本文選題：防火墻 + 測(cè)試��； 參考：《北京郵電大學(xué)》2017年碩士論文

【摘要】：隨著計(jì)算機(jī)和網(wǎng)絡(luò)技術(shù)的發(fā)展,存在于公共網(wǎng)絡(luò)中的安全風(fēng)險(xiǎn)越來(lái)越多樣化,對(duì)信息安全造成了很大的威脅。如何在訪問(wèn)外部網(wǎng)絡(luò)的同時(shí)保證內(nèi)部網(wǎng)絡(luò)資源的安全性是安全技術(shù)人員面臨的首要問(wèn)題。因此,在眾多網(wǎng)絡(luò)安全產(chǎn)品之中,作為溝通內(nèi)部網(wǎng)絡(luò)和外部網(wǎng)絡(luò)的第一道關(guān)卡,防火墻成為了備受關(guān)注的產(chǎn)品之一。作為網(wǎng)絡(luò)安全防護(hù)手段之一,防火墻雖然可以有效保障內(nèi)部網(wǎng)絡(luò)的安全,但由于其自身在具體實(shí)現(xiàn)方式上存在著不同的安全脆弱點(diǎn),對(duì)網(wǎng)絡(luò)安全的防護(hù)有著自身的局限性,不能成為絕對(duì)安全的防護(hù)手段。要想提高安全保障的級(jí)別,就需要對(duì)防火墻安全脆弱性進(jìn)行分析,更加全面的了解防火墻的安全脆弱點(diǎn)。因此,為了保障網(wǎng)絡(luò)的安全性,有必要對(duì)防火墻設(shè)備進(jìn)行脆弱性測(cè)試,并進(jìn)行結(jié)果分析,從而對(duì)防火墻的脆弱性做出評(píng)估。本文首先對(duì)防火墻管理配置和過(guò)濾規(guī)則可能存在的脆弱性進(jìn)行分析,并對(duì)防火墻測(cè)試國(guó)家標(biāo)準(zhǔn)、及傳統(tǒng)網(wǎng)絡(luò)測(cè)試技術(shù)進(jìn)行研究,基于模糊測(cè)試技術(shù)方法,有針對(duì)性的構(gòu)造IP、ICMP、TCP、UDP等協(xié)議畸形數(shù)據(jù)包,包括標(biāo)志位置零、插入特殊字符、標(biāo)志位隨機(jī)、構(gòu)造大數(shù)據(jù)包等方式,完成對(duì)防火墻過(guò)濾規(guī)則脆弱性的測(cè)試。此外,考慮到目前硬件防火墻大多采用Web方式管理,在測(cè)試中加入對(duì)Web的測(cè)試,保證測(cè)試工作的完備性。本文重點(diǎn)研究防火墻脆弱性評(píng)估技術(shù),通過(guò)對(duì)傳統(tǒng)網(wǎng)絡(luò)評(píng)估技術(shù)的研究,結(jié)合防火墻測(cè)試國(guó)家標(biāo)準(zhǔn),提出了基于指標(biāo)體系的防火墻脆弱性評(píng)估模型。首先,在對(duì)防火墻脆弱性分析的基礎(chǔ)上,提出層次化的評(píng)估指標(biāo)體系,包括目標(biāo)層、屬性層和指標(biāo)層,并基于防火墻脆弱性測(cè)試結(jié)果對(duì)指標(biāo)進(jìn)行量化;其次,通過(guò)專(zhuān)家系統(tǒng)和層次分析法,比較評(píng)估指標(biāo)的重要性并進(jìn)行分析計(jì)算,從而完成對(duì)指標(biāo)的權(quán)重賦值;最后,通過(guò)灰色聚類(lèi)方法,得到評(píng)估灰類(lèi)和白化函數(shù),最終實(shí)現(xiàn)防火墻脆弱性定性評(píng)估。最后,本文設(shè)計(jì)并實(shí)現(xiàn)了防火墻脆弱性測(cè)試及評(píng)估系統(tǒng),闡述了該系統(tǒng)的基本組成架構(gòu),對(duì)其中的關(guān)鍵模塊的設(shè)計(jì)方案和實(shí)現(xiàn)過(guò)程進(jìn)行了詳細(xì)的說(shuō)明,包括控制模塊、測(cè)試模塊、評(píng)估模塊和數(shù)據(jù)庫(kù)模塊。并最終通過(guò)實(shí)驗(yàn)結(jié)果分析驗(yàn)證了指標(biāo)體系選取的合理性以及測(cè)試及評(píng)估系統(tǒng)的有效性。
[Abstract]:With the development of computer and network technology, the security risks in public networks are becoming more and more diversified, which pose a great threat to information security. How to access the external network while ensuring the security of internal network resources is the most important problem for security technicians. Therefore, among many network security products, firewall has become one of the most concerned products as the first level of communication between internal network and external network. As one of the means of network security protection, firewall can effectively protect the security of internal network, but it has its own limitations on the protection of network security because of its own different security vulnerabilities in the specific implementation mode. Can not be an absolute security means of protection. In order to improve the security level, it is necessary to analyze the vulnerability of firewall security, and to understand the security fragility of firewall more comprehensively. Therefore, in order to ensure the security of the network, it is necessary to test the vulnerability of firewall devices and analyze the results, so as to evaluate the vulnerability of firewalls. In this paper, the vulnerability of firewall management configuration and filtering rules is analyzed, and the national standards of firewall testing and traditional network testing techniques are studied. In order to test the vulnerability of firewall filtering rules, we construct protocol malformed data packets such as IP / ICMP / TCPU / UDP, including zero flag position, special character insertion, random flag bit, large packet construction and so on. In addition, considering that most of the hardware firewalls are managed by Web at present, the test of Web is added to the test to ensure the completeness of the test work. This paper focuses on firewall vulnerability assessment technology. Through the research of traditional network assessment technology, combined with firewall testing national standards, a firewall vulnerability assessment model based on index system is proposed. Firstly, based on the analysis of firewall vulnerability, a hierarchical evaluation index system is proposed, which includes target layer, attribute layer and index layer, and quantifies the index based on firewall vulnerability test results. Through expert system and Analytic hierarchy process (AHP), the importance of evaluation index is compared and calculated, so that the weight of the index is assigned. Finally, the grey clustering method is used to obtain the grey class and whitening function. Finally, the qualitative evaluation of firewall vulnerability is realized. Finally, this paper designs and implements the firewall vulnerability testing and evaluation system, describes the basic structure of the system, and describes the design scheme and implementation process of the key modules in detail, including the control module. Test module, evaluation module and database module. Finally, the rationality of the index system selection and the effectiveness of the test and evaluation system are verified by the analysis of the experimental results.
【學(xué)位授予單位】：北京郵電大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2017
【分類(lèi)號(hào)】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前10條

