摘要
渗透测试能真实地评估信息系统抵御网络入侵的能力,成为信息系统安全评估的一个有效手段。介绍渗透测试在网络安全等级保护测评中的必要性和重要性;详细描述渗透测试的原理、流程、使用的工具、风险规避方法等。通过案例介绍渗透测试在网络安全等级保护测评中实施过程及风险应对措施,并对存在的问题提出整改建议,为信息系统后续安全防护措施提供指导。
Penetration testing can truly evaluate the ability of information system in resisting network intrusion,which becomes an effective means of information system security assessment.We introduced the necessity and importance of penetration test in the evaluation of network security classified protection,and described the principle,process,tools,and risk aversion method of the penetration test in detail.We also introduced the implementation process and risk response measures of penetration testing in network security classified protection evaluation through a case.Suggestions were put forward on the existing problems.It provides guidance for subsequent security protection measures of information system.
作者
王世轶
吴江
张辉
Wang Shiyi;Wu Jiang;Zhang Hui(Shanghai Institute for Integrated Application of Network Technology,Shanghai 200233,China)
出处
《计算机应用与软件》
北大核心
2018年第11期190-193,共4页
Computer Applications and Software
关键词
网络安全
等级保护
渗透测试
Network security
Classified protection
Penetration testing
