I目錄第1章項(xiàng)目情況概述A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A3第2章網(wǎng)絡(luò)結(jié)構(gòu)調(diào)整與安全域劃分A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A4第3章信用社網(wǎng)絡(luò)需求分析A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A531網(wǎng)上銀行安全風(fēng)險(xiǎn)和安全需求A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A632生產(chǎn)業(yè)務(wù)網(wǎng)絡(luò)安全風(fēng)險(xiǎn)和安全需求A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A7第4章總體安全技術(shù)框架建議A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A841網(wǎng)絡(luò)層安全建議A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A842系統(tǒng)層安全建議A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A3A043管理層安全建議A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A3A0第5章詳細(xì)網(wǎng)絡(luò)架構(gòu)及產(chǎn)品部署建議A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A3A451網(wǎng)上銀行安全建議A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A3A452省聯(lián)社生產(chǎn)網(wǎng)安全建議A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A3A153地市聯(lián)社生產(chǎn)網(wǎng)安全建議A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A3A554區(qū)縣聯(lián)社生產(chǎn)網(wǎng)安全建議A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A3A655全行網(wǎng)絡(luò)防病毒系統(tǒng)建議A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A3A756網(wǎng)絡(luò)安全管理平臺建議A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A3A9561部署網(wǎng)絡(luò)安全管理平臺的必要性A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A3A9562網(wǎng)絡(luò)安全管理平臺部署建議A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A3A857建立專業(yè)的安全服務(wù)體系建議A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A0A10571現(xiàn)狀調(diào)查和風(fēng)險(xiǎn)評估A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A0A3572安全策略制定及方案設(shè)計(jì)A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A0A0573安全應(yīng)急響應(yīng)方案A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A0A0第6章安全規(guī)劃總結(jié)A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A0A6產(chǎn)品配置清單A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A2A0A71第1章項(xiàng)目情況概述信用社網(wǎng)絡(luò)是一個(gè)正在進(jìn)行改造的省級銀行網(wǎng)絡(luò)。整個(gè)網(wǎng)絡(luò)隨著業(yè)務(wù)的不斷擴(kuò)展和應(yīng)用的增加，已經(jīng)形成了一個(gè)G8190G13449聯(lián)系，G19181G13520G3809G7446的網(wǎng)絡(luò)。G1186G13449G2533G7481G11487，目G2081G59G59G59銀行網(wǎng)絡(luò)分G1038G3247層，第一層G1038省聯(lián)社網(wǎng)絡(luò)，第G1120層G1038地市聯(lián)社網(wǎng)絡(luò)，第G989層G1038縣G708區(qū)G709聯(lián)社網(wǎng)絡(luò)，第G3247層G1038分理G3800網(wǎng)絡(luò)。G1186G8190G2533G7481G11487，省及G2520地市的銀行網(wǎng)絡(luò)G18129G6365G10043應(yīng)用劃分G1038G2162G1856G4388網(wǎng)G451生產(chǎn)G4388網(wǎng)和G3818聯(lián)網(wǎng)絡(luò)G989個(gè)G3835G4388網(wǎng)。G13792在省G1025G5527網(wǎng)上，G17836G2265G6336網(wǎng)上銀行G451G8991G16809G4388網(wǎng)和G48G44G54G4388網(wǎng)G989個(gè)單G10432的G4388網(wǎng)。