CN108833358A - A kind of management method and system of security baseline - Google Patents

A kind of management method and system of security baseline Download PDF

Info

Publication number
CN108833358A
CN108833358A CN201810496227.8A CN201810496227A CN108833358A CN 108833358 A CN108833358 A CN 108833358A CN 201810496227 A CN201810496227 A CN 201810496227A CN 108833358 A CN108833358 A CN 108833358A
Authority
CN
China
Prior art keywords
security
task
client
configuration item
baseline
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810496227.8A
Other languages
Chinese (zh)
Inventor
梁媛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhengzhou Yunhai Information Technology Co Ltd
Original Assignee
Zhengzhou Yunhai Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhengzhou Yunhai Information Technology Co Ltd filed Critical Zhengzhou Yunhai Information Technology Co Ltd
Priority to CN201810496227.8A priority Critical patent/CN108833358A/en
Publication of CN108833358A publication Critical patent/CN108833358A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The present invention provides the management method and system of a kind of security baseline, method:Step 1. client receives task;The task includes being operated to the security configuration item of operating system for task;Step 2. client judges task type;The task type includes security sweep task, reparation task and recovery initial configuration task;For step 3. when task is security sweep task, client is scanned the security configuration item of operating system, obtains the scan values of security configuration item;Obtain the baseline value in security strategy;The baseline value of the scan values and security strategy setting that compare security configuration item judges whether to close rule with value item safely;The result of client return security sweep task;Return step 1.System includes client;Client includes subtask management module and security baseline security component module.The present invention is scanned and repairs to security configuration item, improves the safety and compliance of operating system, effectively defends destruction of the unknown malicious act to host.

