Database Security Configuration Verification System For Information Security Classification Evaluation

In recent years, the information technology has developed a lot. It has brought a great impact on human life. However, with the development of reliance that people on IT, the safety problems cropped up. Information systems not only suffer from external threats such as hacker attacks, but also are damaged by personnel operating errors, security configuration and other internal threats. As a result, China developed a series of information security protection standards according to the basic national conditions of China. These standards have carried out a detailed classification for the security configuration of the main systems in order to guide the evaluation work (security configuration verification) of information systems.However. China started the evaluation very late. So that some related processes, hardware and software tools required in the evaluation work are not perfect. So a large quantity of problems appeared. First, for example, the evaluation work for database system equipment usually needs to be worked manually, so the requirements for staff are relatively high. Second, carrying out a comprehensive configuration verification needs a long time. It really wastes time. Third, the quantity of database systems to be evaluated is large, so the work is more tedious and the efficient is lower. Fourth, the results of evaluation need to be recorded manually. So there is a great chance of some errors. So the chance of supplementary or retest is also very high. Fifth, the evaluation reports need to be written manually. The reports written by different person may be diverse in terms of the format. It’s not unanimous.On this condition, the database security configuration verification system for information security classification evaluation is designed in this dissertation according to the actual demand for the protection of information system security of China. A security baseline configuration base is developed by this system according to the protection standards. The security baseline configuration base is used for database systems (such as Oracle. SQL Server, MySQL, etc.). It contains security sub-classes, evaluation indexes, grades, check steps, expected results and corrective recommendations and so on. It provides a standardized framework and standards for the operation of the system. The system can establish a connection with the database system remotely, read the check script from the embedded SQLite, then run the check script, and then obtain the security configuration verification results, and finally, generate the evaluation reports. At the same time, the evaluation reports can be exported to Word, HTML, Excel, RTF, PDF. TXT and other formats to meet the requirements of different people.C# is used as the development language in the system, and WPF is used to design the user interface. At the same time, SQLite is used as a database engine. ADO.NET components are also used to achieve the remote connection with the target databases in the system. C/S system architecture is designed to build the program structure.The system this dissertation designed is to support users to evaluate database devices online. This system can obtain results, analyze the results, and generate the evaluation reports during a short time. The system can meet the user’s demand for operational simplicity and efficiency. It would improve the standardization and accuracy of the evaluation results apparently. It can not only save staff’s time, but also improve the efficiency of the evaluation largely. The system can save the time that required throughout the evaluation process. It can also improve the accuracy of the evaluation. So the system has a very good practical value.