公司防火墻管理軟件的設(shè)計(jì)與實(shí)現(xiàn)
發(fā)布時(shí)間:2018-09-08 08:44
【摘要】:互聯(lián)網(wǎng)的迅速發(fā)展,大大的加快了經(jīng)濟(jì)社會(huì)發(fā)展,在方便人們生活的同時(shí),帶來(lái)了信息網(wǎng)絡(luò)安全的問(wèn)題,因此,它為企業(yè)的發(fā)展、生存帶來(lái)了新的問(wèn)題和挑戰(zhàn)。網(wǎng)絡(luò)信息安全問(wèn)題出于信息技術(shù)的迅猛發(fā)展,它不僅表現(xiàn)為對(duì)網(wǎng)絡(luò)信息技術(shù)的強(qiáng)烈依賴,而且從網(wǎng)絡(luò)信息安全概念產(chǎn)生起,就表現(xiàn)為對(duì)機(jī)房物理環(huán)境、人的行為的強(qiáng)烈依賴。而當(dāng)今企業(yè)為確保自身信息安全問(wèn)題不被泄密,在現(xiàn)實(shí)網(wǎng)絡(luò)應(yīng)用環(huán)境中通常會(huì)在網(wǎng)絡(luò)出口、服務(wù)器區(qū)、辦公網(wǎng)區(qū)部署防火墻設(shè)備,通過(guò)防火墻設(shè)備設(shè)置對(duì)應(yīng)訪問(wèn)規(guī)則,保護(hù)企業(yè)內(nèi)網(wǎng)數(shù)據(jù)信息部受攻擊、侵害。近幾年我公司內(nèi)部網(wǎng)絡(luò)規(guī)模隨著業(yè)務(wù)的發(fā)展不斷的在進(jìn)行變更擴(kuò)大,在每次調(diào)整網(wǎng)絡(luò)架構(gòu)時(shí)隨時(shí)會(huì)面臨業(yè)務(wù)被受影響的情況,特別是公司防火墻的改造、升級(jí),因沒(méi)有一個(gè)集中的管理機(jī)制隨時(shí)會(huì)將業(yè)務(wù)進(jìn)行阻斷,甚至當(dāng)防火墻受損時(shí)無(wú)法第一時(shí)間迅速恢復(fù)。我公司目前內(nèi)部網(wǎng)絡(luò)架構(gòu)主要分為核心網(wǎng)、業(yè)務(wù)網(wǎng)、安全管理網(wǎng)、互聯(lián)網(wǎng)接入?yún)^(qū)、專網(wǎng)接入?yún)^(qū)等五大區(qū)域,其中在核心網(wǎng)絡(luò)層部署了兩臺(tái)防火墻,業(yè)務(wù)網(wǎng)部署了四臺(tái)防火墻,安全管理網(wǎng)部署了兩臺(tái)防火墻,互聯(lián)網(wǎng)接入?yún)^(qū)域出口部署了兩臺(tái)防火墻,專網(wǎng)接入?yún)^(qū)部署了兩臺(tái)防火墻,這些防火墻的公司的網(wǎng)絡(luò)保護(hù)起到了關(guān)鍵性的作用,但是一旦防火墻出現(xiàn)故障或管理人員在配置時(shí)出現(xiàn)錯(cuò)誤將影響公司內(nèi)部網(wǎng)絡(luò)業(yè)務(wù)。因此目前我公司需要一個(gè)能集中管理這些防火墻的有效機(jī)制,主要從防火墻配置、基礎(chǔ)信息、系統(tǒng)日志、備份恢復(fù)等幾方面去管理,本論文研究的目的就是研發(fā)出一套防火墻管理軟件來(lái)對(duì)公司的所有的硬件防火墻進(jìn)行集中性的管理。從經(jīng)濟(jì)實(shí)用性來(lái)說(shuō),該設(shè)計(jì)將在很大程度上節(jié)約公司開銷,這種軟防火墻在辦公網(wǎng)中的應(yīng)用將比各商業(yè)防火墻更易于管理和操作,在功能方面看來(lái),混合型網(wǎng)絡(luò)防火墻除了根據(jù)內(nèi)部網(wǎng)絡(luò)規(guī)劃制定相應(yīng)的用戶策略的功能外還支持賬號(hào)管理,靈活的將不同辦公角色和職能部門劃分,對(duì)信息安全要求級(jí)別高的辦公終端實(shí)施高安全性的策略,能有效杜絕局域網(wǎng)和外網(wǎng)攻擊。本文在對(duì)防火墻技術(shù)及原理進(jìn)行了簡(jiǎn)潔的基礎(chǔ)上,以防火墻技術(shù)在企業(yè)信息安全的應(yīng)用為研究目的,針對(duì)防火墻目前存在的如下缺陷:不能防止策略配置不當(dāng)或錯(cuò)誤配置引起的安全威脅、因硬件問(wèn)題的損壞導(dǎo)致配置和策略的丟失、不能防止可接觸的人為或自然的破壞以及防火墻設(shè)備中產(chǎn)生的日志會(huì)消耗自身存儲(chǔ)空間等問(wèn)題,設(shè)計(jì)了一套防火墻管理軟件并進(jìn)行了軟件測(cè)試,獲得了良好結(jié)果。
[Abstract]:The rapid development of the Internet greatly speeds up the economic and social development, which brings about the problem of information network security while facilitating people's life. Therefore, it brings new problems and challenges to the development and survival of enterprises. The problem of network information security is due to the rapid development of information technology. It is not only a strong dependence on network information technology, but also a strong dependence on the physical environment and human behavior from the concept of network information security. In order to ensure that their own information security problems are not leaked, enterprises usually deploy firewall devices in the network exit, server area and office network area in the real network application environment, and set the corresponding access rules through the firewall device. To protect the data and information department of the internal network of enterprises is attacked and infringed upon. In recent years, with the development of business, the scale of internal network of our company is constantly changing and expanding, and every time we adjust the network structure, we will be faced with the situation of business being affected at any time, especially the transformation and upgrading of the company's firewall. Without a centralized management mechanism, the business will be blocked at any time, even when the firewall is damaged, it can not recover quickly. At present, the internal network architecture of our company is mainly divided into five major areas: core network, business network, security management network, Internet access area and private network access area, among which two firewalls are deployed in the core network layer and four firewalls are deployed in the business network. Two firewalls have been deployed in the security management network, two firewalls have been deployed at the exit of the Internet access area, and two firewalls have been deployed in the private network access area. The network protection of these firewall companies has played a key role. However, once firewall failure or manager configuration errors will affect the company's internal network business. Therefore, at present our company needs an effective mechanism to centralize the management of these firewalls, mainly from the firewall configuration, basic information, system log, backup and recovery, and so on. The purpose of this thesis is to develop a set of firewall management software to manage all hardware firewalls. In terms of economic practicability, the design will greatly reduce the cost of the company, this soft firewall in office network applications will be easier to manage and operate than commercial firewalls, from a functional point of view, In addition to the function of formulating corresponding