(Final) Dự Án 5 - Thiet Ke Muc Cao Phan Mem (SRD)

CNG TY U T PHT TIN CNG NGH
IN T - VIN THNG
D N 5
THIT K MC CAO [v1.0]
Ngi lp:
Pham Hng Sn
Ngy lp:
/./......................
Ngi xem xt:
Nguyn c Hinh........................
Ngy lp:
/./......................
Ngi duyt:
......................................................
Ngy duyt:
/./......................
10/2014
12.BM.QTPM.EJC, (v1.0)
D an 5
Phin bn: 1.0
MC LC
1.
GII THIU CHUNG.........................................................................................................................
1.1.
1.2.
1.3.
1.4.
Mc ch............................................................................................................................................
M t h thng phn mm.................................................................................................................
Ti liu lin quan...............................................................................................................................
Khi nim, thut ng.........................................................................................................................
2.
GI THIT V RNG BUC.............................................................................................................
2.1.
2.2.
2.3.
2.4.
Mi trng Server.............................................................................................................................
Cc mc tiu u tin.........................................................................................................................
Phng n pht trin phn mm.......................................................................................................
Cc rng buc v gi thit khc........................................................................................................
3.
KIN TRC SN PHM...................................................................................................................
3.1.
3.2.
3.3.
Kin trc phn mm..........................................................................................................................

M hnh trin khai............................................................................................................................
M hnh vt l..................................................................................................................................
4.
THIT K GIAO DIN.....................................................................................................................
4.1.
4.2.
4.3.
4.4.
4.5.
4.6.
4.7.
4.8.
4.9.
Giao din ng nhp.......................................................................................................................

Giao din mn hnh ch huy.............................................................................................................
Giao din gim st h thng............................................................................................................
Giao din qun l s kin................................................................................................................
Giao din qun l vt t..................................................................................................................
Giao din qun l cn b.................................................................................................................
Giao din qun l k hoch.............................................................................................................
Giao din cnh bo.........................................................................................................................
Giao din cu hnh h thng...........................................................................................................
5.
THIT K MODULE........................................................................................................................
5.1.
5.2.
5.3.
5.4.
5.5.
5.6.
5.7.
5.8.
5.9.
5.10
Module thu thp v qun l Log Firewall qua h thng SIEM..........................................................

Module Mediation Services.............................................................................................................
Module mn hnh ch huy................................................................................................................
Module gim st h thng...............................................................................................................
Module qun l s kin...................................................................................................................
Module qun l vt t......................................................................................................................
Module qun l cn b....................................................................................................................
Module qun l qun l k hoch....................................................................................................
Module qun tr h thng................................................................................................................
C s d liu tp trung...................................................................................................................
CAC YU CU CHC NNG.........................................................................................................
6.9
6.10
6.11
6.12
6.13
6.14
Khi chc nng mediation...............................................................................................................

Khi chc nng hin th mn hnh ch huy.......................................................................................
Khi chc nng gim st h thng..................................................................................................
Khi chc nng qun l s kin......................................................................................................
Khi chc nng qun l vt t.........................................................................................................
Khi chc nng qun l cn b.......................................................................................................
Trang 2/40
D an 5
Phin bn: 1.0
6.15
6.16
Khi chc nng qun l k hoch...................................................................................................

Khi chc qun l h thng.............................................................................................................
PH LC.........................................................................................................................................
7.9
Tiu chun lp trnh.........................................................................................................................
Trang 3/40
D an 5
Phin bn: 1.0
LCH S THAY I
TT
Ni dung thay i
Mc
Ngy
Trang 4/40
D an 5
Phin bn: 1.0
1. GII THIU CHUNG

1.1. Mc ch
Mc ch ca ti liu nhm a ra cch nhn tng quan v h thng am bao an ton
mang cho B Quc Phong, khi qut giai php trin khai ky thu t ca Elcom.
1.2. M t h thng phn mm
H thng am bao an ninh cho h thng mang thoai Quc Phong nhm ghi log, nh
du cc nghi ng xm nh p, kip thi a ra canh bo cho ngi iu hnh. H tr
ngi v n hnh theo doi v quan ly trang thit bi trong h thng an ninh mang quc
phong.
H thng phn mm trong d an 5 c chia lm 3 phn h :
-
H thng bao cao an ninh t p trung
H thng bo co an ninh tp trung cung cp cc bo co c tnh cht tng hp v tnh

trang an ninh mang QS-QP hin tai, an ninh mang trong mt khoang thi gian hay
thng k an ninh theo s kin, theo mc nguy him, theo nhm i tng quan
tm Thng qua cc cng c trc quan ha d liu, h thng bo co an ninh tp
trung em n cho ngi ch huy nhng thng tin cn thit.
-
H thng lp k hoch v qun l ngun lc
Vai tro ca h thng lp k hoach v quan ly ngun lc l quan ly thng tin chung cc
ngun lc (con ngi, trang thit bi, vt t) hin c v tnh trang sn sng ca ngun
lc, t cung cp cng c trc quan ngi ch huy c th phn b ngun lc cho
tng nhim v c th, h tr ngi ch huy trong vic tao, theo doi, iu chnh, tng
kt, bo co v ton b qu trnh thc hin cc nhim v.
Phn h Quan ly ngun lc
Phn h Quan ly k hoach, nhi m
v
1.3. Ti liu lin quan
Cc ti liu lin quan n vic thit k h thng:
Ti liu SRS, SRD
Ti liu m ta Usecase
1.4. Khai nim, thut ng
STT
Thut ng, t
vit tt
1
2
Tslqs NGN
DDoS
Gii thch
Ghi ch
Trang 5/40
D an 5
Phin bn: 1.0
3
4
5
6
7
8
Firewall/IPS
QS-QP
Trang 6/40
D an 5
Phin bn: 1.0
2. GI THIT V RNG BUC

