的研究與應用[J];計算機技術(shù)與發(fā)展;2013年10期

7 羅麗娟;陳永政;;淺談MVC框架模式[J];科學咨詢(科技·管理);2013年02期

8 鄒祖軍;周偉;;信息系統(tǒng)安全審計機制的實現(xiàn)[J];信息技術(shù);2012年11期

9 徐雯;高建華;;基于Spring MVC及MyBatis的Web應用框架研究[J];微型電腦應用;2012年07期

10 徐錫霆;;以信息系統(tǒng)平臺的安全為視角淺析“漏洞”的危害及防范[J];信息與電腦(理論版);2012年01期

相關(guān)碩士學位論文 前3條

1 曠慶圓;安全信息與事件管理關(guān)鍵技術(shù)研究[D];北京郵電大學;2015年

2 郭俸明;漏洞掃描工具原理與實現(xiàn)[D];中國地質(zhì)大學（北京）;2008年

3 金鏡;面向方面的軟件進化研究[D];天津大學;2006年

，

本文編號：2212035