IBM 安全汇报1222

IBM China Company Ltd
2004/12
IBM
Copyright IBM Corporation 2004

IBM China Company Ltd.
2 Bank of China 2004 Copyright IBM Corporation 2004



OA

-
-
-
-
-

- (SUN SOLARIS/IBM AIX/HP UX /WIN 2000)
- Oracle/ DB2/ Sql Server / Domino/ Exchange
- (WebSphere Portal/ BEA WebLogic/ Sun One Portal/ Oracle AS Portal/ MS SharePoint)
- DNS,FTP,VPN

1
31

2

- WEB VPN
IIS, Apache) - CheckPoint VPN
- DNS - Nortel VPN
windows DNS, Unix Bind) - IBM VPN
- FTP
IIS, WU-ftp)
-
Domino, Exchange) -
- CISCO
-
Solaris, win2000, HP UX, AIX)
- CISCO PIX
- Oracle - Netscreen
- DB2 - CheckPoint
- Domino
- SQL Server

- Symantec
- Websphere Portal -
- BEA Weblogic -
- SUN One Portal
- Oracle AS Portal
- MS Sharepoint


- 5
IBM

- 25

IBM SUN
HP UNIX WIN 2000 IBM AIX
SOLARIS
Microsoft
IBM SUN ONE
Oracle9iAS BEA
Office
IBM
Portal Sharepoint
6.0
portal weblogic
Portal
websphere
Server
IBM Exchange Domino
SQL Server
Oracle9i DB2
2000
Norton Trend

Nortel

Contivity
IBM VPN Checkpoint
VPN 1700

DNS FTP

CISCO PIX Netscreen Checkpoint

CISCO
CISCO




NISS


- - - - -
- - - - -
- - - -
- -
-VPN
-
- -
- -
-
-
-


VPN
Oracle
DB2 Checkpoint
Domino
Nortel
SQL Server
IBM
Websphere Portal Sun Solaris
BEA WebLogic
Sun One Portal IBM AIX
Oracle AS Portal CISCO Win 2000
MS SharePoint
HP UX

CISCO PIX
Netscreen
Domino
Exchange Checkpoint
WEB

IIS
Apache
DNS

Windows DNS

UNIX BIND
(BIND9)
FTP

IIS
Wu-Ftpd



(1)
/

- - - - -
- - - - -
- - - -
- -
-VPN
-
- -
- -
-
-
-

2

-
-
-
-
-

-
-
-
-
-

3
19

-

/

-


/1
Plan
Plan

Do
Do Act
Act

Check
Check

/2

PDCA

1 1
2 2

3 3
3 4

3A

- - - -
- -VPN - -
- - - -
- - -
-
-
- - (, , )
- PKI/ -
- -
- -

- - Provisioning
- - -

Internet



(SOC)


()
()

- TELNETHTTPFTPSMTPPOP3

-
DoS

-

Internal Zone, Admin

Zone, Interconnection ZoneISS
UNIX

IDS


-
-
-

/

IT

(

)



-
-
- Internet
-


- /

User Provisioning
-
- 1 2 3 4 ...

Something you know Web
LDAP Domino Oracle ...

Something you have
(,
,
Something you
EAI)
areSomething DMZ
DMZ

you do

-

SSO


-
-
-


- Why?
- What?
- How?

(role)
(responsibility)(liability)



-
-
-
-
-

-
-
-



- /
-
-
-

-

-

-
-
Web, FTP, SMTP
-



-
/

-

-

-
-
-


-

-

-

WebFTP


/

-

-

-

-

WebFTP

/

WebFTP HTTPHTTPSFTPHTTP
FTP
Web


/
-
/

/
- /

- /
/



-
-

-
-

-
-

-



-
- /

- /
- /
/
-
-
-
-
-
- /
-

- /
-
-
/


-
-
-

-
-

-
-


-

-



-
-

-

-




-
-
-
-

-

-
""
-

-

-




1.
2.
3.


