| With the rapid development of Internet /Intranet technology, using the convenient, rapid Internet technology to transmit information, it has become an important approach to enhance campaign command and daily work efficiency in the army. Network system has become the kernel and the key in the process of army construction change from mechanization to information. How to make sure the information is secret, integrated, actual and undeniable in the open Internet environment, and how to transmit the information safely; it has become the focus to which all military commanders pay great attention.This article introduces some related knowledge on network information security firstly, and then analyzes the threat on the current network information, meanwhile, aiming at the security vulnerability and the insufficiency which the ordinary information management systems exist commonly, it pays great attention to the application of security design concept in the process of the system development, and adopts a security strategy combined with the important safety mechanism of information system, designs and programs an army OA system. There are mainly the following aspects:1. Adopting the Struts framework in order to raise the safety of information systemThe system adopted the Struts framework within the structure of MVC three levels system. The application puts these operations such as business transactions, data accessing, valid verification and so on to the intermediate level, data accessing is implemented in the intermediate level, therefore client side no longer establishes data connection with database directly. At the same time the concrete database operations will divide into the independent modules which would be encapsulated in Bean, all databases operations will be completed by calling Bean from client. This not only enhances the system security greatly, but also enhanced the system maintainability and the extension.2. Adopting the access and control strategy based on role authorization. The purpose of this strategy is to prevent the illegal user from entering the computer system as well as prevent the validated user from illegal use to the system resources.Taking two measures: First, making sure the user's identification by the system's recognizing ability. The database operations need to pass the login account authenticate, if it is successful, then the user can connect the database.Second, deciding the user access authority, It is that validated user's operation should be limited, after the user connects database successfully, the system judges the user ID whether has access to the database or not on the basis of the record which is conserved in the database corresponding to the login user record, only after the user's access to the database is permitted, then the user can access the database object.3. Implementing safe design to the database.The database not only provides the high security rank the feasibility, moreover very easily has the security rank. For the server, the database, the program it can provide powerful expandable security based on the role.To the same user in the different database, it will be set different access levels separately, different users can only operate with their corresponding databases. The system can limit the access to on or more databases according to require when the new user is established. While the user's access to the database is permitted, then the user can access the appointed database, otherwise it will be refused.4. The user identity verification password encrypts.The system adopts a security strategy in which MD5 algorithm will be used to encrypt user's password, it makes the password storage, encrypted transmission emerge as the form of cryptograph, and ensure the user's passwords safety and privacy.User's login password will be transformed to cipher text stored in the table of the database through the encryption module (MD5). When the inputted user's password is identified, the password, after encrypted, the result will be compared with the saving password in the system, if equal, that is legitimate users, allowing login in, otherwise, refused login in. 5. Network circuit encryptionSSL is a digital authentication technology which is widely used in Web-based applications. Its main function is to set up a safe channel between web server and browser, so the data transmitted between them is all encrypted. It can prevent illegal users from tapping of certain confidential information. SSL use asymmetric encryption technology to achieve information security transfer between the two sides. It can guarantee that the confidentiality of the information transmission, integrity, and both sides can identify each other's identity.6. The method of mixed encryption to achieve a safe data communication This paper selects a good performance symmetrical encryption algorithmDES and a public key algorithm RSA, and designs a encrypting scheme which has comprehensive merits of two algorithms and excluded their shortcomings. Using DES encryption algorithm speed, high strength features to satisfy the need for the high efficiency of large quantities of data encryption and decryption; Using the algorithm RSA's manageable advantage to encrypt the explicit keys, and for compensating for the shortcomings of symmetrical encryption algorithm. The combination of both of them can transmit data safely and rapidly, in addition, with the CA technology the system ensures the security of the keys.Digital certificate implements user's identity verification. The RSA algorithm has signature and authentication functions, communication both sides may send themselves' digital signature information to each other for conservation and identity verification. Using these functions, we can make a suit of visa system, because it is the system interior authentication, system manager's certificate is worth trusting in the interior department. We may use it by the system manager's finger-print (Message Digest, Thumbprint). The manager signs and issues the certificate by the CA status. |
PDF Full Text Request