Description

A kind of management method and system of security baseline
Technical field
The invention belongs to server host security fields, and in particular to a kind of management method and system of security baseline.
Background technique
Operating system security baseline:Security baseline is that the minimum safe an of operating system guarantees that is, the information system is most The safety requirements that basic need meets.
Security configuration:Since the artificial carelessness of information manager causes, it is related to user account, user password, access are awarded Power, system log etc. content, reflect the Security Vulnerability of system itself.
As IT application in enterprise obtains rapid progress, while it being faced with more severe Information Security Risk, believed It ceases in security risk, whether safety is and its important aspect for information system configuration operation.Security configuration mistake is usually artificial Operation error causes, and meets the security configuration requirement of bulk information system equipment, to operation maintenance personnel professional skill, technical level It is required that relatively high.Information security baseline management plays vital work to the safety for improving enterprise network and information system With.
In face of huge all kinds of assets of information system, as information system operation maintenance personnel, information assets to magnanimity into The analysis of row security configuration, identification, which do not meet the project of safety standard and carry out rectification, meets safety standard, this is one and has been difficult At thing.
After the completion of previous security configuration is repaired, the safety of operating system and compliance are improved, but may shadow The normal operation for ringing user's existing business, has even unloaded software, can not also restore.
This is the deficiencies in the prior art, therefore, in view of the above-mentioned drawbacks in the prior art, provides a kind of pipe of security baseline Method and system are managed, are necessary.
Summary of the invention
It is an object of the present invention to which the assets security Allocation Analysis identification for above- mentioned information system is difficult and safety is matched Setting influences the defect that regular traffic can not restore after repairing, the management method and system of a kind of security baseline are provided, on solving State technical problem.
To achieve the above object, the present invention provides following technical scheme:
A kind of management method of security baseline, includes the following steps:
Step 1. client receives task;The task includes being operated to the security configuration item of operating system for task;Institute Stating security configuration item includes identity identification, access control, security audit, remaining information protection, intrusion defense, malicious code resistance And resources control;
Step 2. client judges task type;The task type includes security sweep task, reparation task and restores initial Configuration task;
Step 3. when task is security sweep task, matched by safety of the security baseline security component to operating system by client It sets item to be scanned, obtains the scan values of security configuration item;
Obtain the baseline value in security strategy;
The baseline value of the scan values and security strategy setting that compare security configuration item judges whether to close rule with value item safely;
The result of client return security sweep task;
Return step 1.
It further, further include following steps:
For step 4. when task is reparation task, client is by security baseline security component to the security configuration item of operating system It is scanned;
Obtain the scan values of security configuration item;
Obtain the baseline value in security strategy;
The baseline value of the scan values and security strategy setting that compare security configuration item judges whether security configuration item closes rule;
If irregularity, the baseline value that is set security configuration item to by security baseline security component in security strategy;
If closing rule, without operation;
The result of client return reparation task;
Return step 1.
Further, while client is scanned the security configuration item of operating system in step 3 and step 4, sentence Whether disconnected is preliminary scan;
If preliminary scan, then the preliminary scan value of security configuration item is saved;
If not preliminary scan, then without operation;
Further include after step 4:
For step 5. when task is to restore initial configuration task, client obtains the preliminary scan value of security configuration item, passes through peace The security configuration item of operating system is set as preliminary scan value by full Baseline security component, restores state when preliminary scan, visitor Family end returns to the implementing result for restoring initial configuration task;
Return step 1.
It further, further include step 1A before step 1:Client receives security strategy;The security strategy includes sweeping It retouches setting, repair setting and the setting of security configuration item;
Scan setting includes that whether opening timing scans and be arranged scan frequency for setting;
Repairing setting includes setting repair coverage;
The setting of security configuration item, including baseline value is configured;
User can adjust as needed level of security, balance master with the baseline value and open state of flexible configuration security configuration item The safety of machine and degree easy to use.
Further, the grade template of the security configuration item by storing from expert knowledge library is configured to baseline value The grade of middle selection baseline value, the grade template of security configuration item includes advanced, intermediate and rudimentary.User can pass through unification Configuration management carries out unified configuration, different safety class built in expert knowledge library to the security configuration item baseline value of operating system Security configuration policy template, construct a safer operating system platform, reduce host operating system compliance wind Danger.
Further, in step 3, step 4 and step 5, while client returns to task result, log is returned to.Pipe Platform receives the log that client is sent, and generates journaling.Journaling is detailed security evaluation report, can be more straight The safe condition of the expression client operating system of sight and the operation that client operating system security configuration item is carried out.
