CN107835094A - A kind of centralized security configuration inspection and reinforcement means - Google Patents

A kind of centralized security configuration inspection and reinforcement means Download PDF

Info

Publication number
CN107835094A
CN107835094A CN201711104578.1A CN201711104578A CN107835094A CN 107835094 A CN107835094 A CN 107835094A CN 201711104578 A CN201711104578 A CN 201711104578A CN 107835094 A CN107835094 A CN 107835094A
Authority
CN
China
Prior art keywords
security
client
inspection
operating system
baseline
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201711104578.1A
Other languages
Chinese (zh)
Inventor
苏宝珠
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhengzhou Yunhai Information Technology Co Ltd
Original Assignee
Zhengzhou Yunhai Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhengzhou Yunhai Information Technology Co Ltd filed Critical Zhengzhou Yunhai Information Technology Co Ltd
Priority to CN201711104578.1A priority Critical patent/CN107835094A/en
Publication of CN107835094A publication Critical patent/CN107835094A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/04Network management architectures or arrangements
    • H04L41/042Network management architectures or arrangements comprising distributed management centres cooperatively managing the network
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/0823Configuration setting characterised by the purposes of a change of settings, e.g. optimising configuration for enhancing reliability
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention provides a kind of centralized security configuration inspection and reinforcement means, it is related to computer communication and operating system security field, the present invention is by detecting whether the common security configuration item of operating system meets demand for security, and provide common baseline value, being presented to user by WEB page, which meets baseline, and which does not meet, and user can independently choose whether to be repaired afterwards, the modification of security configuration project is carried out if selecting to repair, reaches the purpose for reinforcing operating system security.By such security hardening, operating system security is improved, protects the personal information and property safety of user.

Description

A kind of centralized security configuration inspection and reinforcement means
Technical field
The present invention relates to computer communication and operating system security field, more particularly to a kind of centralized security configuration inspection and Reinforcement means.
Background technology
With the rapid development of computer networking technology, communication network and the daily life of computer contact all the more Closely, the Communication Security Problem of resulting computer network is also paid close attention to by more and more people.It is wide in computer network In bandization, IPization and intelligentized evolution process, the scale of computer network constantly expands, and its structure is also increasingly complicated, institute face The security threat faced is also more and more, and these threaten and will directly endanger the vital interests of people;It is all kinds of with what is produced in the recent period High-risk leak, network security problem cause everybody more and more to pay close attention to.
The content of the invention
In order to solve the above technical problems, the present invention proposes a kind of centralized security configuration inspection and reinforcement means, The safety of operating system can effectively be strengthened, improve operating system security, protect the personal information and property safety of user.
The technical scheme is that:
A kind of centralized security configuration inspection and reinforcement means, by detecting whether the common security configuration item of operating system meets Demand for security, and common baseline value is provided, being presented to user by WEB page, which meets baseline, and which does not meet, afterwards User can independently be chosen whether to be repaired, and the modification of security configuration project is carried out if selecting to repair, and reach reinforcing behaviour Make the purpose of system safety.
The control construction that the present invention is combined using B/S with C/S, including centralized management platform and client two parts, are carried For the management and control to Windows/Linux server security configuration items, by inspection, reinforce, a variety of skills such as log recording Art means are controlled to server OS, so that strengthening the security of server OS.Keeper by with Put the baseline value of security configuration item and enable the corresponding security configuration inspection item of disabling, corresponding inspection item is issued to the visitor specified Family end.Inspection result is reported management platform by client afterwards by checking the inspection project issued.Management platform The configuration item for meeting and not meeting security baseline is shown by WEB page, and reparation menu is provided.Select to repair in keeper Afterwards, client changes the value of the configuration item of client according to the good baseline value of predefined.Can be effective by the system Improve the security of server, the effective guarantee personal information and property safety of user.
Wherein,
There is provided and provide corresponding security baseline value by operating system, and carry out the one-touch configuration item repaired and do not meet baseline is System, realizes the security hardening to operating system.
Keeper can carry out the configuration of security baseline by managing the platform page concentratedly and issue, and be easy to keeper to carry out The management of security hardening.
When receiving the operational order that management platform issues in client, swept according to the security baseline value issued Retouch, if scanning and repairing, then directly the configuration item for not meeting security baseline is repaired according to security baseline value.
The WEB page of whole system is provided, and corresponding behavior is audited, there is powerful audit function.
The beneficial effects of the invention are as follows
Security configuration inspection proposed by the present invention and hardened system can effectively strengthen the safety of operating system, be grasped by detecting Make whether the common security configuration item of system meets demand for security, and provide common baseline value, user is presented to by WEB page Which meets baseline, and which does not meet, and user can independently choose whether to be repaired afterwards, is pacified if selecting to repair Full configuration item purpose modification, reaches the purpose for reinforcing operating system security.By such security hardening, operating system peace is improved Quan Xing, protect the personal information and property safety of user.
Brief description of the drawings
Fig. 1 is the implementation block diagram of the present invention.
Embodiment
More detailed elaboration is carried out to present disclosure below:
The present invention proposes a kind of centralized security configuration inspection and hardened system, specific implementation process are as follows:
1st, FTP client FTP is registered
FTP client FTP is registered to management platform, and management platform gets the information such as the IP of client, operating system, kernel.
2nd, the configuration of security baseline/issue
The security configuration item inspection and unlatching of repair function, closing and configuration, safe plan can be realized by policy management capability After being slightly provided with, centralized management platform issues security strategy to client.Policy template includes two parts:
Basic setup:Security configuration item inspection function whether is opened, timing inspection function, whether function is changed automatically after inspection.
Security baseline is set:According to the client operating system reported, security configuration item corresponding to displaying, there is provided modification peace Full baseline value, enable and disable the function of certain or a few security baseline.
3rd, client scan and reparation
When receiving the operational order that management platform issues in client, it is scanned according to the security baseline value issued, such as Fruit is to scan and repair, then directly the configuration item for not meeting security baseline is repaired according to security baseline value.
4th, client scan and reparation result report.After the completion of client operation, scanner uni reparation is reported to management platform As a result, management platform carries out storage displaying to result, and operating system security is carried out according to current security configuration for attendant Reinforce.

