Click here to load reader
Upload
vokhanh
View
348
Download
2
Embed Size (px)
Citation preview
JSS2018D009Q-1
3
5
5
6
7
7
9
9
9
10
10
10
11
11
12
13
45
45
45
45
47
50
50
51
61
64
1
1
JSS2018D009Q-1
1
1
260
2 :
1.
2.
3.
4. (www.creditchina.gov.cn)(www.ccgp.gov.cn)
3
www.zjzfcg.gov.cnwww.jsztb.org
4
20184100900
1.
2. 20184100900
5
25000 [email protected]
3922628784630570-4962111
201848235959
6
1. [200928]
2. 0570-4033197
5
3. [2011]1816%[2017]1416%
7
13567011466
0570-4031937
9
2018314
3 64
http://www.jsztb.org/
2
1
1.
2.
3.
260
4.
5.
90
6.
3922628784630570-4962111201848235959
7.
8.
201841009:00:00
9.
10.
201841009:00:00
11.
7
12.
13.
5
14.
10%
15.
7
16.
2
1.
2.
2.1
2.2
2.3
2.4
2.5
2.6
3.
4.
5.
6.
7.
,
8.
8.1
8.2
8.3
8.4
8.5 ,,49
9. [2011]1816%
[2011]300
3
10.
10.1
10.2
10.3
10.4
10.5
10.6
11.
11.1 1510315
4
12.
12.1
12.2
12.3
13.
13.1
13.1.1
13.1.2
13.1.3
13.1.4
13.1.5
13.1.6
13.1.7 CC
13.1.8
13.1.9
13.1.10
13.2
13.2.1
13.2.2
13.2.3 49
13.2.4
13.2.5
13.2.6
13.2.7
13.2.8
13.2.9
13.3
13.3.1
13.3.2
14.
14.1
14.2
14.3
14.4
14.5
14.6
14.7
14.8
15.
15.1
15.2
15.3
16.
16.1 90
5
17.
6
18.
19.
20.
21.
22.
23.
23.1
23.2
7
24.
25.
25.1
25.2
25.3
25.4
25.5
8
26.
26.1
26.2
26.3
26.4 ;
26.5
26.6
26.7
26.8
26.9
26.10
26.11
9
27.
27.1
27.2
27.3
10
28.
28.1
28.2
29.
29.1 ,
29.2 ,
30.
30.1 ,,,
30.2 :
31.
31.1 31.,
31.2 ,
32.
33.
33.1 ,
33.2 ,
11
34.
34.1
34.2 10%
34.3 ,
34.4
34.5
34.6
12
35. ,,,,,,,,;,:
35.1 ;
35.2 ;
35.3 ;
35.4 ;
35.5 ,;
35.6
13
36.
62 64
http://www.jsztb.org/
3
1
2:
3
1. (GB_T 22240-2008)
2. (GB_T 22239-2008)
3. GB/T 28448-2012
4. GB/T 28449-2012
5. YDT3169-2016
6. 2015
7. 33
8. 82
9.
10.
75IP
ACL
1
4,22FW/IPS
2
2
442220000
1
3
Web
42BYPASS)4210GE21Tb6GbpsHTTP35448
1
web
4
6GE32G4*4T
1
5
41T300600
1
6
41TSyslogSNMP TrapOPSecFTP
1
7
WebABC50IP610/100/1000M2SFP
1
8
,200G/1000/1000/
1
9
VPN
64,SSL500Mbps3800400/150SSL VPN
1
10
200
1
11
(5)(2)2CISP
1
12
36010
1
internet
13
332
1
22610/100/1000BASE-T
20Gbps10Gbps350
802.1Q VLAN TrunkaccessVLAN
0x81000x9100VLAN Tag QINQ
LACP
6
//
IPIP/MACIP/MAC
DNSDNS Docting DNS Doctoring
VPN
L2TPPPTPGREIPSECSSLVPN
RIPv1/v2OSPFv2/v3BGP
IPv6
/IP/
IPIP
IP/
IP
4000
NATIPV6URL
2100
IPv4v6 NATIPIPIP
DDOSCCIPSYNACK
IPSec VPNSSL VPNGREGRE over OSPFGRE over IPSecVPN
VPN
150
URLURLGETPOSTHTTPS
SMTPPOP3IMAP
DoS/DDoS
LandSmurfFraggleWinNukePing of DeathTear DropIP SpoofingSYN FloodIPv4IPv6 ICMP FloodUDP FloodDNS FloodARP FloodIPARPIPTCP
NTPNTPNTP
DOS/DDOS/
IPIPIPDoS
IPICMPTCPUDPDNSHTTPNTP
UDPUDPUDPUDPTCPTCP
ICMPUPDSYNDNS FloodDDoS
8000
HTTPFTPSSHSMTPIMAPPOP3 RDPRloginSMBTelneWeblogicVNCMySQLOracleMSSQL
SSHFTPRDPVNCNetbiosMySQLOracleMSSQL
IP
0day/1day
/---
WEBcpu
/
IPmacURL
A/SA/A
IP URL
6Gb
7,000,000
20000
4422
1TB
BYPASS
--
VMvare
IPv6
IPv6IPv6
web/CPU/
IPsec VPN
IPSec VPNIPSec VPNIPsec VPN
1.
