基于Linux终端的安全加固与接入技术的研究

发布时间：2018-06-14 09:22

本文选题：Linux终端 + 安全加固　；参考：《华北电力大学》2014年硕士论文

【摘要】：随着信息技术和移动互联网技术的快速发展,终端远程访问企业内网数据资源的需求日益迫切。但移动互联网的开放特点无法保证其信息通信的安全性,如何实现移动终端与企业网络之间的安全通信成为终端远程接入面临的新挑战。移动终端远程接入系统包括终端、数据通道和接入系统三个实体,其中任何一部分存在的安全问题都可能威胁到整个接入系统的安全。传统的采用虚拟专用网的移动接入技术只关注数据传输通道的安全,忽略了终端的安全问题,无法满足企业终端的安全接入需求。终端自身的安全防护、可靠的身份认证和安全的接入技术是整个接入系统需要解决的关键问题。本文以电力企业的移动终端接入需求为背景,为满足企业的移动终端安全防护要求,针对Linux移动终端面临的主要安全威胁,通过分析操作系统的安全特性,提出相应的安全加固措施,如基于硬件的终端身份识别和动态的安全状态检测技术等。通过对目前流行虚拟专用网协议的应用范围和实现方式进行了分析和对比,结合本论文的系统需求,最终选择了安全套接层作为认证和加密传输的协议。详细分析了OpenVPN的具体实现原理,并在其基础上设计了具有硬件身份识别和动态安全检测的一体化接入系统。该系统从终端加固、安全数据传输及终端状态动态检测等方面保证了终端本身、接入过程和数据通信的安全。本文设计的一体化接入系统在实验环境下经过测试,已基本满足预期要求。移动终端安全接入的研究将对电力企业信息化的进程有积极的推动作用。
[Abstract]:With the rapid development of information technology and mobile Internet technology, the demand for remote access to data resources in enterprise Intranet becomes increasingly urgent. However, the open characteristic of mobile Internet can not guarantee the security of its information communication. How to realize the secure communication between mobile terminal and enterprise network becomes a new challenge for terminal remote access. The remote access system of mobile terminal includes three entities: terminal, data channel and access system. The security problems in any part of the system may threaten the security of the whole access system. The traditional mobile access technology using virtual private network only pays attention to the security of the data transmission channel, neglects the security problem of the terminal, and can not meet the security access requirements of the enterprise terminal. The security protection of the terminal itself, reliable identity authentication and secure access technology are the key problems to be solved in the whole access system. In this paper, based on the mobile terminal access requirements of power enterprises, in order to meet the security requirements of mobile terminals, the main security threats faced by Linux mobile terminals are analyzed, and the security characteristics of the operating system are analyzed. The corresponding security reinforcement measures, such as terminal identification based on hardware and dynamic security state detection technology, are put forward. Based on the analysis and comparison of the application scope and implementation of the popular VPN protocol, the secure socket layer is selected as the protocol of authentication and encryption transmission according to the system requirements of this paper. The realization principle of OpenVPN is analyzed in detail, and an integrated access system with hardware identification and dynamic security detection is designed. The system ensures the security of the terminal itself, access process and data communication from the aspects of terminal reinforcement, secure data transmission and terminal state dynamic detection. The integrated access system designed in this paper has been tested in the experimental environment and has basically met the expected requirements. The research on secure access of mobile terminals will play an active role in the process of power enterprise informatization.
【学位授予单位】：华北电力大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TN915.08

【参考文献】