It further, further include following steps before step 1:
Step 1B. manages platform and carries out baseline management to the assets of operating system where client;
The assets of the operating system include physical machine, virtual machine and virtualization software;
Carrying out baseline management to the assets of operating system includes that assets are found automatically, assets are manually entered and are divided assets Group;
Step 1C. manages platform creation task and sends task to client.
The present invention gives following technical solution:
A kind of management system of security baseline, including client;
Client includes subtask management module and security baseline security component module;
Subtask management module executes order to the transmission of security baseline security component module, and return to execution for receiving task As a result;
The task includes security sweep task, reparation task and recovery initial configuration task;
Security sweep task obtains security configuration item for the real-time security configuration item of operating system where scanning client Scan values judge whether it is preliminary scan, when for preliminary scan, save the preliminary scan value of security configuration item;It is also used to obtain The baseline value in security strategy is taken, the baseline value of the scan values and security strategy setting that compare security configuration item judges to match safely Whether value item closes rule;The security configuration item includes identity identification, access control, security audit, remaining information protection, invades and prevent Model, malicious code resistance and resources control;
Reparation task obtains the scanning of security configuration item for the real-time security configuration item of operating system where scanning client Value obtains the baseline value in security strategy, by comparing the baseline value of the security strategy of the scan values and setting of security configuration item To judge whether close rule with value item safely;When the scan values irregularity of security configuration item, safety is set by security configuration item Baseline value in strategy;
Restore initial configuration task to set the security configuration item of operating system for obtaining the preliminary scan value of security configuration item It is set to preliminary scan value, restores state when preliminary scan;
Security baseline security component module obtains the value of security configuration item for executing security sweep task;For executing reparation Task or recovery initial configuration task are configured the value of security configuration item.
It further, further include management platform, management platform is connect with client by message-oriented middleware;Message-oriented middleware Using the messaging bus of RabbitMQ;
Managing platform includes task management module;
Task management module receives client child for creating task and sending task to the subtask management module of client The task action result that task management module returns.
Further, management platform and client use B/S framework or C/S framework.B/S framework is combined with C/S framework, The scope of application is wider.
Further, client further includes substrategy management module;
Substrategy management module, for receiving security strategy;
Managing platform further includes policy management module and knowledge base management module;
Knowledge base management module is connected with expert knowledge library;
Policy management module, for being arranged and sending security strategy to the substrategy management module of client;The security strategy Including scan setting, repair setting and the setting of security configuration item;
Expert knowledge library, for storing the grade template of security configuration item;The grade template includes high-level template, intermediate template And rudimentary template;
Knowledge base management module is used for upgrade expert knowledge base;By the knowledge base for constantly improve, extending, client can be helped Operating system update, operation system upgrading are solved, knowledge base falls behind the problem of bringing, reduces maintenance cost.
Further, management platform further includes assets management module;
Assets management module carries out baseline management for the assets to operating system where client;The money of the operating system Produce includes physical machine, virtual machine and virtualization software.
Further, client further includes log management module, and management platform further includes journaling module;
Log management module, for sending log;
Journaling module, for receiving the log of client log management module, to assets or group of assets when specified Between assets compliance in section it is for statistical analysis, generate journaling;The journaling type include Word, PDF and Excel。
The beneficial effects of the present invention are:
The present invention scans the security configuration item of operating system by security baseline security component module comprehensively, and provides peace Full configuration item repair function, improves the safety and compliance of host operating system, effectively defends unknown malicious act to host Destruction;When carrying out security sweep for the first time, the scan values of the security configuration item of current hosts operating system are saved, when safety is matched When setting influence regular traffic after the completion of item is repaired, pass through security baseline security component module recovery security configuration item to preliminary sweep Value guarantees that business not by, reduces maintenance cost;
The present invention will manually local Audit data extracts, manual analysis and security evaluation report compilation process automate, Ke Yiquan Face gathering system vulnerability information and safety problem, uniformly check all kinds of security risks, concentrate and provide safety management energy Power construction level.
In addition, design principle of the present invention is reliable, structure is simple, has very extensive application prospect.
It can be seen that compared with prior art, the present invention implementing with substantive distinguishing features outstanding and significant progress Beneficial effect be also obvious.
Detailed description of the invention
Fig. 1 is flow chart of the method for the present invention;
Fig. 2 is system schematic of the invention;
