电子政务安全的研究

厦门大学硕士学位论文电子政务安全的研究姓名：杨柳青申请学位级别：硕士专业：企业管理指导教师：彭丽芳20050901WebPKI;ABSTRACTABSTRACTThenetworkattackanditsprotectionareapairofcontradictions.Strictlyspeaking,thereisnoabsolutenetworksecurity.Theso-callede-Governmentsecurityreferstothemaximumsecurityprotectionforthee-Governmentnetworkontheprerequisitesofthecurrentdevelopmentlevelofsecuritytechnologiesandtheincreasinglyheightenedinformationsecurityawarenessofthepublicservants.Itisonthisbasisthatthee-Governmentsecuritysystemisestablished.Informationsecuritysystemtechnologyiscomplicated,andthethreatagainstnetworkinformationsecuritychangesconstantlywiththelapseoftimeandthetechnologydevelopment.Inaddition,asitrequiresarelativelyhugeinvestmentinnetworksecurity,anaccurateriskorientationshouldbeputinplace,inordertolaydownagoodrationalsecuritystrategyandcomeupwithpracticalsecuritysolutions,thusmakingtheinvestmentrationalandpractical.Inthispaper,Chapteroneintroducese-Governmentnetworksecurity;Chaptertwooutlinese-Governmentsecuritysystemstructure;Chapterthreedescribesthebackgroundforthee-Governmentsecurityprojectinsomepublicsecuritybureau(PSB)andanalyzesthesecuritydemandsofinformationsystemfromtheperspectivesofphysicalsecurity,networksecurity,applicationsecurity,securitymanagement;ChapterfourmapsoutaplanforthePSBe-GovernmentsecurityinthesesevenrespectsofLANsecurity,WANsecurity,Extranetsecurity,databaseserversecurity,Webserversecurity,PublicKeyInfrastructure(PKI)andinformationsecuritymanagement;ChapterfivecomesupwithsecuritysolutionsforthePSBe-GovernmentnetworkinformationsystemfromPhysicallayer,NetworklayerandApplicationlayer,inaccordancewiththefunctionstobeachievedinthissecuritysystem;ChaptersixtouchesontheimplementationofthePSBe-Governmentsecuritysolutionanditsresults,aswellasoffersassessmentandprojectionsforthissystem.Asthee-GovernmentinChinadevelops,thee-Governmentsystemplaysanincreasinglyimportantroleingovernmentorgans,institutionsandsocialgroups.Theimprovementofe-Government’slevelplacesahigherdemandonthee-Governmentsecurity.Howtobuildasecuree-Governmentsystemandensureitsimplementationisamajorissueforustoexploreandaddress.KeyWords:e-Government;NetworkSecurity;SecuritySystem.121IP21.2.3.;4.;1.(Virus)3[1]2.(Hacker)UNIX,WindowsNT,VMSMVSYahoo()Amazon()[2]URL[14]3.75%-85%90%[21]4.TCP/IPWindowsUNIX20036064752[1][3](1)(Internet)(2)(3)CA(4)(5)5WindowsNTID[2]6(Non-reputation)71OSIŸŸŸŸCPU8Internet1--2--3lll9lllllllllll10ŸŸŸŸVPN11PSTNISDNŸŸ12ŸŸŸŸŸŸŸŸŸŸŸŸŸ13/(/)11CA1415PacketfilteringApplicationProxyApplicationGateway,””1617lllllllll18lllCRCllRAIDPKICACA2CA1024/128CAPKI191.IDXYZ2.iKeyIDIDPINPINiKeyCACAiKeyCA3.[6]OSIOSI20TCP/IP1.CRCICVIntegratedCheckVectorICVICVICV2.3.CRCCRCMICMessageIntegrityCodeMD5SHA-1[7]21PKI1.1llOracle,sybase,MicrosoftSQL:()(SQL)middlewareDBA22()l::TCP/IP15211526Oracle7.38l:lWEBJAVAGtoB2322.1.242.3.4.567825(UnicastPacket)(BroadcastPacket)(MulticastPacket)VLANVLAN()VLAN:VLANMACVLANVLANVLAN26MACVLANMACVLANVLANVLANVLANVLANVLANVLANVLANRIPOSPFVLANVLANSPANSwitchPortAnalyzerPSTNISDNPSTNISDNl()l()l()l()27RSAMD5Cisco:EnableSecretEnablePasswordEnableSecretMD5()EnablePassword(XOR)EnablePassword[7]VPNVPN()VPNIPATMVPNVPNVPNL2TP,IPSecVPNVPNVPNVPNVPNCiscoTACACS+RADIUSInternet,28TCP/IPInternetInternet[3][7]29lll()OracleOracleOracleDBASQLxp-regreadWindowsNTSAMWindowsNTWindowsNTDBA.30WebWeblWeblWeblCGI(1)Bugs(2)CGI(Form)(Searchindex)form-mailWebWebCGIWeblWeb;lWeblFTP,MAILftpsendmail,tftp,NIS,NFS,finger,netstatlWebSHELLCGIPERLPERLllogserrorlogrm,login,/bin/perl,/bin/sh31lWebWWWHTMLWWWWebWWWWebWeblWebWebFTPFTPCGI-BINFTPPERLSHWebCGI-BINlIPDNS[8]PKIPKIPKICA(PublicKeyInfrastructure,PKI)[9][10]1976WhitfieldDiffieMartinHellmanPKIPKIInternetPKIPKIInternetPKIPKIPKICA(CertificationAuthority)RA(RegistrationAuthority)[11][12]1.CAPKI32CACACA/2.CA:;CA3.RACACARARARACARAPKIRA4.PKICARACARA[13]5.PKI;PKIPKIPKIPKI/CA3334GB17859-1999ISOTC97ISO74982PKI1234567GB5017393GB288789GB936188351.llllWeb2.3.(1)ICMPIPTCPUDPHTTPFTPSMTPFTPHTTP(2)OSI36OSIIP(3)SSNSSNSecuritySeverNetSSNDMZDMZ2DMZ/DMZDMZSSNSSNDMZDMZ37SSNSSNFTPTelnet(4)NATNATNATIPNAT(5)(6)(7)IPHTTPFTPSMTPPOP338(8)WebEmail(9)FTP(10)FireWall/(11)FWIDSOPSEC(OpenProtocolofSecurity)Web1.MODEM(1)HISDetectorHISDetectorHISDetector39HISDetector3HISDetectorHISDetectorHISDetector40IDHISDetectorHISDetector100ExchangeSQLServerOracle2.Web[2]WebWeb(1)WebNISDetectorNISDetector41NISDetectorNISDetectorNISDetectorTCP/IPNISDetectorNISDetectorNISDetectorNISDetectorIPNISDetectorNISDetectorNISDetectorNISDetectorNISDetectorWindowsNTWindowsNTInternetNT5%421.2.JavaSript3./43NTWindows98NT,NT/Windows2000NTMSMailLotusNotesKILLKILL/KILLWindowsNTWindows95/98WindowsNTWorkstationWindows3.XDOSKILLKILLforNTServerLotusNotesMicrosoftExchangeInternetKILLforInternetProtectorKILLNovellNetWareKILLforWindowsNT4.KILL44PCPCPCKILLWindowsNTWorkstation/Windows2000Windows95/98Win3.XDOSWindowsNTWindowsKILLWindowsNTNetWareKILL——KILLKILLforNotesKILLforExchangeInternetInternetINTERNETInternetProtectorINTERNETHTTPFTPSMTPFTPJavaActiveXWebKILLforNTServerKILL45KillforNotes/exchangeKillforNTServer4KILLWind