运维审计系统功能扩展及运维权限自动分配研究与应用

发布时间：2018-07-11 16:41

本文选题：运维审计 + SG-I6000系统　；参考：《华北电力大学》2017年硕士论文

【摘要】：随着乌克兰黑客攻击造成大面积停电,美国域名服务器攻击导致知名互联网网站无法提供服务等备受全球关注大事件的发生,信息安全的重要性不断提上了新的高度。电力企业作为关系国计民生的支柱企业,电力行业的信息安全,直接关系着智能电网的健壮性。当今信息安全不仅要着眼于外部攻击,更要防范于信息系统内部运维操作存在的安全风险和隐患。据不完全统计,超过半数的安全事件并非来自于外部攻击,而是来自内部的访问行为及非法操作,因此对信息系统运维操作进行内控审计十分必要。电力行业的运维审计系统在十二五“SG-ERP”阶段完成建设并投运,该系统针对企业内信息系统的运维检修操作进行监控及审计。随着电力企业信息化工作的不断推进,信息系统的数量不断增长,运维操作对象数量及种类不断增多。通过日常应用发现,运维审计系统已不能覆盖到所有信息系统运维检修对象,信息系统运维操作不能完全通过运维审计系统进行操作,因而信息系统运维操作入口不统一;运维人员账号存在公用的现象;运维检修权限未实现最小化权限管理的工作要求等,现有运维审计系统已不能满足企业运维精益化的管理要求。本文通过分析现有运维审计系统的功能架构、技术协议等内容,结合日常运维工作,发现运维审计系统运维入口不统一,运维账号公用,运维操作权限管理不细致等问题,在现有运维审计系统的基础上进行功能扩展,解决运维审计系统现存的问题。引入微软虚拟化软件Remote App,将远程执行的应用程序展现在本地客户端中,将用户操作的中间过程透明化处理。虚拟化技术支持多种应用的运维访问,满足了信息系统运维中不断出现的新运维对象的运维管理需求,实现运维审计入口统一。对运维账号口令采用动态生成方式,避免了运维账号公用、乱用。信息通信一体化调度运行支撑平台(SG-I6000)中有着丰富的信息资源台账数据,规范化的检修计划、工作票管理流程,将以上检修信息、流程与运维审计系统进行集成,实现台账及检修资源数据的共享,并完成运维任务自动创建、权限自动分配的功能。运维审计系统通过上述功能扩展及集成接研发,并在国家电网公司的网省公司进行了部署,实现了信息系统运维精益化管理要求,提升了信息系统运维检修安全性。
[Abstract]:With the power outages caused by the Ukrainian hacker attacks and the failure of famous Internet sites to provide services caused by the US domain name server attacks, the importance of information security has been raised to a new height. As the mainstay of the national economy and the people's livelihood, the information security of the electric power industry is directly related to the robustness of the smart grid. Nowadays, information security should not only focus on external attacks, but also guard against the security risks and hidden dangers existing in the internal operation and maintenance of information systems. According to incomplete statistics, more than half of the security incidents do not come from external attacks, but from internal access and illegal operations. Therefore, it is necessary to conduct internal audit of information system operation and maintenance operations. The operation and maintenance audit system of electric power industry is completed and put into operation in the 12th Five-Year Plan "SG-ERP" stage. The system monitors and audits the operation and maintenance of the information system in the enterprise. With the development of information technology in electric power enterprises, the number of information systems is increasing, and the number and types of operation and maintenance operations are increasing. Through the daily application, it is found that the operation and maintenance audit system can no longer cover all the information system operation maintenance objects, and the information system operation and maintenance operation can not be completely operated through the operation and maintenance audit system, so the information system operation and maintenance operation entrance is not uniform. The operation and maintenance personnel account has the common phenomenon, the operation and maintenance authority has not realized the minimum permission management work request and so on, the existing operation and maintenance audit system can no longer meet the enterprise operation and maintenance lean management request and so on. Through analyzing the functional structure, technical protocol and other contents of the existing operation and maintenance audit system, combined with the daily operation and maintenance work, this paper finds that the operation and maintenance audit system is not unified, the operation and maintenance account is common, the operation and maintenance operation authority management is not detailed, and so on. On the basis of the existing operation and maintenance audit system, the function is extended to solve the existing problems of the operation and maintenance audit system. This paper introduces the Microsoft virtualization software remote App. to expose the remote executing application to the local client and to make the intermediate process of user operation transparent. The virtualization technology supports the operation and maintenance access of many applications, meets the requirements of the new operation and maintenance management of the information system, and realizes the unity of the operation and maintenance audit entry. To the operation and maintenance account password dynamic generation method, to avoid the operation and maintenance account common, random use. In SG-I6000, there are abundant information resource account data, standardized maintenance plan, work order management flow, the above maintenance information, process and operation and maintenance audit system are integrated. Realize the sharing of account and overhaul resource data, and complete the operation and maintenance task automatic creation, automatic allocation of authority function. The operation and maintenance audit system is developed through the above function extension and integration, and deployed in the network company of the State Grid Corporation. It realizes the information system operation and maintenance lean management requirements, and improves the information system operation and maintenance security.
【学位授予单位】：华北电力大学
【学位级别】：硕士
【学位授予年份】：2017
【分类号】：F426.61;TP309

【参考文献】