China Telecom Security Operations Center Design And Realization Of Safety Monitoring Function

China Telecom Broadband Internet C hinaNet has been developing. At the same time, various forms of Cyber Attacks threat its safe operation. In order to solve the problem of network security, the company installed a variety of network security devices and systems. But the network security equipment and systems lack of interoperability and unified management and can not form a whole, so that the network security capabilities greatly reduced. According to the company's current security situation, we design and implement the Security Operations Center(SOC). The SOC uses B/S framework, the network security devices and systems are unified manageed and viewed.This paper mainly introduces the construction methods and implementation methods of the three tier architecture of the SOC, include the acquisition layer, the function layer and the portal layer. The proxy Program collects the formats of the security object's and the system's security information, include SNMP, Syslog, HTTP, XML, ODBC, JDBC, SSH and other formats. The security information is transmitted to the acquisition layer, the key information is extracted to the unified data format.Functional layer is mainly responsible for the processing of data information, a total of 6 modules mainly process security object data, security event data, security early warning data, vulnerability data, risk data and security alarm data. The six modules correspond to six different functions and data processing methods, to classify and deal with the security information of the unified format, and to send the security information to the portal layer according to the needs of the portal layer.The portal layer is responsible for displaying the security information of the functional layer. After the functional layer processing security information according to the conditions of the user, the security status of the security objects, the security incidents, the security alarms, the security warnings, the vulnerabilities and the security risks belonging to the security objects and security system is present to the user.Through different functions, the three tier architectures achieves the management of the security object and security system, so that users can manage the security devices and systems, real-time control of the current state of security, timely detect ion of network attacks and repair security risks.