1. Overview of network security system
1.1 Concept of network security system
Network security system: It is the highest-level conceptual abstraction of the network security guarantee system. It is composed of various network security units according to certain rules to jointly achieve the goal of network security.
1.2 Characteristics of network security system
Integrity : The network security units rely on each other, restrict each other, and interact with each other according to certain rules to form a network security protection mode integrating human, machine, and physical objects .
Synergy : The network security system relies on the cooperation of multiple security mechanisms to build a systematic network security protection scheme.
Procedural : The network security system provides a procedural network security protection mechanism that covers the entire life cycle of protected objects .
Comprehensiveness : Control security threats based on multiple dimensions and levels .
Adaptability : It has a dynamic evolution mechanism and can adapt to changes and needs of network security threats .
2. Security model related to network security system
2.1 BLP confidentiality model (bottom read top write)
BLP Model: A Computer Security Model Conforming to Military Security Policy to Prevent the Spread of Unauthorized Information
Two properties:
Simple security feature : when reading access, the security level of the subject ≥ the security level of the object, that is, the subject can only read downward, not upward
*Feature: When writing access, the confidentiality level of the subject < the confidentiality level of the object, that is, the subject can only write upwards, not downwards
Regulation: A user wants to legally read certain information if and only if the user's security level is greater than or equal to the security level of the information, and the user's access scope includes the scope of the information
Security level: public<secret<confidential<top secret
category set: refers to the effective field of security level or the field to which the information belongs, such as personnel department, finance department, etc.
Example:
file F access category: {confidential: personnel department, finance department}
user A access type: {Top Secret: Personnel Department}
User B access type: {Top Secret: Personnel Department, Finance Office, Science and Technology Department}
User B can read file F, but user A cannot, because he does not have the scope of the Finance Department
2.2 BiBa integrity model (cannot be read, cannot be written, cannot be called)
BiBa model: used to prevent unauthorized modification of system information to ensure the information integrity of the system
Three characteristics:
Simple security feature : when reading access, the integrity level of the subject ≥ the integrity level of the object, that is, the subject cannot read downwards
*Characteristics : When writing access, the integrity level of the subject < the integrity level of the object, that is, the subject cannot write upwards
Invocation characteristics : the integrity level of the subject < the integrity level of another subject, another subject cannot be called
2.3 Information Assurance Model
2.3.1 PDRR
PDRR consists of the following 4 parts:
P: Protection. The main contents include encryption mechanism, digital signature mechanism, access control mechanism, authentication mechanism, information hiding, firewall technology, etc.
D: Detection. The main contents include intrusion detection, system vulnerability detection, data integrity detection, offensive detection, etc.
R: Recovery (recovery). The main contents include data backup, data recovery, system recovery, etc.
R: Reaction (response). The main contents include emergency strategy, emergency mechanism, emergency means, intrusion process analysis, security status assessment, etc.
2.3.2 P2DR
Consists of policy, protection, detection, and response. Strategy is at the core .
2.3.3 WPDRRC
It consists of early warning, protection, detection, response, recovery and counterattack.
The network security capabilities covered by the model are mainly early warning capabilities, protection capabilities, detection capabilities, response capabilities, recovery capabilities, and counterattack capabilities.
2.4 Capability Maturity Model
Mainly include: SSE-CMM (System Security Capability Maturity Model), Data Security Capability Maturity Model, Software Security Capability Maturity Model
The software security capability maturity model is divided into five levels , and the main process of each level is as follows:
CMMI Level - Patches
CMM Level 2 - Penetration Testing, Security Code Review
CMM Level 3 - Vulnerability Assessment, Code Analysis, Secure Coding Standards
CMM4 level - software security risk identification, SDLC implementation of different security checkpoints
CMM Level 5 - Improve software security risk coverage and assess security gaps
2.5 Defense in depth model
2.6 Layered Protection Model
2.7 Hierarchical protection model
Combining the risks faced by the system, system-specific security protection requirements, cost and other factors, it is divided into different security protection levels, and corresponding security protection measures are taken to ensure the security of information and information systems.
2.8 Network Survival Model
Network survivability refers to the ability of the network information system to continue to provide necessary services when the network information system is invaded.
At present, the international network information survival model follows the establishment method of 3R, namely resistance (Resistance), recognition (Recognition), recovery (Recovery)
3. Network security system construction principles and security strategies
3.1 Network Security Principles
Systematic and dynamic principles
Defense in Depth and Collaborative Principles
Network Security Risks and Principles of Hierarchical Protection
Principles of Standardization and Consistency
The principle of combining technology and management
Safety first, prevention first
Security and development are synchronized, business and security are equal
Principles of Human-Machine-Material Integration and Industrial Development
3.2 Network Security Policy
网络安全策略是有关保护对象的网络安全规则及要求,其主要依据网络安全法律法规和网络安全风险。
通常情况下,一个网络安全策略文件应具备以下内容:
涉及范围
有效期
所有者
责任
参考文件
策略主题内容
复查
违规处理
4.网络安全体系框架主要组成和建设内容
内容太多太杂
5.网络安全体系建设参开案例
5.1 网络安全等级保护体系应用参考
等级保护制度是中国网络安全保障的特色和基石
网络安全等级保护工作主要包括定级、备案、建设整改、等级测评、监督检查五个阶段
定级对象的安全保护等级分为五个:
第一级:用户自主保护级
第二级:系统保护审计级
第三级:安全标记保护级
第四级:结构化保护级
第五级:访问验证保护级
(记忆法:自主审计标记结构并验证)
网络安全等级保护2.0的主要变化包括:
扩大了对象范围
提出1个中心,三重防护体系架构
强化了可信计算技术使用的要求,增加了“可信验证”控制点
一些细节内容请翻看书籍,博客记录的并不完整