G1866整個(gè)網(wǎng)絡(luò)的結(jié)構(gòu)G12046G5859G3282G3926G991G726A11A12A13A12A14A15A16A17A18A19A20A21A22A11信用社網(wǎng)絡(luò)是一個(gè)正在G7044建的網(wǎng)絡(luò)，目G2081業(yè)務(wù)系統(tǒng)G2030G2030上G13459G17828行，G17836G8821G7389進(jìn)行信G5699安全方G19766的建設(shè)。G13792G4557G1122信用社網(wǎng)絡(luò)G7481G16840，生產(chǎn)網(wǎng)是網(wǎng)絡(luò)G1025G7380G18337要的部分，G6164G7389的應(yīng)用G1075業(yè)務(wù)系統(tǒng)G18129部署在生產(chǎn)網(wǎng)上。一G7098生產(chǎn)網(wǎng)G1998現(xiàn)G19394G20076，造成的G6451G3845和G5445響G4570是不G2499估G18339的。G3252G8504現(xiàn)在急需G16311G1927生產(chǎn)網(wǎng)的安全G19394G20076。G7424G8437G4557信用社網(wǎng)絡(luò)的安全規(guī)劃G1177G19492G1122生產(chǎn)網(wǎng)G1209及與生產(chǎn)網(wǎng)安全G11468G1863的網(wǎng)絡(luò)部分，G3252G8504G991G19766G6117G1216著G18337G4557信用社的生產(chǎn)網(wǎng)構(gòu)架G1582一個(gè)詳細(xì)G6563述。G708一G709省聯(lián)社生產(chǎn)網(wǎng)絡(luò)2省聯(lián)社網(wǎng)絡(luò)生產(chǎn)網(wǎng)絡(luò)是全行信G5699系統(tǒng)的G7692G5527，業(yè)務(wù)系統(tǒng)G451網(wǎng)上銀行系統(tǒng)及管理系統(tǒng)G18129G19610G1025在信G5699G1025G5527。省聯(lián)社網(wǎng)絡(luò)生產(chǎn)網(wǎng)絡(luò)G17139G17143與G1166行及G1866G1194單G1313G1025G19400業(yè)務(wù)的G17842G6521。省聯(lián)社網(wǎng)絡(luò)生產(chǎn)網(wǎng)絡(luò)G17139G17143建立和G13512G6264網(wǎng)上銀行。省聯(lián)社網(wǎng)絡(luò)生產(chǎn)網(wǎng)絡(luò)G1025G2265G2559G48G44G54系統(tǒng)和G8991G16809系統(tǒng)。G6817G1328系統(tǒng)G1039要G7389G726G50G54G184G19G19G451G36G44G59G451G47G76G81G88G91G451G58G76G81G71G82G90G86，G1209及G1866G4439設(shè)G3803的專用系統(tǒng)。G6980G6466G5223系統(tǒng)G2265G6336G726G39G372G451G44G49G41G50RG48G44G59G451G54YG37G36G54EG451G50RG36CG47E等。業(yè)務(wù)應(yīng)用G2265G6336G726生產(chǎn)業(yè)務(wù)G726一G13459業(yè)務(wù)G726與客戶直G6521G1863聯(lián)的業(yè)務(wù)，G3926G36TG48G451PG50G54G451柜員終端等G1120G13459業(yè)務(wù)G726不直G6521與客戶G11468G1863的業(yè)務(wù)，G3926管理流程G451G1856文輪流轉(zhuǎn)G451監(jiān)督G451G1927策等，G1038一G13459業(yè)務(wù)的支撐。G708G1120G709地市聯(lián)社生產(chǎn)網(wǎng)絡(luò)地市聯(lián)社生產(chǎn)網(wǎng)絡(luò)是G1120級網(wǎng)絡(luò)，通過兩條互G1038G3803份的專G13459與省聯(lián)社G1025G5527網(wǎng)絡(luò)互G17842。G6817G1328系統(tǒng)G1039要G7389G726UG49G44G59G451G58G44G49G39G50G58G54。G708G989G709區(qū)G708縣G709聯(lián)社生產(chǎn)網(wǎng)絡(luò)區(qū)G708縣G709聯(lián)社生產(chǎn)網(wǎng)絡(luò)是G989級網(wǎng)絡(luò)，通過2G48G54G39HG18或者1G19G48光纖G1209太網(wǎng)G708G44G54G39G49G3803份G709等方式與管轄支行的網(wǎng)絡(luò)G17842G6521。G6817G1328系統(tǒng)G1039要G7389G726UG49G44G59G451G58G44G49G39G50G58G54。G708G3247G709分理G3800生產(chǎn)網(wǎng)分理G3800是G3247級網(wǎng)絡(luò)，G2520個(gè)分理G3800通過2G48G54G39H或者G44G54G39G49等方式與管轄區(qū)G708縣G709聯(lián)社的網(wǎng)絡(luò)G17842G6521。由G1122區(qū)縣聯(lián)社及分理G3800的網(wǎng)絡(luò)目G2081G17836G3800在組網(wǎng)的初級階段，網(wǎng)絡(luò)構(gòu)造簡單且G17836G8821G7389能力進(jìn)行完善的網(wǎng)絡(luò)安全建設(shè)和管理，G3252G8504G7424G8437規(guī)劃G1039要是G4557省及地市聯(lián)社的網(wǎng)絡(luò)安全部分。