Wherein, 1- manages platform;1.1- task management module;1.2- policy management module;1.3- knowledge base management module;1.4- Assets management module;1.5- journaling module;2- client;3- message-oriented middleware;4- expert knowledge library.
Specific embodiment:
To enable the purpose of the present invention, feature, advantage more obvious and understandable, it is embodied below in conjunction with the present invention Attached drawing in example, is clearly and completely described the technical solution in the present invention.
Embodiment 1:
As shown in Figure 1, step 1. client receives task;The task includes operating to the security configuration item of operating system Task;
Step 2. client judges task type;The task type includes security sweep task, reparation task and restores initial Configuration task;
For step 3. when task is security sweep task, client is scanned the security configuration item of operating system;Obtain peace The scan values of full configuration item;
Judge whether it is preliminary scan;If preliminary scan, then the preliminary scan value of security configuration item is saved;
If not preliminary scan, then without operation;
Obtain the baseline value in security strategy;
The baseline value of the scan values and security strategy setting that compare security configuration item judges whether to close rule with value item safely;
The result of client return security sweep task;
Return step 1;
For step 4. when task is reparation task, client is scanned the security configuration item of operating system;
Obtain the scan values of security configuration item;
Judge whether it is preliminary scan;If preliminary scan, then the preliminary scan value of security configuration item is saved;
If not preliminary scan, then without operation;
Obtain the baseline value in security strategy;
The baseline value of the scan values and security strategy setting that compare security configuration item judges whether security configuration item closes rule;
If irregularity, the baseline value set security configuration item in security strategy;
If closing rule, without operation;
The result of client return reparation task;
Return step 1;
For step 5. when task is to restore initial configuration task, client obtains the preliminary scan value of security configuration item, will operate The security configuration item of system is set as preliminary scan value, restores state when preliminary scan, and client, which returns, restores initial configuration The implementing result of task;
Return step 1.
Above-described embodiment 1, step 1 further include before step 1A:Client receives security strategy;The security strategy includes Scan setting repairs setting and the setting of security configuration item;
Scan setting includes that whether opening timing scans and be arranged scan frequency for setting;
Repairing setting includes setting repair coverage;
Security configuration item setting, including being configured to baseline value;Baseline value is configured, by from expert knowledge library In the grade template of the security configuration item of storage select baseline value grade, the grade template of security configuration item include it is advanced, in Grade and it is rudimentary;
User can adjust as needed level of security, balance master with the baseline value and open state of flexible configuration security configuration item The safety of machine and degree easy to use.User can be by unified configuration management to the security configuration item baseline value of operating system Carry out unified configuration, the security configuration policy template of different safety class built in expert knowledge library, construction one it is safer Operating system platform, reduce host operating system compliance risk.
Above-described embodiment 1, step 1 are further comprising the steps of before:Step 1B. manages platform and is to operation where client The assets of system carry out baseline management;
The assets of the operating system include physical machine, virtual machine and virtualization software;
Carrying out baseline management to the assets of operating system includes that assets are found automatically, assets are manually entered and are divided assets Group;
Step 1C. manages platform creation task and sends task to client.
In step 3, step 4 and step 5, client returns to log while returning to task result;
In step 5, further include before return step 1:It manages platform and receives the log that client is sent, generate journaling.Day Will report is detailed security evaluation report, can more intuitively indicate the safe condition of client operating system and to client The operation for holding operating system security configuration item to carry out.
Embodiment 2:
Embodiment 2 is to operate using above-described embodiment 1 to the security configuration item of client operating system.
It manages platform creation security sweep task and sends security sweep task to client;
The task of client reception pipe platform transmission simultaneously judges that task type is security sweep task;
When task is security sweep task, client is carried out by security configuration item of the security baseline security component to operating system Scanning, obtains the scan values of security configuration item, and client judges it is not preliminary scan;
Obtain the baseline value in security strategy;
Client compares the scan values of security configuration item and the baseline value of security strategy setting judges whether to close with value item safely Rule;Judge the access control irregularity in security configuration item;
The result of client return security sweep task;
It manages platform and receives the security sweep task action result that client returns, the security configuration item access control of client is not Close rule;
It manages platform creation reparation task and sends reparation task to client;
The task of client reception pipe platform transmission simultaneously judges that task type is reparation task;
When task is reparation task, client is swept by security configuration item of the security baseline security component to operating system It retouches, obtains the scan values of security configuration item, obtain the baseline value of the access control in security strategy, and by comparing security configuration Scan values and the baseline value of security strategy setting judge whether to close rule with value item safely;
Security configuration item access control is set as pacifying by security configuration item access control irregularity by security baseline security component Baseline value in full strategy, client return to the result of reparation task;
