Design And Implementation Of Information Security Configuration Verification System

In recent years,with the advent of the information age,especially the development of information to bring a variety of convenience,more and more industries contact business through information systems.In order to ensure the specification of information system security construction and maintenance business operation,the state introduced a serious of polices and standards for the level of information security protection,and all walks of life also introduced a serious of safety management standards and inspection standards.However,when developers examine the information system implementation according to the specification and standards,they often need to network equipment,operating system and databases under a large number of check items verification,which needs to spend a lot of manpower,material resources and time to complete security checks.At the same time,because the level of developer technology,understanding of standards and inspection the level of detail is different,it is difficult to avoid human errors.How to effectively achieve automatic batch security checks,automatic generation of standard security inspection checks and corrective recommendations is the difficult problem developers are facing.In response to this demand,this paper designs a set of information security configuration verification system.Firstly,the system builds a complete baseline database for security knowledge based on the information security level protection requirements and operation guidelines,develops a corresponding security configuration verification list,and writes an automatic verification script on the bases,through which the knowledge base can guide IT information system security reinforcement work.Secondly,the system can automatically load and execute the verification script to achieve the rapid evaluation of the target host,thus saving the traditional manual single point security configuration inspection time and avoiding errors risk brought by the traditional manual inspection.At the same time,the system also supports user-defined verification to achieve the comprehensive evaluation of the target host.Finally,for the level of protection evaluation requirements,the evaluation results are analyzed and summarized to generate evaluation reports.It includes checking compliance judgement,the distribution of the system risk level and the compliance recommendations,greatly improving the accuracy and reliability of the evaluation work,so that the evaluation work becomes simple.