本文選題：Linux終端 + 安全加固��； 參考：《華北電力大學(xué)》2014年碩士論文

【摘要】：隨著信息技術(shù)和移動(dòng)互聯(lián)網(wǎng)技術(shù)的快速發(fā)展,終端遠(yuǎn)程訪問企業(yè)內(nèi)網(wǎng)數(shù)據(jù)資源的需求日益迫切。但移動(dòng)互聯(lián)網(wǎng)的開放特點(diǎn)無法保證其信息通信的安全性,如何實(shí)現(xiàn)移動(dòng)終端與企業(yè)網(wǎng)絡(luò)之間的安全通信成為終端遠(yuǎn)程接入面臨的新挑戰(zhàn)。移動(dòng)終端遠(yuǎn)程接入系統(tǒng)包括終端、數(shù)據(jù)通道和接入系統(tǒng)三個(gè)實(shí)體,其中任何一部分存在的安全問題都可能威脅到整個(gè)接入系統(tǒng)的安全。傳統(tǒng)的采用虛擬專用網(wǎng)的移動(dòng)接入技術(shù)只關(guān)注數(shù)據(jù)傳輸通道的安全,忽略了終端的安全問題,無法滿足企業(yè)終端的安全接入需求。終端自身的安全防護(hù)、可靠的身份認(rèn)證和安全的接入技術(shù)是整個(gè)接入系統(tǒng)需要解決的關(guān)鍵問題。 本文以電力企業(yè)的移動(dòng)終端接入需求為背景,為滿足企業(yè)的移動(dòng)終端安全防護(hù)要求,針對Linux移動(dòng)終端面臨的主要安全威脅,通過分析操作系統(tǒng)的安全特性,提出相應(yīng)的安全加固措施,如基于硬件的終端身份識別和動(dòng)態(tài)的安全狀態(tài)檢測技術(shù)等。通過對目前流行虛擬專用網(wǎng)協(xié)議的應(yīng)用范圍和實(shí)現(xiàn)方式進(jìn)行了分析和對比,結(jié)合本論文的系統(tǒng)需求,最終選擇了安全套接層作為認(rèn)證和加密傳輸?shù)膮f(xié)議。詳細(xì)分析了OpenVPN的具體實(shí)現(xiàn)原理,并在其基礎(chǔ)上設(shè)計(jì)了具有硬件身份識別和動(dòng)態(tài)安全檢測的一體化接入系統(tǒng)。該系統(tǒng)從終端加固、安全數(shù)據(jù)傳輸及終端狀態(tài)動(dòng)態(tài)檢測等方面保證了終端本身、接入過程和數(shù)據(jù)通信的安全。本文設(shè)計(jì)的一體化接入系統(tǒng)在實(shí)驗(yàn)環(huán)境下經(jīng)過測試,已基本滿足預(yù)期要求。移動(dòng)終端安全接入的研究將對電力企業(yè)信息化的進(jìn)程有積極的推動(dòng)作用。
[Abstract]:With the rapid development of information technology and mobile Internet technology, the demand for remote access to data resources in enterprise Intranet becomes increasingly urgent. However, the open characteristic of mobile Internet can not guarantee the security of its information communication. How to realize the secure communication between mobile terminal and enterprise network becomes a new challenge for terminal remote access. The remote access system of mobile terminal includes three entities: terminal, data channel and access system. The security problems in any part of the system may threaten the security of the whole access system. The traditional mobile access technology using virtual private network only pays attention to the security of the data transmission channel, neglects the security problem of the terminal, and can not meet the security access requirements of the enterprise terminal. The security protection of the terminal itself, reliable identity authentication and secure access technology are the key problems to be solved in the whole access system. In this paper, based on the mobile terminal access requirements of power enterprises, in order to meet the security requirements of mobile terminals, the main security threats faced by Linux mobile terminals are analyzed, and the security characteristics of the operating system are analyzed. The corresponding security reinforcement measures, such as terminal identification based on hardware and dynamic security state detection technology, are put forward. Based on the analysis and comparison of the application scope and implementation of the popular VPN protocol, the secure socket layer is selected as the protocol of authentication and encryption transmission according to the system requirements of this paper. The realization principle of OpenVPN is analyzed in detail, and an integrated access system with hardware identification and dynamic security detection is designed. The system ensures the security of the terminal itself, access process and data communication from the aspects of terminal reinforcement, secure data transmission and terminal state dynamic detection. The integrated access system designed in this paper has been tested in the experimental environment and has basically met the expected requirements. The research on secure access of mobile terminals will play an active role in the process of power enterprise informatization.
【學(xué)位授予單位】：華北電力大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2014
【分類號】：TN915.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前10條

1 任江，，袁宏春;對SSL協(xié)議及其安全性分析[J];電子科技大學(xué)學(xué)報(bào);1998年04期

2 郭寶;周馳;;電力生產(chǎn)現(xiàn)場作業(yè)和終端安全防護(hù)研究[J];電力信息化;2010年12期

3 張宏科;蘇偉;;新網(wǎng)絡(luò)體系基礎(chǔ)研究——一體化網(wǎng)絡(luò)與普適服務(wù)[J];電子學(xué)報(bào);2007年04期

4 王義申;;對電力企業(yè)生產(chǎn)現(xiàn)場作業(yè)和終端安全防護(hù)的研究[J];科技創(chuàng)新與應(yīng)用;2013年04期

5 李之棠;何桂麗;王美珍;;基于虛擬網(wǎng)卡的SSL VPN體系結(jié)構(gòu)的研究[J];計(jì)算機(jī)應(yīng)用研究;2007年12期

6 柯海清,馮啟明;數(shù)據(jù)加密技術(shù)及網(wǎng)絡(luò)應(yīng)用[J];武漢理工大學(xué)學(xué)報(bào)(交通科學(xué)與工程版);2002年06期

7 孫玉霞;陳火炎;;UNIX主機(jī)文件完整性校驗(yàn)工具的原理與實(shí)現(xiàn)[J];計(jì)算機(jī)應(yīng)用與軟件;2006年06期

8 須文波,歐愛輝,張星燁;Linux安全操作系統(tǒng)的設(shè)計(jì)與實(shí)現(xiàn)[J];計(jì)算機(jī)與現(xiàn)代化;2003年10期

9 郭學(xué)超;翟正軍;;OpenVPN體系安全性研究[J];科學(xué)技術(shù)與工程;2007年08期

10 陳閎中;Linux在嵌入式操作系統(tǒng)中的應(yīng)用[J];同濟(jì)大學(xué)學(xué)報(bào)(自然科學(xué)版);2001年05期

本文編號：2016887