节点文献
统一网络安全管理数据采集与分析系统的研究及实践
Research and Practice of Unified Network Security Management System for Data Collection and Analysis
【作者】 李明明;
【导师】 苏厚勤;
【作者基本信息】 东华大学 , 计算机应用技术, 2010, 硕士
【摘要】 统一网络安全管理系统是一套综合性的安全管理软件。网络安全管理要从网络的整体安全出发,通过对网络中各种安全设备和安全软件的集中管理和监控,把一个个原本分离的信息安全孤岛联结成有机协作互动的一个整体,实现网络安全管理过程中的实时状态监测、动态策略调整,从而有效提升网络的可管理性和安全水平。本文在分析了目前国内外网络安全管理系统的现状之后,提出采用SNMP协议来统一采集设备信息,达到将数据格式统一化,以方便管理和分析的目的。本文作者的主要研究工作和创新点概述如下:1)分析了网络安全管理目前的国内外发展状况,以及目前网络管理面临的安全威胁。2)对SNMP的关键技术,包括ASN.1、BER、SMI、MIB、VACM等进行了描述,针对SNMPv3在认证系统中所用数字摘要算法的弱安全性进行了分析,提出使用SHA-2代替SHA-1和MD5数字摘要算法的改进建议,以满足更高的安全需求。3)对统一网络管理系统中用到的设备和软件进行了部署设计,对支持SNMP的网络连接设备进行设置设计说明,使其支持SNMP协议的读写,并部署了开源软件Snort及Ntop。4)在SNMP协议设备和软件的部署基础上,设计和实现了一个统一网络管理的原型系统,该系统遵循FCAPS模型关于五个网络管理功能类别划分规则,给出了详尽的体系结构图和实际管理模型。本文的研究成果对构建统一网络安全管理系统具有很好的参考价值。
【Abstract】 Unified Network Security Management System is a comprehensive security management software. From the whole network, network security management links every originally isolated island of information security into an organic collaborative system through centralized managing and monitoring various security devices and network security software in the whole network, and realizes monitoring in time, adjusts of dynamic policy, so as to effectively enhance the user’s network manageability and safety.After analysis of the current home and overseas status of network security management system, an unification collection device information is proposed by adopting the SNMP protocol in this paper, in order to achieve the unified data format to facilitate management and analysis purposes.The author’s main research work and innovation are summarized as the followings:1) Analysis development of current domestic and international network security management and security threats of current network facing.2) The key technology of SNMP, including ASN.1, BER, SMI, MIB, VACM, etc. are described, analysis the weak security of the digital digest algorithm used in the SNMPv3 authentication system, proposed suggestions for improvement of using the SHA-2 instead of SHA-1 and MD5 digital digest algorithm to meet higher security needs.3) deploy equipment and software of the unified network management system used, design specification network connected devices that support SNMP, to support read and write of the SNMP protocol, and the deployment of open source software Snort and Ntop.4) based on the deployment of SNMP protocol equipment and software, design and implementation of a prototype of a unified network management system, which follows the FCAPS model of the five network management functions on the type of rule, the system gives a detailed diagram and the actual management model.The result of this study to build a unified network security management system has a very good reference value.