公司防火墙管理软件的设计与实现
发布时间:2018-09-08 08:44
【摘要】:互联网的迅速发展,大大的加快了经济社会发展,在方便人们生活的同时,带来了信息网络安全的问题,因此,它为企业的发展、生存带来了新的问题和挑战。网络信息安全问题出于信息技术的迅猛发展,它不仅表现为对网络信息技术的强烈依赖,而且从网络信息安全概念产生起,就表现为对机房物理环境、人的行为的强烈依赖。而当今企业为确保自身信息安全问题不被泄密,在现实网络应用环境中通常会在网络出口、服务器区、办公网区部署防火墙设备,通过防火墙设备设置对应访问规则,保护企业内网数据信息部受攻击、侵害。近几年我公司内部网络规模随着业务的发展不断的在进行变更扩大,在每次调整网络架构时随时会面临业务被受影响的情况,特别是公司防火墙的改造、升级,因没有一个集中的管理机制随时会将业务进行阻断,甚至当防火墙受损时无法第一时间迅速恢复。我公司目前内部网络架构主要分为核心网、业务网、安全管理网、互联网接入区、专网接入区等五大区域,其中在核心网络层部署了两台防火墙,业务网部署了四台防火墙,安全管理网部署了两台防火墙,互联网接入区域出口部署了两台防火墙,专网接入区部署了两台防火墙,这些防火墙的公司的网络保护起到了关键性的作用,但是一旦防火墙出现故障或管理人员在配置时出现错误将影响公司内部网络业务。因此目前我公司需要一个能集中管理这些防火墙的有效机制,主要从防火墙配置、基础信息、系统日志、备份恢复等几方面去管理,本论文研究的目的就是研发出一套防火墙管理软件来对公司的所有的硬件防火墙进行集中性的管理。从经济实用性来说,该设计将在很大程度上节约公司开销,这种软防火墙在办公网中的应用将比各商业防火墙更易于管理和操作,在功能方面看来,混合型网络防火墙除了根据内部网络规划制定相应的用户策略的功能外还支持账号管理,灵活的将不同办公角色和职能部门划分,对信息安全要求级别高的办公终端实施高安全性的策略,能有效杜绝局域网和外网攻击。本文在对防火墙技术及原理进行了简洁的基础上,以防火墙技术在企业信息安全的应用为研究目的,针对防火墙目前存在的如下缺陷:不能防止策略配置不当或错误配置引起的安全威胁、因硬件问题的损坏导致配置和策略的丢失、不能防止可接触的人为或自然的破坏以及防火墙设备中产生的日志会消耗自身存储空间等问题,设计了一套防火墙管理软件并进行了软件测试,获得了良好结果。
[Abstract]:The rapid development of the Internet greatly speeds up the economic and social development, which brings about the problem of information network security while facilitating people's life. Therefore, it brings new problems and challenges to the development and survival of enterprises. The problem of network information security is due to the rapid development of information technology. It is not only a strong dependence on network information technology, but also a strong dependence on the physical environment and human behavior from the concept of network information security. In order to ensure that their own information security problems are not leaked, enterprises usually deploy firewall devices in the network exit, server area and office network area in the real network application environment, and set the corresponding access rules through the firewall device. To protect the data and information department of the internal network of enterprises is attacked and infringed upon. In recent years, with the development of business, the scale of internal network of our company is constantly changing and expanding, and every time we adjust the network structure, we will be faced with the situation of business being affected at any time, especially the transformation and upgrading of the company's firewall. Without a centralized management mechanism, the business will be blocked at any time, even when the firewall is damaged, it can not recover quickly. At present, the internal network architecture of our company is mainly divided into five major areas: core network, business network, security management network, Internet access area and private network access area, among which two firewalls are deployed in the core network layer and four firewalls are deployed in the business network. Two firewalls have been deployed in the security management network, two firewalls have been deployed at the exit of the Internet access area, and two firewalls have been deployed in the private network access area. The network protection of these firewall companies has played a key role. However, once firewall failure or manager configuration errors will affect the company's internal network business. Therefore, at present our company needs an effective mechanism to centralize the management of these firewalls, mainly from the firewall configuration, basic information, system log, backup and recovery, and so on. The purpose of this thesis is to develop a set of firewall management software to manage all hardware firewalls. In terms of economic practicability, the design will greatly reduce the cost of the company, this soft firewall in office network applications will be easier to manage and operate than commercial firewalls, from a functional point of view, In addition to the function of formulating corresponding user policies according to the internal network planning, the hybrid network firewall also supports account management and flexibly divides different office roles and functional departments. The implementation of high security strategy for office terminals with high information security requirements can effectively prevent attacks on local area networks and external networks. On the basis of simple firewall technology and principle, the purpose of this paper is to study the application of firewall technology in enterprise information security. The firewall has the following defects: it can't prevent the security threat caused by the improper configuration or misconfiguration of the policy, and the configuration and the loss of the policy can be caused by the damage of the hardware problem. A set of firewall management software is designed and tested, and good results are obtained.
【学位授予单位】:电子科技大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.08
,
本文编号:2230021
[Abstract]:The rapid development of the Internet greatly speeds up the economic and social development, which brings about the problem of information network security while facilitating people's life. Therefore, it brings new problems and challenges to the development and survival of enterprises. The problem of network information security is due to the rapid development of information technology. It is not only a strong dependence on network information technology, but also a strong dependence on the physical environment and human behavior from the concept of network information security. In order to ensure that their own information security problems are not leaked, enterprises usually deploy firewall devices in the network exit, server area and office network area in the real network application environment, and set the corresponding access rules through the firewall device. To protect the data and information department of the internal network of enterprises is attacked and infringed upon. In recent years, with the development of business, the scale of internal network of our company is constantly changing and expanding, and every time we adjust the network structure, we will be faced with the situation of business being affected at any time, especially the transformation and upgrading of the company's firewall. Without a centralized management mechanism, the business will be blocked at any time, even when the firewall is damaged, it can not recover quickly. At present, the internal network architecture of our company is mainly divided into five major areas: core network, business network, security management network, Internet access area and private network access area, among which two firewalls are deployed in the core network layer and four firewalls are deployed in the business network. Two firewalls have been deployed in the security management network, two firewalls have been deployed at the exit of the Internet access area, and two firewalls have been deployed in the private network access area. The network protection of these firewall companies has played a key role. However, once firewall failure or manager configuration errors will affect the company's internal network business. Therefore, at present our company needs an effective mechanism to centralize the management of these firewalls, mainly from the firewall configuration, basic information, system log, backup and recovery, and so on. The purpose of this thesis is to develop a set of firewall management software to manage all hardware firewalls. In terms of economic practicability, the design will greatly reduce the cost of the company, this soft firewall in office network applications will be easier to manage and operate than commercial firewalls, from a functional point of view, In addition to the function of formulating corresponding user policies according to the internal network planning, the hybrid network firewall also supports account management and flexibly divides different office roles and functional departments. The implementation of high security strategy for office terminals with high information security requirements can effectively prevent attacks on local area networks and external networks. On the basis of simple firewall technology and principle, the purpose of this paper is to study the application of firewall technology in enterprise information security. The firewall has the following defects: it can't prevent the security threat caused by the improper configuration or misconfiguration of the policy, and the configuration and the loss of the policy can be caused by the damage of the hardware problem. A set of firewall management software is designed and tested, and good results are obtained.
【学位授予单位】:电子科技大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.08
,
本文编号:2230021
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2230021.html