It manages platform and receives the reparation task action result that client returns, the security configuration item access control reparation of client is appointed Business is completed;
At this point, if the operating system of client continues following step because repairing the progress that access control affects regular traffic Suddenly;
It manages platform creation initial configuration task and is sent to client and restore initial configuration task;
The task of client reception pipe platform transmission simultaneously judges task type to restore initial configuration task;
Task is when restoring initial configuration task, and client obtains the preliminary scan value of security configuration item, is pacified by security baseline The security configuration item access control of operating system is set as preliminary scan value by whole assembly, restores state when preliminary scan, visitor Family end returns to the implementing result for restoring initial configuration task;
It manages platform and receives the recovery initial configuration access control task action result that client returns, the security configuration of client Item, which restores initial configuration task, to be completed.
In above-described embodiment 2, before being scanned to client secure operating system, management platform sends safety to client Strategy;For example, setting is every 30 minutes, run-down;It sets access control in security configuration and selects advanced, intermediate and rudimentary mould High-level template in plate, i.e. access control use stringent control, as low rights are forbidden accessing;Access is controlled in security configuration item Advanced, intermediate and rudimentary template be stored in expert knowledge library, expert knowledge library is also supported to upgrade, to guarantee security configuration Each rank template of access control meets newest standards and requirement in.
Embodiment 3:
As shown in Fig. 2, the present invention also provides a kind of management system of security baseline, including management platform 1 and client 2, management Platform 1 is connect with client 2 by message-oriented middleware 3;Message-oriented middleware 3 uses the messaging bus of RabbitMQ;Manage platform 1 B/S framework or C/S framework are used with client 2;The quantity of client 2 is several, i.e. management platform management multiple client Safety;
Managing platform 1 includes task management module 1.1, policy management module 1.2, knowledge base management module 1.3, asset management mould Block 1.4 and journaling module 1.5;Knowledge base management module 1.3 is connected with expert knowledge library 4;
Client 2 includes subtask management module 2.1, security baseline security component module 2.2 and substrategy management module 2.3;
Task management module 1.1 receives visitor for creating task and to 2.1 transmission task of the subtask management module of client 2 The task action result that 2 subtask management module 2.1 of family end returns;
The task includes security sweep task, reparation task and recovery initial configuration task;
Security sweep task obtains security configuration item for the real-time security configuration item of operating system where scanning client Scan values judge whether it is preliminary scan, when for preliminary scan, save the preliminary scan value of security configuration item;It is also used to obtain The baseline value in security strategy is taken, the baseline value of the scan values and security strategy setting that compare security configuration item judges to match safely Whether value item closes rule;The security configuration item includes identity identification, access control, security audit, remaining information protection, invades and prevent Model, malicious code resistance and resources control;
Reparation task obtains the scanning of security configuration item for the real-time security configuration item of operating system where scanning client Value obtains the baseline value in security strategy, by comparing the baseline value of the security strategy of the scan values and setting of security configuration item To judge whether close rule with value item safely;When the scan values irregularity of security configuration item, safety is set by security configuration item Baseline value in strategy;
Restore initial configuration task to set the security configuration item of operating system for obtaining the preliminary scan value of security configuration item It is set to preliminary scan value, restores state when preliminary scan;
Policy management module 1.2, for being arranged and sending security strategy to the substrategy management module 2.3 of client 2;The peace Full strategy includes scan setting, repairs setting and the setting of security configuration item;
Expert knowledge library 4, for storing the grade template of security configuration item;The grade template includes high-level template, intermediate mould Plate and rudimentary template;
Knowledge base management module 1.3 is used for upgrade expert knowledge base 4;
Assets management module 1.4 carries out baseline management for the assets to 2 place operating system of client;The operating system Assets include physical machine, virtual machine and virtualization software;
Journaling module 1.5 exists to assets or group of assets for receiving the log of 2 log management module 2.4 of client Assets compliance in designated time period is for statistical analysis, generates journaling;
Subtask management module 2.1, for the task of 1 task management module 1.1 of reception pipe platform, to security baseline secure group The transmission of part module 1.1 executes order, and by the task management module 1.1 of task action result recurrent canal platform 1;
Security baseline security component module 2.2 obtains the value of security configuration item for executing security sweep task;It is repaired for executing Multiple task or recovery initial configuration task are configured the value of security configuration item;
Substrategy management module 2.3, the security strategy for the setting of 1 policy management module 1.2 of reception pipe platform;
Log management module 2.4, for sending log to the journaling module 1.5 of management platform 1.
The embodiment of the present invention be it is illustrative and not restrictive, above-described embodiment be only to aid in understanding the present invention, because The present invention is not limited to the embodiments described in specific embodiment for this, all by those skilled in the art's technology according to the present invention Other specific embodiments that scheme obtains, also belong to the scope of protection of the invention.

