基于消息中间件的安全管理中心的设计与实现
|
摘要
网络安全管理中心SOC,是面向大型企业的安全综合管理、协助用户实现安全组织管理、安全运作管理和安全技术框架的中心枢纽。基于SOC分层防护骨干网中的重要网络设备,重点保护各个应用服务器及所处的核心网段,关联分析和计算关键安全数据,指导安全运行和维护,对提升网络的可管理性和安全水平具有重要意义。
针对当前主要网络安全产品的局限性和应用需求,论证了建设SOC的必要性。基于JMS开发规范,采用Java技术架构,提出了自主研发消息中间件SMsgServer的技术方案:利用RMI进行分布式数据存储,通过JNDI服务的上下文对象创建连接,以XML作为消息形式,使用Pub/Sub通讯模式简化系统间异步数据传输。
为了有效解决传统采集器只能获取SNMP v1/v2设备信息的问题,结合作者实现的基于SNMPv3体系结构的数据采集器DCP,深入分析了综合利用Java线程池机制和开源包SNMP4J实现自动发现和数据采集模块的详细过程和技术要点,指出了具体使用方法和应注意的问题,比较分析了DCP与其它采集器的安全性和效率。
论文扼要介绍了对采集到的网络安全设施性能数据的标准化、归并压制和关联分析,对大型网络系统中各种安全设备和安全软件实现性能管理和监控,把网络中安全孤岛联结成有机协作、整体互动的关联规则和管理平台应用展示的预期效果。
最后总结了课题研究的实际意义,在所做工作的基础上展望了安全管理中心的发展与应用前景,提出了进一步的研究方向和课题。
Network Security Management Center SOC becomes the core of comprehensive security management facing large corporations and is the essential component to help customers implement security organization management, security operation management and security technology framework. SOC focuses on the protection of all application servers and key positions in network by layered protecting the important backbone network equipment, analyses business association rules, computes the key security data and guides the security operation and maintenance. It's significant to enhance the manageability and security level.
Aimed at the limitations of network security products and applications requirements, the necessity for building SOC is demonstrated. Based on JMS and adopting Java technology framework, the technology scheme of self's own research and development named SMsgServer middleware is presented that RMI using for distributed data storage, through the context object of JNDI service creating connections, XML as the storage message form, Pub / Sub model simplifying communications between asynchronous data transmission system.
In order to effectively solve the problem that traditional collection only accesses the information of SNMP vl/v2 equipments, according to data collector DCP based on SNMPv3 architecture that the author realized, this thesis analyzes the detailed process and technical points of developing automatic discoverer module and data collection module by utilizing Java thread pool mechanisms and open source package SNMP4J. And it indicates the specific methods and problems which should be paid attention to, and compares the safety and efficiency between DCP and other collections.
The thesis briefly introduces how to standardize, merge, repress and correlation analyze the acquisition data derived form network security devices, how to realize the performance management and monitor of different security equipments and software of large network system. The security isolated island is connected as the organic cooperative and integral association rules, and the expect results of management platform are displayed.
Finally, the practical research significance is summarized, based on our work, the development and application foreground of security management centre is prospected, and the further research is proposed.
针对当前主要网络安全产品的局限性和应用需求,论证了建设SOC的必要性。基于JMS开发规范,采用Java技术架构,提出了自主研发消息中间件SMsgServer的技术方案:利用RMI进行分布式数据存储,通过JNDI服务的上下文对象创建连接,以XML作为消息形式,使用Pub/Sub通讯模式简化系统间异步数据传输。
为了有效解决传统采集器只能获取SNMP v1/v2设备信息的问题,结合作者实现的基于SNMPv3体系结构的数据采集器DCP,深入分析了综合利用Java线程池机制和开源包SNMP4J实现自动发现和数据采集模块的详细过程和技术要点,指出了具体使用方法和应注意的问题,比较分析了DCP与其它采集器的安全性和效率。
论文扼要介绍了对采集到的网络安全设施性能数据的标准化、归并压制和关联分析,对大型网络系统中各种安全设备和安全软件实现性能管理和监控,把网络中安全孤岛联结成有机协作、整体互动的关联规则和管理平台应用展示的预期效果。
最后总结了课题研究的实际意义,在所做工作的基础上展望了安全管理中心的发展与应用前景,提出了进一步的研究方向和课题。
Network Security Management Center SOC becomes the core of comprehensive security management facing large corporations and is the essential component to help customers implement security organization management, security operation management and security technology framework. SOC focuses on the protection of all application servers and key positions in network by layered protecting the important backbone network equipment, analyses business association rules, computes the key security data and guides the security operation and maintenance. It's significant to enhance the manageability and security level.
