面向用户准入控制的信息安全统一威胁防御管理

目前的安全解决方案如防火墙、病毒网关、IPS等的关注重点基本都集中在对外网的防护上,缺乏对内网的攻击防护;IDS、主机入侵检测、安全审计等主要是以监测为主,关注重点是记录攻击行为,需要与其他设备联动才能阻止攻击行为;在内网防护上只有防病毒软件,但防病毒软件又缺乏强制性,安全体系存在较大的漏洞。面对用户接入内网后的各种主动或被动性安全威胁造成的压力,文章结合湖北省电力公司信息运维中用户面临的安全问题,以及用户分布的实际情况,统筹规划,提出建立面向用户的信息安全统一准入防御体系管理系统模型,构建集认证、账号、授权、审计于一体的终端管理体系,以及防病毒、防间谍、防蠕虫、防木马、防泄密的一体化关键平台和安全防御工作机制,进一步完善国家电网公司信息安全防护体系。

Information Security Unified Threat Defense Management Based on User Access Control

The existing security solutions, such as firewalls, virus gateways, IPS and so on, focus on the external network protection instead of the internal network attack protection. However, other security solutions, such as IDS, host intrusion detection, and security auditing, mainly focus on monitoring and logging attack behaviors, and prevent attack behaviors only with the supports of other devices. Moreover, the intranet protection only use optional anti-versus protection software. Thus there are many vulnerabilities in the security system. Based on the tremendous pressure imposed by the various active or passive security threats when users access to the network, this paper combines with the security problems of the information operation and maintenance by Hubei Electric Power Company, and the situations of user distribution, in order to propose to build a user-oriented information security admittance defense system model, an integrated terminal management system with certification, account number, authorization and auditing, an integrated key platform against versus, spyware, worms, trojans and disclosure and secure defense mechanism. The platform will be helpful to improve the information security protection system for State Grid Corporation of China.