基于windows域环境的政务网安全管理方案设计

发布时间：2018-12-19 06:58

【摘要】：政务网络的安全关系着政府部门的公共服务水平和公众服务形象。然而,当今电子政务网缺乏集中统一规范的安全管理体系是普遍现象,尤其是远程政务用户对WEB访问、客户机系统操作和数据存取的众多随意性是引起政务网络安全隐患的一大重要因素。如何提供一个规范的网络环境来约束远程用户的WEB访问行为、规范远程用户对远程政务客户机系统的操作行为、改变远程用户对政务数据的存取习惯是确保政务网络安全稳定、健康发展的关键。论文通过在windows域环境的基础上对政务远程客户端构建了远程接入层、健康检测层和操作规范层的三层安全管理体系。远程接入层通过采用基于双向证书的可扩展身份认证协议(PEAP-EAP-TLS)的虚拟专用网络(VPN)方式让政务远程客户端安全地接入到政务网络中,使其具备了接受政务网络集中统一管理的先决条件。健康检测层通过网络访问保护(NAP)方式让政务远程客户端获得政务网络资源完全访问权限前进行健康检测,避免个别不安全的政务远程客户端将先天的安全隐患引入到整个政务网络中。操作规范层首先借助网络威胁网关(TMG 2010)将政务远程客户端统一模拟成本地客户端的形式,从而达到面向用户级别行为控制的WEB访问规范；其次借助系统中央配置管理器(SCCM 2012)在中央服务端统一对远程客户端的软件安装、补丁更新、病毒防护、硬件配置、远程维护等系统环境的监管,从而降低客户机的故障率,提高管理员的维护效率；最后借助分布式存储系统(DFS)将政务数据统一存储至服务端并映射至远程用户端以达到政务数据的安全存取和便捷访问。基于windows域环境的集成管理平台最终整合了传统政务网络管理的各个安全孤岛、形成一个集中、可控的电子政务网络体系。
[Abstract]:The security of government affairs network is related to the public service level and public service image of government departments. However, the lack of centralized and unified security management system in E-government network is a common phenomenon, especially the remote government users accessing WEB. The randomness of client system operation and data access is one of the most important factors that cause the hidden trouble of government network security. How to provide a standard network environment to restrict the WEB access behavior of remote users, standardize the operation behavior of remote users to remote government client system, change the access habits of remote users to government affairs data is to ensure the security and stability of government affairs network. The key to healthy development. Based on the environment of windows domain, this paper constructs a three-layer security management system of remote access layer, health detection layer and operation specification layer for the remote client of government affairs. In the remote access layer, the remote client can be safely connected to the government affairs network by using the virtual private network (VPN) based on bidirectional certificate extensible identity authentication protocol (PEAP-EAP-TLS). So that it has the prerequisite to accept centralized and unified management of government affairs network. The health detection layer through the network access protection (NAP) way enables the government remote client to obtain the government affairs network resources complete access authority to carry on the health inspection, Avoid individual unsafe government remote client to introduce the inherent security hidden danger to the whole government affairs network. The operation specification layer first simulates the form of the cost client with the help of the Network threat Gateway (TMG 2010), so as to achieve the WEB access specification for user level behavior control. Secondly, the software installation, patch update, virus protection, hardware configuration, remote maintenance and other system environment supervision in the central server are unified by SCCM 2012, so as to reduce the failure rate of the client. Improve the maintenance efficiency of the administrator; Finally, the distributed storage system (DFS) is used to store the government affairs data to the server and map it to the remote client so as to access the government affairs data safely and conveniently. The integrated management platform based on windows domain environment finally integrates the security isolated islands of traditional government network management and forms a centralized and controllable electronic government network system.
【学位授予单位】：复旦大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【参考文献】