The construction of information security solutions help keep the three major civil aviation safety

在信息技术被民航业深度依赖的今天,信息安全的问题也日益突出。民航局提出要像抓飞行安全一样紧抓信息安全,将信息安全同飞行安全、空防安全列为航空公司的三大安全,凸显局方对信息安全工作的重视。为了能够使日益严峻的信息安全态势得到控制,保障航空业信息系统的安全,开展信息安全建设工作势在必行。
解决方案
分区分域
风险管理的基本解决思路在于能够准确的识别风险,并将高级别风险降低或者转移,只有贴近具体业务系统,对业务系统的重要性和特点有了清楚的定义和识别,风险管理才可能取得确实的成效。要将风险管理和业务系统联系起来,用安全域是一个比较好的解决思路。
信息系统划分安全域后,各域之间的业务系统之间访问是通过边界进行,安全域的边界是其它域或外界进入信息网络系统的主要通道,因此域边界就是信息系统的风险控制点。
通过对航空业的信息系统数据流分析和业务逻辑分析,信息系统构架整体采用星型结构,各个安全域分别与核心交换区域互联,数据交换以及业务访问均通过核心交换来完成,因此安全域划分如下:
◆互联网区域
◆核心交换区域
◆外联网区域
◆业务发布区域
◆广域网区域
◆安全管理区域
◆办公区域
◆生产服务器区域
◆数据库服务器区域
防火墙
通过在安全域之间设定安全边界,实现安全域间的隔离和访问控制机制,通过各个区域边界署防火墙,实现严格的隔离访问控制策略,保证安全域的安全性。
入侵防护
传统的安全设备,如防火墙只能做到基于五元组(源IP地址、目的IP地址、服务、源端口、目的端口)访问控制,对于隐藏在应用中的攻击增多,越来越多的基于应用的攻击行为的攻击无能无力。通过部署入侵防护系统能够实时、主动拦截黑客攻击、蠕虫、网络病毒、后门木马、D.o.S等恶意流量,保护企业信息系统和网络架构免受侵害,防止操作系统和应用程序损坏或宕机。同时能够基于敏感数据的外泄、文件识别、服务器非法外联等异常行为检测,实现内网的高级威胁防护功能。
漏洞扫描
通过部署漏洞扫描系统对应用服务器、数据库服务器以及其他网络设备定期进行漏洞扫描,可以有效评估各个信息系统的安全状况。
安全配置核查通过部署配置核查系统能够快速有效的在新业务系统上实现上线安全检查、第三方入网安全检查、合规安全检查(上级检查)、日常安全检查等全方位设备检查,同时能够集中收集核查的结果,以及制作风险审核报告,并且最终识别那些与安全规范不符合的项目,以达到整改合规的要求。
纵深防御
DDoS攻击防护
通过部署绿盟科技抗拒绝服务攻击产品能够有效的DDoS攻击,保证合法流量的正常传输,保障业务系统的运行连续性和完整性。
Web应用防护
在网站前端部署专业的Web安全设备是一种合理的选择。部署Web应用防护系统能够保障Web应用不受黑客的基于80端口的攻击和侵袭,从而保障业务系统的安全。
网页防篡改
网页篡改是攻击手段导致的一种攻击结果。黑客网页篡改的攻击手段,从传统的网站入侵手段逐渐向应用层攻击手段演变。部署网页防篡改系统,能够发现各种形式攻击导致的网页篡改事件并进行恢复;具备完善的自我保护机制。最终该网页篡改防护系统能够实现对以下内容的保护:静态网页、动态网页声音、视频、图片以及允许从互联网访问的其他资源。
入侵威胁检测
除针对80端口的入侵和攻击事件外,也应该从全局上关注入侵和异常行为的威胁,入侵检测技术的重要意义在于能够实时地分析当前网络流量,基于检测规则库和正常行为的建模,发现异常的网络威胁,提供告警和日志记录,通过对日志记录的全面分析往往能够发现入侵行为的蛛丝马迹,从而对系统当前的威胁程度有着更加直观和全面的感知。

印度即时通讯应用 Hike 2016 财年数据:收入 420 万印度卢比,估…

内网安全审计
部署内网安全审计系统,有效监督员工对信息系统访问行为和敏感信息传播,准确掌握网络系统的安全状态,及时发现违反安全策略的事件并实时告警、记录,同时进行安全事件定位分析,事后追查取证,满足合规性审计要求。
网站安全监测服务
网站安全监测服务,是一款托管式服务,用户无需安装任何硬件或软件,无需改变目前的网络部署状况,无需专门的人员进行安全设备维护及分析日志。用户只需要将监测的网站域名告知我方人员,许可后即可获得7×24小时的网站安全监测服务,一旦用户的网站遇到风险状况后,安全监测团队会在第一时间与用户确认,并提供专业的解决方案建议。除此之外,安全专家会定期为用户出具周期性的监测报告,让用户整体掌握网站的风险状况及安全趋势。
重点防范
数据库审计
面对各式各样数据库的大面积应用,以及法规遵从的要求,航空公司数据中心迫切需要能够切实解决实际问题的专业数据库审计产品。部署数据库审计系统能够准确识别具体的操作对象、能够准确地进行参数关联、能够准确地把后端数据库的SQL操作与前端Web应用的用户进行关联,便于管理员对所有的数据库访问进行精准定位、责任到人。
这要看企业的发展是不是真正尊重市场,有没有资金和技术实力,还有就是企业本身的品牌和文化建设优势。

