Fujian Telecom operation and maintenance operations audit system design and implementation
|School||University of Electronic Science and Technology|
|Keywords||Bastion host Protocol proxy Session monitoring Access Control|
The main content of the thesis is to conduct in-depth study of the security issues in the day-to-day maintenance of Fujian value-added telecom business systems design and deployment of operational safety audit system , according to the network operation and maintenance requirements of the Sarbanes-Oxley Act (SOX) , and Telecom Group to achieve Fujian telecommunications network operation and maintenance of compliance to meet the SFC the IT auditing requirements for listed companies . Through analysis and exploration of telecom operators in the process of the operation and maintenance of risk and the application of key technologies , operators in network construction , and operation and maintenance management of IT internal control measures . In the author's more than 10 years of work experience in the operation and maintenance department analysis of security risks in the process of operation and maintenance , as well as common Evasion and inadequate . Bastion host program has been successfully deployed for clues , and analyze the effects of its application in practice . Proposed for the core set of 4A ( Certification Authentication account Account authorization Authorization, audit Audit ) , based centralized management , identity management premise , access control as a means of operation audit to ensure that the multi-level , three-dimensional security operation and maintenance operations management solutions. Through centralized management equipment and management accounts, equipment account for authentication , authorization, and auditing premise. The same time, the control of all personnel , as the only log entry to the safe operation of the management system , to ensure that all audited . Identity management , to achieve unified management account and equipment account one-to-one correspondence , the the audit difficult problem to avoid the use of a device account more than . Access control to the account grouping authorized and command filtering . Really intended to be played back through the audit, to achieve the full command line and RDP management style , in order to achieve a comprehensive audit . Reference to the Sarbanes-Oxley Act and the communications industry safety regulations , according to the development trend of the operation and maintenance , as well as among common agreement on the operation and maintenance of in-depth research , and ultimately determine the realization of the solution architecture and function module .