统一安全策略技术报告.pdfVIP

通信标准类技术报告 YDB XXX –200X 统一安全策略技术报告 2008年11月 技 术 报 告 要 点 本报告主要研究支持全网的统一安全策略，包括通用安全策略架构的定义， 安全策略的创建、存储、分发和执行流程，以及这些环节涉及到的安全策略定义， 策略应用机制和策略传输协议。 网络与信息安全技术工作委员会有线网络安全工作组(TC8/WG1) 研究单位：中兴通讯股份有限公司 项目完成人： 项目参加人：滕志猛，韦银星，钱勇 完成日期： 目录 1、 前言································································································································4 2、 范围································································································································4 3、 参考文件························································································································4 4 、 缩略语····························································································································5 5、 通用安全策略架构·········································································································5 6、 通用安全策略流程·········································································································7 6.1、单网络域中的安全策略流程···························································································7 6.2、多网络域中的安全策略流程···························································································8 7、 统一安全策略定义·········································································································9 8、 附录A 应用场景········································································································15 1、前言 随着信息技术的迅速发展，计算机技术的广泛应用，信息安全面临着严重的威胁，各种 安全问题呈几何级数增长。针对各种网络入侵、计算机病毒、以及各种系统自身的缺陷和漏 洞，市场上涌现出各种安全设备，比如防火墙、入侵检测系统、身份认证、数据加密产品等， 但是单方面依赖这些设备并不能全面解决信息安全问题。针对这一问题，各大安全厂商提出 自己的解决方案，如自防御网络SDN(Self Defense Network)，安全联动协议等等，这些解决 方案的中心思想，就是在各种安全设备之间交换必要的安全策略信息来达到整体防御的效 果。由于缺乏统一的标准和规范，不同厂商的产品难以实现互操作，难于互相整合，因而难 于发挥预期的效果。 以安全策略为核心，以安全策略