本文選題：運維審計 + SG-I6000系統(tǒng)��； 參考：《華北電力大學》2017年碩士論文

【摘要】：隨著烏克蘭黑客攻擊造成大面積停電,美國域名服務器攻擊導致知名互聯(lián)網(wǎng)網(wǎng)站無法提供服務等備受全球關注大事件的發(fā)生,信息安全的重要性不斷提上了新的高度。電力企業(yè)作為關系國計民生的支柱企業(yè),電力行業(yè)的信息安全,直接關系著智能電網(wǎng)的健壯性。當今信息安全不僅要著眼于外部攻擊,更要防范于信息系統(tǒng)內(nèi)部運維操作存在的安全風險和隱患。據(jù)不完全統(tǒng)計,超過半數(shù)的安全事件并非來自于外部攻擊,而是來自內(nèi)部的訪問行為及非法操作,因此對信息系統(tǒng)運維操作進行內(nèi)控審計十分必要。電力行業(yè)的運維審計系統(tǒng)在十二五“SG-ERP”階段完成建設并投運,該系統(tǒng)針對企業(yè)內(nèi)信息系統(tǒng)的運維檢修操作進行監(jiān)控及審計。隨著電力企業(yè)信息化工作的不斷推進,信息系統(tǒng)的數(shù)量不斷增長,運維操作對象數(shù)量及種類不斷增多。通過日常應用發(fā)現(xiàn),運維審計系統(tǒng)已不能覆蓋到所有信息系統(tǒng)運維檢修對象,信息系統(tǒng)運維操作不能完全通過運維審計系統(tǒng)進行操作,因而信息系統(tǒng)運維操作入口不統(tǒng)一;運維人員賬號存在公用的現(xiàn)象;運維檢修權限未實現(xiàn)最小化權限管理的工作要求等,現(xiàn)有運維審計系統(tǒng)已不能滿足企業(yè)運維精益化的管理要求。本文通過分析現(xiàn)有運維審計系統(tǒng)的功能架構、技術協(xié)議等內(nèi)容,結合日常運維工作,發(fā)現(xiàn)運維審計系統(tǒng)運維入口不統(tǒng)一,運維賬號公用,運維操作權限管理不細致等問題,在現(xiàn)有運維審計系統(tǒng)的基礎上進行功能擴展,解決運維審計系統(tǒng)現(xiàn)存的問題。引入微軟虛擬化軟件Remote App,將遠程執(zhí)行的應用程序展現(xiàn)在本地客戶端中,將用戶操作的中間過程透明化處理。虛擬化技術支持多種應用的運維訪問,滿足了信息系統(tǒng)運維中不斷出現(xiàn)的新運維對象的運維管理需求,實現(xiàn)運維審計入口統(tǒng)一。對運維賬號口令采用動態(tài)生成方式,避免了運維賬號公用、亂用。信息通信一體化調(diào)度運行支撐平臺(SG-I6000)中有著豐富的信息資源臺賬數(shù)據(jù),規(guī)范化的檢修計劃、工作票管理流程,將以上檢修信息、流程與運維審計系統(tǒng)進行集成,實現(xiàn)臺賬及檢修資源數(shù)據(jù)的共享,并完成運維任務自動創(chuàng)建、權限自動分配的功能。運維審計系統(tǒng)通過上述功能擴展及集成接研發(fā),并在國家電網(wǎng)公司的網(wǎng)省公司進行了部署,實現(xiàn)了信息系統(tǒng)運維精益化管理要求,提升了信息系統(tǒng)運維檢修安全性。
[Abstract]:With the power outages caused by the Ukrainian hacker attacks and the failure of famous Internet sites to provide services caused by the US domain name server attacks, the importance of information security has been raised to a new height. As the mainstay of the national economy and the people's livelihood, the information security of the electric power industry is directly related to the robustness of the smart grid. Nowadays, information security should not only focus on external attacks, but also guard against the security risks and hidden dangers existing in the internal operation and maintenance of information systems. According to incomplete statistics, more than half of the security incidents do not come from external attacks, but from internal access and illegal operations. Therefore, it is necessary to conduct internal audit of information system operation and maintenance operations. The operation and maintenance audit system of electric power industry is completed and put into operation in the 12th Five-Year Plan "SG-ERP" stage. The system monitors and audits the operation and maintenance of the information system in the enterprise. With the development of information technology in electric power enterprises, the number of information systems is increasing, and the number and types of operation and maintenance operations are increasing. Through the daily application, it is found that the operation and maintenance audit system can no longer cover all the information system operation maintenance objects, and the information system operation and maintenance operation can not be completely operated through the operation and maintenance audit system, so the information system operation and maintenance operation entrance is not uniform. The operation and maintenance personnel account has the common phenomenon, the operation and maintenance authority has not realized the minimum permission management work request and so on, the existing operation and maintenance audit system can no longer meet the enterprise operation and maintenance lean management request and so on. Through analyzing the functional structure, technical protocol and other contents of the existing operation and maintenance audit system, combined with the daily operation and maintenance work, this paper finds that the operation and maintenance audit system is not unified, the operation and maintenance account is common, the operation and maintenance operation authority management is not detailed, and so on. On the basis of the existing operation and maintenance audit system, the function is extended to solve the existing problems of the operation and maintenance audit system. This paper introduces the Microsoft virtualization software remote App. to expose the remote executing application to the local client and to make the intermediate process of user operation transparent. The virtualization technology supports the operation and maintenance access of many applications, meets the requirements of the new operation and maintenance management of the information system, and realizes the unity of the operation and maintenance audit entry. To the operation and maintenance account password dynamic generation method, to avoid the operation and maintenance account common, random use. In SG-I6000, there are abundant information resource account data, standardized maintenance plan, work order management flow, the above maintenance information, process and operation and maintenance audit system are integrated. Realize the sharing of account and overhaul resource data, and complete the operation and maintenance task automatic creation, automatic allocation of authority function. The operation and maintenance audit system is developed through the above function extension and integration, and deployed in the network company of the State Grid Corporation. It realizes the information system operation and maintenance lean management requirements, and improves the information system operation and maintenance security.
【學位授予單位】：華北電力大學
【學位級別】：碩士
【學位授予年份】：2017
【分類號】：F426.61;TP309