Claims (3)

1. a kind of centralized security configuration inspection and reinforcement means, it is characterised in that
By detecting whether the common security configuration item of operating system meets demand for security, and baseline value is provided, pass through WEB page exhibition Now to user, which meets baseline, and which does not meet, and user can independently choose whether to be repaired afterwards, if selection is repaired The modification of security configuration project is then carried out, reaches the purpose for reinforcing operating system security.
2. according to the method for claim 1, it is characterised in that
The control construction being combined using B/S with C/S, including centralized management platform and client two parts, there is provided right The management and control of Windows/Linux server security configuration items, by inspection, reinforce, log-file technology means are to clothes Business device operating system is controlled;Keeper is by configuring the baseline value of security configuration item and enabling the corresponding security configuration of disabling Inspection item, corresponding inspection item are issued to the client specified;Client is by checking the inspection project issued, afterwards Inspection result is reported into management platform;Management platform shows the configuration item for meeting and not meeting security baseline by WEB page, And provide reparation menu;After keeper selects to repair, client changes client according to the good baseline value of predefined The value of configuration item.
3. according to the method for claim 2, it is characterised in that
Specific implementation process is as follows:
1), FTP client FTP registration
FTP client FTP is registered to management platform, and management platform gets IP, operating system, the kernel information of client;
2), security baseline configuration/issue
The security configuration item inspection and unlatching of repair function, closing and configuration are realized by policy management capability, security strategy is set After the completion of putting, centralized management platform issues security strategy to client;
Policy template includes two parts:
Basic setup:Whether open security configuration item inspection function, timing inspection function, after inspection whether automatic repair function;
Security baseline is set:According to the client operating system reported, security configuration item corresponding to displaying, there is provided change safe base Line value, enable and disable the function of the security baseline no less than one;
3), client scan and reparation
When receiving the operational order that management platform issues in client, it is scanned according to the security baseline value issued, such as Fruit is to scan and repair, then directly the configuration item for not meeting security baseline is repaired according to security baseline value;
4), client scan and repair result report
After the completion of client operation, scanner uni is reported to repair result to management platform, management platform carries out storage displaying to result, Operating system security reinforcing is carried out according to current security configuration for attendant.
CN201711104578.1A 2017-11-10 2017-11-10 A kind of centralized security configuration inspection and reinforcement means Pending CN107835094A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711104578.1A CN107835094A (en) 2017-11-10 2017-11-10 A kind of centralized security configuration inspection and reinforcement means

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711104578.1A CN107835094A (en) 2017-11-10 2017-11-10 A kind of centralized security configuration inspection and reinforcement means

Publications (1)

Publication Number Publication Date
CN107835094A true CN107835094A (en) 2018-03-23

Family

ID=61655065

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711104578.1A Pending CN107835094A (en) 2017-11-10 2017-11-10 A kind of centralized security configuration inspection and reinforcement means

Country Status (1)