横琴人寿发布放心回家路安全保障计划首款上线
《"十三五"国家信息化规划》之电子政务篇

数据防泄露
民航近些年频频发生的用户敏感信息泄露事件,给民航公司信誉、经济等方面带来了巨大的损失; 通过部署DLP数据泄露防护系统基于数据存在的三种形态(存储、使用、传输),对数据生命周期中的各种泄密途径进行全方位的监查和防护,保证了敏感数据泄露行为事前能被发现,事中能被拦截和监查,事后能被追溯,使得数据泄露行为无处遁形,敏感数据无径可出,从而成为用户数据安全真正的坚实守护神。
方案价值
方案结合航空公司信息安全建设项目总体要求,通过分析航空公司信息系统所面临的安全风险,绿盟科技以其自身的技术实力和多年在政府行业的咨询和服务经验,为其提供必要、有效的信息安全咨询服务和信息安全建设方案,主要价值有:
◆切实解决用户问题,有效降低航空公司网络安全风险和威胁,大大提高了航空公司的网络安全防护能力,保障航空公司信息集成系统安全运行;
◆帮助用户建设先进、自主可信、可扩展的全方位数据防泄密技术体系,提供完整的数据资产生命周期主动风险控制和自动化管理,有效降低泄密风险,提升防护能力,维护用户声誉;
◆通过管理和技术相结合的方式,为航空公司信息安全建设制定了整体安全防护策略;
◆推动了航空公司信息安全体系建设步伐,助力满足国家、行业政策及合规要求,帮助其顺利通过相关监管部门安全检查;
◆通过建立健全信息安全管理体制,既保证了航空公司生产和经营的安全、达到提高民航信息系统安全性的目的,也为提升机场的盈利能力和核心竞争力做出了贡献。
请点击屏幕右上方“…”
关注绿盟科技公众号NSFOCUS-weixin↑↑↑长按二维码,下载绿盟云APP
该文章作者已设置需关注才可以留言
微信扫一扫关注该公众号
In today’s information technology is deeply dependent on the civil aviation industry, information security issues are also increasingly prominent. The Civil Aviation Bureau proposed to like flight safety as to information security, information security and flight safety, aviation security as the three big airline security, highlighting the importance of information security administration work. In order to control the security situation of the aviation industry, it is imperative to carry out the construction of information security.
Solution
Partition partition
The basic ideas of risk management is to be able to accurately identify the risk, and the high level of risk to reduce or transfer, only close to the specific business system, the definition and recognition of the importance of clear and characteristics of business risk management system, to achieve tangible results. It is a good idea to use the security domain to connect the risk management and the business system.
The information system security domain division, between business systems among domains is accessed through the boundary of the security region boundary is the main channel of the other domain or the outside world into the information network system, so the risk control points is the domain boundary information system.
Analysis and analysis of business logic through the information system of the aviation industry, the overall information system framework with star structure, each security domain exchange respectively interconnected with the core, to complete the data exchange and business access through the core exchange, so as the partition of security domain:
The Internet area
The core exchange area
The external network area
The business of publishing region
I Wan area
The safety management area
The office area
The production server area
The database server area
firewall

