大庆油田企业网信息安全认证技术研究与实现
摘要
迅猛发展的信息技术已经把人类带入了信息社会。社会经济的发展对信息资源、信息技术和信息产业的依赖程度越来越大。在信息社会中,信息已成为人类宝贵的资源。然而,由Internet的发展而带来的网络系统的安全问题,正变得日益突出,并受到了越来越多的关注。因此网络安全已成为关系国家安全的重大战略问题。
大庆油田作为最大的国有企业,已经基本建成了用来实现企业内部信息资源共享的大型企业网(DQnet)。该网络覆盖面大,上网用户多,应用系统复杂,安全要求层次也高。如何确保网上共享信息的保密性、真实性、不可否认性和完整性,是一个现实而又重要的问题。因此,为了保证网络平稳运行,保证企业生产经营数据安全传输,建立企业网安全保障体系是非常必要的。
本文介绍了目前信息安全理论和技术发展状况,对CA认证理论、信息加密以及公共密钥管理等方面的技术进行了分析和论述。作者结合油田企业网信息安全需求的实际,提出了适合油田应用的信息安全体系基本构架,并开发完成了主要功能模块,还对Web和Domino等应用系统安全认证的接口模型和实现方法进行了深入的分析。
油田企业网信息安全技术的研究,对保障企业网上的信息应用系统的正常运行和推动企业信息化的发展将起到重要作用。
Rapid development of IT today has led human beings into an information society. The economic system more and more relies on information resources, information technology, and the information industry. In the information society, information has become a valuable resource, but security problems that come with the expansion of the Internet are increasingly serious and noticeable. Now network security is a vital strategic issue of national security.
As the biggest state-owned enterprise, Daqing Oilfield Company Ltd. (DOCL) has basically completed the construction of its own large-scale intranet (DQnet) that supports sharing of internal information. The intranet covers a wide area, holds a large number of users, includes many complicated application systems, and needs high-level security. How to ensure confidentiality, authenticity, incontestability, and integrality of shared information is a practical and important subject. Setting up a security system for Dqnet is necessary so that the intranet can run smoothly and safely transfer all data for production activities.
This article describes the situation of information security theory and technology, and discusses the theories of CA, Information Encryption, and Public Key System. Considering the practical requirement for information security in Dqnet, the author provides a framework for an information security system for oilfields like Daqing, and has developed several modules. In addition, interfaces and implementation methods of Web, Domino, etc. are analyzed in detail.
The study of information security for oilfield intranets will ensure that information applications operate normally, and push forward enterprise
informatization.
大庆油田作为最大的国有企业,已经基本建成了用来实现企业内部信息资源共享的大型企业网(DQnet)。该网络覆盖面大,上网用户多,应用系统复杂,安全要求层次也高。如何确保网上共享信息的保密性、真实性、不可否认性和完整性,是一个现实而又重要的问题。因此,为了保证网络平稳运行,保证企业生产经营数据安全传输,建立企业网安全保障体系是非常必要的。
本文介绍了目前信息安全理论和技术发展状况,对CA认证理论、信息加密以及公共密钥管理等方面的技术进行了分析和论述。作者结合油田企业网信息安全需求的实际,提出了适合油田应用的信息安全体系基本构架,并开发完成了主要功能模块,还对Web和Domino等应用系统安全认证的接口模型和实现方法进行了深入的分析。
油田企业网信息安全技术的研究,对保障企业网上的信息应用系统的正常运行和推动企业信息化的发展将起到重要作用。
Rapid development of IT today has led human beings into an information society. The economic system more and more relies on information resources, information technology, and the information industry. In the information society, information has become a valuable resource, but security problems that come with the expansion of the Internet are increasingly serious and noticeable. Now network security is a vital strategic issue of national security.
As the biggest state-owned enterprise, Daqing Oilfield Company Ltd. (DOCL) has basically completed the construction of its own large-scale intranet (DQnet) that supports sharing of internal information. The intranet covers a wide area, holds a large number of users, includes many complicated application systems, and needs high-level security. How to ensure confidentiality, authenticity, incontestability, and integrality of shared information is a practical and important subject. Setting up a security system for Dqnet is necessary so that the intranet can run smoothly and safely transfer all data for production activities.
