【作者】 庄天天；

【导师】 李忠献；

【作者基本信息】 北京邮电大学 ， 计算机技术（专业学位）， 2013， 硕士

【摘要】 现如今,我们处于一个信息技术飞速发展的时代,在这个时代中,各行业各组织的业务都在不断扩大,信息化建设的程度也在日益提高。然而多数企业为了配合其高速发展的业务,往往在信息化建设时缺少整体规划,在满足了业务需要的同时,却简化了安全需求。如何在保障企业业务连续性与可靠性的情况下,尽可能的减少网络安全威胁,是企业最关心的问题。近年来,针对日趋复杂,层出不穷的网络安全问题,企业内部先后部署了统一威胁管理系统、防火墙、入侵检测系统、防病毒系统、漏洞扫描系统等,构建起大量的安全防线。这些安全产品在企业发展初期通常都能满足其安全需要,然而随着企业业务的发展,安全防线就变成为安全产品的简单堆砌,缺乏有效的统一管理调度机制,无法协作,因而不能充分发挥各类设备的功效。更为严重地,这些复杂的IT资源设备及其安全防御设施在运行过程中会不断产生数量庞大的安全日志和事件,其中又可能会存在大量的误报以及部分漏报。同时,有限的安全管理人员需要了解不同设备及系统的管理方法,在各种产品的管理平台上查看监控面板,审查告警事件,执行处理流程,填写结果报告,然而这些工作都可能因为处理告警重复,解决流程复杂,无法考核工作结果等导致工作效率低下,难以真正保障企业的信息安全。本文在对企业信息安全管理的现状及安全管理平台的发展进行介绍和分析的基础上,指出传统安全管理平台的局限性,并结合安全运维管理体系,设计出一种针对业务的新型安全运维平台,详细描述了其架构及功能组成,并对其中的多源异构设备的数据采集及标准化技术、多安全域下的地图动态报警技术、流程化的安全运维进行设计、实现与测试。多源异构设备的数据采集及标准化在监控中心的安全事件管理模块中,本文主要对该模块中数据采集的流程及字段标准进行设计与实现,并测试其结果。多安全域下的地图动态报警主要分布在运维中心的配置管理及监控中心的视图管理模块中,包括地图的配置以及报警在地图上显示,本文主要实现通过资产注册管理及地图配置管理后,将针对资产的报警快速的显示在地图上。流程化的安全运维在运维中心的工单管理以及预警告警模块中,本文对业务处理的各项流程进行了设计与实现。这些关键技术的研究与实现让新型安全运维平台更加优越于传统安全管理平台,最后在实践中也证明其不仅能保证网络安全,而且具有更好的用户体验。更多还原

【Abstract】 Now, we are in an age of accelerating of information technology, various industry organizations are expanding business in this day and age, the degree of information construction is also increasing. However, the majority of enterprises in order to cope with the rapid development of business, often lacking in information construction overall planning, at the same time to meet the business needs, but to simplify the security needs. How to protect the enterprise business continuity and reliability, as much as possible to reduce network security threats, companies are most concerned about the issues.In recent years, to solve the increasing complexity of the emerging network security issues, within the enterprise has deployed a unified threat management system, firewall, intrusion detection systems, anti-virus systems, vulnerability scanning system, built up a large number of security defenses. These security products in the early development of enterprises can usually meet their security needs, however, with the development of the enterprise business, security, defense becomes a simple pile of security products, the lack of effective management and dispatching mechanism can’t collaborate, and therefore can’t give full play the effectiveness of various types of equipment. More serious, complex IT resources and facilities and its security defense facilities during operation will continue to produce a large number of security logs and events, which may be the presence of a large number of false positives and false negatives. In the same time, the limited security managers need to understand the different devices and systems management monitoring panel, in various product management platform to see and review alarm events, perform processing process, fill out a report on the results of these efforts, however, probably because the alarm repeat, process complicated and can’t be assessing the results of the work lead to inefficiency, it is difficult to really protect the enterprise’s information security.In this paper, on the basis of the presentation and analysis of the Current Situation of enterprise information security management and security management platform, pointed out the limitations of traditional security management platform, and combined with the safe operation and maintenance management system, design a business for new, safe operation and maintenance platform. Then detailed describe the structure and function, and multi-source data collection and standardization of heterogeneous devices, multi-domain dynamic map alarm technology, the safe operation of the process of dimensional design, with the test.Multi-source heterogeneous data collection and standardization of equipment in the security monitoring center in the event management module, this paper, the module in the data collection process and field standards of design and realization, and testing its results. Map multi-domain dynamic alarm is mainly distributed in the view of the management module in the operation and maintenance center configuration management and monitoring center, including the configuration of the map and the alarm display on the map, this article is mainly to achieve asset registries, maps configuration management, and alarm displayed in real time on the map. The process of the security operation and maintenance is in the order management and early warning alarm module of the center of the operation and maintenance work, this paper focuses on the flow of business processes Design and Implementation. Research and Implementation of these key technologies for new, safe operation and maintenance platform is superior to the traditional security management platform, and finally in practice proved not only to ensure the safety of the network, but also has a better user experience.更多还原