基于基线化管理的计算机配置核查系统的设计与实现
发布时间:2018-09-07 18:35
【摘要】:计算机终端既是网络行为的起点,也是各类攻击的源头,随着网络环境的愈发复杂,安全形势的愈发严峻,保障计算机终端能够安全地可靠地运转,是政府以及产业界长期关注的重点。网关、防火墙和VPN等技术已无法有效地保障网络的安全,这使得人们不得不打破传统的安全边界,思考一种新的手段来提升计算机终端的安全性。本论文源自国家标准的研制课题,该课题主要研究符合我国信息系统安全保护要求的政务终端安全核心配置(China Government Desktop Core Configuration,简称CGDCC)。通过深入研究国内外核心配置的研究成果,并结合政务计算机系统管理的业务需要,本文设计并实现了一套基于基线化管理的计算机配置核查系统。利用此系统对全网计算机进行统一自动化部署基线,对操作系统中的核心配置项进行统一的参数设置,并对这些核心配置项进行实时的监测。本文从研究和制定基线所涉及到的核心配置技术和原理入手,将计算机终端的安全要求转变为操作系统可以识别的语言,并生成计算机配置核查系统可以利用的基线包。然后基于核心配置原理进行设计并实现了基于计算机配置核查系统。最后在真实环境中对系统进行了部署和测试,并展示了系统的实际应用效果。通过研究并设计实现计算机配置核查系统,实现对全网的计算机终端配置统一的安全策略和实时进行安全状态监测等服务,能够有效提高计算机终端的安全防护水平以及提升系统的运行效率。
[Abstract]:Computer terminal is not only the starting point of network behavior, but also the source of all kinds of attacks. As the network environment becomes more complex and the security situation becomes more serious, it is the focus of government and industry to ensure that computer terminal can operate safely and reliably. This paper originates from the national standard research project, which mainly studies the core configuration of government terminal security (China Government Desktop Core Configuration), which meets the requirements of information system security protection in China. N, CGDCC for short). Through in-depth study of the research results of core configuration at home and abroad, and combined with the business needs of government computer system management, this paper designs and implements a computer configuration verification system based on baseline management. Configuration items are uniformly set up and real-time monitored. This paper begins with the research and development of the core configuration techniques and principles involved in the baseline, transforms the security requirements of computer terminals into a language recognizable by the operating system, and generates the baseline available to the computer configuration verification system. Finally, the system is deployed and tested in the real environment, and the actual application effect of the system is shown. Through the research and design of the computer configuration verification system, the unified security of the computer terminal configuration of the whole network is realized. Strategies and real-time security status monitoring services can effectively improve the level of security protection of computer terminals and improve the operational efficiency of the system.
【学位授予单位】:中国科学院大学(中国科学院工程管理与信息技术学院)
【学位级别】:硕士
【学位授予年份】:2017
【分类号】:TP309;TP311.52
本文编号:2229091
[Abstract]:Computer terminal is not only the starting point of network behavior, but also the source of all kinds of attacks. As the network environment becomes more complex and the security situation becomes more serious, it is the focus of government and industry to ensure that computer terminal can operate safely and reliably. This paper originates from the national standard research project, which mainly studies the core configuration of government terminal security (China Government Desktop Core Configuration), which meets the requirements of information system security protection in China. N, CGDCC for short). Through in-depth study of the research results of core configuration at home and abroad, and combined with the business needs of government computer system management, this paper designs and implements a computer configuration verification system based on baseline management. Configuration items are uniformly set up and real-time monitored. This paper begins with the research and development of the core configuration techniques and principles involved in the baseline, transforms the security requirements of computer terminals into a language recognizable by the operating system, and generates the baseline available to the computer configuration verification system. Finally, the system is deployed and tested in the real environment, and the actual application effect of the system is shown. Through the research and design of the computer configuration verification system, the unified security of the computer terminal configuration of the whole network is realized. Strategies and real-time security status monitoring services can effectively improve the level of security protection of computer terminals and improve the operational efficiency of the system.
【学位授予单位】:中国科学院大学(中国科学院工程管理与信息技术学院)
【学位级别】:硕士
【学位授予年份】:2017
【分类号】:TP309;TP311.52
【参考文献】
相关期刊论文 前10条
1 刘蓓;许涛;李新友;王啸天;周欣;;政务计算机终端核心配置标准研究[J];保密科学技术;2014年01期
2 宋杰;;基于组策略编辑器设置的计算机系统攻击防范技术[J];计算机光盘软件与应用;2013年23期
3 谌志华;;安全基线管理在企业中的应用[J];计算机安全;2013年03期
4 刘兰;朱程荣;;政务终端安全基线管理系统的设计与实现[J];计算机与现代化;2013年02期
5 刘帅;刘蓓;支朝朋;;政务终端安全配置关键技术[J];保密科学技术;2011年04期
6 许涛;吴亚非;刘蓓;李新友;;我国政务终端安全桌面核心配置标准研究[J];计算机安全;2010年11期
7 吴志军;杨义先;;信息安全保障评价指标体系的研究[J];计算机科学;2010年07期
8 姜聪;;Windows组策略在网络管理中的应用[J];计算机与网络;2010年Z1期
9 朱宽;;政务内网终端安全的系统设计与实现[J];信息网络安全;2010年02期
10 吕瑞霞;贺春林;;关于Windows下组策略管理的讨论[J];电脑知识与技术;2008年31期
,本文编号:2229091
本文链接:https://www.wllwen.com/kejilunwen/ruanjiangongchenglunwen/2229091.html
