[优秀毕业设计精品]基于浙江信用社网络安全建设方案设计

I目录第1章项目情况概述A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A3第2章网络结构调整与安全域划分A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A4第3章信用社网络需求分析A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A531网上银行安全风险和安全需求A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A632生产业务网络安全风险和安全需求A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A7第4章总体安全技术框架建议A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A841网络层安全建议A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A842系统层安全建议A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A3A043管理层安全建议A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A3A0第5章详细网络架构及产品部署建议A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A3A451网上银行安全建议A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A3A452省联社生产网安全建议A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A3A153地市联社生产网安全建议A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A3A554区县联社生产网安全建议A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A3A655全行网络防病毒系统建议A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A3A756网络安全管理平台建议A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A3A9561部署网络安全管理平台的必要性A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A3A9562网络安全管理平台部署建议A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A3A857建立专业的安全服务体系建议A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A0A10571现状调查和风险评估A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A0A3572安全策略制定及方案设计A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A0A0573安全应急响应方案A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A0A0第6章安全规划总结A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A0A6产品配置清单A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A0A71第1章项目情况概述信用社网络是一个正在进行改造的省级银行网络。整个网络随着业务的不断扩展和应用的增加，已经形成了一个G8190G13449联系，G19181G13520G3809G7446的网络。G1186G13449G2533G7481G11487，目G2081G59G59G59银行网络分G1038G3247层，第一层G1038省联社网络，第G1120层G1038地市联社网络，第G989层G1038县G708区G709联社网络，第G3247层G1038分理G3800网络。G1186G8190G2533G7481G11487，省及G2520地市的银行网络G18129G6365G10043应用划分G1038G2162G1856G4388网G451生产G4388网和G3818联网络G989个G3835G4388网。G13792在省G1025G5527网上，G17836G2265G6336网上银行G451G8991G16809G4388网和G48G44G54G4388网G989个单G10432的G4388网。G1866整个网络的结构G12046G5859G3282G3926G991G726A11A12A13A12A14A15A16A17A18A19A20A21A22A11信用社网络是一个正在G7044建的网络，目G2081业务系统G2030G2030上G13459G17828行，G17836G8821G7389进行信G5699安全方G19766的建设。G13792G4557G1122信用社网络G7481G16840，生产网是网络G1025G7380G18337要的部分，G6164G7389的应用G1075业务系统G18129部署在生产网上。