2.1. Mi trng Server
- H iu hnh: Linux
- Application Server : Tomcat
- Ngn ng s dng: Java
- Cng ngh s dng : Struts, Spring, HTML5, CSS3, JQUERY, BOOTSTRAP
- C s d liu: Oracle
- Cng c pht trin: Eclipse
- Java virtual Machine l ban JRE 1.7
- H thng vn hnh 24/24
2.2. Cac mc tiu u tin
- u tin 1: Hon thnh cc module phn h trong giai oan 1 ca phn mm gm:
Hin thi c tnh trang an ninh ca h thng da trn d li u ca h thng
SIEM
Tng hp tnh trang sc khoe, hi u nng hoat ng ca firewall
Quan ly ngun lc (Bao gm con ngi v v t t)
Quan ly k hoach
Quan ly truy c p
- u tin 2: Tnh n inh ca h thng
- u tin 3: p ng tt ca cc tnh nng ca h s d n
- u tin 4: Kha nng bao tr, chuyn giao h thng, tnh trong sng ca m ngun v
ti liu d n
- u tin 5: Thi gian d n phai hon thnh ng k hoach
2.3. Phng an phat trin phn mm
- p dng quy trnh phn mm theo m hnh Agile ca cty Elcom v tun theo k
hoach lp trnh c ph duyt t Gim c d n
- Thit k hng i tng, s dng ngn ng thit k UML, cng c EA, Visio
- Ngn ng lp trnh : S dng ngn ng lp trnh Java, JDK 1.7 hoc mi hn.
- Test tun theo quy trnh test v s dng testtrackpro.
- Quan ly cu hnh s dng cng c l SVN
- Quan ly cng vic trn trello
2.4. Cac rng buc v gi thit khac
- Thit k phn mm am bao u tin hon thnh cc chc nng chnh ca h thng,
am bao ngi dng khai thc s dng khi kt thc thi gian d n
- Cc chc nng ph tr c thc hin sau khi cc chc nng chnh hon thnh
Trang 7/40
D an 5
Phin bn: 1.0
3. KIN TRC SN PHM

3.1. Kin trc phn mm
Trang 8/40
D an 5
Phin bn: 1.0
H thng am bao an ninh an ton mang xy dng theo tiu chun an ton cng ngh thng
tin v bao m t ca IBM, am bao thi gian thc cc nguy c tn cng an ninh. H thng
c thit k bao gm phn :
u vo :
u vo ca h thng l cc d li u log thu th p v x ly t ng bi h thng SIEM ca
IBM. Cc d li u log (c th l log ca firewall) tai tng i, mang n i b , cc router bin,
firewall h thng c thu th p v x ly t p trung trn core SIEM, sau c phn tch,
phn loai v t chc lai do chnh Core SIEM am nh n. D li u ny c coi l u vo cho
h thng quan ly an ninh Elcom xy dng.
Lp chuyn tip C s d li u - Mediation
y l module chuyn tip d li u t h thng SIEM vo database t p trung. D li u sau
khi thu th p bng h thng SIEM , c phn h mediation phn tch v y vo c s d
li u t p trung. y cung l c s d li u s dng cho h thng gim st an ninh, v quan ly
ngun lc, k hoach.
Lp phn mm ng dng nghi p v
Bao gm cc phn h : Phn h bo co an ninh t p trung, phn h quan ly ngun lc, phn
h quan ly k hoach v iu phi, phn h quan tri h thng
Lp dich v v trinh din
Bao gm cc bo co, mn hnh ch huy, mn hnh thng k, ng dng trc quan ha d li u
(Visualization), giao di n v n hnh khai thc
u ra
Cc mn hnh lp trnh din c hin thi qua mn hnh ln, ho c qua web browser ca
mang n i b .
Trang 9/40
D an 5
Phin bn: 1.0
3.2. M hinh trin khai
Trang 10/40
D an 5
Phin bn: 1.0
3.3. M hinh vt l
H thng phn mm kh trin khai gm 4 module v t ly bao gm :

-
H thng Firewall, v thit bi mng

H thng Firewall v cc thit bi mang nm trong quy m d n
May chu SIEM

My ch thu thp log v cu hnh an ninh mang SIEM
May chu Application Server

My ch trin khai h thng gim st s kin an ton tp trung
May chu Database Oracle

My ch lu c s d liu tp trung
Trang 11/40
D an 5
Phin bn: 1.0
4. THIT K GIAO DIN

4.1. Giao din ng nhp
4.2. Giao din mn hinh ch huy
Figure 1 : Mn hnh ch huy
Trang 12/40
D an 5
Phin bn: 1.0
4.3. Giao din giam sat h thng
Figure 2 : Khng gian mng
Figure 3 : S kin mng
Trang 13/40
D an 5
Phin bn: 1.0
Figure 4 : Topo mng li
4.4. Giao din qun l s kin
Figure 5 : Danh sch s kin
Trang 14/40
D an 5
Phin bn: 1.0
4.5. Giao din qun l vt t
Figure 6 : Qun l vt t
4.6. Giao din qun l can b
Figure 7 : S t chc n v
Trang 15/40
D an 5
Phin bn: 1.0
4.7. Giao din qun l k hoch
Figure 8 : Qun l k hoch
Figure 9 : Lp k hoch
Trang 16/40
D an 5
Phin bn: 1.0
4.8. Giao din cnh bao
Figure 10 : Danh sch cnh bo
4.9. Giao din cu hinh h thng
Trang 17/40
D an 5
Phin bn: 1.0
5. THIT K MODULE
5.1. Module thu th p v qun l Log Firewall qua h thng SIEM
SIEM l giai php c kt hp bi 2 giai php SIM v SEM. SIEM l mt giai php hon
chnh, y cho php cc t chc thc hin vic gim st cc s kin an ton thng tin cho
mt mang li. Cc thnh phn chnh ca SIEM bao gm: thnh phn thu thp nht ky, thnh
phn phn tch, thnh phn lu tr, thnh phn quan tri tp trung. Ngoi ra con c cc thnh
phn khc nh: thnh phn gim st Network Package mc lp 7 trong m hnh OSI, cc
module tao bo co (Complaince Report).
. Cc chc nng chnh ca h thng bao gm:

