Post Save System Safety Policy Study And Realize

Along with the development of market economy, The computer information system of Industrial and Commercial Bank of China post bank has developed enormously.In order to keep ahead in commercial competition, post bank must start to build the universal network platform. The new network platform will be able to support the new application, maintain the services level and meet the new security standards of post bank. With the centralization of data and applications, post bank must face the challenge to establish a high available, high reliable, secure and manageable network system. How to build and run the banking system securely has become the emphasis of the developments of all banks.The author analyse After analysis on the merits and shortcomings of current network technology, this paper designs network system security for Inner Mongolia post bank, it is based on current state of network security. In this paper, network system is partitioned into three parts: production network, office automation (OA) network and test network, of the three production network is to be primarily protected, while to OA network andtest network, emphasis is put on boundary security. External interfaces of three networks are confirmed, according to difference of respective controllability,different risk rank are labeled, which are equivalent to diverse countermeasure.Post bank network system adopt Virtual local area network (VLAN) technology is employed, and VLAN division rule is set down, logic division is done on production network; According to different case, corresponding fire wall technology is adopted, and what's more, fire wall is set on external interfaces and internal networks. Security assessments are carried through on important network equipments, resource, and security equipments. According to the type of network to be protected, boundary protection system adopted and different protection rank, the mode of entering into detection system is ranked either. What's more, according to design theory and methods of network invading, adopt several mature invading detection system technology, reference to a large quantity of source code of invading detection system in business rank, develop language with PERL, in the system of Linux from Agriculture Bank, with background of RedHat, a network invading detection system is designed and fulfilled. The theory Agriculture Bank security design.and method of this system, it has some scheme is based on practical work, in reality meaning to network structure .The author with presently market popular inbreak measure, fit post bank mainstream network product inbreak measure technic parting do simpleness compare, these technic mostly have Cisco company NetRanger,Bohua netlong inbreak measure YG-IDS-S system,hawk eye network inbreak measure system. These primary technic all suit actual post bank system net safe need.This paper is divided into five parts. The first part is the foreword, mostly analyse traditional net safe technic,post save now existent safety problem and net safe actuality . secondly part, net inbreak measure technology theory analyse. Third part, post bank net safe systematic design; fourthly part, post bank found on Linux system inbreak measure systemic achieve; fifthly part, mainstream inbreak measure product and future develop direction.