基于等级保护的银行核心网络系统安全防护体系的研究与设计

发布时间：2018-04-11 21:45

本文选题：等级保护 + 网络安全　；参考：《东华大学》2014年硕士论文

【摘要】：随着我国社会网络化进程的全面加快,国民经济和社会发展对基础信息网络和重要信息系统的依赖性越来越大,因此网络安全保障越来越受到业内人士的关注,信息安全等级保护作为国家信息安全基本制度,对保障政府部门和企事业的基础信息系统安全有着非常重要的作用。信息安全等级保护制度是国家信息安全保障工作的重要内容,也是一项事关国家安全、社会稳定的政治任务。然而,信息安全等级保护在国内才刚刚推广,缺乏具有可操作性的量化模型算法和支撑软件,因而,等级保护工作是当前信息网络安全工作的客观需要和紧迫需求。本文首先综合分析了国内外网络安全现状,研究了我国目前实施的等级保护制度,重点是等级保护制度网络安全的基本要求,通过对等级保护相关的规范与要求进行研究,根据信息系统安全等级保护定级的相关要求和该银行核心网络系统的网络结构、系统组成、服务模式等基本情况,为其确定合适的安全保护等级。进而,按照等级保护制度第三级要求对该网络系统进行安全风险和防护需求分析,根据其不同的业务功能和网络位置,将核心网络系统合理划分为若干个安全区域。针对各安全区域的不同的安全需求和等级保护防护要求,以“分区域、分层次、纵深防护”为设计理念,对不同的安全区域进行个性化的安全防护设计。最后基于一定的思想和策略指导,通过在各安全区域边界和安全区域内部应用不同安全防护技术和安全防护策略,设计出一个包括框架结构、安全策略、系统部署等内容的具有一定通用性和实用性的安全防护体系。同时介绍了整体的网络结构模型,并对其中使用的相应技术及产品进行了详细分析和介绍,从整个系统的角度出发去考虑系统整体的安全问题,具有系统性和实用性,希望有类似安全需求的银行可作为解决方案设计的参考模型。
[Abstract]:With the overall acceleration of the social networking process in China, the national economy and social development depend more and more on the basic information network and important information system, so the network security has attracted more and more attention from the industry.As the basic system of national information security, information security grade protection plays a very important role in ensuring the security of basic information system of government departments and enterprises.The information security level protection system is the important content of the national information security guarantee work, also is a political task which relates to the national security and the social stability.However, the information security level protection has just been popularized in our country, and it lacks the feasible quantization model algorithm and supporting software. Therefore, the level protection work is the objective and urgent need of the current information network security work.In this paper, the current situation of network security at home and abroad is analyzed, and the current level protection system in China is studied. The emphasis is on the basic requirements of network security of grade protection system, and the related norms and requirements of grade protection are studied.According to the requirements of information system security grading and the network structure, system composition and service mode of the core network system of the bank, the appropriate level of security protection is determined for the information system.Furthermore, according to the requirements of the third level protection system, the security risk and protection requirements of the network system are analyzed. According to its different business functions and network location, the core network system is divided into several security areas.According to the different security requirements and protection requirements of different security areas, the design concept of "sub-area, hierarchical and deep protection" is taken as the design concept, and individualized safety protection design for different security areas is carried out.Finally, based on a certain thought and policy guidance, through the application of different security protection technology and security strategy in each security area boundary and inside the security zone, a framework structure and security strategy are designed.System deployment and other content with a certain general and practical security protection system.At the same time, the overall network structure model is introduced, and the corresponding technologies and products used therein are analyzed and introduced in detail. From the point of view of the whole system, the security problems of the whole system are considered, which is systematic and practical.Banks with similar security requirements are expected to serve as reference models for solution design.
【学位授予单位】：东华大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【参考文献】