CN107872459A - A kind of scanning system of Network Security Vulnerabilities - Google Patents
A kind of scanning system of Network Security Vulnerabilities Download PDFInfo
- Publication number
- CN107872459A CN107872459A CN201711103694.1A CN201711103694A CN107872459A CN 107872459 A CN107872459 A CN 107872459A CN 201711103694 A CN201711103694 A CN 201711103694A CN 107872459 A CN107872459 A CN 107872459A
- Authority
- CN
- China
- Prior art keywords
- scanning
- engine
- hand
- network
- network security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
Abstract
A kind of scanning system of Network Security Vulnerabilities,The hardware core of hand-held scanner engine is strongARM operation platforms,CF network interfaces are connected by strongARM buses,And ICP/IP protocol is installed and sends Hidden Danger Detection packet to main frame,Leak is judged whether by being scanned response of the equipment to detection bag,With host side bi-directional data transmission is completed using communication module,And the program at active host end,Host side utilizes its scanning result generation form simultaneously,Scanning engine is carried out componentization encapsulation by system,Many scanning motions are allow to be multiplexed in different Hole Detections,Hand-held scanner system is divided into two hierarchical structures of scanning engine and vulnerability database,And encapsulation process is done to hardware and network service in scanning engine,Componentization encapsulated object is some functional modules,Software configuration,Software systems model and software document,The present invention realizes the function of removable webmaster,The realization of Hardware technology makes the operation of Network Security Vulnerabilities scanning system simpler,It is more convenient and more practical.
Description
Technical field
The present invention relates to computer network field, more particularly to a kind of scanning system of Network Security Vulnerabilities.
Background technology
The popularization of computer and the development of internet, it is increasingly becoming the new paragon of people's live and work.Along with net
The development of network, constructing for network security is also indispensable.Existing hidden network danger scanning product is mainly software installation side
Formula and the class of frame mode two.The hidden network danger product of software installation mode is there is some shortcomings, such as:(1)Inherently safe protects
Ability is relatively low, easily the modification by malicious user and illegal utilization;(2)The installation of the product of software mode and use process are all
Specific platform is needed just to be smoothed out;(3)The product of software mode scans the goal systems of cross-network segment in use,
Due to the strobe utilities such as route, fire wall be present, the speed and efficiency of scanning will be substantially reduced.And the hidden network danger of frame product
Product is there is also in place of some shortcomings, such as:(1)The hidden network danger small product size of frame mode is larger, it has not been convenient to mobile;Simultaneously
The goal systems of cross-network segment is scanned in use, due to the strobe utilities such as route, fire wall be present, will be substantially reduced
The speed and efficiency of scanning;(2)The product interactivity of frame mode is poor.
The content of the invention
In order to overcome the defect of above-mentioned prior art, it is an object of the invention to provide a kind of scanning of Network Security Vulnerabilities
System, security breaches detection can be carried out to computer in network or the network equipment, provide the advantages of risk assessment by having.
To reach above-mentioned purpose, technical scheme is as follows:
A kind of scanning system of Network Security Vulnerabilities, including hand-held scanner engine, the hardware core base of hand-held scanner engine
In strongARM operation platforms, CF network interfaces are connected by strongARM buses, and ICP/IP protocol is installed and sent out to main frame
Hidden Danger Detection packet is sent, leak is judged whether by being scanned response of the equipment to detection bag, and to different leaks
The judgement of item is combined using the method for script to detection bag, so as to reach the unification of flexibility and stability.
Hand-held scanner engine completes the function of bi-directional data transmission, and active host end with host side using communication module
Program, while host side using hand-held scanner engine scanning result generation form.
Scanning engine is carried out componentization encapsulation by system, many scanning motions is obtained in different Hole Detections
Multiplexing, improves the reusability of software and the reliability of whole system.
Hand-held scanner system is divided into two hierarchical structures of scanning engine and vulnerability database, and in scanning engine to hardware and
Encapsulation process has been done in network service, engine is possessed general and efficient ability.
