云南医专图书馆网站安全性探究与技术实现
发布时间:2019-02-12 19:24
【摘要】:云南医专图书馆原网站主要存在的安全问题是网站经常被攻击导致服务暂停;论坛经常被植入非法广告和病毒链接;网站被SQL注入,导致网站数据遭到破坏;针对这些情况本论文通过建立一套完善的网站防御子系统,能方便的与目前的网站框架相集成,从而使网站有能力抵御黑客的攻击,防止网站被注入和非法篡改。 本文从因特网目前常见的攻击方式出发,结合TCP/IP协议的原理,阐述网络攻击及防御方式的原理;以医专图书馆网站遭受到的攻击方式为研究对象,参考ISO/IEC15408:2001《信息技术安全性评估准则》中对安全防御系统的综合要求,描述了网站安全防御系统的功能需求,剖析原来医专图书馆网站在架构设计上安全方面的不足,在原先网站架构的基础上改进和添加功能的方法设计了网站安全防御体系,通过硬件部署图的方式描述了网站防御系统的运行平台,阐述了网站防御系统实现所用到的技术及特点,在详细设计中采用以自顶向下的方法详细描述了日志审计、访问数据检测、生成静态HTML用户页面、挂马扫描、告警五个功能模块的组织形式、模块间的关系及各个模块的关键功能算法、程序流程、IPO图、E-R图、类结构的设计,使用JAVA的SSH技术框架、DIV+CSS的前台展现技术和WEBService的模块间的调用方式实现了网站安全防御架构。 最后,利用IBM Rational Tester测试工具对完成的网站安全防御模块做了详细测试,并与华为防火墙日志审计系统E-log和论坛系统Discuz7.0做了功能和性能的测试比对,上述安全防御模块已实际应用到医专网站的安全防御,搭建了一个完整的网站安全防御系统,基本达到了设计要求。
[Abstract]:The main security problems in the original website of Yunnan Medical College Library are that the website is frequently attacked and the service is suspended; the forum is often placed with illegal advertisements and viral links; the website is injected with SQL, which results in the destruction of website data. In view of these situations, this paper establishes a set of perfect website defense subsystem, which can be conveniently integrated with the current website framework, so that the website can resist the attack of hackers and prevent the site from being injected and illegally tampered with. In this paper, the principle of network attack and defense mode is expounded based on the common attack mode of Internet and the principle of TCP/IP protocol. Taking the attack mode of the website of medical college library as the research object, referring to the comprehensive requirements of the security defense system in ISO/IEC15408:2001 Information Technology Security Evaluation Standard, this paper describes the functional requirements of the website security defense system. This paper analyzes the shortcomings of the original medical college library website in the security aspect in the structure design, and designs the website security defense system on the basis of the original website structure and the method of improving and adding the function. This paper describes the running platform of the website defense system by the way of hardware deployment diagram, expounds the technology and characteristics used in the implementation of the website defense system, and describes the log audit in detail by adopting the top-down method in the detailed design. Access to data detection, generate static HTML user pages, hang horse scan, alarm the organizational form of the five functional modules, the relationship between the modules and the key functional algorithms of each module, program flow, IPO diagram, E-R diagram, class structure design, The security defense architecture of the website is realized by using the foreground display technology of, DIV CSS and the call between the WEBService module and the SSH technology framework of JAVA. Finally, the IBM Rational Tester test tool is used to test the website security defense module in detail, and compared with Huawei Firewall Log Audit system (E-log) and Forum system (Discuz7.0), the function and performance of the module are compared with that of Huawei Firewall Log Audit system (E-log) and Forum system (Discuz7.0). The above security defense module has been applied to the safety defense of medical college website, and a complete website security defense system has been built, which basically meets the design requirements.
【学位授予单位】:电子科技大学
【学位级别】:硕士
【学位授予年份】:2011
【分类号】:TP393.092
本文编号:2420714
[Abstract]:The main security problems in the original website of Yunnan Medical College Library are that the website is frequently attacked and the service is suspended; the forum is often placed with illegal advertisements and viral links; the website is injected with SQL, which results in the destruction of website data. In view of these situations, this paper establishes a set of perfect website defense subsystem, which can be conveniently integrated with the current website framework, so that the website can resist the attack of hackers and prevent the site from being injected and illegally tampered with. In this paper, the principle of network attack and defense mode is expounded based on the common attack mode of Internet and the principle of TCP/IP protocol. Taking the attack mode of the website of medical college library as the research object, referring to the comprehensive requirements of the security defense system in ISO/IEC15408:2001 Information Technology Security Evaluation Standard, this paper describes the functional requirements of the website security defense system. This paper analyzes the shortcomings of the original medical college library website in the security aspect in the structure design, and designs the website security defense system on the basis of the original website structure and the method of improving and adding the function. This paper describes the running platform of the website defense system by the way of hardware deployment diagram, expounds the technology and characteristics used in the implementation of the website defense system, and describes the log audit in detail by adopting the top-down method in the detailed design. Access to data detection, generate static HTML user pages, hang horse scan, alarm the organizational form of the five functional modules, the relationship between the modules and the key functional algorithms of each module, program flow, IPO diagram, E-R diagram, class structure design, The security defense architecture of the website is realized by using the foreground display technology of, DIV CSS and the call between the WEBService module and the SSH technology framework of JAVA. Finally, the IBM Rational Tester test tool is used to test the website security defense module in detail, and compared with Huawei Firewall Log Audit system (E-log) and Forum system (Discuz7.0), the function and performance of the module are compared with that of Huawei Firewall Log Audit system (E-log) and Forum system (Discuz7.0). The above security defense module has been applied to the safety defense of medical college website, and a complete website security defense system has been built, which basically meets the design requirements.
【学位授予单位】:电子科技大学
【学位级别】:硕士
【学位授予年份】:2011
【分类号】:TP393.092
【引证文献】
相关硕士学位论文 前1条
1 乔峰;基于模板化网络爬虫技术的Web网页信息抽取[D];电子科技大学;2012年
,本文编号:2420714
本文链接:https://www.wllwen.com/wenyilunwen/guanggaoshejilunwen/2420714.html
