摘要
堡垒机是管控IT运维人员访问核心IT资产的专用系统主机。使用基于应用代理的运维堡垒机取代传统的基于录像的堡垒机,审计效率和安全系数至少可以提高1个数量级。在介绍运维堡垒机应用背景、分析现有运维堡垒机的审计缺陷后,提出应用代理改进方案。在介绍堡垒机的概念、构成、拓扑、主要功能后,提出基于应用代理的重要改进。以Windows系统为例,列举出一期常用的需求和功能:文件管理、IIS管理、系统服务管理、计划任务管理、进程管理、远程桌面管理,并给出上述需求的技术实现方法。最后,列举了传统堡垒机和基于应用代理的堡垒机各种数据比较。
The bastion machine is a dedicated system host which control IT operation and maintenance personnel to access the core IT assets. The audit efficiency and safety factor will increase at least by a magnitude using application proxy bastion machines rather than the traditional video playback bastion machines. After introducing the background of operation and maintenance bastion machines and analyzing the shorts of current bastion machines,giving the solution about application proxy.After introducing the concept,construction,topology, main functions of bastion machines, bring the important improvements about application proxy.For example of Windows, lists some frequent requirements and functions: file management,IIS management,system service manage- ment,scheduled tasks management,process management,remote desktop management, and lists the implemention methods of above requirements.Finally, compare the application proxy bastion machines with the traditional bastion machines based video playback.
出处
《微型电脑应用》
2013年第8期34-36,共3页
Microcomputer Applications
关键词
信息安全
运维
内部审计
堡垒机
应用代理
Information Security
Operation and Maintenance
Internal Audit
Bastion Machine
Application Proxy