【摘要】：互聯(lián)網(wǎng)的迅速發(fā)展,大大的加快了經(jīng)濟社會發(fā)展,在方便人們生活的同時,帶來了信息網(wǎng)絡(luò)安全的問題,因此,它為企業(yè)的發(fā)展、生存帶來了新的問題和挑戰(zhàn)。網(wǎng)絡(luò)信息安全問題出于信息技術(shù)的迅猛發(fā)展,它不僅表現(xiàn)為對網(wǎng)絡(luò)信息技術(shù)的強烈依賴,而且從網(wǎng)絡(luò)信息安全概念產(chǎn)生起,就表現(xiàn)為對機房物理環(huán)境、人的行為的強烈依賴。而當(dāng)今企業(yè)為確保自身信息安全問題不被泄密,在現(xiàn)實網(wǎng)絡(luò)應(yīng)用環(huán)境中通常會在網(wǎng)絡(luò)出口、服務(wù)器區(qū)、辦公網(wǎng)區(qū)部署防火墻設(shè)備,通過防火墻設(shè)備設(shè)置對應(yīng)訪問規(guī)則,保護企業(yè)內(nèi)網(wǎng)數(shù)據(jù)信息部受攻擊、侵害。近幾年我公司內(nèi)部網(wǎng)絡(luò)規(guī)模隨著業(yè)務(wù)的發(fā)展不斷的在進行變更擴大,在每次調(diào)整網(wǎng)絡(luò)架構(gòu)時隨時會面臨業(yè)務(wù)被受影響的情況,特別是公司防火墻的改造、升級,因沒有一個集中的管理機制隨時會將業(yè)務(wù)進行阻斷,甚至當(dāng)防火墻受損時無法第一時間迅速恢復(fù)。我公司目前內(nèi)部網(wǎng)絡(luò)架構(gòu)主要分為核心網(wǎng)、業(yè)務(wù)網(wǎng)、安全管理網(wǎng)、互聯(lián)網(wǎng)接入?yún)^(qū)、專網(wǎng)接入?yún)^(qū)等五大區(qū)域,其中在核心網(wǎng)絡(luò)層部署了兩臺防火墻,業(yè)務(wù)網(wǎng)部署了四臺防火墻,安全管理網(wǎng)部署了兩臺防火墻,互聯(lián)網(wǎng)接入?yún)^(qū)域出口部署了兩臺防火墻,專網(wǎng)接入?yún)^(qū)部署了兩臺防火墻,這些防火墻的公司的網(wǎng)絡(luò)保護起到了關(guān)鍵性的作用,但是一旦防火墻出現(xiàn)故障或管理人員在配置時出現(xiàn)錯誤將影響公司內(nèi)部網(wǎng)絡(luò)業(yè)務(wù)。因此目前我公司需要一個能集中管理這些防火墻的有效機制,主要從防火墻配置、基礎(chǔ)信息、系統(tǒng)日志、備份恢復(fù)等幾方面去管理,本論文研究的目的就是研發(fā)出一套防火墻管理軟件來對公司的所有的硬件防火墻進行集中性的管理。從經(jīng)濟實用性來說,該設(shè)計將在很大程度上節(jié)約公司開銷,這種軟防火墻在辦公網(wǎng)中的應(yīng)用將比各商業(yè)防火墻更易于管理和操作,在功能方面看來,混合型網(wǎng)絡(luò)防火墻除了根據(jù)內(nèi)部網(wǎng)絡(luò)規(guī)劃制定相應(yīng)的用戶策略的功能外還支持賬號管理,靈活的將不同辦公角色和職能部門劃分,對信息安全要求級別高的辦公終端實施高安全性的策略,能有效杜絕局域網(wǎng)和外網(wǎng)攻擊。本文在對防火墻技術(shù)及原理進行了簡潔的基礎(chǔ)上,以防火墻技術(shù)在企業(yè)信息安全的應(yīng)用為研究目的,針對防火墻目前存在的如下缺陷:不能防止策略配置不當(dāng)或錯誤配置引起的安全威脅、因硬件問題的損壞導(dǎo)致配置和策略的丟失、不能防止可接觸的人為或自然的破壞以及防火墻設(shè)備中產(chǎn)生的日志會消耗自身存儲空間等問題,設(shè)計了一套防火墻管理軟件并進行了軟件測試,獲得了良好結(jié)果。
[Abstract]:The rapid development of the Internet greatly speeds up the economic and social development, which brings about the problem of information network security while facilitating people's life. Therefore, it brings new problems and challenges to the development and survival of enterprises. The problem of network information security is due to the rapid development of information technology. It is not only a strong dependence on network information technology, but also a strong dependence on the physical environment and human behavior from the concept of network information security. In order to ensure that their own information security problems are not leaked, enterprises usually deploy firewall devices in the network exit, server area and office network area in the real network application environment, and set the corresponding access rules through the firewall device. To protect the data and information department of the internal network of enterprises is attacked and infringed upon. In recent years, with the development of business, the scale of internal network of our company is constantly changing and expanding, and every time we adjust the network structure, we will be faced with the situation of business being affected at any time, especially the transformation and upgrading of the company's firewall. Without a centralized management mechanism, the business will be blocked at any time, even when the firewall is damaged, it can not recover quickly. At present, the internal network architecture of our company is mainly divided into five major areas: core network, business network, security management network, Internet access area and private network access area, among which two firewalls are deployed in the core network layer and four firewalls are deployed in the business network. Two firewalls have been deployed in the security management network, two firewalls have been deployed at the exit of the Internet access area, and two firewalls have been deployed in the private network access area. The network protection of these firewall companies has played a key role. However, once firewall failure or manager configuration errors will affect the company's internal network business. Therefore, at present our company needs an effective mechanism to centralize the management of these firewalls, mainly from the firewall configuration, basic information, system log, backup and recovery, and so on. The purpose of this thesis is to develop a set of firewall management software to manage all hardware firewalls. In terms of economic practicability, the design will greatly reduce the cost of the company, this soft firewall in office network applications will be easier to manage and operate than commercial firewalls, from a functional point of view, In addition to the function of formulating corresponding user policies according to the internal network planning, the hybrid network firewall also supports account management and flexibly divides different office roles and functional departments. The implementation of high security strategy for office terminals with high information security requirements can effectively prevent attacks on local area networks and external networks. On the basis of simple firewall technology and principle, the purpose of this paper is to study the application of firewall technology in enterprise information security. The firewall has the following defects: it can't prevent the security threat caused by the improper configuration or misconfiguration of the policy, and the configuration and the loss of the policy can be caused by the damage of the hardware problem. A set of firewall management software is designed and tested, and good results are obtained.
【學(xué)位授予單位】：電子科技大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2014
【分類號】：TP393.08
，

本文編號：2230021