Windows安全基线研究

doi:10.3969/j.issn.1671-1122.2015.03.002

信息网络安全 ›› 2015, Vol. 15 ›› Issue (3): 6-13.doi: 10.3969/j.issn.1671-1122.2015.03.002

Windows安全基线研究

卿斯汉^1,^2,³, 曾山松¹, 杜超¹

1. 北京大学软件与微电子学院,北京 102600
2. 中国科学院软件研究所,北京 100190
3. 信息安全国家重点实验室,北京 100093

收稿日期:2015-02-25 出版日期:2015-03-10 发布日期:2015-05-08
作者简介:
作者简介：卿斯汉（1939-）,男,湖南,研究员,主要研究方向：安全协议、可信计算、云安全、操作系统安全等;曾山松（1988-）,男,云南,硕士研究生,主要研究方向：系统与网络安全、云计算与安全;杜超（1990-）,男,山东,硕士研究生,主要研究方向：系统与网络安全、云计算与安全。
基金资助:
国家自然科学基金[61170282]

Research on Windows Security Baseline

QING Si-han^1,^2,³, ZENG Shan-song¹, DU Chao¹

1. School of Software and Microelectronics, Peking University, Beijing 102600, China
2. Institute of Software, Chinese Academy of Sciences, Beijing 100190, China
3. State Key Laboratory of Information Security, Beijing 100093, China

Received:2015-02-25 Online:2015-03-10 Published:2015-05-08

摘要/Abstract

摘要：

随着互联网应用的快速发展,信息系统的安全性问题日益突出,安全基线的概念、技术与应用就更加重要。安全基线是微软安全生态系统中的一个重要组成部分,它通过安全合规管理器（SCM）以基线的形式判断用户的应用环境安全是否达标,提供一个信息系统所需的最基本的安全保证。安全基线的概念源于微软为美国空军实施的安全配置方案,最终为美国政府机构所采纳,作为国家标准实施。文章对Windows安全基线的由来与发展、安全合规管理器（SCM）、安全基线的基本概念和实现原理、安全基线的部署与安全策略设置、Windows 8.1的安全基线更新等进行讨论与分析。Windows安全基线的概念可以方便地推广到更加广泛的应用场合,如Linux操作系统。

关键词: 安全基线, 安全合规管理器, 组织单元, 组策略对象

Abstract:

Security baseline is an important part of Microsoft’s security ecosystem, by the use of Security Compliance Manager (SCM) which is able to determine whether the security requirements of users’ application environment are met, providing a basic security assurance for an information system. The concept of security baseline originally coming from the Microsoft’s security configuration initiative for the US Air Force, eventually has been accepted by the US government, and deployed as national standards. This paper discusses and analyzes the origin and progress of Windows security baseline, security compliance manager, the basic concept and implementation rationale of security baseline, deployment and security policy settings of security baseline, and update of security baseline for Windows 8.1.

Key words: security baseline, security compliance manager, organizational unit, group policy object

中图分类号:

TP309

卿斯汉, 曾山松, 杜超. Windows安全基线研究[J]. 信息网络安全, 2015, 15(3): 6-13.

QING Si-han, ZENG Shan-song, DU Chao. Research on Windows Security Baseline[J]. Netinfo Security, 2015, 15(3): 6-13.

图/表 10

图1

图2

图3

图4

图5

图6

表1

表2

图7

表3

参考文献 17

[1]	Windows 7 Security Baseline,,2013
[2]	NIST,FDCC,
[3]	NIST,United States Government Configuration Baseline,
[4]	NIST, SCAP,
[5]	NIST, SCM, , 2014
[6]	Active Directory Domain Services Overview,,2013
[7]	Connie Rock, Mike Stephens,Group Policy Planning and Deployment Guide,, 2009
[8]	Connie Rock, Mike Stephens,
[9]	Strengthening Domain Policy Settings,
[10]	Account Lockout and Password Concepts, , 2004
[11]	Dave Bishop, , 2009
[12]	Active Directory in Networks Segmented by Firewalls,
[13]	Windows BitLocker Drive Encryption Step-by-Step Guide, , 2007
[14]	Best Practices for BitLocker in Windows 7, , 2011
[15]	Trusted Computing Group: Trusted Platform Module(TPM) Specifications, , 2015
[16]	Recommended Security Baseline Settings, , 2014
[17]	FSCC, , 2009

Windows安全基线研究

Research on Windows Security Baseline

RichHTML

可视化

摘要/Abstract

引用本文

使用本文

图/表 10

参考文献 17

相关文章 2

编辑推荐

Metrics

本文评价

[1]	李萌. 国家药品监督管理局移动应用安全建设[J]. 信息网络安全, 2019, 19(9): 46-50.
[2]	黄强, 孔志印, 常乐, 张德华. 可信基线及其管理机制[J]. 信息网络安全, 2016, 16(9): 145-148.