Security Reinforcement Of Network Nodes

Information security is versatile, and structurally falls into two aspects: network security and network node security. These two aspects are correlated, and network node security is the basis for building information security and is the most basic platform for information storage. However, in essence, information security is the management of security risk, and absolute security does not exist. We expect to be able to design a kind of trusted network node, which should always carry out the foreseeable actions according to the given purposes. When network node is running in the controllable way, security risk will be cut down by the greatest degree, security status of the system will be protected. Through the integration of the software and hardware technology, a trusted starting point can be created for system execution, and the mechnisms that collect, storage and measure the status information of the system security will be provided. After analyzing the common security compromises of the network nodes, this thesis summarizes the hidden security defects that security nodes need to guard, puts forward the security model for the security nodes and illustrates the solution to this security model. And finally, elaborates the research on the prevention technology of the operating system in the security model of security node, design and implementation of the centralized security management of servers.The main research achievements and innovations of this thesis are as follows:1. Propose the security model of the network nodes. There are two kinds of node in network, i.e., transfer node and access node. Communication processors, concentrators and terminal controllers are transfer nodes. Mainframe computers and terminals etc. are access nodes, which are the source and destination nodes for information transportation. Because the access nodes take on the work of information storage and cal(?)ulation, and in a particular complexity, almost all security problems take place in the access nodes. This thesis mainly explains the access nodes, that is, commonly referred to as network terminal, including terminal devices such as workstations and servers. Firstly analyzing all types of attacking twists and security vulnerabilities of network nodes, the security model of network nodes is brought forward. Learning from the ideas of trusted computing, the network node security is summarized in four aspects: physical security, network security, system security and management security. It provides a security platform for information storage and calculation to solve the more critical security threats the information systems are facing.2. Toward the security threats and hidden defects that exist in the mainstream operating systems, analyze the main approaches to the security prevention technology of the operating systems and their merits and faults, put forward the security reinforcement principle of the operating system. By hook functions, the mandatory access control of file, directory, registry, process and service is implemented, and the holistic security level of the operating system is improved.3. Design and implement the centralized security management for the network nodes. First, analyze the problems which are present in the three aspects of the complex security management, collection and analysis of security incidents, response handling of security incidents. Then, put forward, design and implement a new type of holistic security solution, centralized security management platform, a distributed security system which configures in a whole mode, adjust and control the multi-levels of the nodes, implementing the privilege assignment of the information access for the physical, network, system layer, collectively monitoring the functions of the operation auditing of the administrators, analysis and statistics of the security incidents, and management of policies in a unified way. At last, take the server, as the most basic network node, for example, expatiate the system design and implementation of the centralized security management for servers from four aspects: system architecture, kernel modules (policy management, security incident), performance bottleneck and technological procedure.