摘要
针对分布式部署大量异构安全设备来构建网络安全防御体系而产生的海量安全事件信息难以有效组织管理以及对这些异地分布的安全监测系统难以集中管理的现状,提出统一网络安全管理平台模型,该平台根据云南省安全监测系统实际分布情况,利用分布式技术构建了一个层次化的信息集成系统。设计并分析了面向网络安全管理人员的体系结构,利用风险评估和事件关联的方法实时分析网络的风险状况,降低误报率,使管理人员准确定位安全事故的发生点以便及时做出响应。文中还讨论了分布式数据模型、安全事件规范化模型、安全通信和控制协议等关键技术。
As the use of distributed deployment of a large number of heterogeneous security devices in order to build network security defense system generates a mass of security event information which is difficult to effectively manage and the security monitoring systems that are deployed in different places are difficult to manage integratedly, united platform model for network security management is proposed. According to the actual distribution of Yunnan security monitoring systems, the platform establish a level of information system by the use of distributed technology. Platform designs and analyzes its oriented network security managers system architecture and uses risk assessment and event correlation to analyze network operating conditions in real-time, reduce false alarm ratio so that network security managers can find security accidents precisely and respond promptly. And then the paper describes key technologies such as distributed data model,secure event standardization model,secure communication and control protocol in detail.
出处
《微计算机信息》
2011年第12期111-113,共3页
Control & Automation
关键词
网络安全管理平台
分布式数据模型
事件规范化
安全通信协议
风险评估
事件关联
Management Platform for Network Security
Distributed Data Model
Event Standardization
Assessment
Secure Communication Protocol
Risk Assessment
Alert Correlation
