| 摘要: |
| [目的]探讨如何为各类信息系统安全性保障测试提供综合性支撑服务。[方法]综合应用网络主机检测、数据库检测、Web应用漏洞检测等关键技术,通过协同集成方法,设计一个集约化信息安全测评平台。[结果]该平台集网络攻防演练和演示、管理安全测试、数据安全测试、外部安全测试及网站系统内容测试、产品与系统测评、信息安全应急响应为一体,可以在信息系统功能、性能、安全等方面为政府各部门及社会各界提供测试和评估服务。[结论]实际应用表明,该平台能够满足信息系统安全测评的关键需求,能够提供一体化信息安全测评功能。 |
| 关键词: 信息安全评测 漏洞管理 漏洞扫描 |
| DOI: |
| 投稿时间:2014-04-10修订日期:2014-06-10 |
| 基金项目:广西壮族自治区科学技术厅"计算机网络信息系统测评实验室"项目(桂科条字[2008]5号),"广西壮族自治区信息安全测评平台"项目(桂科条字[2010]12号)资助。 |
|
| Design of An Integrated Information Safety Evaluation Platform |
|
YANG Xue-jun
|
| (Guangxi Institute of Electron Production Supervision and Inspection, Nanning, Guangxi, 530031, China) |
| Abstract: |
| [Objective] To provide comprehensive support services for safety testing of information systems.[Methods] An integrated information safety evaluation platform has been designed by integrating multiple key detection technologies covering network host,database and Web application loophole etc.[Results] This platform integrates network attack and defense,demonstration,management safety testing,data safety testing,external safety testing and web content system testing,product and system testing,and information safety emergency response.It also can provide testing and evaluation services to the departments of government and community for the function,performance,safety,and other aspects of their information systems.[Conclusion] The actual application of the platform meets the key demand of information system safety evaluation and provides the integrative evaluation of information safety. |
| Key words: information safety evaluation vulnerability management vulnerability scanning |