當(dāng)把省及地市部分的網(wǎng)絡(luò)建成一個(gè)比較完善的安全防G6264體系之后，再逐步的G4570安全措施和手段應(yīng)用G1122G991層的區(qū)縣聯(lián)社及分理G3800。G1186G13792實(shí)現(xiàn)整個(gè)網(wǎng)絡(luò)的G18337點(diǎn)防G6264G451分步實(shí)施策略。3第2章網(wǎng)絡(luò)結(jié)構(gòu)調(diào)整與安全域劃分G4557G1122信用社生產(chǎn)網(wǎng)絡(luò)G7481G16840，首要的一點(diǎn)就是應(yīng)該根G6466國家G7389G1863部門G4557G11468G1863規(guī)定，G4570整個(gè)生產(chǎn)網(wǎng)絡(luò)進(jìn)行網(wǎng)絡(luò)結(jié)構(gòu)的優(yōu)化和安全域的劃分，G1186結(jié)構(gòu)上實(shí)現(xiàn)G4557安全等級化保G6264。根G6466G1025國G1166民銀行計(jì)算機(jī)安全管理暫行規(guī)定G708G16809行G709的G11468G1863要求G726“第六十一條內(nèi)聯(lián)網(wǎng)上的G6164G7389計(jì)算機(jī)設(shè)G3803，不得直G6521或G19400G6521地與國際互聯(lián)網(wǎng)G11468聯(lián)G6521，必須實(shí)現(xiàn)與國際互聯(lián)網(wǎng)的物理隔離?！薄暗谄呤鍡l計(jì)算機(jī)信G5699系統(tǒng)的開發(fā)環(huán)境和現(xiàn)場應(yīng)當(dāng)與生產(chǎn)環(huán)境和現(xiàn)場隔離?！盙3252G8504G6117G1216G7389必要G4557現(xiàn)G7389網(wǎng)絡(luò)環(huán)境進(jìn)行改造，G1209G4570生產(chǎn)業(yè)務(wù)網(wǎng)絡(luò)G708G2265G6336一G13459業(yè)務(wù)和G1120G13459業(yè)務(wù)G709與具G7389互聯(lián)網(wǎng)G17842G6521的G2162G1856網(wǎng)絡(luò)之G19400區(qū)分開G7481，通過強(qiáng)G7389力的安全控制機(jī)制G7380G3835化實(shí)現(xiàn)生產(chǎn)系統(tǒng)與G1866G1194業(yè)務(wù)系統(tǒng)之G19400的隔離。同時(shí)，G4557信用社G6164G7389信G5699資源進(jìn)行安全分級，根G6466不同業(yè)務(wù)和應(yīng)用類型劃分不同安全等級的安全域，并分別進(jìn)行不同等級的隔離和保G6264。初步規(guī)劃G4570省聯(lián)社生產(chǎn)網(wǎng)絡(luò)劃分成多個(gè)具G3803不同安全等級的區(qū)域，參考G1856安部發(fā)布的信G5699系統(tǒng)安全保G6264等級定級指南，G6117G1216G4557安全區(qū)域劃分和定級的建議G3926G991G726表21安全區(qū)域劃分和定級的建議A23A24A25A26A25A26A27A28A29A30A31A32A31A32A33A34A35A36A37A38A39A40A41A42A43A42A44A45A46A47A48A49A50A51A35A36A37A38A52A40A41A42A43A42A44A45A46A53A48A54A55A56A57A35A36A37A38A54A55A56A57A41A42A43A42A44A45A46A53A48A58A57A59A60A35A36A37A38A61A62A54A63A64A65A66A67A68A69A58A57A70A59A60A43A42A44A45A46A71A59A60A72A73A53A48A74A75A35A36A37A38A76A77A78A70A33A34A79A80A70A74A75A81A82A83A84A85A86A87A33A34A81A82A88A48A89A90A43A42A44A35A36A37A38A89A90A41A42A66A67A43A42A44A45A46A53A48G4557G1122G2520地市G451區(qū)縣聯(lián)社和G2520營業(yè)網(wǎng)點(diǎn)G1075需要G4570生產(chǎn)業(yè)務(wù)和G2162G1856業(yè)務(wù)嚴(yán)格區(qū)分4開，并進(jìn)行邏輯隔離，確保生產(chǎn)區(qū)域具G7389較高安全級別。由G1122部分G2162G1856業(yè)務(wù)用戶需要訪G19394生產(chǎn)業(yè)務(wù)G1025的特定G6980G6466，G13792部分生產(chǎn)應(yīng)用G1075需要訪G19394G2162G1856網(wǎng)G1025的特定G6980G6466，G3252G8504無法G1582到生產(chǎn)G451G2162G1856之G19400G5455G5225的物理隔離，建議在G2520級聯(lián)社信G5699G1025G5527G6564G1391生產(chǎn)網(wǎng)與G2162G1856網(wǎng)之G19400的G17842G6521，并G18331用邏輯隔離手段進(jìn)行控制，G4557G1122營業(yè)網(wǎng)點(diǎn)，由G1122G1328隔離G6249G1849太G3835，G2499暫時(shí)不考G15397隔離。