浅析办公自动化网络安全防护策略探讨2.doc

中原工学院 院 系：继续教育学院 班级：品管10 学号： 2011134023 姓名：齐龙龙 指导老师：陈冲公自动化网络安全防护策略探讨摘要】本文总结了办公自动化网络常见的平安问题及其结果,讨论理解决这些平安问题的办法,提供了基于网络内部的平安战略。 【关键词】办公自动化 网络 网络平安 病毒 黑客 1 引言 企业内部办公自动化网络普通是基于TcrilP协议并采用了Internet的通讯规范和Web信息流通形式的Intra-net,它具有开放性,因此运用极端便当。但开放性却带来了系统入侵、病毒入侵等平安性问题。一旦平安问题得不到很好地处理,就可能呈现商业机密走漏、设备损坏、数据丧失、系统瘫痪等严重结果,给正常的企业运营活动形成极大的负面影响。因而企业需求一个更平安的办公自动化网络系统。 2 办公自动化网络常见的平安问题 2.1 黑客入侵 目前的办公自动化网络根本上都采用以播送为技术根底的以太网。在同一以太网中,任何两个节点之间的通讯数据包,不只能够为这两个节点的网卡所接纳,也同时可以为处在同一以太网上的任何一个节点的网卡所截取。另外,为了工作便当,办公自动化网络都备有与外网和国际互联网互相衔接的出入口,因而,外网及国际互联网中的黑客只需侵入办公自动化网络中的恣意节点停止侦听,就能够捕获发作在这个以太网上的一切数据包,对其停止解包剖析,从而窃取关键信息;而本网络中的黑客则有可能十分便当的截取任何数据包,从而形成信息的失窃。 2.2 病毒感染 随着计算机和网络的进步和提高,计算机病毒也不时呈现,总数曾经超越20000种,并以每月300种的速度增加,其破环性也不时增加,而网络病毒毁坏性就更强。一旦文件效劳器的硬盘被病毒感染,就可能形成系统损坏、数据丧失,使网络效劳器无法起动,应用程序和数据无法正确运用,以至招致整个网络瘫痪,形成不可估量的损失。 2.3 数据毁坏 在办公自动化网络系统中,有多种要素可能招致数据的毁坏。首先是黑客侵入,黑客基于各种缘由侵入网络,其中歹意侵入对网络的危害可能是多方面的。其中一种危害就是毁坏数据,可能毁坏效劳器硬盘引导区数据、删除或掩盖原始数据库、毁坏应用程序数据等。其次是病毒毁坏,病毒可能攻击系统数据区,包括硬盘主引导扇区、Boot扇区、FAT表、文件目录等;病毒还可能攻击文件数据区,使文件数据被删除、改名、交换、丧失局部程序代码、丧失数据文件;病毒还可能攻击CMOS,毁坏系统CMOS中的数据。第三是灾难毁坏,由于自然灾祸、忽然停电、激烈震动、误操作等形成数据毁坏。重要数据遭到毁坏和丧失,会形成企业运营艰难、人力、物力、财力的宏大糜费。 3 网络平安战略 3.1 网络平安预警 办公自动化网络平安预誓系统分为入侵预警和病毒预警两局部。 入侵预警系统中,入侵检测能够剖析肯定网络中传输的数据包能否经过受权。一旦检测到入侵信息,将发出正告,从而减少对网络的要挟。它把包括网络扫描、互联网扫描、系统扫描、实时监控和第三方的防火墙产生的重要平安数据综合起来,提供内部和外部的剖析并在实践网络中发现风险源和直接响应。它提供企业平安风险管理报告,报告集中于重要的风险管理范围,照实时风险、攻击条件、平安破绽和攻击剖析;提供细致的入侵告警报告,显现入侵告警信息(如入侵IP地址及目的IP地址、目的端口、攻击特征),并跟踪剖析入侵趋向,以肯定网络的平安状态;信息能够发往相关数据库,作为有关网络平安的决策根据。 病毒预警系统经过对一切进出网络的数据包施行不连续的持续扫描,坚持全天24小时监控一切进出网络的文件,发现病毒时可立刻产生报警信息,通知管理员,并能够经过IP地址定位、端口定位追踪病毒来源,并产生功用强大的扫描日志与报告,记载规则时间内追踪网络一切病毒的活动。 3.2 数据平安维护 关于数据库来说,其物理完好性、逻辑完好性、数据元素完好性都是非常重要的。数据库中的数据有地道信息数据和功用文件数据两大类,入侵维护应主要思索以下几条准绳:物理设备和平安防护,包括效劳器、有线、无线通讯线路的平安防护;效劳器平安维护,不同类型、不同重要水平的数据应尽可能在不同的效劳器上完成,重要数据采用散布式管理,效劳器应有合理的访问控制和身份认证措施维护,并记载访问日志。系统中的重要数据在数据库中应有加密和考证措施。 3.3 入侵防备 3.3.1 内外网隔离 在内部办公自动化网络和外网之间,设置物理隔离,以完成内外网的隔离是维护办公自动化网络平安的最主要、同时也是最有效、最经济的措施之一。 第一层隔离防护措施是路由器。路由器滤掉被屏蔽的IP地址和效劳。能够首先屏蔽一切的IP地址,然后有选择的放行一些地址进入办公自动化网络。 第二层隔离防护措施是防火墙。大多数防火墙都有认证机制,无论何品种型防火墙,从总体上看,都应具有以下五大根本功用:过滤进、出网络的数据;管理进、出网络的访问行为;封堵某些制止的业务;记载经过防火墙的信息内容和活动;对网络攻击的检测和告警。 3.3.2 访问控制 办公自动化网络应采用访问控制的平安措施,将整个网络构造分为三局部,内部网络、隔离区以及外网。每个局部设置不同的访问控制方式。其中:内部网络是不对外开放的区域,它不对外提供任何效劳,所以外部用户检测不到它的IP地址,也难以对它停止攻击。隔离区对外提供效劳,系统开放的信息都放在该区,由于它的开放性,就使它成为黑客们攻击的对象,但由于它与内部网是隔分开的,所以即便遭到了攻击也不会危及内部网,这样双重维护了内部网络的资源不受损害,也便当管理员监视和诊断网络毛病。 3.3.3 内部网络的隔离及分段管理 内部网络分段是保证平安的一项重要措施,同时也是一项根本措施,其指导思想在于将非法用户与网络资源互相隔离,从而到达限制用户非法访问的目的。办公自动化网络能够依据部门或业务需求分段。网络分段可采用物理分段或逻辑分段两种方式:物理分段通常是指将网络从物理层和数据链路层上分为若干网段,各网段互相之间无法停止直接通讯;逻辑分段则是指将整个系统在网络层上停止分段。并能完成子网隔离。在实践应用过程中,通常采取物理分段与逻辑分段相分离的办法来完成隔离。 3.4 病毒防治 相关于单机病毒的防护来说,网络病毒的防治具有更大的难度,网络病毒防治应与网络管理严密分离。网络防病毒最大的特性在于网络的管理功用,假如没有管理功用,很难完成网络防毒的任务。只要管理与防备相分离,才干保证系统正常运转。 3.5 数据恢复 办公自动化系统数据遭到毁坏之后,其数据恢复水平依赖于数据备份计划。数据备份的目的在于尽可能快地全盘恢复运转计算机系统所需的数据和系统信息。依据系统平安需求可选择的备份机制有:实时高速度、大容量自动的数据存储、备份与恢复;定期的数据存储、备份与恢复;对系统设备的备份。备份不只在网络系统硬件毛病或人为失误时起到维护作用,也在入侵者非受权访问或对网络攻击及毁坏数据完好性时起到维护作用,同时亦是系统灾难恢复的前提之一。 4 完毕语 随着企业各部门之间、企业和企业之间、国际间信息交流的日益频繁,办公自动化网络的平安问题曾经提到重要的议事日程上来,一个技术上可行、设计上合理、投资上均衡的平安战略曾经成为胜利的办公自动化网络的重要组成局部。ording to the office automation network safe protection strategy is discussedThe paper summarizes the 】 office automation network common problems and the peace of results, discussion Richard solve these peace to the problem, based on the network to provide internal peace strategy.