电信运营企业支撑系统网络安全域划分方案研究

发布时间：2018-06-18 20:14

本文选题：电信网络 + 安全域　；参考：《内蒙古大学》2014年硕士论文

【摘要】：电信运营企业的生产部门有许多支撑系统,这些系统与其他系统组成了一个规模庞大、系统复杂的计算机网络。各个网络相对独立又互相有连接接口,网络中的安全机制千差万别,在网络调整时可能会影响网络的可用性,同时网络的安全性也未做过详尽的梳理分析,这导致电信运营企业网络存在较大的安全隐患。因此,如何确保电信支撑系统的安全可靠是电信安全工作的重中之重。经过对电信企业安全领域的研究,提出了电信运营企业网络分等级保护的安全域划分方案。这里安全域的划分并非传统意义上的物理隔离,而是在认真分析各套支撑系统的安全需求和所面临的安全威胁的前提下进行的。依此方案进行规划建设,可使网络结构更加合理,并提高网络的安全性。合理划分安全域是进一步制定和实施安全保护措施的基础。论文的主要研究工作是：首先,分析电信网络的安全现状,并研究目前电信运营企业支撑系统网络使用的安全域方案存在的不足以及应注意的问题。其次,根据网络结构化的思想,针对电信网络结构进行分析,设计电信运营企业支撑系统网络安全域划分方案。再次,根据信息安全等级保护中边界防护方法,针对各安全域之间不同边界,制订了相应的边界安全防护策略,包括安全访问措施、安全设备部署等。最后,将提出的安全域划分方案应用于现网电信网络,根据所制定的边界安全策略,采取相应的安全措施,此划分方案在电信网络安全划分过程中的成功应用,表明该划分方案在实际应用中具有可行性。论文的主要创新处在于：根据电信网络安全等级保护中边界防护的方法,依据安全域划分原则,提出了电信运营企业支撑系统网络安全域划分方案,并在现网中得到验证。
[Abstract]:The production departments of telecom operators have many supporting systems, which form a large and complex computer network with other systems. Each network is relatively independent and connected to each other, and the security mechanisms in the network vary widely, which may affect the usability of the network when the network is adjusted. At the same time, the security of the network has not been combed and analyzed in detail. This causes the telecommunication operation enterprise network to have the bigger security hidden danger. Therefore, how to ensure the security and reliability of telecommunication support system is the most important work of telecom security. Based on the research of telecom enterprise security field, the security domain partition scheme of telecom operation enterprise network protection is put forward. The partition of the security domain is not the physical isolation in the traditional sense, but is based on the analysis of the security requirements and the security threats faced by the supporting systems. Planning and construction according to this scheme can make the network structure more reasonable and improve the security of the network. The rational division of the security domain is the basis for the further development and implementation of safety protection measures. The main research work of this paper is as follows: firstly, the security situation of telecommunication network is analyzed, and the shortcomings of the security domain scheme used in the telecommunication operation enterprise supporting system network and the problems that should be paid attention to are studied. Secondly, according to the idea of network structure, this paper analyzes the telecom network structure and designs the network security domain partition scheme of telecom operation enterprise support system. Thirdly, according to the method of boundary protection in the information security level protection, the corresponding border security protection strategies, including security access measures, security equipment deployment and so on, are formulated according to the different boundaries between different security domains. Finally, the proposed security domain partition scheme is applied to the current telecommunication network. According to the border security policy, the corresponding security measures are taken, and the security partition scheme is successfully applied in the telecommunication network security partition process. It is shown that this scheme is feasible in practical application. The main innovation of this paper lies in: according to the method of boundary protection in the security grade protection of telecommunication network, and according to the principle of security domain division, this paper puts forward the scheme of network security domain partition of telecom operation enterprise support system, and it is verified in the present network.
【学位授予单位】：内蒙古大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【参考文献】