2017年9月網(wǎng)絡(luò)區(qū)域邊界安全整改報(bào)告

上傳人：我*** IP屬地：北京上傳時(shí)間：2023-05-24 格式：DOCX 頁(yè)數(shù)：13 大小：200.15KB 積分：9.6 舉報(bào) 版權(quán)申訴

2017年9月網(wǎng)絡(luò)區(qū)域邊界安全整改報(bào)告_第2頁(yè)

2017年9月網(wǎng)絡(luò)區(qū)域邊界安全整改報(bào)告_第3頁(yè)

2017年9月網(wǎng)絡(luò)區(qū)域邊界安全整改報(bào)告_第4頁(yè)

2017年9月網(wǎng)絡(luò)區(qū)域邊界安全整改報(bào)告_第5頁(yè)

已閱讀5頁(yè)，還剩8頁(yè)未讀，繼續(xù)免費(fèi)閱讀

版權(quán)說明：本文檔由用戶提供并上傳，收益歸屬內(nèi)容提供方，若內(nèi)容存在侵權(quán)，請(qǐng)進(jìn)行舉報(bào)或認(rèn)領(lǐng)

文檔簡(jiǎn)介

一、項(xiàng)目概、環(huán)境描、需求描、實(shí)施原二、實(shí)施之前的規(guī) 、物理端口劃、互聯(lián)IP地址劃、合并規(guī) 、路由規(guī) 、省公司ANYdeletesecuritypoliciesfrom-zonetrustto-zoneuntrustt-u-86matchapplicationanydeletesecuritypoliciesfrom-zonetrustto-zoneuntrustt-u-87matchapplicationanydeletesecuritypoliciesfrom-zonetrustto-zoneuntrustt-u-88matchapplicationanydeletesecuritypoliciesfrom-zonetrustto-zoneuntrustt-u-89matchapplicationanydeletesecuritypoliciesfrom-zonetrustto-zoneuntrustt-u-90matchapplicationanydeletesecuritypoliciesfrom-zonetrustto-zoneuntrustt-u-91matchapplicationanydeletesecuritypoliciesfrom-zonetrustto-zoneuntrustt-u-100matchapplicationsetsecuritypoliciesfrom-zonetrustto-zoneuntrustt-u-86matchapplicationjunos-icmp-allsetsecuritypoliciesfrom-zonetrustto-zoneuntrustt-u-87matchapplicationjunos-icmp-allsetsecuritypoliciesfrom-zonetrustto-zoneuntrustt-u-88matchapplicationjunos-icmp-allsetsecuritypoliciesfrom-zonetrustto-zoneuntrustt-u-89matchapplicationjunos-icmp-allsetsecuritypoliciesfrom-zonetrustto-zoneuntrustt-u-90matchapplicationjunos-icmp-allsetsecuritypoliciesfrom-zonetrustto-zoneuntrustt-u-91matchapplicationjunos-icmp-allsetsecuritypoliciesfrom-zonetrustto-zoneuntrustt-u-100matchapplicationjunos-icmp-allsetsecuritypoliciesfrom-zonetrustto-zoneuntrustt-u-86matchapplicationtcp-80setsecuritypoliciesfrom-zonetrustto-zoneuntrustt-u-86matchapplicationtcp-22setsecuritypoliciesfrom-zonetrustto-zoneuntrustt-u-86matchapplicationtcp-8080setsecuritypoliciesfrom-zonetrustto-zoneuntrustt-u-87matchapplicationtcp-setsecuritypoliciesfrom-zonetrustto-zoneuntrustt-u-88matchapplicationtcp-7001-7006setsecuritypoliciesfrom-zonetrustto-zoneuntrustt-u-88matchapplicationtcp-7003-、運(yùn)行管理區(qū)ANY元素的策略（執(zhí)行動(dòng)作為deny的一個(gè)都沒動(dòng)。因?yàn)閯?dòng)了更不安全deletesecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-104matchapplicationanydeletesecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-236matchapplicationanydeletesecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-239matchapplicationanydeletesecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-241matchapplicationanydeletesecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-244matchapplicationanydeletesecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-251matchapplicationanydeletesecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-252matchapplicationanydeletesecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-255matchapplicationsetsecuritypoliciesfrom-zoneuntrustto-zone u-t-213matchdestination-addresssetsecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-213matchdestination-address10.115.143.4/32setsecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-213matchapplicationtcp-80setsecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-213matchapplicationtcp-8443setsecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-213matchapplicationtcp-5414setsecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-213matchapplicationtcp-3389setsecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-213matchapplicationtcp-443setsecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-213thenpermitsetsecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-214matchsource-address10.164.252.58/32setsecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-214matchsource-address10.114.213.22/32setsecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-214matchdestination-address10.115.143.9/32setsecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-214matchdestination-address10.115.143.10/32setsecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-214matchapplicationtcp-80setsecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-214matchapplicationtcp-443setsecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-214thenpermitsetsecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-215matchsource-address10.164.252.58/32setsecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-215matchsource-address10.114.213.22/32setsecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-215matchsource-address10.114.213.11/32setsecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-215matchdestination-address10.115.143.22/32setsecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-215matchapplicationtcp-22setsecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-215then注：JuniperSRX650不支持snmp、DMZ區(qū)deletesecuritypoliciesfrom-zoneZYCto-zoneuntrustZYC-u-100matchapplicationanydeletesecuritypoliciesfrom-zoneZYCto-zoneuntrustZYC-u-101matchapplicationanydeletesecuritypoliciesfrom-zoneZYCto-zoneuntrustZYC-u-105matchapplicationsetsecuritypoliciesfrom-zoneZYCto-zoneuntrustZYC-u-100matchapplicationtcp-21setsecuritypoliciesfrom-zoneZYCto-zoneuntrustZYC-u-100matchapplicationtcp-setsecuritypoliciesfrom-zoneZYCto-zoneuntrustZYC-u-101matchapplicationtcp-1520-1521setsecuritypoliciesfrom-zoneZYCto-zoneuntrustZYC-u-105matchapplicationtcp-22setsecuritypoliciesfrom-zoneZYCto-zoneuntrustZYC-u-100matchapplicationudp-161setsecuritypoliciesfrom-zoneZYCto-zoneuntrustZYC-u-101matchapplicationtcp-22setsecuritypoliciesfrom-zoneZYCto-zoneuntrustZYC-u-105matchapplicationtcp-8080setsecuritypoliciesfrom-zoneZYCto-zoneuntrustZYC-u-100matchapplicationjunos-icmp-allsetsecuritypoliciesfrom-zoneZYCto-zoneuntrustZYC-u-101matchapplicationjunos-icmp-allsetsecuritypoliciesfrom-zoneZYCto-zoneuntrustZYC-u-105matchapplicationjunos-icmp-all注：JuniperSRX系列不支持snmp、第ANYdeletesecuritypoliciesfrom-zonetrustto-zoneuntrustt-u-100matchsource-addressanydeletesecuritypoliciesfrom-zonetrustto-zoneuntrustu-t-122matchapplicationanydeletesecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-102matchapplicationanydeletesecuritypoliciesfrom-zoneuntrustto-zonetrust u-t-105matchapplicationanydeletesecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-108matchsource-addresssetsecuritypoliciesfrom-zonetrustto-zoneuntrustt-u-100matchsource-address10.0.0.0/8setsecuritypoliciesfrom-zonetrustto-zoneuntrustu-t-122matchapplicationjunos-icmp-allsetsecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-102matchapplicationjunos-icmp-allsetsecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-105matchapplicationjunos-icmp-allsetsecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-108matchsource-address10.0.0.0/8setsecuritypoliciesfrom-zonetrustto-zoneuntrustu-t-122matchapplicationtcp-22setsecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-102matchapplicationtcp-80setsecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-105matchapplicationtcp-1433setsecurityzonessecurity-zoneuntrustaddress-bookaddress10.0.0.0/810.0.0.0/8setsecurityzonessecurity-zonetrustaddress-bookaddress10.0.0.0/810.0.0.0/8注：JuniperSRX系列不支持snmpv3、第接運(yùn)營(yíng)商因?yàn)樵撋嫌袑?duì)外業(yè)務(wù)，所以Internet區(qū)域內(nèi)的ANY元素暫時(shí)不deletesecuritypoliciesfrom-zonetrustto-zoneZYCt-ZYC-105matchapplicationsetsecuritypoliciesfrom-zonetrustto-zoneZYCt-ZYC-105matchapplicationtcp-8001-8010setsecuritypoliciesfrom-zonetrustto-zoneZYCt-ZYC-105matchapplicationudp-8001-8010setsecuritypoliciesfrom-zonetrustto-zoneZYCt-ZYC-105matchapplicationjunos-icmp-all注：JuniperSRX系列不支持snmp、綜合業(yè)務(wù)區(qū)deletesecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-100matchsource-addressanydeletesecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-200matchapplicationanydeletesecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-112matchapplicationanydeletesecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-113matchapplicationanydeletesecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-120matchapplicationanydeletesecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-148matchapplicationanydeletesecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-160matchapplicationanysetsecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-100matchsource-addresssetsecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-200matchapplicationjunos-icmp-allsetsecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-112matchapplicationjunos-icmp-allsetsecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-120matchapplicationjunos-icmp-allsetsecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-148matchapplicationjunos-icmp-allsetsecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-160matchapplicationjunos-icmp-setsecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-200matchapplicationtcp-8001-8006setsecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-112matchapplicationtcp-22setsecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-112matchapplicationtcp-1520setsecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-120matchapplicationtcp-setsecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-148matchapplicationtcp-7001-7010setsecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-160matchapplicationtcp-80setsecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-160matchapplicationtcp-443setsecurityzonessecurity-zoneuntrustaddress-bookaddress10.0.0.0/810.0.0.0/8setsecurityzonessecurity-zonetrustaddress-bookaddress10.0.0.0/8注：JuniperSRX系列不支持snmp、資產(chǎn)管理區(qū)deletesecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-135matchapplicationdeletesecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-160matchdestination-addressanydeletesecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-160matchapplicationanydeletesecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