一G7098生产网G1998现G19394G20076，造成的G6451G3845和G5445响G4570是不G2499估G18339的。G3252G8504现在急需G16311G1927生产网的安全G19394G20076。G7424G8437G4557信用社网络的安全规划G1177G19492G1122生产网G1209及与生产网安全G11468G1863的网络部分，G3252G8504G991G19766G6117G1216着G18337G4557信用社的生产网构架G1582一个详细G6563述。G708一G709省联社生产网络2省联社网络生产网络是全行信G5699系统的G7692G5527，业务系统G451网上银行系统及管理系统G18129G19610G1025在信G5699G1025G5527。省联社网络生产网络G17139G17143与G1166行及G1866G1194单G1313G1025G19400业务的G17842G6521。省联社网络生产网络G17139G17143建立和G13512G6264网上银行。省联社网络生产网络G1025G2265G2559G48G44G54系统和G8991G16809系统。G6817G1328系统G1039要G7389G726G50G54G184G19G19G451G36G44G59G451G47G76G81G88G91G451G58G76G81G71G82G90G86，G1209及G1866G4439设G3803的专用系统。G6980G6466G5223系统G2265G6336G726G39G372G451G44G49G41G50RG48G44G59G451G54YG37G36G54EG451G50RG36CG47E等。业务应用G2265G6336G726生产业务G726一G13459业务G726与客户直G6521G1863联的业务，G3926G36TG48G451PG50G54G451柜员终端等G1120G13459业务G726不直G6521与客户G11468G1863的业务，G3926管理流程G451G1856文轮流转G451监督G451G1927策等，G1038一G13459业务的支撑。G708G1120G709地市联社生产网络地市联社生产网络是G1120级网络，通过两条互G1038G3803份的专G13459与省联社G1025G5527网络互G17842。G6817G1328系统G1039要G7389G726UG49G44G59G451G58G44G49G39G50G58G54。G708G989G709区G708县G709联社生产网络区G708县G709联社生产网络是G989级网络，通过2G48G54G39HG18或者1G19G48光纤G1209太网G708G44G54G39G49G3803份G709等方式与管辖支行的网络G17842G6521。G6817G1328系统G1039要G7389G726UG49G44G59G451G58G44G49G39G50G58G54。G708G3247G709分理G3800生产网分理G3800是G3247级网络，G2520个分理G3800通过2G48G54G39H或者G44G54G39G49等方式与管辖区G708县G709联社的网络G17842G6521。由G1122区县联社及分理G3800的网络目G2081G17836G3800在组网的初级阶段，网络构造简单且G17836G8821G7389能力进行完善的网络安全建设和管理，G3252G8504G7424G8437规划G1039要是G4557省及地市联社的网络安全部分。当把省及地市部分的网络建成一个比较完善的安全防G6264体系之后，再逐步的G4570安全措施和手段应用G1122G991层的区县联社及分理G3800。G1186G13792实现整个网络的G18337点防G6264G451分步实施策略。3第2章网络结构调整与安全域划分G4557G1122信用社生产网络G7481G16840，首要的一点就是应该根G6466国家G7389G1863部门G4557G11468G1863规定，G4570整个生产网络进行网络结构的优化和安全域的划分，G1186结构上实现G4557安全等级化保G6264。根G6466G1025国G1166民银行计算机安全管理暂行规定G708G16809行G709的G11468G1863要求G726“第六十一条内联网上的G6164G7389计算机设G3803，不得直G6521或G19400G6521地与国际互联网G11468联G6521，必须实现与国际互联网的物理隔离。”“第七十五条计算机信G5699系统的开发环境和现场应当与生产环境和现场隔离。”G3252G8504G6117G1216G7389必要G4557现G7389网络环境进行改造，G1209G4570生产业务网络G708G2265G6336一G13459业务和G1120G13459业务G709与具G7389互联网G17842G6521的G2162G1856网络之G19400区分开G7481，通过强G7389力的安全控制机制G7380G3835化实现生产系统与G1866G1194业务系统之G19400的隔离。同时，G4557信用社G6164G7389信G5699资源进行安全分级，根G6466不同业务和应用类型划分不同安全等级的安全域，并分别进行不同等级的隔离和保G6264。