Aimed at the limitations of network security products and applications requirements, the necessity for building SOC is demonstrated. Based on JMS and adopting Java technology framework, the technology scheme of self's own research and development named SMsgServer middleware is presented that RMI using for distributed data storage, through the context object of JNDI service creating connections, XML as the storage message form, Pub / Sub model simplifying communications between asynchronous data transmission system.
In order to effectively solve the problem that traditional collection only accesses the information of SNMP vl/v2 equipments, according to data collector DCP based on SNMPv3 architecture that the author realized, this thesis analyzes the detailed process and technical points of developing automatic discoverer module and data collection module by utilizing Java thread pool mechanisms and open source package SNMP4J. And it indicates the specific methods and problems which should be paid attention to, and compares the safety and efficiency between DCP and other collections.
The thesis briefly introduces how to standardize, merge, repress and correlation analyze the acquisition data derived form network security devices, how to realize the performance management and monitor of different security equipments and software of large network system. The security isolated island is connected as the organic cooperative and integral association rules, and the expect results of management platform are displayed.
Finally, the practical research significance is summarized, based on our work, the development and application foreground of security management centre is prospected, and the further research is proposed.
引文
[1]《2006-2020年国家信息化发展战略》
[2]毛宏燕.基于J2EE技术的IDC服务监测平台研究与实现.西安:西安建筑科技大学,2002.
[3]王丹.基于消息中间件的过程控制软件开发平台Plature的研究与实践.西安:西安建筑科技大学,2004.
[4]王刚,李娟,洪萍.基于中间件的学生信息检索平台及其Java/Servlet实现.计算机与网络,2004,(13).
[5]李娟,毛宏燕,马光思.SNMP v3数据采集器DCP的研究与实现.微电子学与计算机,2008.12(已录用).
[6]白琳,宿红毅,王鑫.JMS与RMI技术在数据库监测系统中应用研究.计算机应用研究,2005,(12)
[7]詹先银.基于发布/订阅的消息中间件技术及其应用[D].西安:西安电子科技大学,2005.
[8]曾斌,彭长根,杨辉.基于J2EE技术的企业异步通信解决方案.计算机工程,2006,(05).
[9](美)Rod Johnson.J2EE设计开发编程指南.北京:电子工业出版社,2003.
[10]王丽琨.浙江电信DNS网管系统的设计与实现.北京邮电大学,2007(5).
[11](美)塔克(Stalk,S.)著,罗时飞译.JBoss管理与开发核心技术.北京:第三版,电子工业出版社,2004.
[12]肖晨,于敏,高小鹏.面向信息安全的分层消息中间件结构研究及实现.计算机工程与应用,2004,(29).
[13]何华海.基于消息的中间件设计模式和系统结构.北京:中国科学院研究生院,2002.
[14]薛蔡.SNMP and ItS Application in Network Management.兵工自动化,2003,(6).
[15]岑贤道.网络管理协议及应用开发.北京:清华大学出版社,1998.
[16]RFC 2574 SNMP USM(基于用户的安全模式)MIB。
[17]RFC 2575 SNMP VACM(基于视图的访问控制模式)MIB。
[18]Robert Eckstein,Male Loy&Dace Wood.Java Swing(O'Reilly).北京:清华大学出版社,2004.
[19]黄崇本,吴朝晖.中间件技术规范与应用.计算机应用与软件,2004,(07).
[20]RFC 2571 SNMP框架MIB。
[21]http://gceclub.sun.com.cn/NASApp/sme/jive/thread.jsp?forum=22&thread=16690
[22]Markku Korhonen,Message Oriented Middleware(MOM),Tik-110.551 Internetworking Seminar,Department of Computer Science Helsinki University of Technology,http://www.tml.tkk.fi/Opinnot/Tik- 110.551/1997/mqs.htm
[23]SU U.Java message service specification[EB/OL].http://java.sun.corn/products/jms/,2006.
[24](美)约翰逊著,魏海萍等译.J2EE设计开发编程指南.北京:电子工业出版社,2003(7).
[25]黄文.Syslog协议的安全漏洞.湖南科技学院学报,2005,(5).
[26]Sec View网络安全管理白皮书.http://bbs.chinacissp.com
[27]Java~(TM)2 Platform Standard Edition 5.0 API 规范.
[28]吴亚非,李新友,禄凯.信息安全风险评估.清华大学出版社.2007,(4).
[29]Renaud Bidou.Secudty Operation Center Concepts & Implementation.2005,(5).
[30]苏康.一种基于消息中间件的数据传输平台设计方法.科学技术与工程,2006,(4).
[31]Building Your Own Security Operations Center.http://www.cybertrust.com
[32]Mark Hapner rich burridge;Java Message Service API Tutorial and Reference;Prentice Hall/Pearson.2002,(10).
[33](美)CHRJS BRJTTON著,刁联旺,李彬译.IT体系结构与中间件--建设大型集成系统的策略.人民邮电出版社,2003(7).
