Security Configuration Verification System For Information Security Classification Evaluation

With the continuous development of information technology and networktechnology, the process of informationization in our country is also accelerating, andhow to effectively ensure information security has become an important part ofinformation construction in our country. The information classified security protectionsystem has become a basic system of our country. Classification evaluation is animportant part of information security classified protection, but during theimplementation process of classification evaluation facing a lot of evaluationindexes, traditional way of manual detection task is complex. It’s difficult toguarantee the efficiency and completeness of the results. The existing automatedconfiguration verification tools mostly use the standards and models of riskassessment, can’t be used for classification evaluation, therefore, an automatedconfiguration verification and conformity determination system designed for levelprotection indexes and oriented to level evaluation is very required to assist themanual work, to improve the completeness and efficiency for the classificationevaluation.Based on this requirement, this paper, thoroughly and carefully, summarizes andanalyzes the domestic and foreign information security criteria and security baselinemodel., and then studies and compares the relevant key technologies of the currentinformation security classified evaluation, on the basis of those above and accordingto the information security classified protection index system, this paper build a set ofsecurity baseline knowledge base for classification evaluation. This baseline basecovers most of the host operating systems, database systems and the commonapplication platforms; corresponding to each classified protection index, the baselinedesigns the security configuration of each system; based on the security configurationit also builds the verification list collection, and derives the corresponding automatedverification scripts and validation rules.Surrounding the security baseline knowledge base, using the technology principleand thought of the plug-in development and automatic testing, this paper presents the design and implementation of a security configuration verification system forinformation security classification evaluation.Through the validation of used in theactual work, the system can effectively save the traditional manual evaluation time,reduce the failures and risks brought by traditional manual verification, and improvethe efficiency of the evaluation work and the accuracy and completeness of theevaluation results.