| Along with the rapid developments of information technology and Internet, industry information system has become an important part of the national information system, it has great impacts on the national security. Efforts have been made to study the methods of protecting industry information system from all possible threats from the Internet. Based on the MLS strategy, this thesis is to analyze the security required for the industry information system, to design an industry information system and to use key technology to fulfill it. The main content of this thesis includes:Firstly, researh about MLS which has better security performance as well as a few models that realize MLS, including BLP, Biba, Clark-Wilson and RBAC, introduce application of MLS. Based on the previous study, some key information security technologies are analyzed, including VLAN which realizes virtual local area network, ACL which controls information flow and security, anti-Virus technology which defends viruses, malwares and firewall technology which defends attacks.Secondly, bring forward the requirements of industry information security by analyzing the current situation of industry information security and the possible threats. After analyze the structure and security requirement of industry information system, and the application environment of MLS, implementation security by combining industry information system with MLS is proposed. As a result, the plan of industry information system security based on MLS is raised and the theoretical basis of system design is given, which separates the security of industry information system to three MLS components.Thirdly, analyze the implementation of industry information security. It is divided seaval parts: equipments placed at network boundary implements MLS of total industry information; VLAN and ACL realize MLS of trusted network; restriction of information switch between different servers and different information terminals realizes MLS of terminals, and RBAC realizes MLS of servers. Besides other technologies such as anti-virus, ACL improves information security furtherly.Fourthly, illustrate an example of the implementation of industry information security which is based on MLS, some particular technologies which have important functions are also illustrated in detail. How to control P2P traffic and prevent ARP attack are given, and show the enhanced performance and security guard as the implementation of industy information system security.This plan, which is designed to ensure the security of information system and is presented in this thesis, is of great significance in actual practice. It realizes different safeguard to objects of different security levels, prevents them from mal-wares, unauthorization access, malicious attacks. It prevents threats pervasion and improves safeguard of industry information system. |
PDF Full Text Request