CN107835094A - A kind of centralized security configuration inspection and reinforcement means - Google Patents
A kind of centralized security configuration inspection and reinforcement means Download PDFInfo
- Publication number
- CN107835094A CN107835094A CN201711104578.1A CN201711104578A CN107835094A CN 107835094 A CN107835094 A CN 107835094A CN 201711104578 A CN201711104578 A CN 201711104578A CN 107835094 A CN107835094 A CN 107835094A
- Authority
- CN
- China
- Prior art keywords
- security
- client
- inspection
- operating system
- baseline
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/04—Network management architectures or arrangements
- H04L41/042—Network management architectures or arrangements comprising distributed management centres cooperatively managing the network
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
- H04L41/0823—Configuration setting characterised by the purposes of a change of settings, e.g. optimising configuration for enhancing reliability
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The present invention provides a kind of centralized security configuration inspection and reinforcement means, it is related to computer communication and operating system security field, the present invention is by detecting whether the common security configuration item of operating system meets demand for security, and provide common baseline value, being presented to user by WEB page, which meets baseline, and which does not meet, and user can independently choose whether to be repaired afterwards, the modification of security configuration project is carried out if selecting to repair, reaches the purpose for reinforcing operating system security.By such security hardening, operating system security is improved, protects the personal information and property safety of user.
Description
Technical field
The present invention relates to computer communication and operating system security field, more particularly to a kind of centralized security configuration inspection and
Reinforcement means.
Background technology
With the rapid development of computer networking technology, communication network and the daily life of computer contact all the more
Closely, the Communication Security Problem of resulting computer network is also paid close attention to by more and more people.It is wide in computer network
In bandization, IPization and intelligentized evolution process, the scale of computer network constantly expands, and its structure is also increasingly complicated, institute face
The security threat faced is also more and more, and these threaten and will directly endanger the vital interests of people;It is all kinds of with what is produced in the recent period
High-risk leak, network security problem cause everybody more and more to pay close attention to.
The content of the invention
In order to solve the above technical problems, the present invention proposes a kind of centralized security configuration inspection and reinforcement means,
The safety of operating system can effectively be strengthened, improve operating system security, protect the personal information and property safety of user.
The technical scheme is that:
A kind of centralized security configuration inspection and reinforcement means, by detecting whether the common security configuration item of operating system meets
Demand for security, and common baseline value is provided, being presented to user by WEB page, which meets baseline, and which does not meet, afterwards
User can independently be chosen whether to be repaired, and the modification of security configuration project is carried out if selecting to repair, and reach reinforcing behaviour
Make the purpose of system safety.
The control construction that the present invention is combined using B/S with C/S, including centralized management platform and client two parts, are carried
For the management and control to Windows/Linux server security configuration items, by inspection, reinforce, a variety of skills such as log recording
Art means are controlled to server OS, so that strengthening the security of server OS.Keeper by with
Put the baseline value of security configuration item and enable the corresponding security configuration inspection item of disabling, corresponding inspection item is issued to the visitor specified
Family end.Inspection result is reported management platform by client afterwards by checking the inspection project issued.Management platform
The configuration item for meeting and not meeting security baseline is shown by WEB page, and reparation menu is provided.Select to repair in keeper
Afterwards, client changes the value of the configuration item of client according to the good baseline value of predefined.Can be effective by the system
Improve the security of server, the effective guarantee personal information and property safety of user.
Wherein,
There is provided and provide corresponding security baseline value by operating system, and carry out the one-touch configuration item repaired and do not meet baseline is
System, realizes the security hardening to operating system.
Keeper can carry out the configuration of security baseline by managing the platform page concentratedly and issue, and be easy to keeper to carry out
The management of security hardening.
When receiving the operational order that management platform issues in client, swept according to the security baseline value issued
Retouch, if scanning and repairing, then directly the configuration item for not meeting security baseline is repaired according to security baseline value.
The WEB page of whole system is provided, and corresponding behavior is audited, there is powerful audit function.
The beneficial effects of the invention are as follows
Security configuration inspection proposed by the present invention and hardened system can effectively strengthen the safety of operating system, be grasped by detecting
Make whether the common security configuration item of system meets demand for security, and provide common baseline value, user is presented to by WEB page
Which meets baseline, and which does not meet, and user can independently choose whether to be repaired afterwards, is pacified if selecting to repair
Full configuration item purpose modification, reaches the purpose for reinforcing operating system security.By such security hardening, operating system peace is improved
Quan Xing, protect the personal information and property safety of user.
Brief description of the drawings
Fig. 1 is the implementation block diagram of the present invention.