【 key words 】 office automation network peace virus hackers1 introductionThe enterprise internal office automation network ordinary is based on TcrilP agreement and used the Internet communications standard and Web information circulation form of Intra-net, it is open, so use extreme officers. But open brought a system, such as the virus intrusion of peace. Once peace issues are very good treatment, it is possible to present commercial secrets leaked, damage to the equipment, data loss, system such as the paralyzed serious, for normal operation activities form big negative impact on. Therefore the enterprise need a more peace of office automation network system.2 office automation network common problems of peace2.1 hackersThe current office automation network fundamentally used to broadcast the Ethernet technology for roots. In the same Ethernet, any of the communication between two nodes packets, not only for the two nodes can be accepted by the network card, also can be in the same for the etheric any online a node in the network card have intercepted. In addition, in order to work lunch box, office automation network are available to the network and the Internet gateway connected with each other, and therefore, the network and the Internet only the hacker intrusion into their nodes in the network office automation stop protected reliably against detective, is able to capture in the etheric online attacks all data packets, to stop its solution package of analysis, so as to steal the key information; But this network of hackers are likely very let any packet of interception, so as to form the theft of information.2.2 virus infectionAlong with the computer and networks progress and improve, a computer virus occasionally present, to a total of over 20000 kinds of once, and the rate of 300 per month increases, its the destructive occasionally increases, and network viruses destroy sex is stronger. Once the file server hard drive infected by the virus, may form system damage, loss of data, and make the network server cant start, applications and data cant correctly use that incur the whole network paralysis, form the immeasurable loss.2.3 data destroyedIn office automation network system, a variety of elements may cause the destruction of the data. First is hacked into, and hackers based on various kinds of reasons hacked into the network, which however to the dangers of the Internet into may is multifaceted. One of the harm is destroy data, may destroy server hard disk guide area, deleted or cover up the original data database, and destroy the application data, etc. Next is the virus is destroyed, the virus could attack system data area, including hard disks Boot sector, the Boot sector, FAT table, file list, etc.; The virus could also attack file data area, make file data is deleted, a name, exchange, loss of local program code, loss of data file; The virus could also attack CMOS and destroy system data in CMOS. The third is a disaster destroyed because of natural disaster, suddenly blackouts, intense shaking, such as incorrect operation form data destroyed. Important data were destroyed and loss, can form enterprise operation difficult, human, material and financial resources decided the grand.3 network peace strategyWeb 3.1 peace warningThe oath of office automation network peace system is divided into invasion warning and virus warning two local.Invasion warning system, intrusion