初步规划G4570省联社生产网络划分成多个具G3803不同安全等级的区域，参考G1856安部发布的信G5699系统安全保G6264等级定级指南，G6117G1216G4557安全区域划分和定级的建议G3926G991G726表21安全区域划分和定级的建议A23A24A25A26A25A26A27A28A29A30A31A32A31A32A33A34A35A36A37A38A39A40A41A42A43A42A44A45A46A47A48A49A50A51A35A36A37A38A52A40A41A42A43A42A44A45A46A53A48A54A55A56A57A35A36A37A38A54A55A56A57A41A42A43A42A44A45A46A53A48A58A57A59A60A35A36A37A38A61A62A54A63A64A65A66A67A68A69A58A57A70A59A60A43A42A44A45A46A71A59A60A72A73A53A48A74A75A35A36A37A38A76A77A78A70A33A34A79A80A70A74A75A81A82A83A84A85A86A87A33A34A81A82A88A48A89A90A43A42A44A35A36A37A38A89A90A41A42A66A67A43A42A44A45A46A53A48G4557G1122G2520地市G451区县联社和G2520营业网点G1075需要G4570生产业务和G2162G1856业务严格区分4开，并进行逻辑隔离，确保生产区域具G7389较高安全级别。由G1122部分G2162G1856业务用户需要访G19394生产业务G1025的特定G6980G6466，G13792部分生产应用G1075需要访G19394G2162G1856网G1025的特定G6980G6466，G3252G8504无法G1582到生产G451G2162G1856之G19400G5455G5225的物理隔离，建议在G2520级联社信G5699G1025G5527G6564G1391生产网与G2162G1856网之G19400的G17842G6521，并G18331用逻辑隔离手段进行控制，G4557G1122营业网点，由G1122G1328隔离G6249G1849太G3835，G2499暂时不考G15397隔离。A91A92A93A94A95A96A97A98A99A100A101A102A103A104A105A102A106A107A108A109A110A111A112A113A114A115A99A100A104A116A102网络改造后，全行G2162G1856系统G4570统一互联网G1998G2487，G6164G7389G2162G1856终端G2494G1813G16780在通信行G1038G2499控的情况G991G6177能通过信G5699G1025G5527G2162G1856网络的互联网G1998G2487访G19394G3818G11040网络，生产业务服务G3132和终端不G1813G16780G18331G2474G1231G1321手段直G6521访G19394互联网或通过G2162G1856网G19400G6521访G19394互联网。网上银行G3252业务需要必须G17842G6521互联网，G1306G2494G1813G16780互联网用户G4557网银门户网G12461的访G19394G1209及G16760G16789用户G4557网银G58EG37服务G3132的访G19394，生产业务服务G3132和终端不G1813G16780G18331G2474G1231G1321手段直G6521访G19394互联网或通过网银网络G19400G6521访G19394互联网。5第3章信用社网络需求分析随着信用社G18341G15713信G5699化的发展，信G5699系统已经成G1038银行G17194G1209生G4396和发展的G3534G7424条G1226。G11468应地，银行信G5699系统的安全G19394G20076G1075G17246G7481G17246G12373G1998，银行信G5699系统的安全G19394G20076G1039要G2265G6336两个方G19766G726一是G7481G14270G3818G11040G4557银行系统的G19762法G1417G1849，G4557信G5699系统的G15000G5859G11784G3363和G11435G12375G451G12725改信G5699行G1038G727G1120是G7481G14270银行内部员G5049G6937G5859或无G5859的G4557信G5699系统管理的G17841G2465。银行信G5699系统正在G19766G1032着严G4815的G6373G6124。银行进行安全建设G451加强安全管理已经成G1038当务之急，G1866必要性正在随着银行业务和信G5699系统G3926G991的发展G17247G2195G13792G7368加G1996G1998G726银行的G1863G19202业务系统层G8437G1028G4512，G6817G1328环G14422多，风险G1075G11468G4557比较G7138G7186G727随着G11017G4388银行和G1025G19400业务的G5203G8879开展，银行的网络与G44G81G87G72G85G81G72G87和G1866G1194组G13467机构的网络互联程G5242G17246G7481G17246高，G1363G2419G7424G11468G4557G4565G19393的网络G17246G7481G17246开G6930，G1186G13792G4570G3818部网络的风险G5353G1849到银行内部网络G727随着银行业务G19610G1025化的G17247G2195，银行业务系统G4557G2499G19764性和无G19400断G17828行的要求G1075G17246G7481G17246高G727随着G58TG50的到G7481和G3818资银行的进G1849，银行业G12466G1117G7097G11422G9620G9884，G7044的G18341G15713产品不断G6524G1998，G1186G13792G1363银行的应用系统G3800G1122G5567G17907的G2476化过程G1025，G4557银行的安全管理G6564G1998了G7368高的要求。