user policies according to the internal network planning, the hybrid network firewall also supports account management and flexibly divides different office roles and functional departments. The implementation of high security strategy for office terminals with high information security requirements can effectively prevent attacks on local area networks and external networks. On the basis of simple firewall technology and principle, the purpose of this paper is to study the application of firewall technology in enterprise information security. The firewall has the following defects: it can't prevent the security threat caused by the improper configuration or misconfiguration of the policy, and the configuration and the loss of the policy can be caused by the damage of the hardware problem. A set of firewall management software is designed and tested, and good results are obtained.
【學(xué)位授予單位】:電子科技大學(xué)
【學(xué)位級(jí)別】:碩士
【學(xué)位授予年份】:2014
【分類號(hào)】:TP393.08
,
本文編號(hào):2230021
[Abstract]:The rapid development of the Internet greatly speeds up the economic and social development, which brings about the problem of information network security while facilitating people's life. Therefore, it brings new problems and challenges to the development and survival of enterprises. The problem of network information security is due to the rapid development of information technology. It is not only a strong dependence on network information technology, but also a strong dependence on the physical environment and human behavior from the concept of network information security. In order to ensure that their own information security problems are not leaked, enterprises usually deploy firewall devices in the network exit, server area and office network area in the real network application environment, and set the corresponding access rules through the firewall device. To protect the data and information department of the internal network of enterprises is attacked and infringed upon. In recent years, with the development of business, the scale of internal network of our company is constantly changing and expanding, and every time we adjust the network structure, we will be faced with the situation of business being affected at any time, especially the transformation and upgrading of the company's firewall. Without a centralized management mechanism, the business will be blocked at any time, even when the firewall is damaged, it can not recover quickly. At present, the internal network architecture of our company is mainly divided into five major areas: core network, business network, security management network, Internet access area and private network access area, among which two firewalls are deployed in the core network layer and four firewalls are deployed in the business network. Two firewalls have been deployed in the security management network, two firewalls have been deployed at the exit of the Internet access area, and two firewalls have been deployed in the private network access area. The network protection of these firewall companies has played a key role. However, once firewall failure or manager configuration errors will affect the company's internal network business. Therefore, at present our company needs an effective mechanism to centralize the management of these firewalls, mainly from the firewall configuration, basic information, system log, backup and recovery, and so on. The purpose of this thesis is to develop a set of firewall management software to manage all hardware firewalls. In terms of economic practicability, the design will greatly reduce the cost of the company, this soft firewall in office network applications will be easier to manage and operate than commercial firewalls, from a functional point of view, In addition to the function of formulating corresponding user policies according to the internal network planning, the hybrid network firewall also supports account management and flexibly divides different office roles and functional departments. The implementation of high security strategy for office terminals with high information security requirements can effectively prevent attacks on local area networks and external networks. On the basis of simple firewall technology and principle, the purpose of this paper is to study the application of firewall technology in enterprise information security. The firewall has the following defects: it can't prevent the security threat caused by the improper configuration or misconfiguration of the policy, and the configuration and the loss of the policy can be caused by the damage of the hardware problem. A set of firewall management software is designed and tested, and good results are obtained.
【學(xué)位授予單位】:電子科技大學(xué)
【學(xué)位級(jí)別】:碩士
【學(xué)位授予年份】:2014
【分類號(hào)】:TP393.08
,
本文編號(hào):2230021
本文鏈接:http://sikaile.net/guanlilunwen/ydhl/2230021.html
最近更新
教材專著