Embodiment
More detailed elaboration is carried out to present disclosure below:
The present invention proposes a kind of centralized security configuration inspection and hardened system, specific implementation process are as follows:
1st, FTP client FTP is registered
FTP client FTP is registered to management platform, and management platform gets the information such as the IP of client, operating system, kernel.
2nd, the configuration of security baseline/issue
The security configuration item inspection and unlatching of repair function, closing and configuration, safe plan can be realized by policy management capability
After being slightly provided with, centralized management platform issues security strategy to client.Policy template includes two parts:
Basic setup:Security configuration item inspection function whether is opened, timing inspection function, whether function is changed automatically after inspection.
Security baseline is set:According to the client operating system reported, security configuration item corresponding to displaying, there is provided modification peace
Full baseline value, enable and disable the function of certain or a few security baseline.
3rd, client scan and reparation
When receiving the operational order that management platform issues in client, it is scanned according to the security baseline value issued, such as
Fruit is to scan and repair, then directly the configuration item for not meeting security baseline is repaired according to security baseline value.
4th, client scan and reparation result report.After the completion of client operation, scanner uni reparation is reported to management platform
As a result, management platform carries out storage displaying to result, and operating system security is carried out according to current security configuration for attendant
Reinforce.
Claims (3)
1. a kind of centralized security configuration inspection and reinforcement means, it is characterised in that
By detecting whether the common security configuration item of operating system meets demand for security, and baseline value is provided, pass through WEB page exhibition
Now to user, which meets baseline, and which does not meet, and user can independently choose whether to be repaired afterwards, if selection is repaired
The modification of security configuration project is then carried out, reaches the purpose for reinforcing operating system security.
2. according to the method for claim 1, it is characterised in that
The control construction being combined using B/S with C/S, including centralized management platform and client two parts, there is provided right
The management and control of Windows/Linux server security configuration items, by inspection, reinforce, log-file technology means are to clothes
Business device operating system is controlled;Keeper is by configuring the baseline value of security configuration item and enabling the corresponding security configuration of disabling
Inspection item, corresponding inspection item are issued to the client specified;Client is by checking the inspection project issued, afterwards
Inspection result is reported into management platform;Management platform shows the configuration item for meeting and not meeting security baseline by WEB page,
And provide reparation menu;After keeper selects to repair, client changes client according to the good baseline value of predefined
The value of configuration item.
3. according to the method for claim 2, it is characterised in that
Specific implementation process is as follows:
1), FTP client FTP registration
FTP client FTP is registered to management platform, and management platform gets IP, operating system, the kernel information of client;
2), security baseline configuration/issue
The security configuration item inspection and unlatching of repair function, closing and configuration are realized by policy management capability, security strategy is set
After the completion of putting, centralized management platform issues security strategy to client;
Policy template includes two parts:
Basic setup:Whether open security configuration item inspection function, timing inspection function, after inspection whether automatic repair function;
Security baseline is set:According to the client operating system reported, security configuration item corresponding to displaying, there is provided change safe base
Line value, enable and disable the function of the security baseline no less than one;
3), client scan and reparation
When receiving the operational order that management platform issues in client, it is scanned according to the security baseline value issued, such as
Fruit is to scan and repair, then directly the configuration item for not meeting security baseline is repaired according to security baseline value;
4), client scan and repair result report
After the completion of client operation, scanner uni is reported to repair result to management platform, management platform carries out storage displaying to result,
Operating system security reinforcing is carried out according to current security configuration for attendant.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711104578.1A CN107835094A (en) | 2017-11-10 | 2017-11-10 | A kind of centralized security configuration inspection and reinforcement means |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711104578.1A CN107835094A (en) | 2017-11-10 | 2017-11-10 | A kind of centralized security configuration inspection and reinforcement means |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107835094A true CN107835094A (en) | 2018-03-23 |