G1025国国内G2520家银行G1075已经开G3999进行信G5699安体系建设，G1866G1025G7380G1039要的措施就是G18331G17153了G3835G18339安全产品，G2265G6336防G9791G3693G451G1849G1417G7828G8991系统G451防病毒和G17535份G16760G16789系统等。G17837G1135安全产品在G5468G3835程G5242上G6564高了银行信G5699系统的安全G8712平，G4557保G6264银行信G5699安全G17227到了一定G1328用。G1306是G4439G1216并G8821G7389G1186根G7424上G19489G1314安全风险，G13543G16311安全G19394G20076，G17837G1039要是G3252G1038G726信G5699安全G19394G20076G1186G7481就不是单G13443的技术G19394G20076，把防G14551G21669客G1849G1417和病毒G5875G7591理G16311G1038信G5699安全G19394G20076的全部是G10267G19766的。安全产品的G2163能G11468G4557比较G10433G12376，G5460G5460用G1122G16311G1927一类安全G19394G20076，G3252G8504G1177G1177通过部署安全产品G5468G19602完全G16218G11434银行信G5699安全G19394G20076G727信G5699安全G19394G20076不是G19757G5589的，G4439总是随着银行策略G451组G13467架构G451信G5699系统和G6817G1328流程的改G2476G13792改G2476。部署安全产品是一G12193G19757G5589的G16311G1927G2162法。一G143366G7481G16840，在产品安G16025和配置后较G19283一段时G19400内，G4439G1216G18129无法G2172G5589调整G1209G17878应安全G19394G20076的G2476化。G6164G1209，银行G11040的G7389G16794之G3775G18129G5859G16794到应G1186根G7424上改G2476应G4557信G5699安全G19394G20076的G5617G17347，建立G7368加全G19766的安全保G19568体系，在安全产品的G17753G2173G991，通过管理手段体系化地保G19568信G5699系统安全。G991G19766G6117G1216G4570通过分析信用社改造后的网络结构G991G2499能G19766G1032的安全G19394G20076，G4557信用社G708G1039要是生产网G709目G2081的安全需求进行总体分析。根G6466实际项目进G5242安G6502，G6117G1216G4570分别G4557网上银行系统G451生产业务系统进行分析。31网上银行安全风险和安全需求G19036G4557目G2081G7380常见的互联网攻击类型G1209及国内G3818网上银行系统通常G19766G1032的安全威胁，结合信用社的实际情况，G6117G1216G16760G1038在信用社网上银行网络G2499能G19766G1032的安全风险和G4557应的安全需求G3926G991G726表31G2499能G19766G1032的安全风险和G4557应的安全需求A117A118A119A120A121A122A123A124A125A126A127A128A129A130A131A132A133A134A135A136A137A138A139A140A141A142A137A138A139A143A144A145A146A147A148A149A150A151A152A153A154A155A139A128A156A150A151A145A146A157A158A159A160A161A162A159A163A164A165A166A167A168A169A164A165A166A170A171A172A153A154A155A139A128A156A173A161A162A145A146A139A174A175A176A177A178A159A179A180A181A159A163A182A169A183A184A182A169A185A128A129A173A186A187A188A152A128A156A189A165A190A191A192A193A146A194A195A196A163A197A159A198A139A199A200A201A202A198A203A204A205A206A189A207A167A208A209A194A210A144A211A212A195A213A167A214A214A215A150A208A157A216A217A218A167