Country Link
CN (1) CN107835094A (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108833358A (en) * 2018-05-22 2018-11-16 郑州云海信息技术有限公司 A kind of management method and system of security baseline
CN109522724A (en) * 2018-12-20 2019-03-26 郑州云海信息技术有限公司 A kind of apparatus and method about software scans
CN109583213A (en) * 2018-11-26 2019-04-05 郑州云海信息技术有限公司 A kind of management method and system of cloud platform Initiative Defense rule base
CN110851172A (en) * 2019-11-13 2020-02-28 杭州安恒信息技术股份有限公司 Method, device, equipment and medium for repairing security configuration of operating system
CN112784282A (en) * 2021-01-22 2021-05-11 苏州浪潮智能科技有限公司 Security configuration reinforcement method, system and medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8782603B2 (en) * 2010-12-21 2014-07-15 Sap Ag Standardized configuration checklists for software development
CN105138920A (en) * 2015-07-30 2015-12-09 浪潮电子信息产业股份有限公司 Implementation method for safely managing intranet terminal
CN106372512A (en) * 2016-08-25 2017-02-01 浪潮电子信息产业股份有限公司 Task-type security baseline execution method
CN106790167A (en) * 2016-12-29 2017-05-31 郑州云海信息技术有限公司 A kind of client registers method and centralized management platform

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8782603B2 (en) * 2010-12-21 2014-07-15 Sap Ag Standardized configuration checklists for software development
CN105138920A (en) * 2015-07-30 2015-12-09 浪潮电子信息产业股份有限公司 Implementation method for safely managing intranet terminal
CN106372512A (en) * 2016-08-25 2017-02-01 浪潮电子信息产业股份有限公司 Task-type security baseline execution method
CN106790167A (en) * 2016-12-29 2017-05-31 郑州云海信息技术有限公司 A kind of client registers method and centralized management platform

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108833358A (en) * 2018-05-22 2018-11-16 郑州云海信息技术有限公司 A kind of management method and system of security baseline
CN109583213A (en) * 2018-11-26 2019-04-05 郑州云海信息技术有限公司 A kind of management method and system of cloud platform Initiative Defense rule base
CN109522724A (en) * 2018-12-20 2019-03-26 郑州云海信息技术有限公司 A kind of apparatus and method about software scans
CN110851172A (en) * 2019-11-13 2020-02-28 杭州安恒信息技术股份有限公司 Method, device, equipment and medium for repairing security configuration of operating system
CN112784282A (en) * 2021-01-22 2021-05-11 苏州浪潮智能科技有限公司 Security configuration reinforcement method, system and medium
CN112784282B (en) * 2021-01-22 2022-09-20 苏州浪潮智能科技有限公司 Security configuration reinforcement method, system and medium

Similar Documents

Publication Publication Date Title
CN107835094A (en) A kind of centralized security configuration inspection and reinforcement means
Kim et al. Data governance framework for big data implementation with NPS Case Analysis in Korea
Reus et al. A darker side of knowledge transfer following international acquisitions
US10021138B2 (en) Policy/rule engine, multi-compliance framework and risk remediation
US8769412B2 (en) Method and apparatus for risk visualization and remediation
Algheriani et al. Risk model for integrated management system
US20120216243A1 (en) Active policy enforcement
CN103530559A (en) Integrity protection system of Android system
CN107977917A (en) A kind of E-Government integrated application platform and method
Payette et al. Secure by design: cybersecurity extensions to project management maturity models for critical infrastructure projects
Jones A framework for the management of information security risks
CN103729582B (en) A kind of secure storage management method and system based on separation of the three powers
CN110189102A (en) A kind of business policy redemption system based on cloud database
Parra et al. Decision-making IoT adoption in SMEs from a technological perspective
Parra et al. Technological variables for decision-making IoT adoption in small and medium enterprises
Fenz et al. FORISK: Formalizing information security risk and compliance management
Ali et al. Human-technology centric in cyber security maintenance for digital transformation era
CN103973681B (en) Two layers of password generation for operation management auditing system fills out method and system
Chatzipoulidis et al. An ICT security management framework
Lontsikh et al. Remote Audit Improvement Methods in the System-oriented Information and Security Analysis
Zúñiga et al. Passing the buck: Outsourcing incident response management
Wu et al. Research on the construction of internal control system of cloud accounting resource sharing platform
Dai et al. Risk Management Model of Information Security in IC Manufacturing Industry.
CN107426171A (en) The safety protecting method and device of power information Intranet
Wiander et al. Holistic Information Security Management in Multi-Organization Environment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20180323