detection can analyze the packet transmission network sure whether through authorized. Once the test to the invasion of information, would send a warn, so as to reduce the hostage to the network. It includes network scanning, Internet scanning, system scan, and real-time monitoring and the third party firewall the great peace data together, provide internal and external analysis in practice and in the network and direct response that risk source. It provides enterprise peace risk management report, the report focuses on important risk management scope, when ZhaoShi risk, attack conditions, peace and against flaw analysis; Provides carefully invasion alarm report, appear invasion to the alarm information (such as intrusion IP address and destination IP address, the destination port, against characteristics), and tracking trend analysis invasion, the state in a positive network peace; Information can be sent to relevant database, as the network of the decision according to peace.Virus warning system to pass in and out of the network through all of the discrete packets for scanning, insist on 24 hours in and out of the network monitoring all documents, found that the virus can immediately have a warning message to notify the administrator, and could pass the IP address orientation, port positioning tracking virus source, and produce function powerful scan log and reports, records rules time tracking all the activities of the network virus.3.2 data safe maintenanceWhat about the database for, its physical reliability, logic reliability, the data element reliability is very important. The data in the database have real information data and function the file data is two kinds big, invasion of maintenance should mainly be thinking about the following article a few line: physical equipment and peace, protection, including server, cable, wireless communications lines peace protective; Server maintenance peace, different types, different important level of data should as far as possible in the different server to complete, important data using SanBuShi management, server should have reasonable access control and identity authentication measures to maintain, and records access log. The important data in the database system should have encryption and textual research measures.3.3 against invasion3.3.1 internal and external nets isolationIn the internal network and the network office automation, between setting physical isolation, to complete the isolation of the internal and external nets maintain office automation network of peace, the main is also the most effective, most economic one of the measures.The first layer isolation protective measures is router. The router filter out by screen IP address and service. It can first shielding all IP address, and then have the option of release some address into office automation network.The second isolation is a firewall protection measures. Most of the firewall authentication mechanism have any breed type fire preventionaccident, assist in the development of corrective programmes and follow, verify, record and feedback in a timely manner. Responsible for the overall quality management, guiding project QC group activities. 7, the Ministry of planning and finance: with all the responsible for the projects contract manager. Including curtain pile and bored pile construction. 14, ear