| At present, although the postal service synthesis computer network systemalready in aspect and so on network security, system was safe, using securityhas all taken the security measure, but the postal service synthesis computer netalso possibly faced the very many security problem, for instance: Networkroute/commutation equipment disposition existence security risk;The mainengine operating system and the macrozonality network communication secureaspect still had the certain security hidden danger;In the network some coreswebpage has not disposed the firewall, has not carried on the safe audit to thenetwork information, not yet establishes the network security monitoring andthe invasion examination mechanism, the entire net status authentication, theauthorization access control system is imperfect and so on.Comprehensive computer net when establishment, implementationinformation and network system security system, needs from the risk analysisand the appraisal, the security requirements analysis, the overall security policy,the safe technical standard and the standard, security system aspect and so ondesign, security product test shaping, project implementation and overseeing,safe education and technical training, security investigation and inspectioncomprehensively considered. Only then can realize the true significancesecurity like this.The postal service synthesis computer net safe securityinvolves to synthesis computer net each stratification plane, duringconsideration synthesis computer net actual situation, should act according tothe network the different level, the fusion network security various maturetechnology, formulates the multi-stratification planes omni-directionalthree-dimensional safe protection strategy. Specifically speaking, thecomprehensive computer net safe privacy system should in the physical security,the network security, the systematic security, the application security, theadministrative security and so on many stratification planes establishmentsecurity policy, the comprehensive utilization safekeeping of securitytechnology encryption, the status distinction, the access control, the completesafeguard, the viral guard, the safe examination audit technology (for exampleinvasion examination technology, audit technology and so on) and the saferesponse restores the technology (breakdown exceptionally to report anemergency backup with to restore and so on), the many kinds of securitiestechnology and the measure should complement one another, is the supplementmutually, forms a complete security accident prevention -----examination -----response together the postal service synthesis computer net security system.This article take the network security security plan as a key point,specifically elaborated the Jilin Province network security security basicstrategy and its the system structure. Embarks from the network securitydemand aspect and the safe design angle, divides the node logic in the safe area,the non-safe area and the buffer;Because the postal service finance operationalchannel to postal stores the mesh point from the province processing center, thetransmission, processing and the exchange data message involves postal storesthe service data, thus the green card system must with other postal serviceapplication systems, between the telecommunication ranking tripartite exteriornetwork carry on the physical isolation and the implementation access control;In order to protect the postal service finance operational channel data and thepostal service electron remittance system transaction remittance data transmitsthe time information secret in the network, must use the encryption equipmentwhich approves through the national department concerned to in the postalservice synthesis computer on-line transmission information to carry on theencryption;And postal stores the service application system to the postalservice synthesis computer net postal service application system the accesscontrol, needs to have an effective status authorization, the distinction system,realizes and postal stores the service application system to the postal service3synthesis computer net application system the access control;Using safetyequipment realization electron postal service and Internet, between the postalservice synthesis computer net service application system main engine and soon between the firewall carries on the isolation and the control. At the sametime, provides the appropriate network security monitoring and the invasioncheck-out facility, the realization electron postal service application system andthe postal service synthesis computer net safe monitoring;Uses the suitablesecurity measure, establishes (contains green card system) to the postal servicesynthesis computer net center in the important webpage main engine serverresources (operating system, filing system, database system and so on), networkequipment the and so on router and switchboard statusauthorization/authentication access control, carries on resources the and so onmain engine server and router, switchboard key protection, prevented the non-authorized user carries on the illegal operation and the malicious attack to it.According to "overall plan, distribution implementation" the systemconstruction principle and the postal service synthesis computer net networkstructure and the application system situation, considered the Jilin Provincepostal service synthesis computer network present situation, mainly from thephysical safe level, the network communications security level, the systemplatform safe level, the application safe level and the administrative securitylevel five stratification planes carries on the design plan, revolve the provincecenter, the town center, mesh point pitch point three to set up theimplementation postal service synthesis computer network safe privacy system.In design, plan process full consideration demand, risk, price balanced principle;Integrity and long term principle;But operational principle;Compatibleprinciple;Multiple protection principle;Minute step of implementationprinciple;Valid principle.Establishes our province postal service synthesis network safe privacysystem the concrete step as follows:1.The province processing center ----postal stores the mesh pointtransmission to encrypt2.The system main engine disposition loophole scans tool3.Strengthens the essential service main engine the security to protect4.The existing network equipment security strengthens measure5.The realization network access control and the network isolates6.Establishes the anti-virus center7 . Realizes postal stores the service cabinet status authenticationmechanism8.Establishes the entire net safety control system the bare bone9.In the establishment synthesis computer net province the backbone netsafely keeps secret the sub-net10.The disposition performance monitor management tool11.Realizes the entire net service main engine safe access control12.Strengthens the network resources internal visit jurisdiction to control13.The establishment Entire net safety control system preliminary frameThrough the above each measure implementation, which the Jilin Provincepostal service synthesis computer net basic solution at present existed thesecurity loophole and to possibly faces the risk all to make a more completeguard. Utilizes each kind of security technology and the related security productthrough the synthesis, with the existing movement system organic fusion, thelong-term development, guarantees the network security five basic essentialfactors the realizations, namely: The secret, the integrity, the usability, may theexamination and Controllability. |
PDF Full Text Request