This article describes the situation of information security theory and technology, and discusses the theories of CA, Information Encryption, and Public Key System. Considering the practical requirement for information security in Dqnet, the author provides a framework for an information security system for oilfields like Daqing, and has developed several modules. In addition, interfaces and implementation methods of Web, Domino, etc. are analyzed in detail.
The study of information security for oilfield intranets will ensure that information applications operate normally, and push forward enterprise
informatization.
引文
1 Arie Segev, Jaana Porra, Malu Roldan. Internet Security and the Case of Bank of America. Communications of the ACM. 1998, 41(10): 81-87
2 LEECH M, GANIC M, LEE Y, et al. SOCKS Protocol Version 5. RFC 1928[EB/OL]. http://www.jetf.org, 1996
3 Monica J. Garfield, Partick G. McKeown. Planning for Internet Security. Information Systems Management. 1997, 14(1): 41-46
4 Wang Lidong, Dong Yongping, Yu Xiangzhan, Jiang Zhongxiang. New Generation Firewall Technique. Proceedings of the 1998 2nd International Conference on Information Infrastructure, Beijing China, 1998. Publishing Hourse of Electronics Industry: 546-549
5 刘军,胡谋.Intranet安全技术综述.上海铁道大学学报(自然科学版).1997,18(3):100-104
6 李建萍,郭学理.Internet的安全机制.微型机与应用.1999,(2):26-29
7 曹玖新,普杰信,梁祖华.Intranet网安全技术.计算机系统应用.1998,(11):17
8 林晓东,杨义先,马严.网络安全关键技术的研究与进展.通信保密.1997,(2):42-45
9 Atkins Derke.Internet security professional reference.北京:机械工业出版社,1998:321-329
10 卢开澄.计算机密码学—计算机网络中的数据保密与安全(第2版)[M].北京:清华大学出版社,1998:123-146
11 张焕国,章重平.计算机安全保密技术的发展.交通与计算机.1996,14(1):2-6
12 张燕.数字签名技术的研究.计算机时代.1998,(5):20-22
13 张卫清,张红南,谢冬青.实用的数字签名方案进展.计算技术与自动化.1997,16(1):76-79
14 Jarol Scott,Pena Marisa.Web design & development black book.北京:机械工业出版社,1998:87-94
15 孙晓蓉,徐春光,王育民.网络和分布式系统中的认证.计算机研究与发展.1998,35(10):865-868
16 Thomas Y. C. Woo, Simon S. Lam. Authentication for Distributed Systems. Computer. 1992, (1): 39-51
17 李巍,李伟琴.网络用户认证系统的原理及应用.微型计算机.1997,17(3):1-5
18 Chang C. C., Wu T. C., Laih C.S. Cryptanalysis of a Password Authentication Scheme Using Quadratic Residues. Computer Communications. 1995, 18(1):45-47
19 谭真,鲍明忠.数字签名技术在Web中的应用.计算机与通信.1998,(11):38-40
20 谢琳,沈雁.Internet安全协议.计算技术与自动化.1998,17(3):71-74
21 张文政,孟庆志.通信保密技术.计算机应用.1998,18(6):37
22 李华,黄辉.Internet上的信息安全性探讨.现代计算机.1998,(8):6-9
23 Roger Lesser. So You Think Your Information is Secure—Is It? Defense Electronics. 1995, 17(5): 16-19
24 王怀伯,张申生,周一萍.Intranet/Extranet中的网络安全技术.计算机工程.1999,25(1):30-32
25 Douglas E. Comer. Computer Networks and Internets. Prentice Hall, 1997:426-428 430-431
26 Banks Michael A.Web psychos stalkers and pranksters.北京:中国水力电力出版社,1998:165-187
27 Sikhurana Gunnit.Web database construction kit.北京:机械工业出版社,1998:45-78
