I. Review of "Government Online Project" is a milestone in national construction, the party and the government led the people into the information era of the important steps.
US-led bombing of Yugoslavia by NATO air forces, and bombs on the Chinese Embassy, that the world is not peaceful, the threat of war still exists, the shadow of high-tech war with a peace-loving people. With the arrival of the information era, information warfare is becoming the main form of future warfare.
Turn of the century, information technology is both a challenge and an opportunity. Can meet the challenge, can grasp the opportunity to secure the guarantee.
"Government Online Project" as the national information infrastructure a key component of its security problems in the priority position. "Government Online Project" focuses not on the network infrastructure, but the government application systems, the government system involving a large number of state secrets.
Second, the overall safety of the Government Online Project idea 1, "Government Online Project" security threat "Government Online Project" of the main security threat comes from inside and outside of the various types of computer crime.
There are two types of computer crime: the destruction of the system as a target of systematic crime; to spread of illegal content, stolen, tampered with the information to target information crimes. Both systems in cases of crime and crime information on rare, because the system can not be criminal offenses that information, once the system destroyed, the information can not be information on the disappearance of a crime; and have to repeat the characteristics of information crime, criminals do not normally damage the system . For the type of computer crime, security measures are divided into two types: system security and information security. System security solution availability and reliability problems. Information Security Information Security issues to resolve. Information security through authentication, access control, data integrity, data confidentiality, audit records, anti-denial of the comprehensive use of other technologies.
One, the threat of computer crime from around the world. "Government Online Project" interoperability with the national information infrastructure, national information infrastructure has the world's information infrastructure and interoperability. Our information system is relatively low, security is lagging behind, but the security problems we face are exactly the same with the U.S. government.
2, wide dissemination of computer crime, serious harm. There are tens of thousands of Internet sites containing software of computer crime. After downloading the software, as long as the re-run can cause serious damage. A new computer crime software appears, you can spread throughout the world within a week. 98 years, computer crimes occurred in Yangzhou, criminals sneak into the bank computer system, stole 750,000 yuan. Premier Zhu Rongji's instructions are: "This is a signal that our bankers should pay attention to computer technology, criminals can not fall behind," Vice Premier Li instructions are: "Please continue to attach great importance to public security in conjunction with Ministry of Information Industry, take effective measures to crack down on cyber crime. " The amount of cases is small, but greatly shocked the financial industry, computer workers. Information system is a system of high standard, once the technical details of computer crime in Yangzhou on the Internet disclosure, easily lead to a lot of the same attack, even As a financial crisis.
2, "Government Online Project" security level of awareness developed from the "information war" point of view of security awareness.
China is still in the "remedial" stage. Many departments in their own network under attack, resulting in a loss to consider safety measures after.
"Government Online" project in the planning, design, investment must be stressed that every aspect of security.
3, "Government Online Project" line of security system technology, "Government Online Project" follow and uphold the security system to ensure the safety of open and technical route.
1, "Government Online Project" as the national information infrastructure is an important component of the technology must take the route open.
Internet in the global high-speed development, from the information technology industry as a whole line of the opening. "Government Online" project that to achieve the maximum benefit, you must take the open road. "Government Online" project began construction in time are isolated "points", these "points" connected to "face" and then finally connected into the "body", open technology road is to ensure that "government online" project from the "point" and "body" to ensure smooth over.
2, security and opening up is a contradiction. "Government Online" project should not only adhere to open technology road, but also to ensure the safety of any of them can not be neglected.
3, "Government Online" project consists of two main parts: the network infrastructure and applications. Adhere to the openness of the network infrastructure, adhere to security and confidentiality of application systems.
4, "Government Online Project" planning principles of a safe, global principle: security threats come from the weakest link. Planning must proceed from the overall security system.
2, integrated principles: security can not rely solely on technical measures must be combined with management.
3, the principle of proportionality: the strength of security measures to be consistent. Excessive number of points is a waste, some points are too weak risk. Strength and security costs to be balanced.
5, "Government Online Project" security needs a network system is available, reliable, government application system is secure, scalable, security transparent to users and applications.
2, external and defense, focusing on preventing internal. Financial Computer crime shows: 83% of computer crime from the inside, 14% of computer crime is collusion, only 3% of computer crime from the outside. 3, network infrastructure, the main security problem is the system security, application system, the main security issue is information security. Data and applications security is the key.
4, based on user identity and information security classification of the different authorization to visit the most important security mechanism.
6, "Government Online Project" security system 1, "Government Online" project security system to guide the planning, design, evaluation is based on a general awareness of security issues.
2, three-dimensional security system framework. Horizontal X: security mechanisms, the vertical axis Y: ISO / OSI network layers Inclined Z: information systems constitute an integral unit. In the framework of three-dimensional security system, packet filtering firewall can be expressed as FW (Z, Y, X) = (interconnected systems, network layer, availability and reliability). This description accurately defines the functions of a firewall, but also describes the shortcomings of firewalls: network layer firewalls can not solve these security problems, the firewall can resolve the host system's security. Expression of the various types of security needs within the framework of three-dimensional security system to form a description of the overall security needs; to the safety of the product safety system functional expression in three-dimensional framework, we can assess the security features of products; the expression of the system security features security system in the three-dimensional framework, we can assess the system's overall security.
3, security mechanism and security system
Identity: an information system, the problems in the identification
Access Control: According to the user, the information security classification decisions the user access to information
Data Confidentiality: In data storage, encryption during transmission to prevent theft and listening
Data integrity: to prevent data tampering
Non-repudiation: Preventing denied
Audit Management: Review, record, analyze user behavior
Availability and reliability: To prevent damage, with disaster recovery, fault tolerance, backup and restore functions 4, the network security service layer model ISO / OSI reference model of seven, is an important tool for analysis of network systems. According to the security needs of all levels, can draw the whole model of network security services, specifically as shown below:
5, comprehensive use of various security mechanisms, the formation of security system. Not a security mechanism to provide comprehensive security. Comprehensive use of various security mechanisms, through a combination of technology and management to form a security system.