| Firstly, this thesis has analyzed the current security of the domestic telecom operators network, from which showed the domestic telecom operators prevailing security issues.Based on the universality of the current domestic network security problems, Xinjiang Telecom responses and meets the requirements from Telecom Group which are to enhance business security, unified management, drawing on foreign gradually mature security domain model concept, and with reference to a business system security protection level set guide that issued by the State Ministry, we carried out divided management to the implementation of business network security domain. As a large service provider networks, Security Center proposed to establish operation and maintenance center platform(SOC-Security Operation Center), which is used to assist on the unified management and maintenance of security domain.SOC platform is arranged after the cutover of the current network domain, operation and maintenance through the security management platform security domain management system operating assets classified unified management, dramatically reducing the threat from the network layer; and after integration in the planning network perimeter security agent subsystem, block the threats from the application layer by using the WEB are facing the business.The main work are as follows:1, The safety domain capital managementAnalysis and understand the concept of Xinjiang Telecom implement security domain and management needs. Security domain is a collection of network equipment, the management of the security domain at present stage is the equipment asset management.Design security domain management system based on security domain divided management concept, to achieve the security domain asset classification, block management, to facilitate integration of unified border protection.2, Security level HierarchyBecause the current system administrator are not clear about the security level protection concept, hiring a professional evaluators is a waste of cost. For that, add this security rating functions, and design Baoding level modules through the analysisof information security grading criteria for the classification status of work in conjunction with local situation. Those will enable system administrator to draw security protection when enroll business information.3, Web Security proxyPublic Internet access to web services via secure first-generation subsystem filter, through the deployment of security policy will be risky character code shield, put safety legitimate request to the web service response, to prevent the site from being tampered with and the application layer invasion. |
PDF Full Text Request