摘要
从医疗机构面临的网络安全风险、风险存在的原因和网络安全建设必要性出发,以提高网络医疗机构网络安全性为目的,依据国家网络安全法律法规和等级保护政策,以Kill Chain模型和MITRE ATT&CK框架为基础网络攻击知识库,提出了构建以开源软件为基础的网络防御体系,将防御的策略、技术和工具运用于反杀伤链及防御ATT&CK框架攻击的各阶段,通过大量网络攻防演练和长期的实际运行效果的检验,可以实现较好的防御效果,对医疗机构等单位提高网络安全性具有现实参考意义.
This paper presents the risks of network security faced by medical institutions,the reasons for the risks and the necessity of network security construction,aiming at improving the network security of network medical institutions.According to the national network security laws and regulations and level protection policies,the idea of putting forward to the architecture of network defense based on open source software is proposed,basing on kill chain model and MITRE ATT&CK framework as the basis of network attack knowledge base.This architecture applies defense strategy,technology and software to all stages of Anti-Kill-Chain and Anti-ATT&CK framework attack.Through a large number of network attack-defense experiment and the actual running effect of inspection for a long time,it can achieve better defense effect,and provide the practical reference significance for medical institutions to improve network security.
作者
马晓亮
Ma Xiaoliang(The First Affiliated Hospital of Chongqing Medical University,Chongqing 400016)
出处
《信息安全研究》
2021年第8期763-772,共10页
Journal of Information Security Research
基金
国家自然科学基金项目(81901322)。
关键词
医疗机构
免费开源软件
ATT&CK框架
防御体系
网络安全
medical institutions
free-open-source software
ATT&CK framework
defense architecture
network security
作者简介
马晓亮,硕士,软件设计师、信息安全工程师.主要研究方向为网络信息安全、网络安全建设与运维、渗透测试和恶意代码分析.redhatlinux@163.com.