-
Thu thp thng tin lin tc v nguy c v s c an ton mang.
Nhn dang, x ly nhanh, canh bo sm cc nguy c v s c an ton mang.
H tr iu hnh phan ng nhanh vi cc s c an ton mang.
H thng s thu thp v x ly nhanh thng tin t tt ca cc ngun thng tin canh bo
t tt ca cc thit bi an ninh mang: FW, IPS/IDS
H thng gim st an ton mang tp trung thng bao gm cc thnh phn sau y:
a. Thnh phn thu thp log (log collector):
Thnh phn thu thp log ng vai tron nh l giao din kt ni trc tip n cc thit
bi cn thu thp v quan ly log. Cc log s c thu thp v lu tr tam thi tai Event
Collector, sau s c chuyn n Thit bi Event Processor tin hnh phn tch, so snh
Trang 18/40
D an 5
Phin bn: 1.0
tng quan. Mt khc, cc thit bi t tai trung tm c th y log trc tip ln thit bi phn
tch s kin Event Processor. Cc chc nng chnh ca thnh phn Log collector bao gm:
-
Thu thp ton b d liu nht ky t cc ngun thit bi, ng dng bao gm ca cc
thit bi vt ly v thit bi ao.
H tr thu thp log qua Syslog hoc bng cc giao thc nh: JDBC, SNMP, SDEE,
OPSEC...
C th cu hnh y log theo thi gian hoc theo iu kin bng thng inh trc.
Chuyn ton b cc s kin sau khi thu thp n thit bi Event Processor
b. Thnh phn phn tch s kin (Event Processor):
Thnh phn phn tch s kin (Event procesor) bao gm cc cc m un thu thp, m
un phn tch, m un lu tr.
-
M un thu thp s kin (Event Collector): l giao din lm vic trc tip n cc h
thng/thit bi cn thu thp v quan ly s kin. Tai y, cc log s c thu thp v
c chuyn n thnh phn phn tch tin hnh phn tch, so snh tng quan.
M un phn tch: thc hin vic phn tch s tng quan theo thi gian thc gia cc
s kin an ninh da vo mu v phn tch hnh vi;
M un lu tr: thc hin vic lu tr v tm kim vi tc cao am bao an ton

cho nht ky v truy xut kt qua nhanh chng.
Thnh phn phn tch s kin (Event procesor) c engine phn tch c h tr
bi hng ngn cc lut inh ngha trc cung nh kha nng tu bin mang lai kt qua
phn tch chnh xc nht.
Cc log sau khi thu thp s c chun ho v tin hnh phn tch, so snh
tng quan theo thi gian thc nhm a ra canh bo tc thi cho ngi quan tri. Bn
canh kha nng so snh theo thi gian thc, Event Processor cho php phn tch cc d
liu trong qu kh nhm cung cp cho ngi quan tri mt bc tranh ton canh v an ninh
thng tin theo thi gian.
Event Processor u tr ca 2 dang log: log th v log sau khi c chun ha,
h tr nn v c th lu tr ln n 16 TB. Ngoi ra thnh phn Event Processor con h
tr kt ni n cc h thng SAN, iu ny gip cc t chc nng cao kha nng lu tr v
xy dng k hoach d phong chng mt mt d liu.
Event Processor cho php trin khai theo m hnh tp trung hoc phn tn am
bao an ton kt ni gia cc thnh phn, khng lm thay i kin trc mang. iu ny
gip doanh nghip bao v c vn u t, ng thi ln k hoach m rng theo tng l
trnh pht trin.
c. Thnh phn thu thp Flow mng (Flow Collector):
Trang 19/40
D an 5
Phin bn: 1.0
Thnh phn ny s kt ni vi thit bi chuyn mach (switch) qua cng Span port
thu thp flow ca cc thit bi trn mang li, sau gi flow ti thnh phn Flow Processor
phn tch flow mang lp 7 - Lp ng dng.
Lu y: (Trong phase 01 ca d n s khng lm phn flow mang)
d. Thnh phn phn tch flow mng:
Thnh phn ph tch flow mang s tip nhn flow t thit bi Flow Collector tin
hnh phn tch lp 7 (lp ng dng) nhm bc tch cc thng tin trong gi tin mang bao
gm: ia ch IP ngun, ia ch IP ch, giao thc truyn d liu, ia ch cng ngun, ia ch
cng ch, thng tin v ng dng, thng k lu lng, ni dung tai tin. Qua , n gip pht
hin cc tn cng phc tap nh Zero-day attack, kim sot tun th cc chnh sch an ninh, v
d: a ra canh bo v vic gi/nhn lu lng t nhng vng ng nghi ng hoc gi/nhn
lu lng qua cc giao thc khng an ton.
Bn canh , vic phn tch flow mang lp 7 cung s cung cp thm cc thng tin
chnh xc a ra canh bo nh vic so snh tng quan gia flow mang v log ca cc
thit bi.
Lu y: (Trong phase 01 ca d n s khng lm phn flow mang)
e. Thnh phn qun tr tp trung (Console):

Thnh phn quan tri tp trung thc hin vic gim st ton b h thng t vic bo
co, cu hnh, p t chnh sch cho cc site cung nh tin hnh so snh tng quan mc
ton b h thng. Cc chc nng chnh ca thnh phn ny bao gm:
-
Cung cp giao din quan tri tp trung cho ton b h thng SIEM (Security Operation
Center), cc giao din c phn quyn theo vai tro ca ngi quan tri.
H tr sn hng ngn cc lut mu (rules), cc giao din theo doi tng hp trc quan
(dashboard), cc iu kin lc (filter) ngi quan tri c th s dng lun cc cng
c ny. Ngoi ra cc cng c ny u cho php ty bin, thay i hay tao mi mt
cch d dng, cho php ngi quan tri tao lp cc cng c mi ph hp vi h thng
ca mnh.
Kha nng drill down hin thi chi tit tng incident.
H tr cc cng c cho vic x ly cc s kin an ninh xay ra trn mang li

(Workflow)
C sn cc template, dashboard bo co theo cc chun an nninh nh: CobiT, SOX,

