地铁综合监控系统的网络安全系统改造及密评方法与应用

The Method and Application of Metro Integrated Supervisory Control System Network Security Reconstruction and Cryptographic Evaluation

随着《中华人民共和国网络安全法》和《中华人民共和国密码法》实施以及等级保护2.0有关技术标准、技术规范落地,各地安全主管部门对地铁生产业务系统的网络安全等级保护定级、备案、测评、整改及网络信息系统密码应用的合规、正确和有效性提出了具体要求。结合地铁网络安全的要求提出了具体的技术安全补强实施方法和全面的密码应用安全技术支撑,通过升级改造,对综合监控系统既有的操作系统、网络设备、数据库、综合监控软件上存在的口令强度策略、用户权限设置、审计功能、访问控制策略等问题进行策略和配置优化,使之符合网络安全等保三级的标准技术防护要求及信息系统密码应用三级要求,消除或降低安全风险及隐患。

With the implementation of"The Cybersecurity Law of the People′s Republic of China"and"The Cryptographic Law of the People′s Republic of China",as well as the implementation of the technical standards and specifications related to level protection 2.0,local security authorities have put forward specific requirements for the classification,filing,evaluation,rectification of the network security level protection of the metro production business system and the compliance,correctness and effectiveness of the cryptographic application of the network information system.In combination with the specific requirements of metro network security,specific technical security reinforcement implementation methods and comprehensive overall cryptographic application security technology support were proposed.Through upgrading and reconstruction,the existing operating system,network equipment,database,integrated monitoring software of the integrated monitoring system were optimized in terms of strategy and configuration of password strength strategy,user permission setting,audit function,access control strategy and other issues,which make it conform to the standard technical protection requirements of levelⅢnetwork security and levelⅢrequirements of information system cryptographic application,and eliminated or reduced security risks and hidden dangers.