[34]Hsin-Ta chiao,Chun-Han Lin,Kai-Chih Liang,and Shyan-Ming Yuan.The Experience of Using Java-baded Message-Oriented Middleware to Build a Diatributed Training Simulator.Department of Computer and Information Science National Chiao Tung University.1529-4188/02@2002IEEE.
[35](加)Jiawei Han Micheline Kamber著,范明,孟小峰等译.擞据挖掘概念与技术.北京:机械工业出版社,2005(6).
[36]孙卫琴.JAVA网络编程精解.电子工业出版社,2007,(2).
[37](美)DAVID REILLY,MICHAEL REILLY.JAVA NETWORK PROGRAMMING AND DISTRIBUTED COMPUTING,ADDISON WESLEY/PEARSON,2004,(10).
[38]Phong Tran,Paul Greenfield.Behavior and Performance of Message-Oriented Middleware Systems.CSIRO Mathematical and Information Sciences.North Ryde,Sydney,Australia.@2002IEEE.
[39]Piyush Maheshwari,Hua Tang,Roger Liang.Enhancing Web Services with Message-Oriented Middleware.Proceeding of the IEEE International Conference on Web Services(ICWS'04),0-7695-2167-3/04 IEEE.
[40]马长东,汪锦岭,李京.面向企业应用集成的消息中间件的设计与实现.计算机应用研究,2004,(7).
[41]Hui-Chieh Lu,Yen-Ping Chu,Ruey-Kai Shey,Win-Tsung Lo.A Generic Applecation Sharing Architecture Based on Message-Oriented Middleware Platform.1-4244-0165-8/06 @2006 IEEE.
[42]殷兆麟,张永平,姜淑娟.Java网络高级编程.清华大学出版社,2005,(5)
[43]秦璟,高文,储方杰.中间件技术研究.计算机应用研究,2003,(08).
[44]宁芊,殷国富,宋翠家.基于Java的企业应用集成技术.计算机应用研究,2004(02).
[45]Richard Monson-Haefel,David A.Chaappell.Java Message Service.O'Reilly,2001(01).
[46](美)Frank Cohen著,周磊译.Java测试与设计--从单元测试到自动Web测试.清华大学出版社,2005(7).
[47]阎宏编著,Java与模式.北京:电子工业出版社,2002(10).
[48]eNet硅谷动力.如何评估一个好的ITIL.
[49]韩圣.电信网络资源管理系统建设探讨.数字通信世界,2008(5).
[50]杨陆军.安全管理平台(SMP)在国家应急体系中的作用探讨.亿阳信通股份有限公司.CNCERT/CC 2005.
[51]安全管理平台技术交流(上海)北京启明星辰信息技术有限公司.2004(5).
[52]Diana Kelley and Ron Moritz.Best Practices for Building a Security Operations Center.OPERATIONS SECURITY.
[53]傅坚,陈斌,季文卿.安全运营中心发展趋势探讨.北京网通,2004(8).
[2]毛宏燕.基于J2EE技术的IDC服务监测平台研究与实现.西安:西安建筑科技大学,2002.
[3]王丹.基于消息中间件的过程控制软件开发平台Plature的研究与实践.西安:西安建筑科技大学,2004.
[4]王刚,李娟,洪萍.基于中间件的学生信息检索平台及其Java/Servlet实现.计算机与网络,2004,(13).
[5]李娟,毛宏燕,马光思.SNMP v3数据采集器DCP的研究与实现.微电子学与计算机,2008.12(已录用).
[6]白琳,宿红毅,王鑫.JMS与RMI技术在数据库监测系统中应用研究.计算机应用研究,2005,(12)
[7]詹先银.基于发布/订阅的消息中间件技术及其应用[D].西安:西安电子科技大学,2005.
[8]曾斌,彭长根,杨辉.基于J2EE技术的企业异步通信解决方案.计算机工程,2006,(05).
[9](美)Rod Johnson.J2EE设计开发编程指南.北京:电子工业出版社,2003.
[10]王丽琨.浙江电信DNS网管系统的设计与实现.北京邮电大学,2007(5).
[11](美)塔克(Stalk,S.)著,罗时飞译.JBoss管理与开发核心技术.北京:第三版,电子工业出版社,2004.
[12]肖晨,于敏,高小鹏.面向信息安全的分层消息中间件结构研究及实现.计算机工程与应用,2004,(29).
[13]何华海.基于消息的中间件设计模式和系统结构.北京:中国科学院研究生院,2002.
[14]薛蔡.SNMP and ItS Application in Network Management.兵工自动化,2003,(6).
[15]岑贤道.网络管理协议及应用开发.北京:清华大学出版社,1998.