-
SQL

-
SQL

- VPN



-
-

-

-



-

-

-

-

-



-

-
- CPU

-
-
-
-
-

-
-
-


-

-

-

-
-



PKI



Packet Filter
Proxy
Circuit Proxy
Dynamic Packet Filter
Stateful Inspection
Adaptive Proxy
Deep Packet Inspection

NAT


Screening Router
Dual Homed Gateway
Screened Host Gateway
Screened Subnet




VPNIPsec SSL

802.1Q



IP

IP





(1)
isp
Router
External DMZ
Main FW
External
Web Server External
DNS Server
Internal
Web Server Internal Desktop
Internal Email Server
DNS Server

(2)
isp
Router
External DMZ
External External Main FW

Web Server
DNS Server
Internal DMZ
Internal Internal
Web Server Email Server Internal FW
Internal
DNS Server
Desktop Desktop





OA

MIS
MIS

BOSS





OAOA
OA



PSTN
CMNET VPN



CMNet
BOSS

CMNet

DCN

1

SOC

MIS

/ISP MIS OA
OA




e-learning

OA

DMZ
DMZ








DMZ

DMZ
DMZ
DMZ






1 1 1 1 1 5
2 2 1 2 2 9
3 2 2 3 3 13
3 3 3 3 3 15



IBM 安全汇报1222

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

IBM 安全汇报1222

Uploaded by

Copyright:

Available Formats

IBM China Company Ltd

Copyright IBM Corporation 2004

2 Bank of China 2004 Copyright IBM Corporation 2004

Copyright IBM Corporation 2004

4 Bank of China 2004 Copyright IBM Corporation 2004

5 Bank of China 2004 Copyright IBM Corporation 2004

6 Bank of China 2004 Copyright IBM Corporation 2004

7 Bank of China 2004 Copyright IBM Corporation 2004

Copyright IBM Corporation 2004

9 Bank of China 2004 Copyright IBM Corporation 2004

10 Bank of China 2004 Copyright IBM Corporation 2004

11 Bank of China 2004 Copyright IBM Corporation 2004

12 Bank of China 2004 Copyright IBM Corporation 2004

Copyright IBM Corporation 2004

14 Bank of China 2004 Copyright IBM Corporation 2004

15 Bank of China 2004 Copyright IBM Corporation 2004

16 Bank of China 2004 Copyright IBM Corporation 2004

17 Bank of China 2004 Copyright IBM Corporation 2004

18 Bank of China 2004 Copyright IBM Corporation 2004

19 Bank of China 2004 Copyright IBM Corporation 2004

20 Bank of China 2004 Copyright IBM Corporation 2004

21 Bank of China 2004 Copyright IBM Corporation 2004

22 Bank of China 2004 Copyright IBM Corporation 2004

23 Bank of China 2004 Copyright IBM Corporation 2004

Internal Zone, Admin

24 Bank of China 2004 Copyright IBM Corporation 2004

25 Bank of China 2004 Copyright IBM Corporation 2004

26 Bank of China 2004 Copyright IBM Corporation 2004

27 Bank of China 2004 Copyright IBM Corporation 2004

28 Bank of China 2004 Copyright IBM Corporation 2004

29 Bank of China 2004 Copyright IBM Corporation 2004

30 Bank of China 2004 Copyright IBM Corporation 2004

31 Bank of China 2004 Copyright IBM Corporation 2004

Copyright IBM Corporation 2004

33 Bank of China 2004 Copyright IBM Corporation 2004

34 Bank of China 2004 Copyright IBM Corporation 2004

35 Bank of China 2004 Copyright IBM Corporation 2004

36 Bank of China 2004 Copyright IBM Corporation 2004

37 Bank of China 2004 Copyright IBM Corporation 2004

38 Bank of China 2004 Copyright IBM Corporation 2004

39 Bank of China 2004 Copyright IBM Corporation 2004

40 Bank of China 2004 Copyright IBM Corporation 2004

41 Bank of China 2004 Copyright IBM Corporation 2004

42 Bank of China 2004 Copyright IBM Corporation 2004

43 Bank of China 2004 Copyright IBM Corporation 2004

Copyright IBM Corporation 2004

45 Bank of China 2004 Copyright IBM Corporation 2004

46 Bank of China 2004 Copyright IBM Corporation 2004

47 Bank of China 2004 Copyright IBM Corporation 2004

48 Bank of China 2004 Copyright IBM Corporation 2004

49 Bank of China 2004 Copyright IBM Corporation 2004

50 Bank of China 2004 Copyright IBM Corporation 2004

51 Bank of China 2004 Copyright IBM Corporation 2004

52 Bank of China 2004 Copyright IBM Corporation 2004

53 Bank of China 2004 Copyright IBM Corporation 2004

Copyright IBM Corporation 2004

55 Bank of China 2004 Copyright IBM Corporation 2004

56 Bank of China 2004 Copyright IBM Corporation 2004

57 Bank of China 2004 Copyright IBM Corporation 2004

58 Bank of China 2004 Copyright IBM Corporation 2004

59 Bank of China 2004 Copyright IBM Corporation 2004

60 Bank of China 2004 Copyright IBM Corporation 2004

61 Bank of China 2004 Copyright IBM Corporation 2004