【正文】 濟寧職業(yè)技術學院信息安全解決方案北京啟明星辰信息技術股份有限公司Venus Information Technology ( Beijing )2022 年 4 月2 / 64文檔說明本文檔內容為濟寧職業(yè)技術學院信息系統(tǒng)網絡安全的建議書，旨在通過本文檔為濟寧職業(yè)技術學院的信息系統(tǒng)提供安全保障的思路和建議。本文檔所涉及到的文字、圖表等，僅限于北京啟明星辰信息技術股份有限公司及濟寧職業(yè)技術學院使用，未經同意不得擅自拷貝、傳播、復制、泄露或復寫本文檔的全部或部分內容。3 / 64目 　錄1 概述 ............................................................................................................................................6 建設目標 ............................................................................................................................6 設計原則 ............................................................................................................................72 需求分析 ..................................................................................................................................10 物理層安全風險分析 ......................................................................................................10 物理設備的脆弱性 ..................................................................................................10 環(huán)境因素的脆弱性分析 ..........................................................................................11 網絡層安全風險分析 ......................................................................................................11 網絡的訪問控制 ......................................................................................................11 內部用戶的違規(guī)行為 ..............................................................................................12 網絡拓撲結構的安全風險 ......................................................................................12 內部網用戶帶來的安全威脅 ..................................................................................12 數(shù)據(jù)庫的安全風險 ..................................................................................................13 網絡動態(tài)監(jiān)控 ..........................................................................................................13 互連設備的安全隱患 ..............................................................................................14 網絡設備的風險分析 ..............................................................................................14 系統(tǒng)層的安全風險分析 ..................................................................................................14 Windows NT/2022/XP 的安全問題 .........................................................................15 Unix 的安全問題 .....................................................................................................15 主機訪問安全脆弱性 ..............................................................................................16 泄密信息安全控制 ..................................................................................................16 應用層安全風險分析 ......................................................................................................16 惡意代碼 ..................................................................................................................16 抵賴性 ......................................................................................................................17 入侵取證問題 ..........................................................................................................17 應用系統(tǒng)自身的脆弱性 ..........................................................................................18 管理層安全風險分析 ......................................................................................................18 誤操作 ......................................................................................................................18 人為故意 ..................................................................................................................18 安全意識 ..................................................................................................................19 管理手段 ..................................................................................................................193 安全保障設計思路 ..................................................................................................................20 保障框架 ..........................................................................................................................20 安全保障總體框架 ..................................................................................................20 信息風險模型 ..........................................................................................................21 三觀安全體系 ..........................................................................................................22 安全保障模型 ..................................................................................................................23 安全事件處理模型 —PDR 模型 .............................................................................23 信息安全保障體系建設模型 —花瓶模型 ..............................................................244 / 644 安全解決方案設計 ..................................................................................................................26 安全保障體系建設內容 ..................................................................................................26 安全域的劃分 ..................................................................................................................27 安全域劃分原則 ......................................................................................................28 網絡防護子系統(tǒng)建設 ......................................................................................................29 網絡防護 ..................................................................................................................29 網絡監(jiān)控子系統(tǒng)建設 ......................................................................................................30 脆弱性監(jiān)控 ..............................................................................................................30 內部威脅監(jiān)控 ..........................................................................................................31 應用監(jiān)控 ....................................................................