A Research Of Network Border Protection

Posted on:2019-04-21

Degree:Master

Type:Thesis

Country:China

Candidate:W Li

Full Text:PDF

GTID:2348330563453979

Subject:Computer application technology

Abstract/Summary:

PDF Full Text Request

The process of global networking has become an uncontroversial fact,and the internet of things has slowly become a trend.The emergence of the Internet has greatly improved the conditions of our lives,the development of industry,and the dissemination of information.However,the network attacks that accompany the network have also become increasingly fierce.Attacks are endless and the dangers are alarming.As the main security defense means,the importance of network border defense technology is selfevident.The thesis proposes some new methods to improve the network border defense capabilities.The main work are as follows:(1)An automated security domain partitioning method is proposed.The method comprehensively considers the principle of security domain partitioning and the current status of enterprise security.Based on the discovery of network topology,it uses a hierarchical clustering analysis method to cluster enterprise equipment,realizes a automatic real-time division of security domains,makes up the defects that security domain need to be artificially divided.(2)A fast vulnerability scanning method based on security domain partitioning is proposed.Considering the commonality of enterprise network and incorporates the idea of data linkage in new border defense.The method strength the share of vulnerability scan data during multi-host vulnerability scanning,change the detection order of scripts,payloads,etc.based on real-time scan results,reduces false testing and unnecessary testing.Based on the above two methods,the thesis designs and implements a prototype system of automatic security domain partitioning.It obtains enterprise network original data through data collection and network topology discovery,and then identifies enterprise network boundaries,partition security domains.In combination with the map technology,it displays enterprise security domains and related equipment information to help enterprise management personnel to grasp the internal network state and equipment status of the enterprise.The thesis also applies the fast vulnerability scanning method to the detection of SQL injection vulnerability and verifies the feasibility of the method through experimental testing.

Keywords/Search Tags:

Security Domain Division, Vulnerability Scanning, Border Defense

PDF Full Text Request

Related items

1	The Design And Implementation For The Internal Network Environment Security Scanning System
2	Design And Implementation Of Website Vulnerability Scanning Software WEBSCAN
3	Research On Security Vulnerability Discovering Based On Fuzzing And Related Attack & Defense Techniques
4	Design And Implementation Of Web Security Vulnerability Scanning System
5	The Design And Realization Of Vulnerability Scanning System Based On OVAL
6	The Research On Network Security Domain Division Scheme Of Telecom Operation Enterprise Supporting System
7	Research On Domain Name System Security
8	Vulnerability Attack And Defense And Vulnerability Database Design
9	The Research And Implement Of The Technology Of Vulnerability Scanning Based On The Third-party Platform
10	Design And Implementation Of Vulnerability Scanning Engine Supporting Automatic Validation Of Results