| As the network element scale of operators is expanding gradually,risks of the internal network control management have gradually emerged in the aspects of account management,network configuration and operation audit.Therefore,it is necessary for telecom operators to strengthen security management measures and eatabilish 4A(Account,Authorization,Authentication and Audit)unified security management platform in order to realize comprehensive,centralized and secure management of business systems.In this thesis,a 4A platform design suitable for Gansu Unicom is proposed according to the 4A security assessment requirements.According to the 4A security assessment requirements of ministry of industry and information technology and the basic network security operation and maintenance requirements of gansu unicom,this thesis puts forward the design scheme of gansu unicom 4A platform.The main design contents and methods include: firstly,the communication between 4A platform and various professional networks is completed,so that network resources can accessed uniformly and completely,Secondly,the operation and maintenance portal and authentication module are deployed at the provincial level to deploy the fortress acquisition machine for each resource management network in the province,so as to realize the operation access control and log collection of "application resources" and "system resources".Finally,cooperate with the group layer to complete the network configuration and coordination of network ports,links and IP addresses,and finally realize the data synchronization between the group layer and the provincial layer.The 4A platform of gansu unicom needs to include level 3 and level 3 as Internet access elements.However,each professional network management(data network management,wireless network management,transmission network management and core network management)of the network is independently organized and not included in centralized operation and maintenance.There are various ways of carrying network management services from prefectures to provincial network management centers.Some carry IT carrying network or IP carrying network A of the information department of gansu unicom,and some carry network through 2M link.At present,the network management outside the professional belt has not been separated from the production network,resulting in high maintenance risks.The third party platform cannot achieve smooth and seamless access,and the newly built cloud platform cannot be connected to achieve centralized operation and maintenance.Therefore,in the construction of 4A platform of gansu unicom,network elements connected to 4A platform need to be integrated,that is,network network transformation.In the design and implementation comprehensively sorted out the business requirements,functional objectives,coverage and overall plan of the proposed 4A management platform in the province.Through the investigation of resource status,we have fully mastered the network topology,hardware and software configuration information of the domestic demand system in the province.According to the project construction target,cooperate with the "third party integrator" to develop the network scheme required for the resource takeover and the configuration scheme for the account password and login authentication related parameters on the resource takeover side;Planning the network ports,links and IP address resources involved in 4A platform's access to CE router and IP of B network,coordinating and completing the configuration and linkage of network ports,links and IP address resources involved in fortress acquisition machine's access platform;Responsible for realizing the network connection,configuration and network layer coordination between 4A platform and professional line "resource management network".4A platform solve the business support system internal user account management,authorization management related issues,and gansu unicom application system,the host system,database,network equipment and safety equipment integrated into the management platform system,through the platform for the business support system all IT resources for centralized control,providing centralized account management and authorization management,enhance the business support system security and management ability.The main innovation point of this design is to realize the accurate management of different departments and meet the requirements of different specifications of gansu unicom.At the same time,according to the new requirements of "guidance opinions on security technical specifications of China unicom business support network 4A",a new plan is put forward for the management process of Treasury type management and support system.The 4A platform can record,analyze and display the operation and maintenance operations of authorized personnel,so as to achieve pre-planning and prevention,real-time monitoring during the incident,response to violations,post-compliance report and accident tracking and playback,and strengthen the supervision of internal business operation and behavior,thus realizing the visual,controllable and credible use of daily operation and peacekeeping operations.4A system in gansu unicom trial operation,from the technology to ensure the implementation of the company's network security strategy,gansu unicom network security escort. |
PDF Full Text Request