摘要
背景:随着教育信息化的发展,传统网络防护手段已经无法应对来自应用层的网络攻击。目的:为HTTPS协议下的高校Web应用提供防护,免受Web入侵。方法:结合目前HTTPS协议下高校Web应用安全现状,分析了WAF的部署模式,并提出了相应的实施方案。结果:部署WAF后,分析了一段时间内来自应用层的入侵次数、入侵类别和入侵来源,WAF可有效防护针对Web应用的攻击。结论:通过设置合适的安全防护策略,WAF一方面可以保障高校Web应用的正常运转,另一方面可以提高高校Web应用的安全指数。新的WAF技术应结合Web应用的发展提供更加灵活的防御。
Background With the development of educational informatization,traditional network protection methods can no longer deal with network attacks from the application layer.Objective to provide protection for University web applications under HTTPS protocol from Web Intrusion.Methods Combined with the current situation of web application security in University under HTTPS protocol,the deployment mode of WAF was analyzed,and the corresponding implementation scheme was put forward.Results After deploying WAF,the intrusion times,intrusion categories and intrusion sources from the application layer in a period of time were analyzed.WAF can effectively protect against attacks against web applications.Conclusion By setting appropriate security protection strategies,on the one hand,WAF can ensure the normal operation of University web applications,on the other hand,it can improve the security index of University web applications.The new WAF technology should provide more flexible defense combined with the development of web applications.
作者
韦磊
宁玉文
高东怀
沈霞娟
WEI Lei;NING Yuwen;GAO donghuai;SHEN Xiajuan(teaching and research support center of Air Force Military Medical University,Xi'an 710032,China;School of Journalism and media,Yangzhou University,Yangzhou 225009,China)
出处
《自动化与仪器仪表》
2021年第12期109-112,124,共5页
Automation & Instrumentation
基金
全国医学专业学位研究生教育指导委员2019年重点课题《面向医学专业学位研究生教育的在线课程资源设计与教学应用模式研究》(YX2019-03-02)。