28 唐晓东,齐治昌.建立Internet上的安全环境.计算机科学.1998,25(1):26-30
29 邹旭凯主编.Intranet技术及其应用[M].西安:西安电子科技大学出版社,1998:203-256
30 韦卫,王德杰等.基于SSL的安全WWW系统的研究与实现[J].计算机研究与发展,1999,36(5):619-624
31 周世杰 秦志光 耿技.办公自动化系统中的安全性.电子科技大学学报.2000,29(2):3-4
32 王能,高卓敏.互联网的网络安全和协议.微型电脑应用.1998,(6):7-9
33 王育民,刘建伟.通信网的安全—理论与技术[M].西安:西安电子科技大学出版社.1999:77-92
2 LEECH M, GANIC M, LEE Y, et al. SOCKS Protocol Version 5. RFC 1928[EB/OL]. http://www.jetf.org, 1996
3 Monica J. Garfield, Partick G. McKeown. Planning for Internet Security. Information Systems Management. 1997, 14(1): 41-46
4 Wang Lidong, Dong Yongping, Yu Xiangzhan, Jiang Zhongxiang. New Generation Firewall Technique. Proceedings of the 1998 2nd International Conference on Information Infrastructure, Beijing China, 1998. Publishing Hourse of Electronics Industry: 546-549
5 刘军,胡谋.Intranet安全技术综述.上海铁道大学学报(自然科学版).1997,18(3):100-104
6 李建萍,郭学理.Internet的安全机制.微型机与应用.1999,(2):26-29
7 曹玖新,普杰信,梁祖华.Intranet网安全技术.计算机系统应用.1998,(11):17
8 林晓东,杨义先,马严.网络安全关键技术的研究与进展.通信保密.1997,(2):42-45
9 Atkins Derke.Internet security professional reference.北京:机械工业出版社,1998:321-329
10 卢开澄.计算机密码学—计算机网络中的数据保密与安全(第2版)[M].北京:清华大学出版社,1998:123-146
11 张焕国,章重平.计算机安全保密技术的发展.交通与计算机.1996,14(1):2-6
12 张燕.数字签名技术的研究.计算机时代.1998,(5):20-22
13 张卫清,张红南,谢冬青.实用的数字签名方案进展.计算技术与自动化.1997,16(1):76-79
14 Jarol Scott,Pena Marisa.Web design & development black book.北京:机械工业出版社,1998:87-94
15 孙晓蓉,徐春光,王育民.网络和分布式系统中的认证.计算机研究与发展.1998,35(10):865-868
16 Thomas Y. C. Woo, Simon S. Lam. Authentication for Distributed Systems. Computer. 1992, (1): 39-51
17 李巍,李伟琴.网络用户认证系统的原理及应用.微型计算机.1997,17(3):1-5
18 Chang C. C., Wu T. C., Laih C.S. Cryptanalysis of a Password Authentication Scheme Using Quadratic Residues. Computer Communications. 1995, 18(1):45-47
19 谭真,鲍明忠.数字签名技术在Web中的应用.计算机与通信.1998,(11):38-40
20 谢琳,沈雁.Internet安全协议.计算技术与自动化.1998,17(3):71-74
21 张文政,孟庆志.通信保密技术.计算机应用.1998,18(6):37
22 李华,黄辉.Internet上的信息安全性探讨.现代计算机.1998,(8):6-9
23 Roger Lesser. So You Think Your Information is Secure—Is It? Defense Electronics. 1995, 17(5): 16-19
24 王怀伯,张申生,周一萍.Intranet/Extranet中的网络安全技术.计算机工程.1999,25(1):30-32
25 Douglas E. Comer. Computer Networks and Internets. Prentice Hall, 1997:426-428 430-431
26 Banks Michael A.Web psychos stalkers and pranksters.北京:中国水力电力出版社,1998:165-187
27 Sikhurana Gunnit.Web database construction kit.北京:机械工业出版社,1998:45-78
28 唐晓东,齐治昌.建立Internet上的安全环境.计算机科学.1998,25(1):26-30
29 邹旭凯主编.Intranet技术及其应用[M].西安:西安电子科技大学出版社,1998:203-256
30 韦卫,王德杰等.基于SSL的安全WWW系统的研究与实现[J].计算机研究与发展,1999,36(5):619-624
31 周世杰 秦志光 耿技.办公自动化系统中的安全性.电子科技大学学报.2000,29(2):3-4
32 王能,高卓敏.互联网的网络安全和协议.微型电脑应用.1998,(6):7-9
33 王育民,刘建伟.通信网的安全—理论与技术[M].西安:西安电子科技大学出版社.1999:77-92
© 2004-2018 中国地质图书馆版权所有 京ICP备05064691号 京公网安备11010802017129号 地址:北京市海淀区学院路29号 邮编:100083 电话:办公室:(+86 10)66554848;文献借阅、咨询服务、科技查新:66554700 |