-162matchapplicationdeletesecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-200matchdestination-addressanydeletesecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-69matchapplicationanysetsecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-200matchdestination-address10.0.0.0/8setsecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-160matchdestination-address10.0.0.0/8setsecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-160matchapplicationjunos-icmp-allsetsecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-162matchapplicationjunos-icmp-allsetsecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-135matchapplicationjunos-icmp-allsetsecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-69matchapplicationjunos-icmp-allsetsecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-160matchapplicationtcp-80setsecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-162matchapplicationtcp-443setsecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-135matchapplicationtcp-2121setsecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-69matchapplicationtcp-15210注：JuniperSRX系列不支持snmpv3、協(xié)同辦公區(qū)deletesecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-87matchapplicationsetsecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-87matchsource-address10.164.145.101/32setsecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-87matchsource-address10.164.145.102/32setsecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-87matchsource-address10.164.145.103/32setsecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-87matchsource-address10.164.145.104/32setsecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-87matchsource-address10.164.145.105/32setsecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-87matchsource-address10.164.145.106/32setsecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-87matchsource-address10.164.145.107/32setsecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-87matchsource-address10.164.145.108/32setsecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-87matchsource-address10.164.145.109/32setsecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-87matchsource-address10.164.145.110/32setsecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-87matchsource-address10.164.145.111/32setsecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-87matchsource-address10.164.145.112/32setsecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-87matchdestination-address10.115.160.1/32setsecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-87matchdestination-address10.115.160.2/32setsecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-87matchdestination-address10.115.160.3/32setsecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-87matchdestination-address10.115.160.4/32setsecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-87matchdestination-address10.115.161.205/32setsecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-87matchapplicationtcp-1521setsecuritypoliciesfrom-zoneuntrustto-zonetrustu-t-143then注：JuniperSRX系列不支持snmp、信通公司局域網(wǎng)setsecurityzonessecurity-zoneDJBaddress-bookaddress10.0.0.0/810.0.0.0/8setsecurityzonessecurity-zoneDSGJaddress-bookaddress10.0.0.0/810.0.0.0/8setsecurityzonessecurity-zoneIP-PHONEaddress-bookaddress10.0.0.0/8 setsecuritypoliciesfrom-zonetrustto-zoneZHXXtrust-zhxx-103matchapplicationjunos-icmp-allsetsecuritypoliciesfrom-zonetrustto-zoneZHXXtrust-zhxx-102matchapplicationjunos-icmp-allsetsecuritypoliciesfrom-zonetrustto-zoneZHXXtrust-zhxx-101matchapplicationjunos-icmp-allsetsecuritypoliciesfrom-zonetrustto-zoneZHXXtrust-zhxx-98matchapplicationjunos-icmp-allsetsecuritypoliciesfrom-zonetrustto-zoneZHXXtrust-zhxx-100matchapplicationjunos-icmp-all------設(shè)setsecuritypoliciesfrom-zonetrustto-zoneZHXXtrust-zhxx-101matchdestination-address10.0.setsecuritypoliciesfrom-zonetrustto-zoneZHXXtrust-zhxx-98matchdestination-address10.0setsecuritypoliciesfrom-zonetrustto-zoneZHXXtrust-zhxx-100matchdestination-address10.0.注意該的管理地址10.112.240.128就是業(yè)務(wù)口的地址因?yàn)樵摰墓芾淼?、管理區(qū)修改存在any修改初始賬號(hào)（admin）的為、在Juniper上設(shè)置最大連接setsecurityscreenids-optionscreen-1icmpip-sweepsetsecurityscreenids-optionscreen-1icmpfragmentsetsecurityscreenids-optionscreen-1icmplargesetsecurityscreenids-optionscreen-1icmpsetsecurityscreenids-optionscreen-1icmp-deathsetsecurityscreenids-optionscreen-1ipspoofingsetsecurityscreenids-optionscreen-1ipblock-setsecurityscreenids-optionscreen-1iptear-dropsetsecurityscreenids-optionscreen-1tcpport-scansetsecurityscreenids-optionscreen-1tcpsyn-floodsetsecurityscreenids-optionscreen-1tcplandsetsecurityscreenids-optionscreen-1udpsetsecurityscreenids-optionscreen-1limit-sessionsource-ip-basedsetsecurityscreenids-optionscreen-1limit-sessiondestination-ip-based關(guān)于最大連接數(shù)的設(shè)置已經(jīng)刷到上述所有Juniper中，如果將來(lái)對(duì)業(yè)務(wù)有影響，應(yīng)該加大limit-session閾值。、Junipersnmpv3

