【正文】 濟寧職業(yè)技術(shù)學(xué)院信息安全解決方案北京啟明星辰信息技術(shù)股份有限公司Venus Information Technology ( Beijing )2022 年 4 月2 / 64文檔說明本文檔內(nèi)容為濟寧職業(yè)技術(shù)學(xué)院信息系統(tǒng)網(wǎng)絡(luò)安全的建議書，旨在通過本文檔為濟寧職業(yè)技術(shù)學(xué)院的信息系統(tǒng)提供安全保障的思路和建議。本文檔所涉及到的文字、圖表等，僅限于北京啟明星辰信息技術(shù)股份有限公司及濟寧職業(yè)技術(shù)學(xué)院使用，未經(jīng)同意不得擅自拷貝、傳播、復(fù)制、泄露或復(fù)寫本文檔的全部或部分內(nèi)容。3 / 64目 　錄1 概述 ............................................................................................................................................6 建設(shè)目標(biāo) ............................................................................................................................6 設(shè)計原則 ............................................................................................................................72 需求分析 ..................................................................................................................................10 物理層安全風(fēng)險分析 ......................................................................................................10 物理設(shè)備的脆弱性 ..................................................................................................10 環(huán)境因素的脆弱性分析 ..........................................................................................11 網(wǎng)絡(luò)層安全風(fēng)險分析 ......................................................................................................11 網(wǎng)絡(luò)的訪問控制 ......................................................................................................11 內(nèi)部用戶的違規(guī)行為 ..............................................................................................12 網(wǎng)絡(luò)拓撲結(jié)構(gòu)的安全風(fēng)險 ......................................................................................12 內(nèi)部網(wǎng)用戶帶來的安全威脅 ..................................................................................12 數(shù)據(jù)庫的安全風(fēng)險 ..................................................................................................13 網(wǎng)絡(luò)動態(tài)監(jiān)控 ..........................................................................................................13 互連設(shè)備的安全隱患 ..............................................................................................14 網(wǎng)絡(luò)設(shè)備的風(fēng)險分析 ..............................................................................................14 系統(tǒng)層的安全風(fēng)險分析 ..................................................................................................14 Windows NT/2022/XP 的安全問題 .........................................................................15 Unix 的安全問題 .....................................................................................................15 主機訪問安全脆弱性 ..............................................................................................16 泄密信息安全控制 ..................................................................................................16 應(yīng)用層安全風(fēng)險分析 ......................................................................................................16 惡意代碼 ..................................................................................................................16 抵賴性 ......................................................................................................................17 入侵取證問題 ..........................................................................................................17 應(yīng)用系統(tǒng)自身的脆弱性 ..........................................................................................18 管理層安全風(fēng)險分析 ......................................................................................................18 誤操作 ......................................................................................................................18 人為故意 ..................................................................................................................18 安全意識 ..................................................................................................................19 管理手段 ..................................................................................................................193 安全保障設(shè)計思路 ..................................................................................................................20 保障框架 ..........................................................................................................................20 安全保障總體框架 ..................................................................................................20 信息風(fēng)險模型 ..........................................................................................................21 三觀安全體系 ..........................................................................................................22 安全保障模型 ..................................................................................................................23 安全事件處理模型 —PDR 模型 .............................................................................23 信息安全保障體系建設(shè)模型 —花瓶模型 ..............................................................244 / 644 安全解決方案設(shè)計 ..................................................................................................................26 安全保障體系建設(shè)內(nèi)容 ..................................................................................................26 安全域的劃分 ..................................................................................................................27 安全域劃分原則 ......................................................................................................28 網(wǎng)絡(luò)防護子系統(tǒng)建設(shè) ......................................................................................................29 網(wǎng)絡(luò)防護 ..................................................................................................................29 網(wǎng)絡(luò)監(jiān)控子系統(tǒng)建設(shè) ......................................................................................................30 脆弱性監(jiān)控 ..............................................................................................................30 內(nèi)部威脅監(jiān)控 ..........................................................................................................31 應(yīng)用監(jiān)控 ....................................................................