Claims (10)

1. a kind of management method of security baseline, which is characterized in that include the following steps:
Step 1. client receives task;The task includes being operated to the security configuration item of operating system for task;
Step 2. client judges task type;The task type includes security sweep task, reparation task and restores initial Configuration task;
For step 3. when task is security sweep task, client is scanned the security configuration item of operating system, obtains peace The scan values of full configuration item;
Obtain the baseline value in security strategy;
The baseline value of the scan values and security strategy setting that compare security configuration item judges whether to close rule with value item safely;
The result of client return security sweep task;
Return step 1.
2. a kind of management method of security baseline as described in claim 1, which is characterized in that further include following steps:
For step 4. when task is reparation task, client is scanned the security configuration item of operating system;
Obtain the scan values of security configuration item;
Obtain the baseline value in security strategy;
The baseline value of the scan values and security strategy setting that compare security configuration item judges whether security configuration item closes rule;
If irregularity, the baseline value set security configuration item in security strategy;
If closing rule, without operation;
The result of client return reparation task;
Return step 1.
3. a kind of management method of security baseline as claimed in claim 2, which is characterized in that client in step 3 and step 4 While being scanned to the security configuration item of operating system, preliminary scan is judged whether it is;
If preliminary scan, then the preliminary scan value of security configuration item is saved;
If not preliminary scan, then without operation;
Further include after step 4:
For step 5. when task is to restore initial configuration task, client obtains the preliminary scan value of security configuration item, will operate The security configuration item of system is set as preliminary scan value, restores state when preliminary scan, and client, which returns, restores initial configuration The implementing result of task;
Return step 1.
4. a kind of management method of security baseline as described in claim 1, which is characterized in that
It further include step 1A before step 1:Client receives security strategy;The security strategy include scan setting, repair set It sets and security configuration item is arranged;
Scan setting includes that whether opening timing scans and be arranged scan frequency for setting;
Repairing setting includes setting repair coverage;
The setting of security configuration item, including baseline value is configured.
5. a kind of management method of security baseline as claimed in claim 3, which is characterized in that
It further include following steps before step 1:
Step 1B. manages platform and carries out baseline management to the assets of operating system where client;
The assets of the operating system include physical machine, virtual machine and virtualization software;
Carrying out baseline management to the assets of operating system includes that assets are found automatically, assets are manually entered and are divided assets Group;
Step 1C. manages platform creation task and sends task to client.
6. a kind of management system of security baseline, which is characterized in that including client(2);
Client(2)Including subtask management module(2.1)With security baseline security component module(2.2);
Subtask management module(2.1), for receiving task, to security baseline security component module(2.2)Transmission executes order, And return to implementing result;
The task includes security sweep task, reparation task and recovery initial configuration task;
Security baseline security component module(2.2), the value of security configuration item is obtained for executing security sweep task;For executing Reparation task or recovery initial configuration task are configured the value of security configuration item.
7. a kind of management system of security baseline as claimed in claim 6, which is characterized in that further include management platform(1), pipe Platform(1)With client(2)Pass through message-oriented middleware(3)Connection;
Manage platform(1)Including task management module(1.1);
Task management module(1.1), for creating task and to client(2)Subtask management module(2.1)Transmission task, Receive client(2)Subtask management module(2.1)The task action result of return.
8. a kind of management system of security baseline as claimed in claim 7, which is characterized in that client(2)It further include sub- plan Slightly management module(2.3);
Substrategy management module(2.3), for receiving security strategy;
Manage platform(1)It further include policy management module(1.2)And knowledge base management module(1.3);
Knowledge base management module(1.3)It is connected with expert knowledge library(4);
Policy management module(1.2), for being arranged and to client(2)Substrategy management module(2.3)Send security strategy; The security strategy includes scan setting, repairs setting and the setting of security configuration item;
Expert knowledge library(4), for storing the grade template of security configuration item;The grade template includes high-level template, middle rank Template and rudimentary template;
Knowledge base management module(1.3), it is used for upgrade expert knowledge base(4).
9. a kind of management system of security baseline as claimed in claim 7, which is characterized in that management platform(1)It further include money Produce management module(1.4);
Assets management module(1.4), for client(2)The assets of place operating system carry out baseline management;The operation The assets of system include physical machine, virtual machine and virtualization software.
10. a kind of management system of security baseline as claimed in claim 7, which is characterized in that client(2)It further include log Management module(2.4), manage platform(1)It further include journaling module(1.5);
Log management module(2.4), for sending log;
Journaling module(1.5), for receiving client(2)Log management module(2.4)Log, to assets or assets The assets compliance being grouped in designated time period is for statistical analysis, generates journaling.
CN201810496227.8A 2018-05-22 2018-05-22 A kind of management method and system of security baseline Pending CN108833358A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810496227.8A CN108833358A (en) 2018-05-22 2018-05-22 A kind of management method and system of security baseline