A91A92A93A94A95A96A97A98A99A100A101A102A103A104A105A102A106A107A108A109A110A111A112A113A114A115A99A100A104A116A102網(wǎng)絡(luò)改造后，全行G2162G1856系統(tǒng)G4570統(tǒng)一互聯(lián)網(wǎng)G1998G2487，G6164G7389G2162G1856終端G2494G1813G16780在通信行G1038G2499控的情況G991G6177能通過信G5699G1025G5527G2162G1856網(wǎng)絡(luò)的互聯(lián)網(wǎng)G1998G2487訪G19394G3818G11040網(wǎng)絡(luò)，生產(chǎn)業(yè)務(wù)服務(wù)G3132和終端不G1813G16780G18331G2474G1231G1321手段直G6521訪G19394互聯(lián)網(wǎng)或通過G2162G1856網(wǎng)G19400G6521訪G19394互聯(lián)網(wǎng)。網(wǎng)上銀行G3252業(yè)務(wù)需要必須G17842G6521互聯(lián)網(wǎng)，G1306G2494G1813G16780互聯(lián)網(wǎng)用戶G4557網(wǎng)銀門戶網(wǎng)G12461的訪G19394G1209及G16760G16789用戶G4557網(wǎng)銀G58EG37服務(wù)G3132的訪G19394，生產(chǎn)業(yè)務(wù)服務(wù)G3132和終端不G1813G16780G18331G2474G1231G1321手段直G6521訪G19394互聯(lián)網(wǎng)或通過網(wǎng)銀網(wǎng)絡(luò)G19400G6521訪G19394互聯(lián)網(wǎng)。5第3章信用社網(wǎng)絡(luò)需求分析隨著信用社G18341G15713信G5699化的發(fā)展，信G5699系統(tǒng)已經(jīng)成G1038銀行G17194G1209生G4396和發(fā)展的G3534G7424條G1226。G11468應(yīng)地，銀行信G5699系統(tǒng)的安全G19394G20076G1075G17246G7481G17246G12373G1998，銀行信G5699系統(tǒng)的安全G19394G20076G1039要G2265G6336兩個(gè)方G19766G726一是G7481G14270G3818G11040G4557銀行系統(tǒng)的G19762法G1417G1849，G4557信G5699系統(tǒng)的G15000G5859G11784G3363和G11435G12375G451G12725改信G5699行G1038G727G1120是G7481G14270銀行內(nèi)部員G5049G6937G5859或無G5859的G4557信G5699系統(tǒng)管理的G17841G2465。銀行信G5699系統(tǒng)正在G19766G1032著嚴(yán)G4815的G6373G6124。銀行進(jìn)行安全建設(shè)G451加強(qiáng)安全管理已經(jīng)成G1038當(dāng)務(wù)之急，G1866必要性正在隨著銀行業(yè)務(wù)和信G5699系統(tǒng)G3926G991的發(fā)展G17247G2195G13792G7368加G1996G1998G726銀行的G1863G19202業(yè)務(wù)系統(tǒng)層G8437G1028G4512，G6817G1328環(huán)G14422多，風(fēng)險(xiǎn)G1075G11468G4557比較G7138G7186G727隨著G11017G4388銀行和G1025G19400業(yè)務(wù)的G5203G8879開展，銀行的網(wǎng)絡(luò)與G44G81G87G72G85G81G72G87和G1866G1194組G13467機(jī)構(gòu)的網(wǎng)絡(luò)互聯(lián)程G5242G17246G7481G17246高，G1363G2419G7424G11468G4557G4565G19393的網(wǎng)絡(luò)G17246G7481G17246開G6930，G1186G13792G4570G3818部網(wǎng)絡(luò)的風(fēng)險(xiǎn)G5353G1849到銀行內(nèi)部網(wǎng)絡(luò)G727隨著銀行業(yè)務(wù)G19610G1025化的G17247G2195，銀行業(yè)務(wù)系統(tǒng)G4557G2499G19764性和無G19400斷G17828行的要求G1075G17246G7481G17246高G727隨著G58TG50的到G7481和G3818資銀行的進(jìn)G1849，銀行業(yè)G12466G1117G7097G11422G9620G9884，G7044的G18341G15713產(chǎn)品不斷G6524G1998，G1186G13792G1363銀行的應(yīng)用系統(tǒng)G3800G1122G5567G17907的G2476化過程G1025，G4557銀行的安全管理G6564G1998了G7368高的要求。G1025國國內(nèi)G2520家銀行G1075已經(jīng)開G3999進(jìn)行信G5699安體系建設(shè)，G1866G1025G7380G1039要的措施就是G18331G17153了G3835G18339安全產(chǎn)品，G2265G6336防G9791G3693G451G1849G1417G7828G8991系統(tǒng)G451防病毒和G17535份G16760G16789系統(tǒng)等。G17837G1135安全產(chǎn)品在G5468G3835程G5242上G6564高了銀行信G5699系統(tǒng)的安全G8712平，G4557保G6264銀行信G5699安全G17227到了一定G1328用。