A219A220A221A222A223A224A225A226A227A223A228A167A229A224A225A230A231A232A233A182A169A234A235A236A237A238A239A240A128A156A173A219A220A145A146A241A193A146A170A171A172A235A128A156A242A143A232A233A173A219A220A145A146A159A163A164A165A166A243A244A245A246A247A159A248A249A235A173A219A220A159A250A159A163A245A251A252A253A248A249A235A173A219A220A159A250A254A255A187A0A1A167A2A192A152A159A179A8A149A143A144A8A157A221A222A159A75A173A119A3A149A189A207A214A152A130A90A4A143A144A8A2A192A5A214A214A215A150A208A2A192A1577A198A199A6A7A9A10A11A12A13A114A14A15A16A17A201A146A18A19A10A11A191A20A204A12A21A22A23A24A25A106A207A26A103A181A27A99A28A103A210A29A99A28A103A212A30A31A106A162A32A33A34A35A36A37A111A103A216A35A38A34A39A40A40A35A36A103A147A25A41A42A43A44A49A45A46A47A48A46A79A50A111A12A13A51A52A159A32A53A162A39A159A37A60A32A35A227A54A31A106A34A32A53A165A55A138A56A57A58A111A127A59A51A52A61A62A63A64A65A23A66A106A139A67A68A69A70A62A71A64A72A73A43A44A74A76A77A78A80A134A149A81A82A83A62A63A61A227A54A31A228A139A84A14A143A62A71A85A86A62A63A47A28A134A83A138A88A87A28A138A100A89A91A60A74A76A77A231A92A134A241A93A83A94A95A96A97A103A247A52A103A147A25A61A98A65A23A66A134A76A77A197A101A13A102A104A52A61A105A107A147A25A134A138A100A149A81A108A109A110A30A25A103A112A113A103A115A69A30A25A76A116A117A118A120A61A121A122A123A124A147A25A134A138A100A139A12A125A50A226A126A128A129A130A123A12A70A13A102A131A9A132A111A133A135A136A12A137A106A146A146A18A19A103A140A141A87A28A103A12A21A142A144A103A12A21A10A11A61A145A148A150A151A152A111A178A153A12A70A154A155A138A62A63A61A156A69A157A158A160A124A135A136A60A145A161A81A163A164A12A13A166A102A10A11A167A116A70A168A115A193A169A170A171A108A64A6532生产业务网络安全风险和安全需求G4557G1122生产业务网络G13792言，G2499能G4396在的安全风险和G4557应的安全需求G3926G991G726A79A30A172A173A174A175A172A173A163A176A56A57A58A83A177A62A63A179A180A182A183A184A171A108A130A123A185A186A60A121A188A189A185A186A60A190A81A99A28A194A195A103A169A196A106A89A200A202A60A62A71A169A196A99A28A111A203A205A206A49A72A73A208A148A209A211A213A214A103A12A137A167A215A129A217A159A32A53A162A39A159A37A49A34A32A53A165A55A218A219A51A52A220A221A7A9A31A222A62A71A82A190A218A219A64A72A73A99A28A12A13A223A112A191A131A9A12A137A224A181A222A64A72A73A12A225A229A230A232A233A234A49A10A11A106A12A129A217A179A100A235A236A228A157A158A235A236A237A238A239A131A9A112A191A156A69A64A240A242A103A233A234A243A2448A245A246A248A249A250A246A251A252A253A254A255A20A250A118A8A0A1A2A3A4A14A5A254A255A8A245A119A6A7A