2.VPN
3.
Web
1.web
2.
3.web
1.
2.IP
3.1PC2PC
AP
1.WPA-PSK/WPA2-PSKWPA/WPA2()
2.
3.Dos
4.
5.
SSID
SSID
1. 6
2.
3.
60002500900
SSL
SSLweb
SSL
SSLweb
1QQMSNIM
2APPIOSandroid
3Wind
P2P
P2PP2P
IPIPIP
Wan-lan
IPIP
DCDC
////
/
OFFICE
EAL3
IPv6 Ready Phase-2
Web
2U1+1
2*GE4*GE4*SFP210GE
6000Mbps
HTTP350000
HTTP(CPS)30000
IPTCPTCP
IPTCP
IPWAF
VLANVLAN
-BYPASSBYPASS
IP
ipv4/ipv6
WEB
WEBVLAN
(XSS)SQL Cookie
WebshellWeshell
WEB
CookieCookieCookieCookie Httponly
URL
IP
WAF
WAF
URL
IP
WEB
ISCCC
CC
URLIP
URLURL
IPIP+URLIPX_Forwarded-For
WAF302jsCC
ISCCC
IP
IP
IP IP
,
HTTPURLUserAgentPOSTcookie
PCI-DSS
WORD,PDF
Syslog
URLIP
SSL
HTTPSWEBHTTPSHTTPS
SSLIPIP
WEB
WAFWeb
HTTPS
WAF
LDAP
614USB16TB
IPPC
/
,
Web
webweb
web
11003000
IT
209000+
HTTPFTPSSHSMTPIMAPMySQLOracleMSSQL
WEB
WEBSQLXSS
CSRF
ASP,PHP,JSPwebshell
Web
WebWeb3000
40CNCERTVIRUSTOTAL
DNS
DNSFlowDNS
Webshell
HttpFlowwebshell
/
DoS
NetFlowUEBADoSIP
IPIP
/TOP10
/
htmlIT
TB;
/IPIDURL
syslog
/IP
7*242()
61484
,IPTCP, URL,,URL ,(IP)
11003000URL4000CVE
,,,,IPARPIPTCP;
ICMPUPDSYNDNS FloodDDoS
HTTPFTPSSHSMTPIMAPMySQLOracleMSSQL
Web
HTTP 1.0/1.1HTTPS
B/SSQLXSSCSRFASP,PHP,JSPwebshellWeb
WebWeb3000
Web
40
IPIP
TCPWebSQLDNSLDAP
5
CPU
MTBF6
1U610/100/100011,111Console,114CPU()
B/SHTTPS
1TBSOC
50
300
600
cpuWEB
WEB
telnetsshCLI
FTPSFTP
WindowsRDPUnixXwindow
clientODBCJDBC
WebWebJDK
RDPVNCX11SSHTELNETFTP
SSHTelnetx11FTP/SFTP
IPIP
RDPVNCX11SyslogIPIP
RDPRDP
/
USBKEY
SSO
Google,
C/S,
webC/S
IP
IBM AIXOS400Hewlett-PackardHP-UX SunSolaris CompaqTru64 UnixRedhat LinuxTurbo LinuxBluepointXtermLinuxSlackwareFreeBSDNetBSDSCO UnixWinNTWin2000WinXPWin98WinMeNovellNetware5
IT
1TBSOC
1U610/100/1000MBase-T(RJ45)151ConsoleConsole50
10000EPS3000EPS5000EPS
syslogsnmp trapnetflowjdbcodbcwindowsEVTagent
50,5,,, ()
syslog()
IP
IPIP
/IP
50ip
/NIDS/
USB key
HTTPS
3C
62SFP1CONSOLE
1U
WEBIP
B/SC/S
Web
Windows
LinuxUnix
CiscoJuniper
CGI
IPIPIP
IP
Web
OracleMySQLSQLserverSQL
XSS
ApacheTomcatIIS
WebCPU
URLURLID
WebIPCVE ID
WebSNMPv1SNMPv2SNMPv3Syslog
WebPDF\WORD\EXECL\HTML
WebWebWebWeb
SSLWebSSLConsoleWebshell
pingtcpdumpifconfigurl
200G/1000/1000/
B/SWeb
SSL