GLBA, NERC/FERC, FISMA, PCI-DSS, HIPAA, & UK GSi/GCSx, GPG .
T ng cp nht cc lut mi.
Trang 20/40
D an 5
Phin bn: 1.0
Kha nng kt ni vi thnh phn phn tch flow: cho php phn tch flow mang lp 7 - Lp
ng dng nhm phn tch su v chnh xc h thng mang ca khch hng, xc inh cc mi
e doa v cc bt thng ca mang
5.2. Module Mediation Services
Module Mediation l lp trung gian, giao tip vi h thng SIEM nhm thu th p, t chc,
ly d li u log, sau y d li u vo c s d li u t p chung.
Module Mediation s thc hi n vi c truy sut inh k vo Database ca h thng SIEM,
am bao tnh thi gian thc, thi gian truy sut c th l 1s. H thng mediation thit k am
bao tnh n inh, tnh thng sut v chiu tai tt.
5.3. Module mn hinh ch huy

Giao din ch huy:
y l lp giao din a ra hnh anh trc quan nht v tng th hin trang an ninh v hin
trang ngun lc, k hoach nhim v phc v gc nhn ch huy. Yu cu quan trng l tt ca
cc giao din phai h tr ting Vit gip cho thao tc vn hnh ch huy c nhanh chng
v hiu qua hn.
Giao din ch huy cung cp:
Mn hnh khng gian mang: Th hin khng gian tc chin, bao gm tt ca cc thc
th cn gim st trn h thng c c t trn ban Vit Nam vi vi tr ia ly

tng ng.
Mn hnh s kin mang trn ban : Th hin trc quan s kin mang trn ban .
Gim st topo mang : Gim st h thng thng qua topo mang li
Mn hnh quan ly s kin : Gim st s kin theo thi gian thc
Mn hnh canh bo : Gim st canh bo ca ton h thng
Mn hnh quan ly k hoach : Gim st cc k hoach ang c thc hin
Trang 21/40
D an 5
Phin bn: 1.0
5.4. Module giam sat h thng
Module gim st h thng c chia lm 3 module con :
Khng gian mang : h tr ngi quan tri theo doi gim st tnh trang an ninh trn ton
h thng theo thi gian thc. S dng biu Vit Nam th hin khng gian an
ton mang.
S kin mang : H tr ngi quan tri theo doi mt cch trc quan din bin hnh vi
ca ton h thng mang. S kin mang c biu din gia hai im trn ban Vit
Nam
Topo mang : Gim st theo topo th hin m hnh mang ca tng n vi, trn c
cc kt ni gia cc thnh phn mang v cc thng tin ca tng thit bi cung nh
thng tin ca cc kt ni.
5.5. Module qun l s kin

Mc tiu: Cung cp giao din gip ngi ch huy c th theo doi s kin xay ra trong ton h
thng theo thi gian thc. H tr lc, phn loai, tng hp thng k qua biu , a ra cc
canh bo tn cng, nguy him
5.5.1 Danh sch s kin
Hin thi danh sch s kin theo thi gian thc. Ngi dng c th thc hin pause/play danh
sch s kin. Chc nng ny cho php ngi dng c th lc theo cc tiu ch nh theo thi
gian v mc nguy him, xem chi tit thng tin ca mt s kin, thc hin iu tra vi d
liu ly t s kin hoc tao mt nhim v cho s kin v k hoach chi tit thc hin
nhim v
5.5.2 Thng k s kin
Mc tiu: Chc nng cho php tng hp, thng k phn loai s kin v biu din dang biu
gip ngi ch huy c ci nhn tng quan v tnh trang an ninh ca h thng, t a ra
cc quyt inh giai quyt s c kip thi. C cc loai thng k nh thng k top ip ngun, top
ip ch, loai s kin, ngng v mc nguy him
Trang 22/40
D an 5
Phin bn: 1.0
5.5.3 iu tra
Mc tiu: Chc nng ny h tr ngi dng thc hin iu tra theo i tng, dich v, theo
cn b quan ly, kt qua nhn c l danh sch cc s kin tng ng v topo th hin s
kin c bt u t u v i cc cc thit bi no trong h thng mang.
5.6. Module qun l vt t

Module quan ly vt t c thit k nhm nhim v quan ly tt ca trang thit bi trn h thng,
l u vo cho module gim st h thng. Khi vt t trang thit bi c chia lm 5 nhm
chnh :
Ha tng : Bao gm nh tram, t rack, xe c ng

Thit bi mang : Server, router, Firewall, thit bi lu tr, thit bi thu pht song,
thit bi khc
Thit bi logic : My ch ao, Mang LAN ao, Firewall ao, Cc thit bi ao ha
khc
Dich v mang : HTTP, DNS
Dich v ng dng : Mail, Web
5.7. Module qun l can b

Module qun l cn b c thit k nhm nhim v qun l ton b cn b tham gia vn hnh v
khai thc h thng, bao gm c cc cn b thc hin cc nhim v khc phc v gii quyt s c.
Module c chia thnh hai khi chnh :
Qun l n v
Qun l cn b
5.8. Module qun l qun l k hoch

Vong i k hoach c thit k theo s bn di.
Trang 23/40
D an 5
Phin bn: 1.0
Da trn yu cu c th, h thng chia phn h quan ly k hoach lm 3 khi chnh :

-
Danh sch k hoach

Lp k hoach
Bo co
5.9. Module qun tri h thng

Bao gm cc chc nng v quan tri vn hnh hoat ng h thng t:
5.9.1 Qun l ngi dng
y l chc nng quan ly ngi dng tham gia vn hnh, quan ly H thng am bao an ninh
mang. Cho php quan ly cc thng tin nh: H v tn, tn ti khoan, quyn han c php
Ngi dng c quyn hnh ph hp s c php thm mi sa - xa ngi dng trong h
thng. C 3 quyn c ban c th c ca ngi dng l: Cn b thc hin nhim v, Ngi ch
huy, Cn b vn hnh (theo quyn tng dn). ng vi mi quyn c ban s c cc quyn c
th tng menu h thng c m ta trong Qun l quyn.
5.9.2
Qun l cu hinh
5.9.2.1 Cu hinh Mediation