[16]RFC 2574 SNMP USM(基于用户的安全模式)MIB。
[17]RFC 2575 SNMP VACM(基于视图的访问控制模式)MIB。
[18]Robert Eckstein,Male Loy&Dace Wood.Java Swing(O'Reilly).北京:清华大学出版社,2004.
[19]黄崇本,吴朝晖.中间件技术规范与应用.计算机应用与软件,2004,(07).
[20]RFC 2571 SNMP框架MIB。
[21]http://gceclub.sun.com.cn/NASApp/sme/jive/thread.jsp?forum=22&thread=16690
[22]Markku Korhonen,Message Oriented Middleware(MOM),Tik-110.551 Internetworking Seminar,Department of Computer Science Helsinki University of Technology,http://www.tml.tkk.fi/Opinnot/Tik- 110.551/1997/mqs.htm
[23]SU U.Java message service specification[EB/OL].http://java.sun.corn/products/jms/,2006.
[24](美)约翰逊著,魏海萍等译.J2EE设计开发编程指南.北京:电子工业出版社,2003(7).
[25]黄文.Syslog协议的安全漏洞.湖南科技学院学报,2005,(5).
[26]Sec View网络安全管理白皮书.http://bbs.chinacissp.com
[27]Java~(TM)2 Platform Standard Edition 5.0 API 规范.
[28]吴亚非,李新友,禄凯.信息安全风险评估.清华大学出版社.2007,(4).
[29]Renaud Bidou.Secudty Operation Center Concepts & Implementation.2005,(5).
[30]苏康.一种基于消息中间件的数据传输平台设计方法.科学技术与工程,2006,(4).
[31]Building Your Own Security Operations Center.http://www.cybertrust.com
[32]Mark Hapner rich burridge;Java Message Service API Tutorial and Reference;Prentice Hall/Pearson.2002,(10).
[33](美)CHRJS BRJTTON著,刁联旺,李彬译.IT体系结构与中间件--建设大型集成系统的策略.人民邮电出版社,2003(7).
[34]Hsin-Ta chiao,Chun-Han Lin,Kai-Chih Liang,and Shyan-Ming Yuan.The Experience of Using Java-baded Message-Oriented Middleware to Build a Diatributed Training Simulator.Department of Computer and Information Science National Chiao Tung University.1529-4188/02@2002IEEE.
[35](加)Jiawei Han Micheline Kamber著,范明,孟小峰等译.擞据挖掘概念与技术.北京:机械工业出版社,2005(6).
[36]孙卫琴.JAVA网络编程精解.电子工业出版社,2007,(2).
[37](美)DAVID REILLY,MICHAEL REILLY.JAVA NETWORK PROGRAMMING AND DISTRIBUTED COMPUTING,ADDISON WESLEY/PEARSON,2004,(10).
[38]Phong Tran,Paul Greenfield.Behavior and Performance of Message-Oriented Middleware Systems.CSIRO Mathematical and Information Sciences.North Ryde,Sydney,Australia.@2002IEEE.
[39]Piyush Maheshwari,Hua Tang,Roger Liang.Enhancing Web Services with Message-Oriented Middleware.Proceeding of the IEEE International Conference on Web Services(ICWS'04),0-7695-2167-3/04 IEEE.
[40]马长东,汪锦岭,李京.面向企业应用集成的消息中间件的设计与实现.计算机应用研究,2004,(7).
[41]Hui-Chieh Lu,Yen-Ping Chu,Ruey-Kai Shey,Win-Tsung Lo.A Generic Applecation Sharing Architecture Based on Message-Oriented Middleware Platform.1-4244-0165-8/06 @2006 IEEE.
[42]殷兆麟,张永平,姜淑娟.Java网络高级编程.清华大学出版社,2005,(5)
[43]秦璟,高文,储方杰.中间件技术研究.计算机应用研究,2003,(08).
[44]宁芊,殷国富,宋翠家.基于Java的企业应用集成技术.计算机应用研究,2004(02).
[45]Richard Monson-Haefel,David A.Chaappell.Java Message Service.O'Reilly,2001(01).
[46](美)Frank Cohen著,周磊译.Java测试与设计--从单元测试到自动Web测试.清华大学出版社,2005(7).
[47]阎宏编著,Java与模式.北京:电子工业出版社,2002(10).
[48]eNet硅谷动力.如何评估一个好的ITIL.
[49]韩圣.电信网络资源管理系统建设探讨.数字通信世界,2008(5).
[50]杨陆军.安全管理平台(SMP)在国家应急体系中的作用探讨.亿阳信通股份有限公司.CNCERT/CC 2005.
[51]安全管理平台技术交流(上海)北京启明星辰信息技术有限公司.2004(5).
[52]Diana Kelley and Ron Moritz.Best Practices for Building a Security Operations Center.OPERATIONS SECURITY.
[53]傅坚,陈斌,季文卿.安全运营中心发展趋势探讨.北京网通,2004(8).