【摘要】：伴隨著企業(yè)信息化的不斷發(fā)展,企業(yè)網(wǎng)絡(luò)信息平臺(tái)已成為企業(yè)正常運(yùn)轉(zhuǎn)的必要基礎(chǔ)設(shè)施。本文基于統(tǒng)一威脅管理(Unified Threat Management,UTM)的設(shè)計(jì)思想,整合路由器、交換機(jī)等網(wǎng)絡(luò)設(shè)備,防火墻、遠(yuǎn)程安全評(píng)估系統(tǒng)(Remote Security Assessment System,RSAS)、入侵防護(hù)系統(tǒng)(Intrusion Prevention System,IPS)等安全設(shè)備,終端計(jì)算機(jī)、服務(wù)器等設(shè)備,打破數(shù)據(jù)隔離,實(shí)現(xiàn)數(shù)據(jù)互通,對(duì)企業(yè)網(wǎng)絡(luò)信息平臺(tái)實(shí)行一體化管控。本文設(shè)計(jì)并實(shí)現(xiàn)了企業(yè)網(wǎng)絡(luò)信息平臺(tái)運(yùn)行安全監(jiān)控系統(tǒng)。首先,明確企業(yè)網(wǎng)絡(luò)所面臨的威脅,詳細(xì)闡述數(shù)據(jù)采集、數(shù)據(jù)分析、內(nèi)網(wǎng)重要設(shè)備監(jiān)控、運(yùn)行安全管理和可視化呈現(xiàn)五項(xiàng)功能需求,闡述系統(tǒng)的性能要求、安全性要求和可靠性、可用性需求。其次,本文按照軟件工程的思想將系統(tǒng)架構(gòu)劃分為數(shù)據(jù)采集層、數(shù)據(jù)存儲(chǔ)層、數(shù)據(jù)分析層、邏輯層和表示層五個(gè)層次。為了實(shí)時(shí)監(jiān)控內(nèi)網(wǎng)重要設(shè)備的運(yùn)行狀態(tài),數(shù)據(jù)采集層利用模擬登錄技術(shù)實(shí)時(shí)采集路由器、交換機(jī)等網(wǎng)絡(luò)設(shè)備的CPU、內(nèi)存、接口等運(yùn)行狀態(tài)數(shù)據(jù),利用網(wǎng)絡(luò)爬蟲(chóng)收集防火墻、IPS、RSAS的實(shí)時(shí)運(yùn)行狀態(tài)數(shù)據(jù)和實(shí)時(shí)連接信息、漏洞信息等,同時(shí)利用客戶端探針實(shí)時(shí)采集終端計(jì)算機(jī)、服務(wù)器的運(yùn)行狀態(tài)、開(kāi)放進(jìn)程及端口等數(shù)據(jù)。數(shù)據(jù)分析層分析設(shè)備的實(shí)時(shí)運(yùn)行狀態(tài)和歷史運(yùn)行狀態(tài),為設(shè)備安全狀態(tài)監(jiān)控提供依據(jù)。該層設(shè)計(jì)并實(shí)現(xiàn)了網(wǎng)絡(luò)信息平臺(tái)運(yùn)行狀況的統(tǒng)計(jì)分析,同時(shí)經(jīng)過(guò)安全規(guī)則比對(duì)和閾值分析,實(shí)時(shí)分析設(shè)備的安全狀態(tài),及時(shí)發(fā)現(xiàn)網(wǎng)絡(luò)信息平臺(tái)內(nèi)部的異常事件和違規(guī)行為,同時(shí)利用層次分析法評(píng)價(jià)Web服務(wù)器的健康度。邏輯層在數(shù)據(jù)采集和分析的基礎(chǔ)上管理和控制網(wǎng)絡(luò)信息平臺(tái),響應(yīng)異常事件。邏輯層設(shè)計(jì)上述網(wǎng)絡(luò)設(shè)備、安全設(shè)備、終端計(jì)算機(jī)和服務(wù)器的監(jiān)控功能,同時(shí)基于ZMQ Pub-Sub和REP-REQ的通訊架構(gòu)實(shí)現(xiàn)了華為、華三(H3C)、思科等品牌路由器和交換機(jī)的控制功能、網(wǎng)絡(luò)功能等。邏輯層還實(shí)現(xiàn)了終端計(jì)算機(jī)和服務(wù)器的控制功能,包括檢測(cè)設(shè)備外接存儲(chǔ)設(shè)備接入、響應(yīng)違規(guī)事件,遠(yuǎn)程控制運(yùn)行進(jìn)程和端口、上網(wǎng)功能和強(qiáng)制關(guān)機(jī)等。為了方便用戶管理網(wǎng)絡(luò)信息平臺(tái),并直觀的了解其運(yùn)行狀況,表示層設(shè)計(jì)并實(shí)現(xiàn)了原始數(shù)據(jù)及數(shù)據(jù)分析結(jié)果的可視化呈現(xiàn),實(shí)現(xiàn)管理可視化和數(shù)據(jù)可視化。數(shù)據(jù)存儲(chǔ)層利用非關(guān)系型數(shù)據(jù)庫(kù)存儲(chǔ)實(shí)時(shí)數(shù)據(jù)信息、分析結(jié)果和系統(tǒng)配置等。最后,配置系統(tǒng)的測(cè)試環(huán)境,完成系統(tǒng)的功能測(cè)試及非功能測(cè)試,闡述系統(tǒng)的應(yīng)用場(chǎng)景。
[Abstract]:With the continuous development of enterprise information, enterprise network information platform has become the necessary infrastructure for the normal operation of enterprises. This paper is based on the unified threat management (Unified Threat Management,UTM) design idea, integrated routers, switches and other network equipment, firewalls, remote security evaluation system (Remote Security Assessment System,RSAS), intrusion protection system (Intrusion Prevention System,) IPS) and other security devices, terminal computers, servers and other equipment, breaking data isolation, data exchange, enterprise network information platform integrated control. This paper designs and implements the running security monitoring system of enterprise network information platform. First of all, the paper clarifies the threats faced by the enterprise network, elaborates the five functional requirements of data collection, data