系統(tǒng)程序漏洞掃描安全評估方案

1、目錄目錄一、項(xiàng)目概述一、項(xiàng)目概述...........................................................................................................................................01.1評估范圍.........................................................

2、...............................................................................01.2評估層次.....................................................................................................................................

3、...01.3評估方法........................................................................................................................................01.4評估結(jié)果.................................................................

4、.......................................................................01.5風(fēng)險(xiǎn)評估手段................................................................................................................................11.5.1基于知識的

5、分析方法...........................................................................................................11.5.2基于模型的分析方法..............................................................................................

6、.............11.5.3定量分析...............................................................................................................................21.5.4定性分析............................................................

7、...................................................................31.6評估標(biāo)準(zhǔn)........................................................................................................................................3二、網(wǎng)拓?fù)湓u估二

8、、網(wǎng)拓?fù)湓u估.......................................................................................................................................32.1拓?fù)浜侠硇苑治?...................................................................

9、........................................................32.2可擴(kuò)展性分析................................................................................................................................3三、網(wǎng)絡(luò)安全管理機(jī)制評估三、網(wǎng)絡(luò)安全管理機(jī)制評估.

10、..................................................................................................................43.1調(diào)研訪談及數(shù)據(jù)采集.............................................................................................

11、.......................43.2網(wǎng)絡(luò)安全管理機(jī)制健全性檢查....................................................................................................53.3網(wǎng)絡(luò)安全管理機(jī)制合理性檢查...............................................................

12、.....................................53.4網(wǎng)絡(luò)管理協(xié)議分析........................................................................................................................6四、脆弱性嚴(yán)重程度評估四、脆弱性嚴(yán)重程度評估............................

13、...........................................................................................64.1安全漏洞掃描.......................................................................................................................

14、.........64.2人工安全檢查................................................................................................................................84.3安全策略評估...............................................................

15、.................................................................94.4脆弱性識別..................................................................................................................................10五、網(wǎng)絡(luò)威脅響應(yīng)機(jī)制評估五、

16、網(wǎng)絡(luò)威脅響應(yīng)機(jī)制評估.................................................................................................................105.1遠(yuǎn)程滲透測試......................................................................................

17、........................................11六、網(wǎng)絡(luò)安全配置均衡性風(fēng)險(xiǎn)評估六、網(wǎng)絡(luò)安全配置均衡性風(fēng)險(xiǎn)評估.....................................................................................................126.1設(shè)備配置收集....................................

18、..........................................................................................126.2檢查各項(xiàng)HA配置.....................................................................................................................

19、...146.3設(shè)備日志分析..............................................................................................................................15七、風(fēng)險(xiǎn)級別認(rèn)定七、風(fēng)險(xiǎn)級別認(rèn)定..............................................................

20、...................................................................16八、項(xiàng)目實(shí)施規(guī)劃八、項(xiàng)目實(shí)施規(guī)劃.................................................................................................................................16九、項(xiàng)目

21、階段九、項(xiàng)目階段.........................................................................................................................................17十、交付的文檔及報(bào)告十、交付的文檔及報(bào)告.....................................................

22、....................................................................18一、項(xiàng)目一、項(xiàng)目概述概述1.11.1評估范圍評估范圍針對網(wǎng)絡(luò)、應(yīng)用、服務(wù)器系統(tǒng)進(jìn)行全面的風(fēng)險(xiǎn)評估。1.21.2評估層次評估層次評估層次包括網(wǎng)絡(luò)系統(tǒng)、主機(jī)系統(tǒng)、終端系統(tǒng)相關(guān)的安全措施，網(wǎng)絡(luò)業(yè)務(wù)路由分配安全，管理策略與制度。其中網(wǎng)絡(luò)系統(tǒng)包含路由器、交換機(jī)、防火墻、接入服務(wù)器、網(wǎng)絡(luò)出口設(shè)備及相關(guān)網(wǎng)絡(luò)配置信

23、息和技術(shù)文件；主機(jī)系統(tǒng)包括各類UNIX、Windows等應(yīng)用服務(wù)器；終端系統(tǒng)設(shè)備。1.31.3評估方法評估方法安全評估工作內(nèi)容：?管理體系審核；?安全策略評估；?顧問訪談；?安全掃描；?人工檢查；?遠(yuǎn)程滲透測試；?遵循性分析；1.41.4評估結(jié)果評估結(jié)果通過對管理制度、網(wǎng)絡(luò)與通訊、主機(jī)和桌面系統(tǒng)、業(yè)務(wù)系統(tǒng)等方面的全面安全評估，形成安全評估報(bào)告，其中應(yīng)包含評估范圍中信息系統(tǒng)環(huán)境的安全現(xiàn)狀、存在安全問題、潛在威脅和改進(jìn)措施。協(xié)助對列出的安全