Componentization encapsulated object is some functional modules, software configuration, software systems model and software document, object-oriented
In system, component can be packaged with the form of class and object, and fairly large component can be retouched by the polymerization of component
State, numerous functional modules has been carried out componentization encapsulation by the system, makes the characteristic and work(of multiple systems of even running
It can be inherited and be multiplexed, system is had abundant function while high stability is kept, with system application
Popularization, the accumulation of component is more and more, there is provided function also can more enrich.
Network defect scanning system stresses to occur before security incident this as automated network security risk-assessment tools
In one stage, its target scanned can be the various objects such as work station, server, interchanger, database application, pass through simulating black
The gimmick of objective attack, to carrying out security breaches and Vulnerability scan by check system, Risk Assessment Report is submitted, and corresponding rectification is provided
Measure, find and patch a leak prior to hacker, prevent trouble before it happens, preventative safety inspection exposes existing net to greatest extent
Potential safety hazard present in network system, coordinate effective measures to rectify and reform, the operation risk of network system can be down to most
It is low.
The present invention realizes the function of removable webmaster, and the realization of Hardware technology operates Network Security Vulnerabilities scanning system
Simpler, more convenient and more practical, it has the following advantages that:
(1)Hand-held product scanning software is fully cured, and has the safeguard measure of a variety of attack resistances, can resist other networks peace
The attack that full software can not be born, makes software inherently safe preferably be ensured;
(2)Hand-held product does not need extra operation platform, its mobility having, and user can bypass router, fire prevention
Wall etc., it can thus accelerate the sweep speed and efficiency of cross-network segment.
Embodiment
With reference to embodiment, the present invention will be further described in detail.
A kind of scanning system of Network Security Vulnerabilities, the hardware core of network defect scanning system be using strongARM as
Operation platform, the operation platform of basic unit is Embedded Linux s operating systems, the product of hand-held not only increase product from
Body security protection, and the function of mobile network manager can be realized, the strobe utilities such as router, fire wall can be bypassed, will be dropped significantly
The speed and efficiency of low scanning.The product operation that hand-held product also solves software installation mode needs particular platform to be associated
Deficiency.
Software for Design employs state-of-the-art stratification software architecture, using plug-in unit and script mode, framework is clear,
It is stable;The upgrading of vulnerability database does not interfere with the stabilization of program, so that advanced and reliability is perfectly unified.
Each renewal is simply updated some plug-in units and script, without totally being modified to program, ensure that the stabilization of program.
Each plug-in unit encapsulates the means of testing of one or more leak, and main scanning program is performed by calling the method for plug-in unit
Scanning.Only adding new plug-in unit can just make software increase New function, scan more leaks.Specification is write in plug-in unit to announce
In the case of, user or third party even oneself can write plug-in unit to expand the function of software.This technology makes soft simultaneously
The upgrade maintenance of part all becomes relatively easy, and has very strong autgmentability.Script that is to say a kind of computer language, be one
The plug-in part technology of kind higher level, user can carry out expansion software functions using special script.These script grammers lead to
It is often fairly simple easy to learn, a simple test often is customized with tens line code cans, new test item is added for software.
The use of script, the programing work for writing new plug-in unit is simplified, makes the work of expansion software functions become to be more prone to,
It is more interesting.
The Security Vulnerability Database that international CVE standards are established is based entirely on, and can be with international newest standards by network upgrade
It is synchronous.Help user to find out in time and make up existing leak and hidden danger.Each leak item in vulnerability database, has one to sweep
It is corresponding to retouch script.Scanning engine explain perform this script when, according to the information described in script, in component invoking storehouse
Corresponding component, sends database in a manner of various combination.
Hand-held product can realize mobile network manager, carry out distributed testing, and user can concentrate to scanning result
The analysis and management of formula.Facilitate user and unified network-wide security policy is specified according to distributed scanning result.