G1306是G4439G1216并G8821G7389G1186根G7424上G19489G1314安全風(fēng)險(xiǎn)，G13543G16311安全G19394G20076，G17837G1039要是G3252G1038G726信G5699安全G19394G20076G1186G7481就不是單G13443的技術(shù)G19394G20076，把防G14551G21669客G1849G1417和病毒G5875G7591理G16311G1038信G5699安全G19394G20076的全部是G10267G19766的。安全產(chǎn)品的G2163能G11468G4557比較G10433G12376，G5460G5460用G1122G16311G1927一類安全G19394G20076，G3252G8504G1177G1177通過部署安全產(chǎn)品G5468G19602完全G16218G11434銀行信G5699安全G19394G20076G727信G5699安全G19394G20076不是G19757G5589的，G4439總是隨著銀行策略G451組G13467架構(gòu)G451信G5699系統(tǒng)和G6817G1328流程的改G2476G13792改G2476。部署安全產(chǎn)品是一G12193G19757G5589的G16311G1927G2162法。一G143366G7481G16840，在產(chǎn)品安G16025和配置后較G19283一段時(shí)G19400內(nèi)，G4439G1216G18129無法G2172G5589調(diào)整G1209G17878應(yīng)安全G19394G20076的G2476化。G6164G1209，銀行G11040的G7389G16794之G3775G18129G5859G16794到應(yīng)G1186根G7424上改G2476應(yīng)G4557信G5699安全G19394G20076的G5617G17347，建立G7368加全G19766的安全保G19568體系，在安全產(chǎn)品的G17753G2173G991，通過管理手段體系化地保G19568信G5699系統(tǒng)安全。G991G19766G6117G1216G4570通過分析信用社改造后的網(wǎng)絡(luò)結(jié)構(gòu)G991G2499能G19766G1032的安全G19394G20076，G4557信用社G708G1039要是生產(chǎn)網(wǎng)G709目G2081的安全需求進(jìn)行總體分析。根G6466實(shí)際項(xiàng)目進(jìn)G5242安G6502，G6117G1216G4570分別G4557網(wǎng)上銀行系統(tǒng)G451生產(chǎn)業(yè)務(wù)系統(tǒng)進(jìn)行分析。31網(wǎng)上銀行安全風(fēng)險(xiǎn)和安全需求G19036G4557目G2081G7380常見的互聯(lián)網(wǎng)攻擊類型G1209及國內(nèi)G3818網(wǎng)上銀行系統(tǒng)通常G19766G1032的安全威脅，結(jié)合信用社的實(shí)際情況，G6117G1216G16760G1038在信用社網(wǎng)上銀行網(wǎng)絡(luò)G2499能G19766G1032的安全風(fēng)險(xiǎn)和G4557應(yīng)的安全需求G3926G991G726表31G2499能G19766G1032的安全風(fēng)險(xiǎn)和G4557應(yīng)的安全需求A117A118A119A120A121A122A123A124A125A126A127A128A129A130A131A132A133A134A135A136A137A138A139A140A141A142A137A138A139A143A144A145A146A147A148A149A150A151A152A153A154A155A139A128A156A150A151A145A146A157A158A159A160A161A162A159A163A164A165A166A167A168A169A164A165A166A170A171A172A153A154A155A139A128A156A173A161A162A145A146A139A174A175A176A177A178A159A179A180A181A159A163A182A169A183A184A182A169A185A128A129A173A186A187A188A152A128A156A189A165A190A191A192A193A146A194A195A196A163A197A159A198A139A199A200A201A202A198A203A204A205A206A189A207A167A208A209A194A210A144A211A212A195A213A167A214A214A215A150A208A157A216A217A218A167A219A220A221A222A223A224A225A226A227A223A228A167A229A224A225A230A231A232A233A182A169A234A235A236A237A238A239A240A128A156A173A219A220A145A146A241A193A146A170A171A172A235A128A156A242A143A232A233A173A219A220A145A146A159A163A164A165A166A243A244A245A246A247A159A248A249A235A173A219A220A159A250A159A163A245A251A252A253A248A249A235A173A219A220A159A250A254A255A187A0A1A167A2A192A152A159A179A8A149A143A144A8A157A221A222A159A75A173A119A3A149A189A207A214A152A130A90A4A143A144A8A2A192A5A214A214A215A150A208A2A192A1577A198A199A6A7A9A10A11A12A13A114A14A15A16A17A201A146A18A19A10A11A191A20A204A12A21A22A23A24A25A106A207A26A103A181A27A99A28A103A210A