- Cu hnh Mediation: Chc ny cho php ngi dng xem cc thng tin v Mediation
Service nh: ia ch IP, cng dich v, trang thi dich v; c th bt/ tt service ny (Mediation
l service ng b c s d liu t SIEM v C s d liu tp trung).
- Cu hnh SIEM Qradar: Chc nng ny cho php ngi dng xem cc thng tin v h thng
SIEM Qradar nh: ia ch IP, Cng dich v, trang web quan tri, trang thi dich v.
5.9.2.2
Cu hinh Cnh bao
Chc nng ny cho php ngi dng cu hnh ngng canh bo(mc thng tin/canh bo/nguy
him) cung nh phng thc canh bo (qua giao din/ email).
Trang 24/40
D an 5
Phin bn: 1.0
5.9.2.3
Cu hinh Log Source
Tt ca cc logSource (firewall) m SIEM c th nhn ra s c hin thi y. Chc nng

ny cho php ngi dng chn cc logsource H thng am bao an ton mang c th da
vo ch hin thi thng tin ti logsource ny.
5.9.3 Qun l quyn
Chc nng ny cho php ngi dng (c quyn ph hp) c th xem v chnh sa quyn truy
cp vo cc chc nng ca h thng ca 3 loai ngi dng c ban l: Cn b thc hin nhim
v, Ngi ch huy, Cn b vn hnh. Cc quyn thc hin trong
5.10
C s d liu tp trung
Khi c s d liu cha c s d liu tp trung ca ton b h thng Quan ly v iu

hnh an ton mang tp trung. Cc d liu m n quan ly bao gm cc d liu phc v
hoat ng ca cc phn h Bo co an ninh tp trung, Phn h Quan ly ngun lc v phn
h Quan ly k hoach v iu phi cung nh cc d liu quan tri, vn hnh ca h thng.
Khi ny ng thi cung cp cc phng thc cho php iu khin v x ly cc truy nhp
vo cc d liu trn.
c im chnh ca khi c s d liu:
Xy dng trn nhng nn tang ca h quan tri c s d liu thuc loai manh nht hin
nay l Oracle, truy cp nhanh v c cu trc phn quyn LDAP. C th quan tri c
lng d liu ln vi cc i tng khc nhau. Cc i tng quan ly d dng thm
bt cc thuc tnh v i tng con theo nhiu mc su ty y.
p ng c vic ti u ha gia lu tr thng tin v x ly chn lc d liu ti
u ha ti nguyn ca my ch trnh vic xung t d liu khi c qu nhiu lung

thng tin c x ly ng thi.
p ng c nhu cu lu tr d liu trong thi gian di v khi lng ln.
p ng kha nng truy nhp khi lng d liu ln vi tn xut ln mt cch hiu
qua.
am bao tnh c lp d liu hay s bt bin ca chng trnh ng dng i vi cc
thay i v cu trc trong m hnh d liu.

H tr cc ngn ng cao cp cho php ngi s dng inh ngha cu trc d liu, truy
nhp d liu v thao tc d liu.

p ng kha nng quan ly cc giao dich truy nhp ng thi vo c s d liu t
nhiu ngi s dng tai cng mt thi im, han ch kha nng truy nhp n cc d
liu bi nhng ngi s dng khng c cp php v c kha nng kim tra tnh ng
n ca CSDL.
p ng kha nng phc hi d liu, khng lm mt mt d liu vi cc li h thng.
p ng cc yu cu v thao tc d liu bao gm:
o Tm kim thng tin c lu tr trong CSDL.
Trang 25/40
D an 5
Phin bn: 1.0
o Thm thng tin mi vo CSDL.

o Xo thng tin t CSDL.
o Thay i thng tin c lu tr trong CSDL.
Cc loai d liu c lu tr v x ly trong Lp D liu:
Phn h bo co an ninh tp trung: d liu cu hnh c s, d liu s kin, d liu
canh bo
Phn h Quan ly ngun lc: d liu ngun lc
Phn h Quan ly k hoach v iu phi: d liu nhim v
D liu quan tri h thng: file cu hnh, d liu hoat ng, log h thng
Trang 26/40
D an 5
6
6.9
Phin bn: 1.0
CC YU CU CHC NNG
Khi chc nng mediation
Mediation lm nhim v ng b cc bang config t db postgres trn h thng SIEM v lu

d liu log real time vo Database Oracle. D liu trn h thng SIEM c lu tr v quan
ly bng 2 database: database Postgres v database Ariel.
- Database Postgres: lu tr ton b cc d liu cu hnh ca h thng SIEM v cc d liu
tn cng sau khi c thu thp v phn tch.
- Database Ariel : lu tr d liu log tam thi ca h thng SIEM sau khi thu thp c t cc
firewall thng qua cc event collectors. Lu y d liu ny ch c lu ti a 7 ngy trong h
thng SIEM.
Do tnh cht cn lu tr, phn tch v quan ly log lu di, khi chc nng mediation cn lm
nhim v ng b 2 database ny vo 1 c s d liu tp chung (Oracle 11g). Tuy nhin
khng phai tt ca cc d liu u c ng b, m ch ng b cc bang phc v business
ca h thng.
6.1.1 ng b d liu Postgres
Cc bng d liu cn ng b l :
Trang 27/40
D an 5
Phin bn: 1.0
a.Bng qidmap
- Mc tiu : ng b bng qidmap t db Postgres trong h thng SIEM v db Oracle.
- M t : bng qidmap l bng m t cc event v flow trong h thng SIEM.
D liu mu :
Khi c mt s kin thay i, nh update, delete, insert bn ghi vo bng qidmap, d liu s t ng
sync vi bng qidmap trn oracle. tr cho php l 5 -> 10s
b.Bng Category _type
- Mc tiu : ng b bng category type t db Postgres trong h thng SIEM v db Oracle.
- M t : D liu bng category khi c thay i nh insert, update, delete s c t ng ng b
sang db oracle. Thi gian cho php t 5 ->10s. Bng category type m t category cc s kin trn
h thng SIEM
D liu mu :
Trang 28/40
D an 5
Phin bn: 1.0
c. Bng sensordevice
- Mc tiu : ng b bng sensordevice t db Postgres trong h thng SIEM v db Oracle.
- M t : bng sensordevice l bng m t cc log source trong event v flow ca h thng
SIEM. D liu s t ng c ng b sang db Oracle khi c bt c mt thay i no trn db
Postgres (Insert, Delete)
- D liu mu :
Thi gian ng b delay t 5 - > 10s
6.1.2 ng b d liu real time Flow v Event

