| With the popularity of the Internet and the rapid development of Web, not only did Web application improve the company's efficiency, but also enhance the enterprise market competitiveness. But it has also caused a series of problems: for example, The Web information (such as password, keys, etc.) are deciphered, and ultimately make the intruder entere the server; documents on the Web are visited by the unauthorized individuals, therefore damages the privacy, confidentiality and integrity of the files; When the remote user transmit information to the server, business information is intercepted; BUG of System makes hackers can remotely make an order to the server and so on. These problems make it difficult and complex to develop, maintain and manage the Web sites, and with the spread of the attacks technology, high-level attacks are increasingly, network security management is facing great challenges, Terms of the safety system is facing growing threat.In order to resolve these problems, through the website security issue analysis, it was found that these websites security issues are: computer viruses; systems and management loopholes. Common Gateway Interface (CGI) scripts loopholes; errors and mistakes.fraud and theft; dissatisfied with the staff; industrial espionage; and other malicious code. This requires the establishment of the web sites, meantime, we should pay attention to the construction of site safety. There are following three principles about Construction of site safety:(1) Completeness: ensuring non-authorized operation can not be modified and the data can not be destroyed , and make ensure data without delay, disorder and loss, guarantee system for data storage or transmission correctly.(2) Confidentiality: ensuring that information can not be stealed in storage and transmission, guarantee that the data will not be used by non-authorized users, and ensure data were not disclosed. (3) Availability: ensuring legitimate users access to the required data and it's characteristics successfully, ensure the uniqueness, accuracy and availability of the data and computer resources.Make the correct website reasonable security strategy is the basis for establishment of the website that is difficult to overcome the security of systems. The Integrity, Confidential, Availability, Authenticity, Reliability and Non-repudiation in computer network security is a reference target for the establishment of security strategy. The establishment of site security strategy is a tremendous work. When establish web security strategy, it should be formulated considering two aspects: the Site security technology strategy and web security management strategy, and we should also consider the impact site safety factors.Base on formulate correct and reasonable security strategy, we should use advanced security technology to ensure the security of website. Site security technology includes development of security technology and the maintenance of security technology.Considering the website of the security situation, this article anylizes the website of the security issues, and has put forward a strategy for safety and to establish a secure website, and introduces the website security related technologies. Site safety and site security strategy and technology for the Northeast Power Grid Corporation in Jilin fullness of a training center performance evaluation of information management systems development and maintenance. This paper takes consider from the Northeast Power Grid Corporation Jilin fullness training centers to the actual demand, Performance evaluation of management information systems security issue in-depth analysis, suitable for the development of Jilin Northeast Power Grid Corporation fullness training center network performance assessment information management systems security strategy, and uses technology from related sites to achieve security of the Northeast Power Grid Corporation fullness training center performance evaluation information security management system and stability operations. This paper focuses on the website security in the Northeast Power Grid Corporation fullness training center performance evaluation information management system applications. Details on the web site development and security technology : Windows 2000 Advanced Server operating systems development security, Web Tomcat security services SQL Server 2000 database security (the configuration database security and SQL injection of the anti-safety), System log backup, automatic database backup and restore, system and role differentiation competence configuration, MD5 algorithm through the database of information related to encryption, Session inspection Javascript calibration data, etc., while maintaining security for Technology : loopholes scanning, Access Control technology for a brief introduction.These websites security technology is applied in the Northeast Power Grid Corporation in Jilin fullness training centers Performance Assessment Network Information Management System, on resist attacks by hackers or other malicious destruction played a very good result, Site safety of the maintenance and management also played a vital role in enhancing the website's security and stability, and with a very wild application. |