29A99A28A103A212A30A31A106A162A32A33A34A35A36A37A111A103A216A35A38A34A39A40A40A35A36A103A147A25A41A42A43A44A49A45A46A47A48A46A79A50A111A12A13A51A52A159A32A53A162A39A159A37A60A32A35A227A54A31A106A34A32A53A165A55A138A56A57A58A111A127A59A51A52A61A62A63A64A65A23A66A106A139A67A68A69A70A62A71A64A72A73A43A44A74A76A77A78A80A134A149A81A82A83A62A63A61A227A54A31A228A139A84A14A143A62A71A85A86A62A63A47A28A134A83A138A88A87A28A138A100A89A91A60A74A76A77A231A92A134A241A93A83A94A95A96A97A103A247A52A103A147A25A61A98A65A23A66A134A76A77A197A101A13A102A104A52A61A105A107A147A25A134A138A100A149A81A108A109A110A30A25A103A112A113A103A115A69A30A25A76A116A117A118A120A61A121A122A123A124A147A25A134A138A100A139A12A125A50A226A126A128A129A130A123A12A70A13A102A131A9A132A111A133A135A136A12A137A106A146A146A18A19A103A140A141A87A28A103A12A21A142A144A103A12A21A10A11A61A145A148A150A151A152A111A178A153A12A70A154A155A138A62A63A61A156A69A157A158A160A124A135A136A60A145A161A81A163A164A12A13A166A102A10A11A167A116A70A168A115A193A169A170A171A108A64A6532生產(chǎn)業(yè)務(wù)網(wǎng)絡(luò)安全風(fēng)險(xiǎn)和安全需求G4557G1122生產(chǎn)業(yè)務(wù)網(wǎng)絡(luò)G13792言，G2499能G4396在的安全風(fēng)險(xiǎn)和G4557應(yīng)的安全需求G3926G991G726A79A30A172A173A174A175A172A173A163A176A56A57A58A83A177A62A63A179A180A182A183A184A171A108A130A123A185A186A60A121A188A189A185A186A60A190A81A99A28A194A195A103A169A196A106A89A200A202A60A62A71A169A196A99A28A111A203A205A206A49A72A73A208A148A209A211A213A214A103A12A137A167A215A129A217A159A32A53A162A39A159A37A49A34A32A53A165A55A218A219A51A52A220A221A7A9A31A222A62A71A82A190A218A219A64A72A73A99A28A12A13A223A112A191A131A9A12A137A224A181A222A64A72A73A12A225A229A230A232A233A234A49A10A11A106A12A129A217A179A100A235A236A228A157A158A235A236A237A238A239A131A9A112A191A156A69A64A240A242A103A233A234A243A2448A245A246A248A249A250A246A251A252A253A254A255A20A250A118A8A0A1A2A3A4A14A5A254A255A8A245A119A6A7A248A189A9A119A41A8A0A1A2A3A4A248A176A10A42A11A12A13A8A245A248A65A66A254A255A8A245A14A5A254A255A8A245A119A6A7A248A189A9A15A16A154A96A17A45A147A248A113A18A187A19A46A189A21A139A47A4A8A22A23A4A8A0A48A24A20A254A255A96A17A60A33A25A139A26A118A27A51A28A20A254A255A96A17A8A245A29A189A30A31A248A53A32A77A34A30A31A186A35A36A38A37A103A55A39A38A37A35A40A43A44A57A40A43A49A50A52A54A56A58A59A61A62A253A63A64A67A103A38A37A68A39A35A69A70A44A57A94A71A52A54A103A61A62A98A52A54A253A63A64A67A103A38A37A68A399第4章總體安全技術(shù)框架建議根G6466G4557信用社網(wǎng)絡(luò)系統(tǒng)安全需求分析，G6117G1216G6564G1998了由多G12193安全技術(shù)和多層防G6264措施構(gòu)成的一整套安全技術(shù)方案，具體G2265G6336G726在網(wǎng)絡(luò)層劃分安全域，部署防G9791G3693系統(tǒng)G451防拒絕服務(wù)攻擊系統(tǒng)G451G1849G1417G7828G8991系統(tǒng)G451G1849G1417防御系統(tǒng)和漏洞掃G6563系統(tǒng)G727在系統(tǒng)層部署病毒防G14551系統(tǒng)，G6564G1391系統(tǒng)安全評估和加固建議G727在管理層制訂安全管理策略，部署安全信G5699管理和分析系統(tǒng)，建立安全管理G1025G5527。