企业网络信息平台运行安全监控系统的设计与实现
发布时间:2019-01-27 19:50
【摘要】:伴随着企业信息化的不断发展,企业网络信息平台已成为企业正常运转的必要基础设施。本文基于统一威胁管理(Unified Threat Management,UTM)的设计思想,整合路由器、交换机等网络设备,防火墙、远程安全评估系统(Remote Security Assessment System,RSAS)、入侵防护系统(Intrusion Prevention System,IPS)等安全设备,终端计算机、服务器等设备,打破数据隔离,实现数据互通,对企业网络信息平台实行一体化管控。本文设计并实现了企业网络信息平台运行安全监控系统。首先,明确企业网络所面临的威胁,详细阐述数据采集、数据分析、内网重要设备监控、运行安全管理和可视化呈现五项功能需求,阐述系统的性能要求、安全性要求和可靠性、可用性需求。其次,本文按照软件工程的思想将系统架构划分为数据采集层、数据存储层、数据分析层、逻辑层和表示层五个层次。为了实时监控内网重要设备的运行状态,数据采集层利用模拟登录技术实时采集路由器、交换机等网络设备的CPU、内存、接口等运行状态数据,利用网络爬虫收集防火墙、IPS、RSAS的实时运行状态数据和实时连接信息、漏洞信息等,同时利用客户端探针实时采集终端计算机、服务器的运行状态、开放进程及端口等数据。数据分析层分析设备的实时运行状态和历史运行状态,为设备安全状态监控提供依据。该层设计并实现了网络信息平台运行状况的统计分析,同时经过安全规则比对和阈值分析,实时分析设备的安全状态,及时发现网络信息平台内部的异常事件和违规行为,同时利用层次分析法评价Web服务器的健康度。逻辑层在数据采集和分析的基础上管理和控制网络信息平台,响应异常事件。逻辑层设计上述网络设备、安全设备、终端计算机和服务器的监控功能,同时基于ZMQ Pub-Sub和REP-REQ的通讯架构实现了华为、华三(H3C)、思科等品牌路由器和交换机的控制功能、网络功能等。逻辑层还实现了终端计算机和服务器的控制功能,包括检测设备外接存储设备接入、响应违规事件,远程控制运行进程和端口、上网功能和强制关机等。为了方便用户管理网络信息平台,并直观的了解其运行状况,表示层设计并实现了原始数据及数据分析结果的可视化呈现,实现管理可视化和数据可视化。数据存储层利用非关系型数据库存储实时数据信息、分析结果和系统配置等。最后,配置系统的测试环境,完成系统的功能测试及非功能测试,阐述系统的应用场景。
[Abstract]:With the continuous development of enterprise information, enterprise network information platform has become the necessary infrastructure for the normal operation of enterprises. This paper is based on the unified threat management (Unified Threat Management,UTM) design idea, integrated routers, switches and other network equipment, firewalls, remote security evaluation system (Remote Security Assessment System,RSAS), intrusion protection system (Intrusion Prevention System,) IPS) and other security devices, terminal computers, servers and other equipment, breaking data isolation, data exchange, enterprise network information platform integrated control. This paper designs and implements the running security monitoring system of enterprise network information platform. First of all, the paper clarifies the threats faced by the enterprise network, elaborates the five functional requirements of data collection, data analysis, monitoring of important equipment in the inner network, operation security management and visualization, and expounds the performance requirements of the system. Security requirements and reliability, availability requirements. Secondly, according to the idea of software engineering, the system architecture is divided into five layers: data acquisition layer, data storage layer, data analysis layer, logic layer and presentation layer. In order to monitor the running status of the important equipment in the intranet, the data acquisition layer uses the analog login technology to collect the CPU, memory and interface of the router, switch and other network devices in real time, and collects the firewall and IPS, by using the network crawler. The real-time running state data of RSAS, real-time connection information, vulnerability information and so on. Meanwhile, client probe is used to collect the data of terminal computer, server, open process and port in real time. The data analysis layer analyzes the real-time running state and the historical running state of the equipment, which provides the basis for the monitoring of the equipment security state. This layer has designed and realized the statistical analysis of the network information platform's running condition, at the same time through the security rule comparison and the threshold value analysis, the real-time analysis equipment's security state, discovered the network information platform internal unusual event and the violation behavior in time. At the same time, the health degree of Web server was evaluated by analytic hierarchy process (AHP). The logic layer manages and controls the network information platform on the basis of data acquisition and analysis to respond to abnormal events. The logic layer designs the monitoring functions of the above network equipment, security equipment, terminal computer and server. At the same time, the communication architecture based on ZMQ Pub-Sub and REP-REQ realizes Huawei, Huasan (H3C), Cisco and other brands of routers and switches control functions, network functions and so on. The logic layer also realizes the control functions of terminal computer and server, including detecting the access of external storage device, responding to illegal events, remotely controlling the running process and port, accessing the network function and forcing shutdown, etc. In order to facilitate users to manage the network information platform and directly understand its running condition, the presentation layer designs and realizes the visualization of raw data and data analysis results, and realizes management visualization and data visualization. Data storage layer uses non-relational database to store real-time data information, analysis results and system configuration. Finally, configure the test environment of the system, complete the function test and non-function test of the system, and explain the application scene of the system.