analysis, monitoring of important equipment in the inner network, operation security management and visualization, and expounds the performance requirements of the system. Security requirements and reliability, availability requirements. Secondly, according to the idea of software engineering, the system architecture is divided into five layers: data acquisition layer, data storage layer, data analysis layer, logic layer and presentation layer. In order to monitor the running status of the important equipment in the intranet, the data acquisition layer uses the analog login technology to collect the CPU, memory and interface of the router, switch and other network devices in real time, and collects the firewall and IPS, by using the network crawler. The real-time running state data of RSAS, real-time connection information, vulnerability information and so on. Meanwhile, client probe is used to collect the data of terminal computer, server, open process and port in real time. The data analysis layer analyzes the real-time running state and the historical running state of the equipment, which provides the basis for the monitoring of the equipment security state. This layer has designed and realized the statistical analysis of the network information platform's running condition, at the same time through the security rule comparison and the threshold value analysis, the real-time analysis equipment's security state, discovered the network information platform internal unusual event and the violation behavior in time. At the same time, the health degree of Web server was evaluated by analytic hierarchy process (AHP). The logic layer manages and controls the network information platform on the basis of data acquisition and analysis to respond to abnormal events. The logic layer designs the monitoring functions of the above network equipment, security equipment, terminal computer and server. At the same time, the communication architecture based on ZMQ Pub-Sub and REP-REQ realizes Huawei, Huasan (H3C), Cisco and other brands of routers and switches control functions, network functions and so on. The logic layer also realizes the control functions of terminal computer and server, including detecting the access of external storage device, responding to illegal events, remotely controlling the running process and port, accessing the network function and forcing shutdown, etc. In order to facilitate users to manage the network information platform and directly understand its running condition, the presentation layer designs and realizes the visualization of raw data and data analysis results, and realizes management visualization and data visualization. Data storage layer uses non-relational database to store real-time data information, analysis results and system configuration. Finally, configure the test environment of the system, complete the function test and non-function test of the system, and explain the application scene of the system.
【學(xué)位授予單位】：哈爾濱工業(yè)大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2017
【分類號(hào)】：TP277

【參考文獻(xiàn)】

相關(guān)期刊論文 前10條

1 陸耿虹;馮冬芹;;基于改進(jìn)C-SVC的工控網(wǎng)絡(luò)安全態(tài)勢(shì)感知[J];控制與決策;2017年07期

2 伊勝偉;張辣，

本文編號(hào)：2416633