Family
ID=61655065
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711104578.1A Pending CN107835094A (en) | 2017-11-10 | 2017-11-10 | A kind of centralized security configuration inspection and reinforcement means |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107835094A (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108833358A (en) * | 2018-05-22 | 2018-11-16 | 郑州云海信息技术有限公司 | A kind of management method and system of security baseline |
CN109522724A (en) * | 2018-12-20 | 2019-03-26 | 郑州云海信息技术有限公司 | A kind of apparatus and method about software scans |
CN109583213A (en) * | 2018-11-26 | 2019-04-05 | 郑州云海信息技术有限公司 | A kind of management method and system of cloud platform Initiative Defense rule base |
CN110851172A (en) * | 2019-11-13 | 2020-02-28 | 杭州安恒信息技术股份有限公司 | Method, device, equipment and medium for repairing security configuration of operating system |
CN112784282A (en) * | 2021-01-22 | 2021-05-11 | 苏州浪潮智能科技有限公司 | Security configuration reinforcement method, system and medium |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8782603B2 (en) * | 2010-12-21 | 2014-07-15 | Sap Ag | Standardized configuration checklists for software development |
CN105138920A (en) * | 2015-07-30 | 2015-12-09 | 浪潮电子信息产业股份有限公司 | Implementation method for safely managing intranet terminal |
CN106372512A (en) * | 2016-08-25 | 2017-02-01 | 浪潮电子信息产业股份有限公司 | Task-type security baseline execution method |
CN106790167A (en) * | 2016-12-29 | 2017-05-31 | 郑州云海信息技术有限公司 | A kind of client registers method and centralized management platform |
-
2017
- 2017-11-10 CN CN201711104578.1A patent/CN107835094A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8782603B2 (en) * | 2010-12-21 | 2014-07-15 | Sap Ag | Standardized configuration checklists for software development |
CN105138920A (en) * | 2015-07-30 | 2015-12-09 | 浪潮电子信息产业股份有限公司 | Implementation method for safely managing intranet terminal |
CN106372512A (en) * | 2016-08-25 | 2017-02-01 | 浪潮电子信息产业股份有限公司 | Task-type security baseline execution method |
CN106790167A (en) * | 2016-12-29 | 2017-05-31 | 郑州云海信息技术有限公司 | A kind of client registers method and centralized management platform |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108833358A (en) * | 2018-05-22 | 2018-11-16 | 郑州云海信息技术有限公司 | A kind of management method and system of security baseline |
CN109583213A (en) * | 2018-11-26 | 2019-04-05 | 郑州云海信息技术有限公司 | A kind of management method and system of cloud platform Initiative Defense rule base |
CN109522724A (en) * | 2018-12-20 | 2019-03-26 | 郑州云海信息技术有限公司 | A kind of apparatus and method about software scans |
CN110851172A (en) * | 2019-11-13 | 2020-02-28 | 杭州安恒信息技术股份有限公司 | Method, device, equipment and medium for repairing security configuration of operating system |
CN112784282A (en) * | 2021-01-22 | 2021-05-11 | 苏州浪潮智能科技有限公司 | Security configuration reinforcement method, system and medium |
CN112784282B (en) * | 2021-01-22 | 2022-09-20 | 苏州浪潮智能科技有限公司 | Security configuration reinforcement method, system and medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107835094A (en) | A kind of centralized security configuration inspection and reinforcement means | |
Kim et al. | Data governance framework for big data implementation with NPS Case Analysis in Korea | |
Reus et al. | A darker side of knowledge transfer following international acquisitions | |
US10021138B2 (en) | Policy/rule engine, multi-compliance framework and risk remediation | |
US8769412B2 (en) | Method and apparatus for risk visualization and remediation | |
Algheriani et al. | Risk model for integrated management system | |
US20120216243A1 (en) | Active policy enforcement | |
CN103530559A (en) | Integrity protection system of Android system | |
CN107977917A (en) | A kind of E-Government integrated application platform and method | |
Payette et al. | Secure by design: cybersecurity extensions to project management maturity models for critical infrastructure projects | |
Jones | A framework for the management of information security risks | |
CN103729582B (en) | A kind of secure storage management method and system based on separation of the three powers | |
CN110189102A (en) | A kind of business policy redemption system based on cloud database | |
Parra et al. | Decision-making IoT adoption in SMEs from a technological perspective | |
Parra et al. | Technological variables for decision-making IoT adoption in small and medium enterprises | |
Fenz et al. | FORISK: Formalizing information security risk and compliance management | |
Ali et al. | Human-technology centric in cyber security maintenance for digital transformation era | |
CN103973681B (en) | Two layers of password generation for operation management auditing system fills out method and system | |
Chatzipoulidis et al. | An ICT security management framework | |
Lontsikh et al. | Remote Audit Improvement Methods in the System-oriented Information and Security Analysis | |
Zúñiga et al. | Passing the buck: Outsourcing incident response management | |
Wu et al. | Research on the construction of internal control system of cloud accounting resource sharing platform | |
Dai et al. | Risk Management Model of Information Security in IC Manufacturing Industry. | |
CN107426171A (en) | The safety protecting method and device of power information Intranet | |
Wiander et al. | Holistic Information Security Management in Multi-Organization Environment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180323 |