D liu realtime Flow v Event s c lu tr tm thi trn server SIEM. Tuy nhin m bo cho
bi ton thng k, v gim st sau ny, module mediation s lu tr d liu flow v event realtime.
Bng lu d liu event v flow
Trang 29/40
D an 5
Phin bn: 1.0
M t : 1 pht mt ln module mediation s request ly d liu flow v event mt ln sau y vo

db Oracle.
Lu : Trong h thng SIEM Qradar, cc d liu log ch c ly vi khong thi gian ti thiu l 1
pht startTime ti endEnd l 1 pht. D liu end Time mun nht l sysdate 1 pht.
Do d liu realtime s c ly theo range sau : (startTime, endTime) = (sysdate 2 minutes,
sysdate 1 minute).
D liu mu :
Bng Event:
D liu mu :
Bng Flow
Trang 30/40
D an 5
6.10
Phin bn: 1.0
Khi chc nng hin thi mn hinh ch huy
ID
Chc nng
M t chc nng
FU_CH_001
Gim st theo khng

gian mng
Chc nng hin th khng gian mng trn bn
FU_CH_002
Gim st theo s
kin mng
Chc nng hin th s kin mng trn bn
FC
FU_CH_003
Gim st theo topo

mng
Chc nng qun l h thng trn topo mng
FC
FU_CH_004
Danh sch s kin
Hin th danh sch s kin mng theo thi gian

thc
FC
FU_CH_005
Gim st k hoch
Chc nng cho php ngi qun tr theo di cc

k hoch ang thc hin trn h thng
NC
FU_TC_006
Gim st cnh bo
Chc nng cho php ngi qun tr theo di cc

cnh bo ca h thng
NC
6.11
Mc u tin
FC
Khi chc nng giam sat h thng
Phn h chc nng gim st h thng chia ra lm 3 khi chc nng chnh :
Gim st khng gian mang li

Gim st s kin mang
Topo mang
6.11.1 Khng gian mng
ID
M t chc nng
Mc u tin
Hin th thit b
mng
H thng ly thng tin ca thit b mng (bao gm

thng tin a l, thng tin kt ni, thng tin thit b)
v hin th trn bn
FC
FU_GH_002
Hin th kt ni
mng
H thng ly thng tin kt ni, v hin th kt ni

trn bn .
FC
FU_GH_003
Gim st theo topo

mng
FC
FU_GH_004
Lc theo n v
Lc cc thit b mng theo n v
FC
FU_GH_005
Hin th danh sch

cnh bo an ninh
Cc cnh bo an ninh c hin th trn giao din

gim st khng gian mng
NC
FU_GH_006
Phng to, thu nh

bn
Chc nng cho php ngi qun tr phng to hay

thu nh ti tng khu vc a l trn bn
NC
M t chc nng
Mc u tin
FU_GH_001
Chc nng
6.11.2 Gim st s kin mng

ID
FU_GH_007
Chc nng
Hin th tia mng
H thng biu din mi s kin mng bng mt
Trang 31/40
FC
D an 5
Phin bn: 1.0
tia trn bn . Mt u l ip souce ca s kin,

mt u l ip ch ca s kin. Cc nt mng
c hin th trn bn da theo thng tin v tr
a l khai bo trn h thng.
FU_GH_008
Lc theo server
H thng ch hin th cc s kin c ip ch l

server chn
FC
FU_GH_009
Gim st theo topo

mng
FC
FU_GH_010
Danh sch s kin
Hin th danh sch s kin
FC
FU_GH_011
Lc theo dch v
Lc theo dch v mng
NC
6.11.3 Topo mng li

ID
Chc nng
M t chc nng
Mc u tin
FC
FU_GH_012
V topo mng
H thng v topo mng da theo thng s kt ni

gia cc thit b mng lu trong c s d liu
FU_GH_013
Thng tin thit b
FU_GH_014
Hin th cnh bo
Hin th thng tin ca thit b mng khi hover ti

mt thit b trong topo mng
Hin th cnh bo khi c s c xy ra vi thit b
6.12
FC
FC
Khi chc nng qun l s kin
Bao gm cc chc nng con l Danh sch s kin, Thng k s kin v iu tra
ID
FU_D5_EVM_001
FU_D5_EVM_002
FU_D5_EVM_003
Chc nng
Danh sch s
kin
Xem thng tin
chi tit s kin
Thng k top ip
ngun
M t chc nng
Mc u
tin
Chc nng ny cho php ngi dng xem

danh sch cc s kin theo thi gian thc,
ngi dng c th la chn xem theo mt s
tiu ch nh thi gian v mc nguy him
v nh du theo doi mt s kin
chi tit thng tin v mt s kin
Chc nng ny thng k 10 ip ngun c
nhiu s kin nht c sp xp theo th t
giam dn, biu thng k c th hin
FC
FC
FC
Trang 32/40
D an 5
Phin bn: 1.0
FU_D5_EVM_004
Thng k top ip
ch
FU_D5_EVM_005
Thng k theo
loai s kin
FU_D5_EVM_006
Thng k
ngng
FU_D5_EVM_007
Thng k theo
mc nguy
him
FU_D5_EVM_008
6.13
di dang ct
Chc nng ny thng k 10 ip ch c nhiu
s kin nht c sp xp theo th t giam
dn, biu thng k theo dang ct
Chc nng ny thng k 5 loai s kin xut
hin nhiu nht c sp xp theo th t
giam dn, biu thng k dang Pie
Chc nng ny thng k cc s kin c
managitude >=8 v <= 10 ca mi mt
firewall c cho php hin thi trong h
thng
Chc nng ny thng k xem mi mc
nguy him c bao nhiu s kin
Chc nng ny cho php thc hin iu tra
theo i tng, dich v hay cn b, kt qua
nhn c l danh sch cc s kin lin
quan v topo iu tra
iu tra
FC
FC
FC
FC
FC
Khi chc nng qun l vt t
a. Qun l vt t, trang thit bi