具體建議G3926G991G72641網(wǎng)絡(luò)層安全建議1網(wǎng)絡(luò)訪G19394控制劃分安全域G1038了G6564高銀行網(wǎng)絡(luò)的安全性和G2499G19764性，在省聯(lián)社總部G451G2520地市聯(lián)社G451G2520區(qū)縣聯(lián)社G451分理G3800G4557不同系統(tǒng)劃分不同安全域。訪G19394控制措施G4557安全等級較高的安全域，在G1866邊G11040部署防G9791G3693，G4557安全等級較G1314的安全域的邊G11040則G2499G1209G1363用VG47G36G49或訪G19394控制列表G7481代替。根G6466G4557信用社整體網(wǎng)絡(luò)的區(qū)域劃分，G6117G1216G4570在不同安全域邊G11040G18331用不同的訪G19394控制措施G726在生產(chǎn)網(wǎng)與G2162G1856網(wǎng)之G19400G18331用防G9791G3693G6564G1391訪G19394控制，G2494G1813G16780業(yè)務(wù)G11468G1863的訪G19394，拒絕G1866G1194G6164G7389訪G19394G727在生產(chǎn)網(wǎng)與網(wǎng)上銀行網(wǎng)絡(luò)之G19400G18331用防G9791G3693G6564G1391訪G19394控制，G2494G1813G16780業(yè)務(wù)G11468G1863的訪G19394，拒絕G1866G1194G6164G7389訪G19394G727在生產(chǎn)網(wǎng)與G11468G1863單G1313網(wǎng)絡(luò)之G19400G18331用防G9791G3693G6564G1391訪G19394控制，G2494G1813G16780業(yè)務(wù)G11468G1863的訪G19394，拒絕G1866G1194G6164G7389訪G19394G727在網(wǎng)上銀行網(wǎng)絡(luò)與互聯(lián)網(wǎng)之G19400G18331用防G9791G3693G6564G1391訪G19394控制，除G1813G16780互聯(lián)網(wǎng)用戶訪G19394網(wǎng)銀門戶網(wǎng)G12461G451G1813G16780互聯(lián)網(wǎng)G16760G16789用戶訪G19394網(wǎng)銀G58EG37及G1813G16780網(wǎng)銀G58EG37服務(wù)G3132G18G54G54G47加G17907G3132訪G19394互聯(lián)網(wǎng)上的CG41CG36之G3818，拒絕G1866G1194G6164G7389訪G19394G72710在生產(chǎn)網(wǎng)的生產(chǎn)區(qū)域G708一G13459業(yè)務(wù)G709與G1866G1194區(qū)域之G19400G18331用防G9791G3693G6564G1391訪G19394控制，G2494G1813G16780業(yè)務(wù)G11468G1863的訪G19394，拒絕G1866G1194G6164G7389訪G19394G727在生產(chǎn)網(wǎng)的G1866G1194G2520區(qū)域之G19400利用G989層交換機(jī)劃分虛擬G4388網(wǎng)及進(jìn)行簡單G2265過濾，G1582到較簡單的訪G19394控制G7272防拒絕服務(wù)攻擊在網(wǎng)上銀行系統(tǒng)與G44G81G87G72G85G81G72G87G1998G2487邊G11040G3800，配G3803抗G39G82G54攻擊網(wǎng)G1863系統(tǒng)，G1209抵御G7481G14270互聯(lián)網(wǎng)的G2520G12193拒絕服務(wù)攻擊和分布式拒絕服務(wù)攻擊。3網(wǎng)絡(luò)入侵檢測在網(wǎng)上銀行系統(tǒng)和總行業(yè)務(wù)網(wǎng)絡(luò)系統(tǒng)G1025部署G1849G1417G7828G8991系統(tǒng)，實(shí)時(shí)G7828G8991G451分析網(wǎng)絡(luò)上的通訊G6980G6466流，尤G1866是G4557進(jìn)G1998安全域邊G11040或進(jìn)G1998G4396G6930G7389涉密信G5699的G1863G19202網(wǎng)段G451服務(wù)G3132G1039機(jī)的通訊G6980G6466流進(jìn)行監(jiān)控，及時(shí)發(fā)現(xiàn)G17841規(guī)行G1038和異常行G1038并進(jìn)行G3800理。網(wǎng)絡(luò)G1849G1417G7828G8991系統(tǒng)G2499實(shí)現(xiàn)G3926G991G2163能G726網(wǎng)絡(luò)信G5699G2265嗅探。G1209旁G17347監(jiān)聽方式秘密G17828行，G1363攻擊者無法G5875知到。G21669客常常在G8821G7389覺察的情況G991被抓獲，G3252G1038G1194G1216不知道G1194G1216一直受到密切監(jiān)視。網(wǎng)絡(luò)訪G19394監(jiān)控。根G6466實(shí)際業(yè)務(wù)需要定制G11468G1863規(guī)則，G2499G1209定義哪G1135G1039機(jī)或網(wǎng)段G2499G1209或不G2499G1209訪G19394網(wǎng)絡(luò)上的特定資源，G2499G1209定義訪G19394時(shí)G19400段，G4557特定的G19762法訪G19394行G1038或除特定合法訪G19394行G1038之G3818的G6164G7389訪G19394行G1038進(jìn)行監(jiān)控，一G7098發(fā)現(xiàn)G17841規(guī)行G1038則根G6466事先定義的響應(yīng)策略進(jìn)行報(bào)警G451阻斷或聯(lián)G2172的G11468應(yīng)，G1209保G16789G2494G7389授權(quán)用戶G6177G2499G1209訪G19394特定網(wǎng)絡(luò)資源。