人人文庫(kù)> 全部分類> 教育資料 > 課件下載

溫馨提示

1. 本站所有資源如無(wú)特殊說明，都需要本地電腦安裝OFFICE2007和PDF閱讀器。圖紙軟件為CAD,CAXA,PROE,UG,SolidWorks等.壓縮文件請(qǐng)下載最新的WinRAR軟件解壓。
2. 本站的文檔不包含任何第三方提供的附件圖紙等，如果需要附件，請(qǐng)聯(lián)系上傳者。文件的所有權(quán)益歸上傳用戶所有。
3. 本站RAR壓縮包中若帶圖紙，網(wǎng)頁(yè)內(nèi)容里面會(huì)有圖紙預(yù)覽，若沒有圖紙預(yù)覽就沒有圖紙。
4. 未經(jīng)權(quán)益所有人同意不得將文件中的內(nèi)容挪作商業(yè)或盈利用途。
5. 人人文庫(kù)網(wǎng)僅提供信息存儲(chǔ)空間，僅對(duì)用戶上傳內(nèi)容的表現(xiàn)方式做保護(hù)處理，對(duì)用戶上傳分享的文檔內(nèi)容本身不做任何修改或編輯，并不能對(duì)任何下載內(nèi)容負(fù)責(zé)。
6. 下載文件中如有侵權(quán)或不適當(dāng)內(nèi)容，請(qǐng)與我們聯(lián)系，我們立即糾正。
7. 本站不保證下載資源的準(zhǔn)確性、安全性和完整性, 同時(shí)也不承擔(dān)用戶因使用這些下載資源對(duì)自己和他人造成任何形式的傷害或損失。

2017年9月網(wǎng)絡(luò)區(qū)域邊界安全整改報(bào)告

文檔簡(jiǎn)介

溫馨提示

最新文檔

評(píng)論

2017年9月網(wǎng)絡(luò)區(qū)域邊界安全整改報(bào)告

文檔簡(jiǎn)介

溫馨提示

最新文檔

評(píng)論

相關(guān)文檔