ID
FU_D5_001
Chc nng
Li t k bao co
quan ly thit bi
M t chc nng
Chc nng ny cho php hin thi tt ca cc bo
co v trang thit bi do ngi quan tri nh p
Mc u tin
FC
Trang 33/40
D an 5
Phin bn: 1.0
trc :
- Bo co hong thit bi
- Bo co nhp mi thit bi
- Bo co bn giao thit bi
Chc nng ny cho php lit k danh sch cc
thit bi theo cc thuc tnh nh:
FU_D5_002
FU_D5_004
FU_D5_005
Quan ly danh
sch thit bi
Quan ly tng
thit bi
M thit bi
Loai thit bi
n vi quan ly
Ngy nhp thit bi
Tnh trang thit bi
Gi khi nhp
Lich s s dng thit bi
Ngy c available (nu ang c s
dng)
- M ta thit bi
- Ch thch
Chc nng ny cho php theo doi tnh trang ca
thit bi theo thi gian theo cc tham s:
-
Theo doi tnh

trang thit bi
FU_D5_006
Tao mi t in
danh mc
FU_D5_007
Sa, xa t in
danh mc
FU_D5_008
- n vi quan ly
- n vi tip nhn
- Loai thit bi
- Cht lng thit bi
- Tnh trang s dng ca thit bi
Chc nng ny cho php thm, sa, xa thit bi.
Cc thuc tnh ca 1 thit bi nh:
Quan ly iu
phi
Tnh trang thit bi (tt/ bnh thng/

km)
- S lng thit bi
- Cht lng thit bi
- c s dng hay cha
- n vi no ang s dng
- Han s dng
Chc nng ny cho php tao mi nhng trng
d liu nh:
FC
FC
FC
- danh mc quan ly loai thit bi

- danh mc n vi quan ly
- danh mc ngi s dng
Chc nng ny cho php sa, xa cc trng d
liu ca t in danh mc. (thuc tnh ca thit
bi)
Chc nng ny cho php quan ly vic iu phi,
phn b thit bi. Cung cp cng c phc v vic
quan ly bn giao thit bi cho n vi tip nhn:
-
FC
FC
m thit bi
tnh trang thit bi
Trang 34/40
D an 5
Phin bn: 1.0
s lng thit bi
n vi ch quan
n vi tip nhn
ngy phn b
ngy ht han
ch thch
b. QUN L T CHC CN B
ID
Chc nng
FU_D5_009
Quan ly thng tin c

nhn ca cn b
FU_D5_010
Quan ly t bao am
ky thut c ng
(BKTC)
FU_D5_011
Quan ly bo co
thng k
M t chc nng
Chc nng ny cho php quan ly thng
tin c nhn:
- Tn, tui
- Gii tnh
- Qu qun
- Ni hin nay
- n vi lm vic
- Ngy bt u lm vic
- Tnh trang hn nhn
- Tnh trang sc khoe
- Ch thch
Chc nng ny cho php hin thi cn b
theo s t chc:
- Hin thi nhng cn b no free
cp no
- Hin thi nhng cn b no ang
busy cp no
Chc nng ny cho php hin thi tt ca
cc loai bo co v vic iu phi con
ngi do ngi quan tri nh p trc :
- Bo co thng tin cn b mi
- Bo co cc cng vic lm ca
1 cn b (trong khoang thi gian)
- Bo co nhn nhim v mi
- Bo co tin cng vic hin tai
Mc u
tin
FC
FC
FC
Trang 35/40
D an 5
6.14
6.15
Phin bn: 1.0
Khi chc nng qun l can b

Khi chc nng qun l k hoch
ID
FU_D5_PL_001
FU_D5_PL_002
M t chc nng
Chc nng
Li t k danh sch
k hoach
Xem chi tit thng

tin k hoach
Chc nng cho php tm kim v lit k tt ca

cc k hoach trong h thng. H thng h tr
lc v lit k k hoach theo cc tiu ch sau :
- n vi
- Tn k hoach
- Trang thi k hoach
- Loai k hoach
Chc nng cho php xem cc thng chi tit
ca mt k hoach nh thng tin v nhim v,
k hoach, danh sch ngi tham gia, danh sch
cc thit bi. Ty vo quyn ca ngi dng m
lng thng tin c hin thi theo
Chc nng cho php ngi quan tri iu chnh
mt k hoach cho ph hp vi tnh hnh thc
t. Ngi quan tri c th iu chnh cc thng
tin k hoach bao gm :
-
FU_D5_PL_003
Sa i k hoach
FU_D5_PL_004
Duyt k hoach
Mc u
tin
Thay i thi gian thc hin k hoach

(Thi gian bt u, kt thc)
Thay i ngi thc hin k hoach
(Thm bt ngi thc hin)
Thay i cc thit bi trong k hoach
Thay i cc cng vic chi tit ca mi
cn b
Thay i cc thng tin lin quan nh
loai k hoach, tn k hoach.
Chc nng ny cho php ngi ch huy

xem cc thng tin c ban v k hoach,
danh sch nhn vin tham giav
khng duyt hoc duyt phng n t
Trang 36/40
FC
FC
D an 5
Phin bn: 1.0
chc thc hin k hoach, c th thm y

kin ch ao xung cp di hoc xut
ra tp inh dang pdf cc thng tin v k
hoach
Chc nng cho php ngi dng c th thc
hin xem tin tng ca k hoach v chi tit
cc cng vic trong k hoach, nhn xt hoc
FU_D5_PL_005
Gim st trin khai ch ao tng cng vic c th cn c vo
quyn c cp ca ngi dng. Tai chc
nng ny cung c th xut ra cc file bo co
tng ng vi trang thi ca k hoach
FU_D5_PL_006
FU_D5_PL_007
Cp nhp tin
k hoach
Chc nng cho php ngi dng cp nhp tin

ca k hoach, ty theo quyn ca ngi
dng th ngi c th cp nhp cho ngi
khc hoc ch cp nhp cng vic ca mnh
FC
ng k hoach
Chc nng cho php ngi quan tri c th thc

