【作者】 尤一名；

【导师】 卢苇；

【作者基本信息】 北京交通大学 ， 软件工程， 2010， 硕士

【摘要】 随着计算机网络技术的高速发展,网络开始渗透到社会的各个领域。在这个巨大的网络当中,支撑着系统正常运行的基本节点就是网络主机。这些主机包括服务器,路由器,交换机,个人计算机等等。然而这些主机存在着不同程度的安全隐患。为了更好的保护网络主机的安全,首先需要检测主机的安全性,发现主机存在怎样的安全问题。目前,主机安全检测方式主要有利用自动化漏洞扫描工具进行检测和人工检测两种。扫描工具检测的范围有限,而人工检测方式往往依赖检测人员的技术、经验,且效率低。因此,本文研究了主机安全检测的方法,以B／S模式,设计并实现了一种半自动化的主机安全检测系统,系统针对终端主机的安全脆弱性检查,完成针对主机系统配置、系统参数、用户访问权限、帐户／口令、文件访问权限、日志文件等方面存在的安全脆弱性测试。本文全面描述了主机安全检测系统从设计到实现的过程,具体工作如下：1.调研主机安全检测的背景2.设计主机安全检测系统的检测内容库3.主机安全检测系统的总体设计4.主机安全检测系统关键模块详细设计和实现5.主机安全检测系统测试本系统已经通过审核并交付使用,取得了良好的效果。本文的工作率先提出了主机安全检测系统的概念,对于主机安全检测系统的设计和实现有着借鉴意义。更多还原

【Abstract】 With the rapid development of computer network technology, network began to permeate all areas of society. Among this vast network, the basic node that supports the normal operation of the system is the network host. These hosts include servers, routers, switches, personal computers and so on. However, these hosts have varying degrees of security risk. In order to better protect the security of the network hosts, we need to detect the host’s security first, and find out what kind of security problem existing in the hosts.At present, there are two main methods of host security detection. One is detection by using automated vulnerability scanning tools, the other is manual detection. Automated scanning tools are limited in scope; while artifical detection ofter relays on the inspectors’technology, experience, and it has low efficiency.Therefore, we study the host security detection methords, design and implement a semi-automated host security detection system. This system is based on Browser/Server structure. The system can complete the inspection of the host’s security vulnerability that exist in operating system configuration, system parameter, user access permissions, account/password, file access, log files and other aspects of the security vulnerability.This paper gives the comprehensive description of the host security detection system from designing to implementation. The specific work is as follow:1. Investigate the background of host security detection;2. Design the Content Library of host security detection system;3. Design the host security detection system;4. Host security detection system detailed design and implementation of key modules;5. Functional testing of host security detection system.The system has been approved, and deliverd, and achieved good results. This work pioneered the concept of host security detection systems, and it can provide a reference for the host security detection system design and implemention.更多还原