摘 要:电子政务网站(gov.cn)是政府职能部门信息化建设的重要内容,主要实现政务信息公开、在线办事和政民互动三大功能定位。传统解决方案对于新形势下的应用安全威胁应对乏力。根据Gartner 的研究报告,未来的安全服务应该是防御、检测、响应三者并存的立体化联动防御机制。目前信息安全攻击有75% 以上都是发生在Web 应用层,目前超过2/3 的Web 站点都相当脆弱,易受攻击,这些攻击形式多种多样,手法也越来越隐匿,往往需要对多台安全设备中记录的日志进行大量的分析,进而配置有针对性的策略,这无疑对安全运维人员的水平提出了更高的要求。在新形势下,需要一种更便捷、更有效、性价比更高的安全交付方式。
关键词:网站安全;态势感知;风险评估;实时监测;攻击防护
中图分类号:TP393.08 文献标识码:A 文章编号:2096-4706(2018)09-0067-03
Managed Security Service Solution
HOU Binfeng
(Hebei Communication Design & Consultation Co.,Ltd.,Shijiazhuang 050021,China)
Abstract:The e-government website(gov.cn)is an important content of the information construction of the government’s functional departments. It mainly realizes the three functions of government information disclosure,online affairs,and the interaction between the government and the people. The traditional solution is weak for the application of security threats under the new situation:according to the research report of Gartner,the future security should be the coexistence of three groups of defense,detection andresponse,and the three-dimensional linkage defense mechanism. At present,more than 75% of the information security attacks have occurred in the Web application layer,and at present,the Web sites over 2/3 are very vulnerable to attack. These forms of attack are varied and the manipulations are becoming more and more hidden. We often need to carry out a large number of daily analyses on the logs recorded in multiple security devices,and then configure the target. Sexual strategy,which undoubtedly raises the high standard of safety operation and maintenance personnel. Under the new situation,a safer,more efficient and cost-effective delivery method is needed.
Keywords:website security;situational awareness;risk assessment;real-time monitoring;attack protection
参考文献:
[1] 陈晓桦,武传坤,等. 网络安全技术 网络空间健康发展的保障 [M]. 北京:人民邮电出版社,2017.
[2] 张炳帅.Web 安全深度剖析 [M]. 北京:电子工业出版社,2015.
作者简介:侯彬锋(1979.04-),男,河北石家庄人,高级设计师,中级工程师,学士,研究方向:互联网技术。