【參考文獻】

相關期刊論文 前10條

1 孟雅輝;;烏克蘭電力系統(tǒng)被攻擊事件分析與啟示[J];中國鐵路;2016年03期

2 張忠浩;董小亞;趙西林;張瑜;;信息系統(tǒng)運維精益化體系建設研究[J];電力信息與通信技術;2015年07期

3 梁明煌;;淺談SOX法案遵循與IT治理[J];中國新通信;2014年23期

4 梁浩波;封yP鈞;林浩釗;;IT一體化運維管控技術與管理研究[J];計算機安全;2014年04期

5 李謙;白曉明;張林;曹文忠;曾現(xiàn)均;;供電企業(yè)數(shù)據(jù)資產(chǎn)管理與數(shù)據(jù)化運營[J];華東電力;2014年03期

6 崔文超;趙長松;;SSH協(xié)議審計系統(tǒng)的設計與實現(xiàn)[J];電子技術與軟件工程;2014年02期

7 陳靖;黃聰會;孫璐;龔水清;;應用虛擬化技術研究進展[J];空軍工程大學學報(自然科學版);2013年06期

8 佘世洲;;供電企業(yè)信息安全集中監(jiān)測預警體系探索與實踐[J];計算機安全;2013年12期

9 陳衛(wèi)平;;淺談運維審計系統(tǒng)建設[J];現(xiàn)代電視技術;2013年06期

10 張劍;王琦;;淺析管理在信息系統(tǒng)安全中的必要性[J];信息網(wǎng)絡安全;2012年06期

相關博士學位論文 前1條

1 崔文超;信息安全運維審計模型及關鍵技術研究[D];華北電力大學(北京);2014年

相關碩士學位論文 前10條

1 戴長臻;銀行IT運維操作審計系統(tǒng)的設計與實現(xiàn)[D];吉林大學;2016年

2 喬俊峰;RDP協(xié)議的代理與轉(zhuǎn)發(fā)的研究與實現(xiàn)[D];華北電力大學;2015年

3 胡鑫;基于代理的FTP安全審計技術的研究與實現(xiàn)[D];華北電力大學;2015年

4 賈婭婧;基于代理技術的Telnet協(xié)議審計技術的研究與實現(xiàn)[D];華北電力大學;2015年

5 趙長松;基于高可控字符代理技術可信運維審計的研究[D];華北電力大學;2014年

6 李灝;基于代理的遠程訪問審計系統(tǒng)的設計與實現(xiàn)[D];華北電力大學;2014年

7 劉鴻清;支持多種操作系統(tǒng)的遠程應用平臺的設計與實現(xiàn)[D];北京交通大學;2013年

8 王巍;虛擬化環(huán)境下的IT運維研究[D];山東大學;2012年

9 周昕毅;Linux集群運維平臺用戶權限管理及日志審計系統(tǒng)實現(xiàn)[D];上海交通大學;2013年

10 張紅;基于高效的SSH協(xié)議的運維審計系統(tǒng)研究與實現(xiàn)[D];湖南大學;2011年

，

本文編號：2115904