hin ng dng hoc kt thc k hoach
FC
Lp k hoach
Chc nng cho php ngi quan tri lp 1 k

hoach giai quyt mt nhim v no , sau
khi lp xong ngi lp c th lu nhp lai
hoc gi cho cp trn duyt. Ngi quan tri
chn chc nng lp k hoach sau nhp cc
thng tin sau:
- Tn nhim v
- M ta nhim v
- nh gi nhim v
- Loai nhim v
- Tnh cht nhim v
- n vi thc hin nhim v
- La chn giao cho n vi di lp tip
k hoach, hay t giao vic lun
- Loai k hoach
- Loai s c
- Quy trnh x ly
- Mc u tin
- ia im thc hin
- Thi gian c lng thc hin k
hoach
- Ti liu nh km
- B tr ngun nhn lc v giao cng
vic chi tit cho tng nhn vin
- B tr trang thit bi x ly
FC
Bo co k hoach
Chc nng cho php xut file bo co cho mi

k hoach, ty vo trang thi ca k hoach v
template, inh dang do ngi dng chn
FC
FU_D5_PL_008
FU_D5_PL_009
FC
Trang 37/40
D an 5
6.16
Phin bn: 1.0
Khi chc qun l h thng
ID
FU_D5_ST_001
FU_D5_ST_002
FU_D5_ST_003
FU_D5_ST_004
Chc nng
Ngi dng
ng nhp
Ngi dng
ng xut
Hin thi danh

sch ngi dng
Thm mi sa
xa ngi
dng
FU_D5_ST_005
Cu hnh
Mediation
FU_D5_ST_006
Cu hnh SIEM
M t chc nng
Mc u
tin
Chc nng ny cho php ngi dng ng

nhp vo h thng gim st. Ty vo quyn
ca tng ti khoan c gn, ngi dng s
c nhng quyn c th sau khi ng nhp.
Chc nng ny cho php ngi dng thot ra
khoi h thng.
Chc nng ny cho php ngi dng sau khi
ng nhp vo h thng c th thy c
thng tin ca nhng ngi dng trong h
thng (ch ngi dng c quyn cao nht mi
c chc nng ny).
Chc nng ny cho php ngi dng thm
mi, sa, xa thng tin ca mnh hoc ngi
khc (ch ngi dng c quyn cao nht mi
c chc nng ny).
thng tin v Mediation service nh: ia ch IP,
cng, trang thi dich v, ngoi ra ngi dugnf
con c th start/ stop service ny.
Chc nng ny cho php xem thng tin v
FC
FC
FC
FC
FC
Trang 38/40
D an 5
Phin bn: 1.0
FU_D5_ST_007
Cu hnh canh
bo
FU_D5_ST_08
Cu hnh Log
Source
SIEM nh: ia ch IP, port, trang thi.

Chc nng ny cho php quan ly vic cu
hnh cc ngng canh bo c ban v phng
thc canh bo. C 3 ngng canh bo l:
ngng thng tin, ngng canh bo v
ngng nguy him. C 2 phng thc canh
bo c ban l qua giao din phn mm v qua
email.
Chc nng ny cho php ngi quan tri chn
cc firewall cho h thng. Nhng firewall
khng c chn th s khng c hin thi
d liu trn H thng gim st.
FC
FC
Trang 39/40
D an 5
7
7.9
Phin bn: 1.0
PH LC
Tiu chun lp trinh
Tun theo cc tiu chun code Convention ca cc ngn ng:
Java
Oracle
Trang 40/40

(Final) Dự Án 5 - Thiet Ke Muc Cao Phan Mem (SRD)

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

(Final) Dự Án 5 - Thiet Ke Muc Cao Phan Mem (SRD)

Uploaded by

Copyright:

Available Formats

CNG TY U T PHT TIN CNG NGH

Ngi xem xt:

Phin bn: 1.0

GII THIU CHUNG.........................................................................................................................

GI THIT V RNG BUC.............................................................................................................

KIN TRC SN PHM...................................................................................................................

Kin trc phn mm..........................................................................................................................

THIT K GIAO DIN.....................................................................................................................

Giao din ng nhp.......................................................................................................................

Module thu thp v qun l Log Firewall qua h thng SIEM..........................................................

CAC YU CU CHC NNG.........................................................................................................

Khi chc nng mediation...............................................................................................................

Phin bn: 1.0

Khi chc nng qun l k hoch...................................................................................................

Tiu chun lp trnh.........................................................................................................................

Phin bn: 1.0

Phin bn: 1.0

1. GII THIU CHUNG

H thng bao cao an ninh t p trung

H thng bo co an ninh tp trung cung cp cc bo co c tnh cht tng hp v tnh

H thng lp k hoch v qun l ngun lc

Phin bn: 1.0

Phin bn: 1.0

2. GI THIT V RNG BUC

Phin bn: 1.0

3. KIN TRC SN PHM

Phin bn: 1.0

Phin bn: 1.0

3.2. M hinh trin khai

Phin bn: 1.0

H thng phn mm kh trin khai gm 4 module v t ly bao gm :

H thng Firewall, v thit bi mng

May chu SIEM

May chu Application Server

May chu Database Oracle

Phin bn: 1.0

4. THIT K GIAO DIN

4.2. Giao din mn hinh ch huy

Figure 1 : Mn hnh ch huy

Phin bn: 1.0

4.3. Giao din giam sat h thng

Figure 2 : Khng gian mng

Figure 3 : S kin mng

Phin bn: 1.0

Figure 4 : Topo mng li

4.4. Giao din qun l s kin

Figure 5 : Danh sch s kin

Phin bn: 1.0

4.5. Giao din qun l vt t

4.6. Giao din qun l can b

Phin bn: 1.0

4.7. Giao din qun l k hoch

Figure 8 : Qun l k hoch

Phin bn: 1.0

4.8. Giao din cnh bao

Figure 10 : Danh sch cnh bo

4.9. Giao din cu hinh h thng

Phin bn: 1.0

. Cc chc nng chnh ca h thng bao gm:

Thu thp thng tin lin tc v nguy c v s c an ton mang.

Nhn dang, x ly nhanh, canh bo sm cc nguy c v s c an ton mang.

H tr iu hnh phan ng nhanh vi cc s c an ton mang.

Phin bn: 1.0