1 劉健;趙剛;鄭運(yùn)鵬;;基于AHP-貝葉斯網(wǎng)絡(luò)的信息安全風(fēng)險(xiǎn)態(tài)勢(shì)分析模型[J];北京信息科技大學(xué)學(xué)報(bào)(自然科學(xué)版);2015年03期

2 王化中;強(qiáng)鳳嬌;祝福云;;重構(gòu)灰色聚類(lèi)決策步驟及灰類(lèi)調(diào)整系數(shù)[J];統(tǒng)計(jì)與決策;2014年14期

3 張亞威;徐其崗;;淺談防火墻技術(shù)[J];無(wú)線(xiàn)互聯(lián)科技;2014年07期

4 陳芳;趙海;黃鎮(zhèn);;基于信息資產(chǎn)的風(fēng)險(xiǎn)評(píng)估方法的研究與實(shí)現(xiàn)[J];信息技術(shù)與標(biāo)準(zhǔn)化;2014年06期

5 呂康;;網(wǎng)絡(luò)安全評(píng)估技術(shù)的探討[J];河南科技;2014年09期

6 王歡;;軟件測(cè)試技術(shù)研究[J];電子技術(shù)與軟件工程;2013年24期

7 楊武俊;;多層次模糊綜合評(píng)判法在信息安全風(fēng)險(xiǎn)評(píng)估中的應(yīng)用[J];網(wǎng)絡(luò)安全技術(shù)與應(yīng)用;2013年11期

8 洪健;;基于防火墻的網(wǎng)絡(luò)安全技術(shù)分析[J];網(wǎng)絡(luò)安全技術(shù)與應(yīng)用;2013年10期

9 武琳杰;;基于AHP-灰色聚類(lèi)的大學(xué)生綜合素質(zhì)評(píng)估[J];價(jià)值工程;2013年08期

10 陳恢明;陳文;梁剛;;一種基于網(wǎng)絡(luò)安全風(fēng)險(xiǎn)評(píng)估的入侵檢測(cè)方法[J];計(jì)算機(jī)安全;2012年10期

相關(guān)碩士學(xué)位論文 前1條

1 黃奕;基于模糊測(cè)試的軟件安全漏洞發(fā)掘技術(shù)研究[D];中國(guó)科學(xué)技術(shù)大學(xué);2010年

，

本文編號(hào)：1906116