【摘要】：政務(wù)網(wǎng)絡(luò)的安全關(guān)系著政府部門的公共服務(wù)水平和公眾服務(wù)形象。然而,當(dāng)今電子政務(wù)網(wǎng)缺乏集中統(tǒng)一規(guī)范的安全管理體系是普遍現(xiàn)象,尤其是遠(yuǎn)程政務(wù)用戶對(duì)WEB訪問(wèn)、客戶機(jī)系統(tǒng)操作和數(shù)據(jù)存取的眾多隨意性是引起政務(wù)網(wǎng)絡(luò)安全隱患的一大重要因素。如何提供一個(gè)規(guī)范的網(wǎng)絡(luò)環(huán)境來(lái)約束遠(yuǎn)程用戶的WEB訪問(wèn)行為、規(guī)范遠(yuǎn)程用戶對(duì)遠(yuǎn)程政務(wù)客戶機(jī)系統(tǒng)的操作行為、改變遠(yuǎn)程用戶對(duì)政務(wù)數(shù)據(jù)的存取習(xí)慣是確保政務(wù)網(wǎng)絡(luò)安全穩(wěn)定、健康發(fā)展的關(guān)鍵。論文通過(guò)在windows域環(huán)境的基礎(chǔ)上對(duì)政務(wù)遠(yuǎn)程客戶端構(gòu)建了遠(yuǎn)程接入層、健康檢測(cè)層和操作規(guī)范層的三層安全管理體系。遠(yuǎn)程接入層通過(guò)采用基于雙向證書(shū)的可擴(kuò)展身份認(rèn)證協(xié)議(PEAP-EAP-TLS)的虛擬專用網(wǎng)絡(luò)(VPN)方式讓政務(wù)遠(yuǎn)程客戶端安全地接入到政務(wù)網(wǎng)絡(luò)中,使其具備了接受政務(wù)網(wǎng)絡(luò)集中統(tǒng)一管理的先決條件。健康檢測(cè)層通過(guò)網(wǎng)絡(luò)訪問(wèn)保護(hù)(NAP)方式讓政務(wù)遠(yuǎn)程客戶端獲得政務(wù)網(wǎng)絡(luò)資源完全訪問(wèn)權(quán)限前進(jìn)行健康檢測(cè),避免個(gè)別不安全的政務(wù)遠(yuǎn)程客戶端將先天的安全隱患引入到整個(gè)政務(wù)網(wǎng)絡(luò)中。操作規(guī)范層首先借助網(wǎng)絡(luò)威脅網(wǎng)關(guān)(TMG 2010)將政務(wù)遠(yuǎn)程客戶端統(tǒng)一模擬成本地客戶端的形式,從而達(dá)到面向用戶級(jí)別行為控制的WEB訪問(wèn)規(guī)范；其次借助系統(tǒng)中央配置管理器(SCCM 2012)在中央服務(wù)端統(tǒng)一對(duì)遠(yuǎn)程客戶端的軟件安裝、補(bǔ)丁更新、病毒防護(hù)、硬件配置、遠(yuǎn)程維護(hù)等系統(tǒng)環(huán)境的監(jiān)管,從而降低客戶機(jī)的故障率,提高管理員的維護(hù)效率；最后借助分布式存儲(chǔ)系統(tǒng)(DFS)將政務(wù)數(shù)據(jù)統(tǒng)一存儲(chǔ)至服務(wù)端并映射至遠(yuǎn)程用戶端以達(dá)到政務(wù)數(shù)據(jù)的安全存取和便捷訪問(wèn)�；趙indows域環(huán)境的集成管理平臺(tái)最終整合了傳統(tǒng)政務(wù)網(wǎng)絡(luò)管理的各個(gè)安全孤島、形成一個(gè)集中、可控的電子政務(wù)網(wǎng)絡(luò)體系。
[Abstract]:The security of government affairs network is related to the public service level and public service image of government departments. However, the lack of centralized and unified security management system in E-government network is a common phenomenon, especially the remote government users accessing WEB. The randomness of client system operation and data access is one of the most important factors that cause the hidden trouble of government network security. How to provide a standard network environment to restrict the WEB access behavior of remote users, standardize the operation behavior of remote users to remote government client system, change the access habits of remote users to government affairs data is to ensure the security and stability of government affairs network. The key to healthy development. Based on the environment of windows domain, this paper constructs a three-layer security management system of remote access layer, health detection layer and operation specification layer for the remote client of government affairs. In the remote access layer, the remote client can be safely connected to the government affairs network by using the virtual private network (VPN) based on bidirectional certificate extensible identity authentication protocol (PEAP-EAP-TLS). So that it has the prerequisite to accept centralized and unified management of government affairs network. The health detection layer through the network access protection (NAP) way enables the government remote client to obtain the government affairs network resources complete access authority to carry on the health inspection, Avoid individual unsafe government remote client to introduce the inherent security hidden danger to the whole government affairs network. The operation specification layer first simulates the form of the cost client with the help of the Network threat Gateway (TMG 2010), so as to achieve the WEB access specification for user level behavior control. Secondly, the software installation, patch update, virus protection, hardware configuration, remote maintenance and other system environment supervision in the central server are unified by SCCM 2012, so as to reduce the failure rate of the client. Improve the maintenance efficiency of the administrator; Finally, the distributed storage system (DFS) is used to store the government affairs data to the server and map it to the remote client so as to access the government affairs data safely and conveniently. The integrated management platform based on windows domain environment finally integrates the security isolated islands of traditional government network management and forms a centralized and controllable electronic government network system.
【學(xué)位授予單位】：復(fù)旦大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類號(hào)】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前1條

1 周藝林;;基于活動(dòng)目錄服務(wù)的安全基礎(chǔ)平臺(tái)部署[J];金融科技時(shí)代;2012年07期

，

本文編號(hào)：2386565