應(yīng)用層攻擊特征G7828G8991。G6564G1391詳盡G451細(xì)粒G5242的應(yīng)用協(xié)議分析技術(shù)，實(shí)現(xiàn)應(yīng)用層攻擊G7828G8991，G2499G14270G2172G7828G8991網(wǎng)絡(luò)實(shí)時(shí)G6980G6466流G1025符合特征的攻擊行G1038，系統(tǒng)G13512G6264一個(gè)強(qiáng)G3835的攻擊特征G5223，用戶G2499G1209定期G7368G7044，確保能夠G7828G8991到G7380G7044的攻擊事G1226。蠕蟲G7828G8991。實(shí)時(shí)跟蹤當(dāng)G2081G7380G7044的蠕蟲事G1226，G19036G4557已經(jīng)發(fā)現(xiàn)的蠕蟲攻擊及時(shí)G6564G1391G11468G1863事G1226規(guī)則。系統(tǒng)G13512G6264一個(gè)強(qiáng)G3835的蠕蟲特征G5223，用戶G2499G1209定期G7368G7044，確保能夠G7828G8991到G7380G7044的蠕蟲事G1226。G4557G1122G4396在系統(tǒng)漏洞G1306尚未發(fā)現(xiàn)G11468G1863蠕蟲事G1226的情況，通過分析漏洞G7481G6564G1391G11468G1863的G1849G1417事G1226規(guī)則，G7380G3835G19492G5242地G16311G1927蠕蟲發(fā)現(xiàn)滯后的G19394G20076。11G2499疑網(wǎng)絡(luò)活G2172G7828G8991。即異常G7828G8991，G2265G6336通過G4557在特定時(shí)G19400G19400隔內(nèi)超流G18339G451超G17842G6521的G6980G6466G2265進(jìn)行G7828G8991等方式，實(shí)現(xiàn)G4557G39G82G54G451掃G6563等攻擊事G1226的G7828G8991。G7828G8991隱藏在G54G54G47加密通訊G1025的攻擊。通過G16311碼G3534G1122G54G54G47加密的通訊G6980G6466，分析G451G7828G8991G3534G1122G54G54G47加密通訊的攻擊行G1038，G1186G13792G2499G1209保G6264G6564G1391G54G54G47加密訪G19394的網(wǎng)銀G58EG37服務(wù)G3132的安全性。G7097志審計(jì)。G6564G1391G1849G1417G7097志和網(wǎng)絡(luò)流G18339G7097志記錄和G13520合分析G2163能，并G6564G1391詳細(xì)的分析報(bào)告，G1363網(wǎng)絡(luò)管理員G2499G1209跟蹤用戶G451應(yīng)用程序等G4557網(wǎng)絡(luò)的G1363用情況，幫G2173管理員改進(jìn)網(wǎng)絡(luò)安全策略的規(guī)劃，并G6564G1391G7368精確的網(wǎng)絡(luò)安全控制。通過詳盡的審計(jì)記錄，G2499G1209在系統(tǒng)遭到惡G5859攻擊后，G6564G1391G16789G6466G1209G6564G17227法律訴訟。多網(wǎng)段同時(shí)監(jiān)控。G1849G1417探G8991G3132支持多個(gè)網(wǎng)絡(luò)監(jiān)聽G2487，G2499G1209G17842G6521到多個(gè)網(wǎng)段G1025進(jìn)行實(shí)時(shí)監(jiān)控，G6117G1216G1075G2499G1209在不同的網(wǎng)段分別部署多個(gè)探G8991G5353擎，管理員G2499G1209通過G19610G1025的管理控制臺G4557探G8991G3132上傳的信G5699進(jìn)行統(tǒng)一查G11487，通過管理G3132進(jìn)行G13520合分析，并生成報(bào)表。A72A73A73A74A75A76A78A79A80A74A75A78A79A74在生產(chǎn)網(wǎng)與網(wǎng)上銀行網(wǎng)絡(luò)之G19400G451G2162G1856網(wǎng)與互聯(lián)網(wǎng)之G19400分別部署G1849G1417防御系統(tǒng)，G4557G3818G11040網(wǎng)絡(luò)G21669客利用防G9791G3693G1038合法的用戶訪G19394G13792開G6930的端G2487穿透防G9791G3693G4557內(nèi)網(wǎng)發(fā)G17227的G2520G12193高級G451G3809G7446的攻擊行G1038進(jìn)行G7828G8991和阻斷。G44PG54系統(tǒng)G5049G1328在第G1120層到第七層，通常G1363用特征匹配和異常分析的方法G7481G16794別G2520G12193網(wǎng)絡(luò)攻擊行G1038，G3252G1866是G1209在G13459串聯(lián)方式部署的，G4557G7828G8991到的G2520G12193攻擊行G1038均G2499直G6521阻斷并生成G7097志報(bào)告和報(bào)警信G5699。A81A73A73A82A83A84A85A82A83A82A79A80在生產(chǎn)網(wǎng)上部署一套漏洞掃G65