【学位授予单位】:哈尔滨工业大学
【学位级别】:硕士
【学位授予年份】:2017
【分类号】:TP277
[Abstract]:With the continuous development of enterprise information, enterprise network information platform has become the necessary infrastructure for the normal operation of enterprises. This paper is based on the unified threat management (Unified Threat Management,UTM) design idea, integrated routers, switches and other network equipment, firewalls, remote security evaluation system (Remote Security Assessment System,RSAS), intrusion protection system (Intrusion Prevention System,) IPS) and other security devices, terminal computers, servers and other equipment, breaking data isolation, data exchange, enterprise network information platform integrated control. This paper designs and implements the running security monitoring system of enterprise network information platform. First of all, the paper clarifies the threats faced by the enterprise network, elaborates the five functional requirements of data collection, data analysis, monitoring of important equipment in the inner network, operation security management and visualization, and expounds the performance requirements of the system. Security requirements and reliability, availability requirements. Secondly, according to the idea of software engineering, the system architecture is divided into five layers: data acquisition layer, data storage layer, data analysis layer, logic layer and presentation layer. In order to monitor the running status of the important equipment in the intranet, the data acquisition layer uses the analog login technology to collect the CPU, memory and interface of the router, switch and other network devices in real time, and collects the firewall and IPS, by using the network crawler. The real-time running state data of RSAS, real-time connection information, vulnerability information and so on. Meanwhile, client probe is used to collect the data of terminal computer, server, open process and port in real time. The data analysis layer analyzes the real-time running state and the historical running state of the equipment, which provides the basis for the monitoring of the equipment security state. This layer has designed and realized the statistical analysis of the network information platform's running condition, at the same time through the security rule comparison and the threshold value analysis, the real-time analysis equipment's security state, discovered the network information platform internal unusual event and the violation behavior in time. At the same time, the health degree of Web server was evaluated by analytic hierarchy process (AHP). The logic layer manages and controls the network information platform on the basis of data acquisition and analysis to respond to abnormal events. The logic layer designs the monitoring functions of the above network equipment, security equipment, terminal computer and server. At the same time, the communication architecture based on ZMQ Pub-Sub and REP-REQ realizes Huawei, Huasan (H3C), Cisco and other brands of routers and switches control functions, network functions and so on. The logic layer also realizes the control functions of terminal computer and server, including detecting the access of external storage device, responding to illegal events, remotely controlling the running process and port, accessing the network function and forcing shutdown, etc. In order to facilitate users to manage the network information platform and directly understand its running condition, the presentation layer designs and realizes the visualization of raw data and data analysis results, and realizes management visualization and data visualization. Data storage layer uses non-relational database to store real-time data information, analysis results and system configuration. Finally, configure the test environment of the system, complete the function test and non-function test of the system, and explain the application scene of the system.
【学位授予单位】:哈尔滨工业大学
【学位级别】:硕士
【学位授予年份】:2017
【分类号】:TP277
【参考文献】
相关期刊论文 前10条
1 陆耿虹;冯冬芹;;基于改进C-SVC的工控网络安全态势感知[J];控制与决策;2017年07期
2 伊胜伟;张辣,
本文编号:2416633
本文链接:https://www.wllwen.com/kejilunwen/zidonghuakongzhilunwen/2416633.html