By setting the security boundary between security domains, isolation and access control mechanism of the security domain, through each department boundary firewall, to achieve strict isolation of access control strategy, to ensure the safety of the security domain.
Intrusion Prevention
如何检测Web应用程序的安全
Traditional security devices such as firewall, can only be based on five tuple (source IP address, destination IP address, source port, destination port, service access control), for hidden in the application of the attack increases, more and more attacks based on the application of powerless attack. Through the deployment of intrusion prevention system can real-time and active hackers to intercept, worms, viruses, Trojans, backdoor network D.o.S malicious traffic, protect the enterprise information system and network architecture from abuse, to prevent the operating system and the application of damage or downtime. At the same time to sensitive data leakage, file server identification, illegal outreach and other abnormal behavior detection based on advanced threat protection function realization of intranet.
Vulnerability scan
Through the deployment of vulnerability scanning system on the application server, database server and other network devices regularly vulnerability scanning, can effectively assess the security situation of each information system.
Security configuration verification through deployment configuration verification system can achieve rapid and efficient on-line safety inspection, the third party network safety inspection, safety inspection compliance in the new business system (the check), check the daily safety inspection and a full range of equipment, at the same time to collect check results, and make the risk of the audit report, and the final recognition project those who do not comply with safety regulations and, in order to achieve the rectification of compliance requirements.
Defense in depth
DDoS attack protection
Through the deployment of the Green Alliance Technology against denial of service attacks can effectively DDoS attacks, to ensure the normal flow of legitimate traffic, to ensure the continuity and integrity of the operating system.
Web application protection
Deploying a professional Web security device at the front end of the site is a reasonable choice. Deployment of Web application protection system to protect Web applications from hackers based on 80 port attacks and attacks, so as to protect the security of the business system.
Web anti tamper
Web tampering is a result of attack. Hacker web page tampering attack means, from the traditional website invasion means gradually to the application layer attack means evolution. The deployment of web page tamper proof system, can be found in various forms of attacks caused by the web page tampering events and recovery. Finally, the web page tamper protection system can protect the following content: static web pages, dynamic web pages sound, video, pictures and other resources that can be accessed from the internet.
Intrusion threat detection
In addition to the invasion and attack on port 80, should also be concerned about the invasion and abnormal behavior from the global threat, the significance of intrusion detection technology is capable of real-time analysis of current network traffic modeling, detection rules and normal behavior based on the abnormal network threat, the alarm and log records, through a comprehensive analysis of the log records are always able to find traces of intrusion behavior, which has a more intuitive and comprehensive perception of the extent of the threat of the current system.
Intranet security audit
The deployment of the intranet security audit system, effective supervision of employees on the spread of sensitive information and behavior information access system, accurately grasp the security status of the network system in a timely manner, violations of security policy and real-time alarm, record, and analyze security event location, after tracing evidence, meet compliance audit requirements.
Website security monitoring service
Site safety monitoring service is a managed service, users do not need to install any hardware or software, no need to change the current status of network deployment, without the need for specialized personnel to analyze logs and maintenance safety equipment. The user only needs to monitor the website domain name inform us Personnel License can be obtained after 7 24 hours of web security monitoring services, once the user site meet the risk condition, safety monitoring team will confirm for the first time with the user, provide professional solutions and suggestions. In addition, security experts will regularly provide users with periodic monitoring reports, allowing users to master the overall risk of the site and security trends.
Focus on Prevention
Database audit
In the face of the wide range of applications of various databases, as well as the requirements of compliance, the airline data center is urgently needed to be able to effectively solve the practical problems of professional database audit products. The deployment of database audit system can accurately identify the specific operation object, accurately parameter correlation, able to accurately place the SQL operation and application front-end Web back-end database users association, administrator facilitate precise positioning, the responsibility to the people of all database access.
Data leakage prevention
Civil aviation in recent years the frequent occurrence of sensitive user information leak, has brought huge losses to the civil aviation company reputation and economic aspects; through the deployment of DLP data leakage protection system based on three morphological data exist (storage, use, transport), all the data in the life cycle of leakage monitoring and comprehensive protection. Ensure that sensitive data leaks can be found in advance, it can be intercepted and monitored afterwards can be traced, so that data breaches nowhere to hide, no sensitive data size, thus becoming the patron saint of solid real user data security.
Project value
The project construction scheme combined with the airline information security overall requirements, through the analysis of information system security risk faced by the airlines, NSFocus with its own technical strength and years in the government industry consulting and service experience, to provide the necessary and effective information for its security consulting services and information security construction scheme, the main value:
We effectively solve user problems, effectively reduce the airline network security risks and threats, greatly improves the network security protection to ensure the safety of the airline, airline operation information integration system;
The full range of user data to help the construction of advanced, reliable, independent extensible anti phishing technology system, providing data asset lifecycle complete active risk control and automation management, effectively reduce the risk of leaks, enhance the protective ability, maintain the user reputation;
All through the combination of management and technology, the development of the overall security strategy for the construction of airline information security;
It promoted the pace of the construction of information security system of the airline, help to meet national industry policies and compliance requirements, help the relevant regulatory authorities smoothly through the security check;
By establishing information security management system, both to ensure the production and operation of the airline security, to achieve the goal of improving the safety of civil aviation information system, but also made a great contribution to enhance the airport’s profitability and core competitiveness.
Please click on the top right of the screen…
Attention NSFocus public number NSFOCUS-weixin = = = length according to the two-dimensional code, Download NSFocus cloud APP
The author of the article has set up the need to be able to leave a message

即使在工作区域员工的隐私保护不是问题,员工本身的消极抗拒以得复杂多变的信息环境,比如BYOD和加密通讯等等,会让深度监控审计举步维艰且收效一般。

猜您喜欢

用黑客的手段来进行安全管理
实实在的信息安全综合解决方案拒绝忽悠
海外安全培训课程课件,帮助国外出差人员强化安全防范意识,积极应对劫持与绑架:
他在斯大林格勒狙杀二百德军,死后葬在那继续镇守
SMARTDRIVERUPDATER SIGNALWARRANT
企业安全歌,唱红中国,唱响全球