Design And Implementation Of Centralized Management System For Bank Operation And Maintenance Users

At present,the commercial bank information system runs on window,AIX,SCO UNIX,Linux,AS400 and other operating systems.Each operating system has a separate user authentication mechanism.At the same time,because the server is independent,the operating system on each server manages its own users.The operation and maintenance users of the Information Technology Department are manually maintained by the administrators on each system.The user maintenance workload is large,the maintenance is not uniform,the maintenance timeliness is poor,the errors are easy to occur,the user verification workload is large,and the verification timeliness is poor.The system administrator logs in to each information system server through SSH,Telnet,VNC,RDP,and SNA to perform routine maintenance operations.There is no unified login entry,and the user login cannot be effectively monitored and managed.There is no effective record of the daily operation of the operation and maintenance users,and there is no effective monitoring and post-audit means.According to the "Basic Requirements for Security Level Protection of Information Security Technology Information System",users who log in to the operating system and database system should be identified and authenticated,and a dedicated login control module is provided to identify and authenticate the logged-in user.For the information system of the third level,it is required that the authentication of the management user should be authenticated by using two or more combinations of the authentication and monitoring.For the information system of the fourth level,at least one of the identification information is not forged.According to the "Guidelines for Information Technology Risk Management of Commercial Banks",the operation logs of the highest privileged users are recorded and monitored.Therefore,in order to meet regulatory requirements,standardize operation and maintenance user management,strengthen the supervision of system administrators' daily work,and prevent risks,it is necessary to establish a centralized management system for operation and maintenance users to further improve the operation and maintenance management level of commercial bank data center information systems.Through the construction of the operation and maintenance user centralized management system project,the unified login interface,unified maintenance management,access control,and on-the-spot monitoring and post-audit of the commercial bank information system operation and maintenance users are realized.This article has mainly completed the following work:(1)Unified login interface for operation and maintenance users.Integrate the operation and maintenance terminals and provide a unified login interface.Before logging in to the server,the system administrator must log in to the centralized user management platform.The system provides a high-strength authentication interface,and provides authentication methods such as static passwords and dynamic passwords,such as token passwords,to implement dynamic password generation.The root user has two control functions and can block the server backend password.The system can be bypassed directly to access the server under the exception of the centralized user management platform.Meet the "Basic Requirements for Security Level Protection of Information Security Technology Information System" for the third-level system security requirements,provide a dedicated login control module for identity identification and authentication of login users,and use two or more combinations of differential monitoring to achieve Authenticate the administrative user.(2)Unified maintenance management of operation and maintenance users.Based on the RBAC(Roled-Based Access Control)model,the user management module is developed to provide unified management of operation and maintenance users,including user creation,modification,deletion,suspension,and password change.(3)Operation and maintenance user access control.Permissions can be divided by users and groups,and the roots can control the servers or systems that users and groups can access.(4)Monitoring and post-mortem auditing of operation and maintenance user operations.Records the operations of the system administrator,providing operational history queries and replay capabilities.By supervising the operation of the system administrator,the management personnel's ability to control and supervise the operators and the whole system is improved,and the security management requirements of the operating system software are met in the "Guidelines for Information Technology Risk Management of Commercial Banks",and the operation log of the highest-privileged users is recorded.And monitoring.