| The information technology is developing in an incredible speed, from time to space, from land to firmament, the changes, which have been brought about by the development of information technology, can be found everywhere. At the same time, the rapid development of information technology has also urged the military information technology to a tremendous change, at the beginning phase, network develops from the initial LAN (local area network) to the current WAN (wide area network), from the simple sharing of resources to the full range of applications, the network has brought an unprecedented qualitative change to our army, the work efficiency has been improved, the remote treatment has been simplified. Naturalness, the network not only brings the convenience to us, at the same time, it also puts forward new problems to the daily work, for example, the secrets are often betrayed, and the network information are facing an unprecedented threat, the network security has become an important problem, that must be solved in the daily grind.I. Summing up the network problems, we divide them mainly into the following areas:The defending ability of the information and network security is poor. With the complete start-up of many network projects, units have set up their own Web site in succession at all levels, and the other office application software, such as network software, are also developing in an incredible speed, but many application systems are open or under a weak protection, there will be a great deal of information security risks and hidden dangers. But few people really care about security problems, they did not take effective measures to guarantee the security of the network, that even reduces the ability of security protection.The basic information industry relies heavily on foreign countries. The construction of military information technology is basically dependent on foreign technology and equipments. Our computer software is also being faced with the threat of blockade and containment. Although the computer manufacturing industry in our country has a large progress (Chinese CPU, hard disk and etc.), but many of the core parts are bought from the original equipment manufacturers, we are weak on the research, development and production, the key parts of them are completely controlled by others. Moreover, our computer software is also faced with the monopoly of the market and the threat of price discrimination. Foreign companies had a virtual monopoly on the basis and core markets of our computer software, especially on the operating system, that is a more deadly threat for the development of information technology in our army.The authority of information security management is not strong enough. At present, the information security management is fragmented, everything goes its own way, which has greatly hampered the implementation of relevant laws and regulations, it is difficult to guard against the attack from the "hackers". The army is in defect of a special authoritative institution to deal with information security problems.The awareness of information security is weak. Some people think that the degree of information is not so high, there is no more extensive network, at the same time, it does not connect to the Internet, so that the information security incident can not occur in the military internal network, even if it happens, that will be many years later, so why make a fuss, and go on living in times of danger and thinking how safe they are.In addition, in the field of information security, the research, development, personnel training and team building are in the maladjustment with the rapid development, they are only a branch of information technology research project, the devotion is very little, all that results in a further increase of security risks.If these questions can not be effectively solved, network security will face a serious threat in the fierce information scramble and information warfare, that we will be vulnerable to attack, be in a position of weakness. As a result, the attention to the network security has already become an important problem, which is staring us in the face.II. The classification and content of network attacksFor the moment, there are many technologies of attacks from hackers, but the methods in common use can be divided into several categories, including denial of service attacks, buffer overflow attacks, the use of bugs to attack, deception attacks, using the back door to attack and so on.1, the characteristics of network attacksPassive attacks: the attacker simply monitors all information to get some certain secrets. Such attacks can be based on web or on the system. Such attacks are the most difficult ones to be detected, to deal with this type of attack, we need to focus on prevention, and the primary measure is data encryption.Initiative attacks: The attacker tries to break through the security defend line of network. Such attacks involve the edition of the data stream or build error information stream, mainly in the forms of fake, replay, deception, information tamper, denial of service and so on. However, such attacks can not be prevented, but they are easily detected, therefore, to deal with such attacks we need to "detect" rather than "defend", the main means are as follows: firewalls, intrusion detecting systems and etc.2. The process of network attacks(1) Investigate, collect and estimate the information in the target network system, such as the network structure and so on.(2) Establish the strategies to attack and identify the target.(3) Scan the target system.(4) Attack the target system.3. The recovery strategy of network securityEstablish the real-time security response and emergency resumption of the overall recovery;Security protecting mechanism is a number of preventive measures in accordance with specific vulnerabilities and security threats in the system to avoid the running of illegal attacks;Security monitoring mechanism checks the functions of the system, to detect a variety of attacks in time;Security response mechanism can response the attacks in time, put an end to attacks and avoid the expansion of the loss;Security resumption mechanism can do emergency treatment and recovery information in a timely manner when the Security monitoring mechanism is disabled, it can reduce the damage from the attacks.Establish the hierarchical management and the center of security management at all levels.III. The function analysis of Network Security Management SystemThe system is suitable for different units and levels, i.e., the system can be applied to a unit of any level.The system must have the functions of local and remote data storage. The system saves the data to the local machine firstly, and under the situation of expedite network submits the data to the remote database, so the network inquiry can be carried out.The system have the functions of security and secrecy, it must be able to process users management, i.e., only the authorized operators can do operation. Users are divided into super-users and common-users. Super-users can manage common-users, and common-users can only manage their own accounts.The system have the functions of authorities management, i.e., Users inquire different contents in accordance with their authorities when records inquiry. Users in different levels have different authorities, the highers can check the records of the lowers, but the lowers cannot check the highers'.The system have the functions of warning, i.e., to warn the connections and flux which are probably sick. If frequent connection to a particularly address or large data flux with a particular address in a certain period of time, users should be alert. The system has the functions of data import and export. The system can export data to save and import the saved data for inquiries.The system has the function to export the on-line record to the document; the system can save a part of the interested record into the document.The system must have the function of data analysis. The system must be able to access the analysis results for all the records and streams.The system can print the necessary documents of network monitoring records. The system can save the network data streams and clean-up them.The system should be able to show some certain information, for example, the operator, MAC address, IP address, and so on.The system should have a good interface, because the users of the system may not be professional computer operators.The user interface should achieve the visual operation, should be simple and easy. The system can be automatically installed.IV. The design and realization of Network Security Management System Network monitoring system is constituted by eight sub-modules: user login, user management, units management, network flux monitoring, network connection monitoring, data statistics analysis, dangerous data alert, local data uploading, and common tools.User login sub-module is used to verify the users' names and passwords, and if correct it would enter network security management system; otherwise error hints are given.User management sub-module is used to add or remove users, and also can re-configure existing users.Unit management sub-module is used to configure and manage units, can delete or add units, and can also vary the existing units.Network flux monitoring sub-module is used to monitor the network flux of local machines;Network connection monitoring sub-module is used to monitor the network connections of local machines;Data statistics analysis sub-module is used to systematically analyze network connection and flux of a certain computer;Dangerous data alert sub-module is used to warn the connections and flux which are probably sick;Local data uploading sub-module is mainly used to upload the local data to the network database. |
PDF Full Text Request