设备接入安全检查系统的设计与实现

发布时间：2018-06-21 09:15

本文选题：信息安全 + 计算机网络　；参考：《西安电子科技大学》2014年硕士论文

【摘要】：随着社会的发展,计算机和网络逐渐成为人们日常工作和生活中最常见的事物,每天都有无数的人,通过计算机和网络进行工作和休闲。每天,大量的数据在网络中交流传输,并最终存储到各种计算机中,这给人们的日常工作和生活带来极大的便利。但是,在这种便利的同时也存在着一个日益严重的问题,就是信息安全问题,在如今这个信息化的社会,信息已经成为一种重要的战略资源,一些关键的信息能够决定一个企业的兴亡,更严重的甚至关系到国家安全。信息安全已经成为所有人关注的焦点。为了做到信息安全,大多数人都会想到在计算机上安装一系列防御软件,例如杀毒软件、防火墙、防间谍软件等。确实,安装这些软件能够有效的防御网络上常见的威胁,但是,在现今网络上,多种多样的网络威胁使得大多数计算机的使用者不了解自己使用的计算机是否具有防御的能力。因为缺乏专业知识,所以在现今,绝大多数的企事业单位将网络防御的工作交给专业团队负责,由他们为企业网络搭建一个完整的安全环境,称之为“网络安全解决方案”。一个完整的网络安全解决方案是由多个不同的系统组合而成的,每个系统负责不同功能,相互配合完成安全任务。设备接入安全检查系统是解决方案中的一个模块系统,也可以称为设备接入安全检查模块。本文介绍了一个完整的设备接入安全检查系统的设计开发过程,包括需求分析、概要设计、详细设计、系统实现以及最终测试。该系统的主要作用在于帮助用户检查计算机的安全状态,判断该计算机是否能够有效防御常见威胁,该系统本身并不具备防御能力。系统分为三个模块,分别是配置台模块、服务器模块、数据库模块。系统在使用时,首先在配置台上配置安全策略以及用户信息,安全策略包含多个具体子策略,包括防病毒软件策略、防间谍软件策略、windows补丁等,并将这些配置好的数据存储到数据库中。然后,服务器在接收到客户端的安全检查请求后,根据客户端账号从数据库中获取相应的安全策略进行安全检查,并给出最终处理结果。通过上述的检查过程,可以判断计算机是否处于安全状态,如果处于安全状态,则允许其接入网络,否则要求计算机按照要求进行修改并重新进行检查。最终保证计算机在接入网络时是处于安全状态。
[Abstract]:With the development of society, computers and networks have gradually become the most common things in people's daily work and life, every day there are countless people, through computers and networks to work and leisure. Every day, a large amount of data is transmitted through the network and stored in various computers, which brings great convenience to people's daily work and life. However, at the same time, there is an increasingly serious problem of information security. In today's information-based society, information has become an important strategic resource. Some key information can determine the rise and fall of an enterprise, more serious and even related to national security. Information security has become the focus of attention. In order to achieve information security, most people would like to install a series of defense software on the computer, such as antivirus software, firewall, anti-spyware and so on. It is true that the installation of these software can effectively protect against common threats on the network, but in today's networks, a wide variety of network threats make most computer users do not know whether the computer they use is defensible or not. Because of the lack of professional knowledge, the vast majority of enterprises and institutions give the network defense work to the professional team, who build a complete security environment for the enterprise network, which is called "network security solution". A complete network security solution is composed of several different systems, each system is responsible for different functions, cooperate with each other to complete security tasks. The device access security inspection system is a module system in the solution, which can also be called the equipment access security inspection module. This paper introduces the design and development process of a complete equipment access security inspection system, including requirement analysis, outline design, detailed design, system implementation and final test. The main function of the system is to help users check the security status of the computer and determine whether the computer can effectively defend against common threats. The system itself is not capable of defense. The system is divided into three modules, which are configuration platform module, server module and database module. When the system is in use, it first configures the security policy and user information on the configuration platform. The security policy includes several specific sub-policies, including anti-virus software policy, anti-spyware policy and windows patch, etc. These configured data are stored in the database. Then, after receiving the security check request of the client, the server acquires the corresponding security policy from the database according to the client account, and gives the final processing result. Through the above checking process, it can be judged whether the computer is in a safe state, if it is in a secure state, it is allowed to access the network, otherwise, the computer is required to modify and re-check according to the requirements. Finally, the computer is guaranteed to be in a secure state when it is connected to the network.
【学位授予单位】：西安电子科技大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【参考文献】