248A189A9A119A41A8A0A1A2A3A4A248A176A10A42A11A12A13A8A245A248A65A66A254A255A8A245A14A5A254A255A8A245A119A6A7A248A189A9A15A16A154A96A17A45A147A248A113A18A187A19A46A189A21A139A47A4A8A22A23A4A8A0A48A24A20A254A255A96A17A60A33A25A139A26A118A27A51A28A20A254A255A96A17A8A245A29A189A30A31A248A53A32A77A34A30A31A186A35A36A38A37A103A55A39A38A37A35A40A43A44A57A40A43A49A50A52A54A56A58A59A61A62A253A63A64A67A103A38A37A68A39A35A69A70A44A57A94A71A52A54A103A61A62A98A52A54A253A63A64A67A103A38A37A68A399第4章总体安全技术框架建议根G6466G4557信用社网络系统安全需求分析，G6117G1216G6564G1998了由多G12193安全技术和多层防G6264措施构成的一整套安全技术方案，具体G2265G6336G726在网络层划分安全域，部署防G9791G3693系统G451防拒绝服务攻击系统G451G1849G1417G7828G8991系统G451G1849G1417防御系统和漏洞扫G6563系统G727在系统层部署病毒防G14551系统，G6564G1391系统安全评估和加固建议G727在管理层制订安全管理策略，部署安全信G5699管理和分析系统，建立安全管理G1025G5527。具体建议G3926G991G72641网络层安全建议1网络访G19394控制划分安全域G1038了G6564高银行网络的安全性和G2499G19764性，在省联社总部G451G2520地市联社G451G2520区县联社G451分理G3800G4557不同系统划分不同安全域。访G19394控制措施G4557安全等级较高的安全域，在G1866边G11040部署防G9791G3693，G4557安全等级较G1314的安全域的边G11040则G2499G1209G1363用VG47G36G49或访G19394控制列表G7481代替。根G6466G4557信用社整体网络的区域划分，G6117G1216G4570在不同安全域边G11040G18331用不同的访G19394控制措施G726在生产网与G2162G1856网之G19400G18331用防G9791G3693G6564G1391访G19394控制，G2494G1813G16780业务G11468G1863的访G19394，拒绝G1866G1194G6164G7389访G19394G727在生产网与网上银行网络之G19400G18331用防G9791G3693G6564G1391访G19394控制，G2494G1813G16780业务G11468G1863的访G19394，拒绝G1866G1194G6164G7389访G19394G727在生产网与G11468G1863单G1313网络之G19400G18331用防G9791G3693G6564G1391访G19394控制，G2494G1813G16780业务G11468G1863的访G19394，拒绝G1866G1194G6164G7389访G19394G727在网上银行网络与互联网之G19400G18331用防G9791G3693G6564G1391访G19394控制，除G1813G16780互联网用户访G19394网银门户网G12461G451G1813G16780互联网G16760G16789用户访G19394网银G58EG37及G1813G16780网银G58EG37服务G3132G18G54G54G47加G17907G3132访G19394互联网上的CG41CG36之G3818，拒绝G1866G1194G6164G7389访G19394G72710在生产网的生产区域G708一G13459业务G709与G1866G1194区域之G19400G18331用防G9791G3693G6564G1391访G19394控制，G2494G1813G16780业务G11468G1863的访G19394，拒绝G1866G1194G6164G7389访G19394G727在生产网的G1866G1194G2520区域之G19400利用G989层交换机划分虚拟G4388网及进行简单G2265过滤，G1582到较简单的访G19394控制G7272防拒绝服务攻击在网上银行系统与G44G81G87G72G85G81G72G87G1998G2487边G11040G3800，配G3803抗G39G82G54攻击网G1863系统，G1209抵御G7481G14270互联网的G2520G12193拒绝服务攻击和分布式拒绝服务攻击。3网络入侵检测在网上银行系统和总行业务网络系统G1025部署G1849G1417G7828G8991系统，实时G7828G8991G451分析网络上的通讯G6980G6466流，尤G1866是G4557进G1998安全域边G11040或进G1998G4396G6930G7389涉密信G5699的G1863G19202网段G451服务G3132G1039机的通讯G6980G6466流进行监控，及时发现G17841规行G1038和异常行G1038并进行G3800理。