面向新型网络的安全评估技术研究

发布时间：2018-04-27 13:23

本文选题：新型网络 + 风险评估　；参考：《北京邮电大学》2014年硕士论文

【摘要】：基于目前常规安全风险评估流程,都是按照一定的方法把安全检查流程划分成为若干个相对独立的阶段,每个阶段完成检查过程中的关键技术,而各个阶段又统一于整个检查流程,本文提出的面向新型网络的安全基线风险评估系统将基于该思想而设计,以提高新型网络的安全检查工作的效率,增强检查结果的准确性和客观性。面向新型网络的安全基线风险评估系统是一种自动化的工具,只要检查的目标设备是可以连接访问的,并且目标设备开放相关服务及端口,使用授权的用户口令,通过Telnet和SSH协议访问目标资产,工具就可以对目标资产进行检查,检查时不会在目标系统上安装任何的软件和进程。检查完之后,将资产存在的风险进行风险计算,以报表的形式向用户展示,同时给出有效的安全改进建议。由于人工的安全检查工作需要耗费大量的时间,也比较依赖于检查者的技术和经验,而且还有可能由于人为的失误导致检查结果不正确,本论文采用的是B/S的Web架构设计一个自动化的面向新型网络的安全基线风险评估系统,将检查工作交由平台执行。采用B/S架构可以使检查人员在任何时间和任何地方,只要其能够登录到面向新型网络的安全基线风险评估系统,就可以进行自动化的检查操作,而且在检查的过程中无需安装任何工具。使用设计的面向新型网络的安全基线风险评估系统执行检查,业务人员无需再进行大量的人工操作,同时也可避免人为的失误, 本文给出了新型网络安全评估策略框架,设计了一个安全基线模型,从物理环境安全、网络架构安全、数据安全、网络管理制度安全四个方面对新型网络进行了风险评估,给出了系统整体运行流程,核心功能模块主要有系统管理模块、资产管理模块、配置检查模块和报表管理模块等；并且通过新型网络评估实例呈现了系统整体运行状况。
[Abstract]:Based on the current routine security risk assessment process, according to a certain method, the security inspection process is divided into several relatively independent stages, each stage of the completion of the key technology in the inspection process, Each stage is unified in the whole inspection process. The security baseline risk assessment system for the new network will be designed based on this idea in order to improve the efficiency of the security inspection of the new network. Enhance the accuracy and objectivity of inspection results. The security baseline risk assessment system for new networks is an automated tool, provided that the inspected target device is connected to and accessed, and the target device opens related services and ports, using authorized user passwords. By accessing the target asset through the Telnet and SSH protocols, the tool can inspect the target asset without installing any software or process on the target system. After checking, the risk of the assets is calculated and presented to the user in the form of a report form, and the effective security improvement suggestions are given at the same time. Since manual security checks take a lot of time and depend more on the inspectors' skills and experience, and may also be caused by human errors, the results of the inspections are incorrect. In this paper, the Web architecture of B / S is used to design an automated security baseline risk assessment system for a new type of network, and the inspection is carried out by the platform. Using the B / S architecture allows inspectors to automate inspections at any time and anywhere, as long as they can log in to a secure baseline risk assessment system for a new network. And there is no need to install any tools during the inspection. Using a designed security baseline risk assessment system for a new network to perform inspections, business people no longer need to do a lot of manual work, while avoiding human error. This paper presents a new network security evaluation strategy framework, designs a security baseline model, and evaluates the risk of the new network from four aspects: physical environment security, network architecture security, data security, and network management system security. The whole running process of the system is given. The core function modules include system management module, asset management module, configuration check module and report management module, etc.
【学位授予单位】：北京邮电大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【参考文献】