Claims (4)
1. a kind of scanning system of Network Security Vulnerabilities, including hand-held scanner engine, it is characterised in that hand-held scanner engine
Hardware core be based on strongARM operation platforms, CF network interfaces are connected by strongARM buses, and TCP/IP are installed
Agreement sends Hidden Danger Detection packet to main frame, and leak is judged whether by being scanned response of the equipment to detection bag,
And the judgement to different leak items is combined using the method for script to detection bag, so as to reach flexibility and stability
It is unified;
Hand-held scanner engine completes the function of bi-directional data transmission, and the journey at active host end with host side using communication module
Sequence, while host side utilizes the scanning result generation form of hand-held scanner engine.
A kind of 2. scanning system of Network Security Vulnerabilities according to claim 1, it is characterised in that:System is by scanning engine
Componentization encapsulation is carried out, many scanning motions is multiplexed in different Hole Detections.
A kind of 3. scanning system of Network Security Vulnerabilities according to claim 1, it is characterised in that:Hand-held scanner system
It is divided into two hierarchical structures of scanning engine and vulnerability database, and encapsulation process has been done to hardware and network service in scanning engine.
A kind of 4. scanning system of Network Security Vulnerabilities according to claim 1, it is characterised in that:Componentization encapsulated object
For some functional modules, software configuration, software systems model and software document.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711103694.1A CN107872459A (en) | 2017-11-10 | 2017-11-10 | A kind of scanning system of Network Security Vulnerabilities |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711103694.1A CN107872459A (en) | 2017-11-10 | 2017-11-10 | A kind of scanning system of Network Security Vulnerabilities |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN107872459A true CN107872459A (en) | 2018-04-03 |
Family
ID=61753765
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711103694.1A Pending CN107872459A (en) | 2017-11-10 | 2017-11-10 | A kind of scanning system of Network Security Vulnerabilities |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107872459A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110225057A (en) * | 2019-06-24 | 2019-09-10 | 杭州安恒信息技术股份有限公司 | A kind of method for detecting virus of intelligent terminal, device, equipment and system |
-
2017
- 2017-11-10 CN CN201711103694.1A patent/CN107872459A/en active Pending
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110225057A (en) * | 2019-06-24 | 2019-09-10 | 杭州安恒信息技术股份有限公司 | A kind of method for detecting virus of intelligent terminal, device, equipment and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11526610B2 (en) | Peer-to-peer network for blockchain security | |
| CN106899410B (en) | A kind of method and device of equipment identities certification | |
| CN106933660A (en) | The implementation method of application process keep-alive under a kind of Android platform | |
| CN103905451B (en) | System and method for trapping network attack of embedded device of smart power grid | |
| CN106850690B (en) | Honeypot construction method and system | |
| CN109922160A (en) | A kind of terminal security cut-in method, apparatus and system based on electric power Internet of Things | |
| CN105991595A (en) | Network security protection method and device | |
| CN104244281A (en) | Base station detection method and base station detection device | |
| CN104219218A (en) | Active safety defense method and active safety defense device | |
| CN109525397A (en) | A kind of block chain and method towards SDN network stream rule safety guarantee | |
| Fan et al. | Versatile virtual honeynet management framework | |
| CN109167780A (en) | A kind of method, equipment, system and the medium of the access of control resource | |
| CN113014589A (en) | 5G communication safety test method and system | |
| CN102045310B (en) | Industrial Internet intrusion detection as well as defense method and device | |
| CN106161171A (en) | A kind of method and apparatus setting up Network example | |
| CN104038488A (en) | System network safety protection method and device | |
| CN106209799A (en) | A kind of method, system and dynamic firewall realizing dynamic network protection | |
| US11457046B2 (en) | Distributed network resource security access management system and user portal | |
| CN107872459A (en) | A kind of scanning system of Network Security Vulnerabilities | |
| CN108111516A (en) | Based on WLAN safety communicating method, device and electronic equipment | |
| CN108881460A (en) | A kind of implementation method and realization device of cloud platform unified monitoring | |
| CN112866036B (en) | Network flow simulation method and system of cloud computing platform and computer storage medium | |
| CN108900328A (en) | A kind of electricity grid network data safety test macro and method | |
| CN109474567A (en) | DDOS attack source tracing method, device, storage medium and electronic equipment | |
| CN206181087U (en) | Active leak detecting system towards industrial control system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20180403 |