【摘要】：云南醫(yī)專圖書館原網(wǎng)站主要存在的安全問題是網(wǎng)站經(jīng)常被攻擊導(dǎo)致服務(wù)暫停;論壇經(jīng)常被植入非法廣告和病毒鏈接;網(wǎng)站被SQL注入,導(dǎo)致網(wǎng)站數(shù)據(jù)遭到破壞;針對這些情況本論文通過建立一套完善的網(wǎng)站防御子系統(tǒng),能方便的與目前的網(wǎng)站框架相集成,從而使網(wǎng)站有能力抵御黑客的攻擊,防止網(wǎng)站被注入和非法篡改。 本文從因特網(wǎng)目前常見的攻擊方式出發(fā),結(jié)合TCP/IP協(xié)議的原理,闡述網(wǎng)絡(luò)攻擊及防御方式的原理;以醫(yī)專圖書館網(wǎng)站遭受到的攻擊方式為研究對象,參考ISO/IEC15408:2001《信息技術(shù)安全性評估準則》中對安全防御系統(tǒng)的綜合要求,描述了網(wǎng)站安全防御系統(tǒng)的功能需求,剖析原來醫(yī)專圖書館網(wǎng)站在架構(gòu)設(shè)計上安全方面的不足,在原先網(wǎng)站架構(gòu)的基礎(chǔ)上改進和添加功能的方法設(shè)計了網(wǎng)站安全防御體系,通過硬件部署圖的方式描述了網(wǎng)站防御系統(tǒng)的運行平臺,闡述了網(wǎng)站防御系統(tǒng)實現(xiàn)所用到的技術(shù)及特點,在詳細設(shè)計中采用以自頂向下的方法詳細描述了日志審計、訪問數(shù)據(jù)檢測、生成靜態(tài)HTML用戶頁面、掛馬掃描、告警五個功能模塊的組織形式、模塊間的關(guān)系及各個模塊的關(guān)鍵功能算法、程序流程、IPO圖、E-R圖、類結(jié)構(gòu)的設(shè)計,使用JAVA的SSH技術(shù)框架、DIV+CSS的前臺展現(xiàn)技術(shù)和WEBService的模塊間的調(diào)用方式實現(xiàn)了網(wǎng)站安全防御架構(gòu)。 最后,利用IBM Rational Tester測試工具對完成的網(wǎng)站安全防御模塊做了詳細測試,并與華為防火墻日志審計系統(tǒng)E-log和論壇系統(tǒng)Discuz7.0做了功能和性能的測試比對,上述安全防御模塊已實際應(yīng)用到醫(yī)專網(wǎng)站的安全防御,搭建了一個完整的網(wǎng)站安全防御系統(tǒng),基本達到了設(shè)計要求。
[Abstract]:The main security problems in the original website of Yunnan Medical College Library are that the website is frequently attacked and the service is suspended; the forum is often placed with illegal advertisements and viral links; the website is injected with SQL, which results in the destruction of website data. In view of these situations, this paper establishes a set of perfect website defense subsystem, which can be conveniently integrated with the current website framework, so that the website can resist the attack of hackers and prevent the site from being injected and illegally tampered with. In this paper, the principle of network attack and defense mode is expounded based on the common attack mode of Internet and the principle of TCP/IP protocol. Taking the attack mode of the website of medical college library as the research object, referring to the comprehensive requirements of the security defense system in ISO/IEC15408:2001 Information Technology Security Evaluation Standard, this paper describes the functional requirements of the website security defense system. This paper analyzes the shortcomings of the original medical college library website in the security aspect in the structure design, and designs the website security defense system on the basis of the original website structure and the method of improving and adding the function. This paper describes the running platform of the website defense system by the way of hardware deployment diagram, expounds the technology and characteristics used in the implementation of the website defense system, and describes the log audit in detail by adopting the top-down method in the detailed design. Access to data detection, generate static HTML user pages, hang horse scan, alarm the organizational form of the five functional modules, the relationship between the modules and the key functional algorithms of each module, program flow, IPO diagram, E-R diagram, class structure design, The security defense architecture of the website is realized by using the foreground display technology of, DIV CSS and the call between the WEBService module and the SSH technology framework of JAVA. Finally, the IBM Rational Tester test tool is used to test the website security defense module in detail, and compared with Huawei Firewall Log Audit system (E-log) and Forum system (Discuz7.0), the function and performance of the module are compared with that of Huawei Firewall Log Audit system (E-log) and Forum system (Discuz7.0). The above security defense module has been applied to the safety defense of medical college website, and a complete website security defense system has been built, which basically meets the design requirements.
【學(xué)位授予單位】：電子科技大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2011
【分類號】：TP393.092

【引證文獻】

相關(guān)碩士學(xué)位論文 前1條

1 喬峰;基于模板化網(wǎng)絡(luò)爬蟲技術(shù)的Web網(wǎng)頁信息抽取[D];電子科技大學(xué);2012年

，

本文編號：2420714