The Design And Implement Of Evaluation System Of Network Security And Standard Research

Along with the rapid development of information techniques, computer network is more and more used by people . While the internet provides the convenience for us, it also brings some potential security problems. Although there is already a Common Criteria for Information Technology Security Evaluation adopted by International Standard ISO/IEC, which is used to product evaluation, it can't meet the requirement with the evaluation of information system. How to evaluate an information system's security full-scale and how to develop a common evaluation criteria for information system have become an important problem for network security.The paper aims at further research on the system of testing and evaluating network security with the sponsor of "the digital of fujian" --the government information share platform of fujian province. The research work mentioned in this paper is mainly about:1. It researches the common evaluation criteria of TCSEC, ITSEC and CC in the world, at the same time it points out their disadvantages. It also introduces the situation of evaluation criteria in our country and compares CC with system evaluation. At last it points out to develop a common evaluation criteria for system evaluation is a difficult task.2. It analyzes the problems and solutions of network security and presents the basic requirements, problems and key techniques of network security.3. It analyzes the vulnerability of network security and all kinds of attacks and solutions. It also researches the key techniques of evaluated system, which include the testing of vulnerability. On the base of this, it presents the principles and methods of network security evaluation.4. It adopts qualitative analysis and quantitative analysis to form the assessmentmodel. This model is based on the attributes of system security, such as characters, causation, severity, etc, to assess the information system.5. Followed the principles and the methods of network security assessment, the network security evaluation system is designed and implemented, which comprises the aim of design, the architecture of this system, the modules of the system and some other techniques in the implement.