USB-Key
,
/
VARCHARVARCHAR2CHARNUMBERDATECLOBBLOBIMAGE
13003003020101030CAD300
OracleMysqlSQLserverDb2Informix
RedisHBaseMongoDB
OA
SharePointExchange Server IBMLotus Domino/NotesCoreMail
httphttpssmtpimapftpTCP
RDSOTSOCSOSS
PDFTIFFJPGBMPOFD
60+
PDFWordCSV
VPN
SSL VPN 500Mbps2.2Gbps
SSLVPN3800400
IPSec VPN260Mbps
>=6>=4150SSL VPN
VPNSSLTLS IPSec VPNSSLVPNVPNVPN
IE6781011IEIEWindows EDGEGoogle ChromeFirefoxSafariOperaSSLVPNIPB/SC/S
APPVPNAppSDK
IOSAndroidIMEI\UDIDWI-FI MAC
EMM
IP
VPNInternet
SSL VPN
webVPN
()
ACLDOS
IPV6 Ready
:
1
2
3
4WEB
5
OracleMSsqlDB2SybaseInformixMysqlPostgreSQLAccess
SQLXSS
PingTelnetTracertDNSIP7*24DNS
151
151
2
1
7*24
I
5222
II
533
1
1
2
3
10
PPT
4
1
1. 5
2.
2
3. ,100
4.
5.
6.
3
7.
30
30
260=()30
10
60-4
35
1
8
20131128
2
12
5
1,15
3
31
2
1.20-0.8
1
0.60-0.4
2
0.52
2
1.2-2
8.
9.
10.
11.
12.
13.
14.
15.
16.
5
1
17.
18.
19.
20.
2
___________________________________________________
3
4
5
6
10%
7
1.
2.
3.
8
1.
2.
9
1.
2.
3.
10
1.
2. 70%30%20%20%24%6%2%6%4%10%
11
12
1.
2.
1
2
3
3. 1
4.
5.
13
1.
2.
3.
4.
5.
14
1.
2.
3. 2448
4.
5.
1.
2. ,
3. 10
4.
1.
2.
3. 120
1.
2.
3.
4.
:
:
6
1
2
1
______________
___________________________________________________________________________
1.
2.
3.
4. ______
5.
6.
7.
__________ __________ ______________
______________ _______ ______ _______
():___________________
:___________
:___________
2
3
,
4
1
(: )
()20161230
/
2
2013
2014
3
()
4
5
6
5
[2011]181______1.[2011]300______2.__________________
2017 141____________/
6
1
31
2
32
3
33
4
34
5
35
6
36
7
37
8
38
9
39
10
40
11
41
12
13
42
14
43
15
44
45
16
:
46
17
47
18
19
20
21
22
23
24
():
25
48
26
49
27
50
28
51
29
()
52
30
()
53
7
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
(-)
19
20
21
22
23
24
25
26
27
28
29
("-")
30
:
31
("-")
32
8
1
1
57
3
58
8
59
9
-
60
10
61
12
64
13
65
18
66
20
-
67
21
-
68
69
22
70
23
-
71
25
-
72
28
-
73
29
-
74
30
75
-
31
-
35
-
36
-
37
-
2
76
38
-
77
40
78
43
44
-
45
46
3
52
79
53
-
80
54
-
81
55
82
56
-
83
-
9
10
11
3
1
1
2
3
4
5
7
8
9
10
11
12
2
1
2
3
3
4
1.
2.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
1
2
3
1.3
2.
3.