摘要
气象信息网络的快速发展,促进气象内部网络的设备种类和数量不断增加,对传统的入网管理方式提出新的挑战。现阶段,气象内网办公区网络接入设备数量超过7000台,在网设备的种类和数量难以梳理,违规占用网络资源的现象时有发生。由于接入设备的合法性难以确定,在违规接入设备后无法第一时间发现和阻断,对业务系统和气象数据安全带来威胁。在网设备可能存在恶意程序运行,接入气象网络后可能对其它设备的安全产生重大影响。传统控制技术需要维护本地的数据信息,存在数据准确性滞后和泄露风险。该文以解决以上问题为出发点,设计和实现适应气象网络需求的无客户端模式终端入网控制系统,通过与统一信任服务系统和终端安全管理系统数据共享,实现身份认证信息的自动更新和维护,同时促进终端安全管理软件在气象园区的广泛应用,及时发现和阻断违规设备的接入,消除潜在的安全隐患。
The rapid development of the meteorological information network promotes the continuous increase of the types and quantities of equipment connected to the meteorological internal network,which poses new challenges to the traditional network equipment access management.At this stage,the number of network access devices in the Meteorological Intranet office area exceeds 7000.It is difficult to sort out the types and quantities of online devices,and illegal occupation of network resources occurs from time to time.Since it is difficult to determine the legitimacy of the access device,it cannot be discovered and blocked immediately after illegal access to the device,which poses a threat to the security of business systems and meteorological data.There may be malicious programs running on the network equipment,which may have a significant impact on the security of other equipment after connecting to the meteorological network.Traditional control technology needs to maintain local data information,and there is a risk of data accuracy lag and leakage.Based on solving the above problems,we design and implement a clientless terminal network access control system that meets the needs of meteorological networks.Through data sharing with China Meteorological Administration unified trust service system and terminal security management system,the automatic update and maintenance of identity authentication information is realized.At the same time,it promotes the wide application of terminal security management software in meteorological parks,timely discovers and blocks the access of illegal devices,and eliminates potential security risks.
作者
钟磊
田征
郭宇清
ZHONG Lei;TIAN Zheng;GUO Yu-qing(National Meteorological Information Centre,Beijing 100081,China)
出处
《计算机技术与发展》
2024年第1期99-105,共7页
Computer Technology and Development
基金
气象信息化系统工程支持项目(发改农经[2019]1987号)
国家气象信息中心信息网络安全与“信创”技术研发创新团队攻关资助项目(NMIC-2021-05)。
关键词
入网控制
终端安全
统一信任服务
网络安全
身份认证
network access control
terminal security
unified trust service
network security
identification