Desing And Implementation Of Vulnerability Management Module For Ningxia Telecom Security Management System

With the development of information and communication technique,Digital Communication Networks,Intelligent Terminal,and application of multimedia services bring new risks to network security.Telecom operators as a national infrastructure network operation enterprises,bear the network information security and protection obligations and responsibilities.Especially since 2008,China's three major telecom operators launches of 3G,4G mobile broadband service,the Internet to get fast development.Operators build all kinds of information service system to meet the user's growing business needs,but also brings the network information security problems.In order to cope with the challenge of network information security,companies also buy all kinds of network information security solutions.Due to security solutions are independent of each other,so cannot make the administrator to master company network information security situation as a whole.On the one hand,is single security solution does not stand on a company's global consideration,on the other hand,the assets vulnerability discovery depends entirely on security products feature library updated timely and initiative.After the vulnerability was released to the Internet,the administrator if you can't get the timely information and take timely measures,the enterprise will face great potential safety hazard.More important,vulnerability management should have the characteristics of the total life cycle control,should be kept high attention in the life cycle stages.Confirm every vulnerability should be closed loop management.But as a result of Ningxia Telecom lack of vulnerability automation management,are still in the manual management.Which is easy to be found in the management of omission or error.Strengthen the vulnerability management is one of extremely important link in maintaining telecommunication network security,is also active defense network security threat events,reduce the impact of network security incidents and the loss of important means.The purpose of this paper is to design a vulnerability management system to solve the above problems.This system start from the actual demand of ningxia telecom security management,designed and implemented vulnerability management system based on SSH framework.The system has the basic information management,vulnerability to collect and input,vulnerability management,log management,system management,and other functions.Vulnerability management system using the web crawler vulnerability information released by the real-time access to the Internet,in combination with assets within the telecommunications network vulnerability scanning results,make the administrator to timely,accurate grasp the safety status of telecommunication network.This thesis mainly from the following several aspects to discuss and research.This system based on Eclipse visualization Java integrated development environment,implements business method based on SSH framework.Using PostgreSQL Database Management System,and the WEB application using the Apache Tomcat platform to deploy.Finally,the vulnerability management system to conduct a comprehensive functional test and performance test,to ensure that the design of vulnerability management system to meet the needs of the ningxia telecom current work.