网络G1849G1417G7828G8991系统G2499实现G3926G991G2163能G726网络信G5699G2265嗅探。G1209旁G17347监听方式秘密G17828行，G1363攻击者无法G5875知到。G21669客常常在G8821G7389觉察的情况G991被抓获，G3252G1038G1194G1216不知道G1194G1216一直受到密切监视。网络访G19394监控。根G6466实际业务需要定制G11468G1863规则，G2499G1209定义哪G1135G1039机或网段G2499G1209或不G2499G1209访G19394网络上的特定资源，G2499G1209定义访G19394时G19400段，G4557特定的G19762法访G19394行G1038或除特定合法访G19394行G1038之G3818的G6164G7389访G19394行G1038进行监控，一G7098发现G17841规行G1038则根G6466事先定义的响应策略进行报警G451阻断或联G2172的G11468应，G1209保G16789G2494G7389授权用户G6177G2499G1209访G19394特定网络资源。应用层攻击特征G7828G8991。G6564G1391详尽G451细粒G5242的应用协议分析技术，实现应用层攻击G7828G8991，G2499G14270G2172G7828G8991网络实时G6980G6466流G1025符合特征的攻击行G1038，系统G13512G6264一个强G3835的攻击特征G5223，用户G2499G1209定期G7368G7044，确保能够G7828G8991到G7380G7044的攻击事G1226。蠕虫G7828G8991。实时跟踪当G2081G7380G7044的蠕虫事G1226，G19036G4557已经发现的蠕虫攻击及时G6564G1391G11468G1863事G1226规则。系统G13512G6264一个强G3835的蠕虫特征G5223，用户G2499G1209定期G7368G7044，确保能够G7828G8991到G7380G7044的蠕虫事G1226。G4557G1122G4396在系统漏洞G1306尚未发现G11468G1863蠕虫事G1226的情况，通过分析漏洞G7481G6564G1391G11468G1863的G1849G1417事G1226规则，G7380G3835G19492G5242地G16311G1927蠕虫发现滞后的G19394G20076。11G2499疑网络活G2172G7828G8991。即异常G7828G8991，G2265G6336通过G4557在特定时G19400G19400隔内超流G18339G451超G17842G6521的G6980G6466G2265进行G7828G8991等方式，实现G4557G39G82G54G451扫G6563等攻击事G1226的G7828G8991。G7828G8991隐藏在G54G54G47加密通讯G1025的攻击。通过G16311码G3534G1122G54G54G47加密的通讯G6980G6466，分析G451G7828G8991G3534G1122G54G54G47加密通讯的攻击行G1038，G1186G13792G2499G1209保G6264G6564G1391G54G54G47加密访G19394的网银G58EG37服务G3132的安全性。G7097志审计。G6564G1391G1849G1417G7097志和网络流G18339G7097志记录和G13520合分析G2163能，并G6564G1391详细的分析报告，G1363网络管理员G2499G1209跟踪用户G451应用程序等G4557网络的G1363用情况，帮G2173管理员改进网络安全策略的规划，并G6564G1391G7368精确的网络安全控制。通过详尽的审计记录，G2499G1209在系统遭到恶G5859攻击后，G6564G1391G16789G6466G1209G6564G17227法律诉讼。多网段同时监控。G1849G1417探G8991G3132支持多个网络监听G2487，G2499G1209G17842G6521到多个网段G1025进行实时监控，G6117G1216G1075G2499G1209在不同的网段分别部署多个探G8991G5353擎，管理员G2499G1209通过G19610G1025的管理控制台G4557探G8991G3132上传的信G5699进行统一查G11487，通过管理G3132进行G13520合分析，并生成报表。A72A73A73A74A75A76A78A79A80A74A75A78A79A74在生产网与网上银行网络之G19400G451G2162G1856网与互联网之G19400分别部署G1849G1417防御系统，G4557G3818G11040网络G21669客利用防G9791G3693G1038合法的用户访G19394G13792开G6930的端G2487穿透防G9791G3693G4557内网发G17227的G2520G12193高级G451G3809G7446的攻击行G1038进行G7828G8991和阻断。G44PG54系统G5049G1328在第G1120层到第七层，通常G1363用特征匹配和异常分析的方法G7481G16794别G2520G12193网络攻击行G1038，G3252G1866是G1209在G13459串联方式部署的，G4557G7828G8991到的G2520G12193攻击行G1038均G2499直G6521阻断并生成G7097志报告和报警信G5699。A81A73A73A82A83A84A85A82A83A82A79A80在生产网上部署一套漏洞扫G65