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810496227.8A CN108833358A (en) 2018-05-22 2018-05-22 A kind of management method and system of security baseline

Publications (1)

Publication Number Publication Date
CN108833358A true CN108833358A (en) 2018-11-16

Family

ID=64148989

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810496227.8A Pending CN108833358A (en) 2018-05-22 2018-05-22 A kind of management method and system of security baseline

Country Status (1)

Country Link
CN (1) CN108833358A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109558910A (en) * 2018-12-13 2019-04-02 深信服科技股份有限公司 A kind of method, system and the associated component of the evaluation and test of information security grade
CN110851172A (en) * 2019-11-13 2020-02-28 杭州安恒信息技术股份有限公司 Method, device, equipment and medium for repairing security configuration of operating system
CN112270493A (en) * 2020-11-13 2021-01-26 中盈优创资讯科技有限公司 Method and device for automatically protecting assets
CN112685743A (en) * 2020-12-28 2021-04-20 北京珞安科技有限责任公司 Automatic reinforcing method and system for host security baseline

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102096605A (en) * 2011-02-17 2011-06-15 成电汽车电子产业园(昆山)有限公司 Multi-level resource management implementation method in embedded real-time operation system
CN104135483A (en) * 2014-06-13 2014-11-05 汪志 Automatic configuration management system for network security
CN104346574A (en) * 2014-10-23 2015-02-11 武汉大学 Automatic host computer security configuration vulnerability restoration method and system based on configuration specification
US20170289198A1 (en) * 2007-09-17 2017-10-05 Ulrich Lang Method and system for managing security policies
CN107835094A (en) * 2017-11-10 2018-03-23 郑州云海信息技术有限公司 A kind of centralized security configuration inspection and reinforcement means

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170289198A1 (en) * 2007-09-17 2017-10-05 Ulrich Lang Method and system for managing security policies
CN102096605A (en) * 2011-02-17 2011-06-15 成电汽车电子产业园(昆山)有限公司 Multi-level resource management implementation method in embedded real-time operation system
CN104135483A (en) * 2014-06-13 2014-11-05 汪志 Automatic configuration management system for network security
CN104346574A (en) * 2014-10-23 2015-02-11 武汉大学 Automatic host computer security configuration vulnerability restoration method and system based on configuration specification
CN107835094A (en) * 2017-11-10 2018-03-23 郑州云海信息技术有限公司 A kind of centralized security configuration inspection and reinforcement means

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109558910A (en) * 2018-12-13 2019-04-02 深信服科技股份有限公司 A kind of method, system and the associated component of the evaluation and test of information security grade
CN109558910B (en) * 2018-12-13 2023-02-03 深信服科技股份有限公司 Method, system and related assembly for evaluating information security level
CN110851172A (en) * 2019-11-13 2020-02-28 杭州安恒信息技术股份有限公司 Method, device, equipment and medium for repairing security configuration of operating system
CN112270493A (en) * 2020-11-13 2021-01-26 中盈优创资讯科技有限公司 Method and device for automatically protecting assets
CN112270493B (en) * 2020-11-13 2023-05-12 中盈优创资讯科技有限公司 Asset automatic protection method and device
CN112685743A (en) * 2020-12-28 2021-04-20 北京珞安科技有限责任公司 Automatic reinforcing method and system for host security baseline

Similar Documents

Publication Publication Date Title
CN108833358A (en) A kind of management method and system of security baseline
Scaparra et al. An exact solution approach for the interdiction median problem with fortification
US20030093696A1 (en) Risk assessment method
CN105656891B (en) A kind of weak passwurd check method and device
CN104253810B (en) Safe login method and system
EP2479698A1 (en) Systems and methods for detecting fraud associated with systems application processing
CN104408587A (en) Government project management information system
CN104683127A (en) Method and system for centrally checking weak passwords of equipment
CN107247648B (en) Method, device and system for realizing remote project system supervision based on Docker
CN103618652A (en) Audit and depth analysis system and audit and depth analysis method of business data
CN116319099A (en) Multi-terminal financial data management method and system
Ivanova et al. Attack tree generation by policy invalidation
CN110991981A (en) Application method of research and development cloud platform
CN113949534A (en) Resource access method and device for information system, electronic equipment and storage medium
CN114362983A (en) Firewall policy management method and device, computer equipment and storage medium
CN107688555A (en) A kind of function trustship relies on the general offer method of service in calculating
CN103227782A (en) Interphone, client, remote server, software distributing method and software updating method
CN103973681B (en) Two layers of password generation for operation management auditing system fills out method and system
CN210895551U (en) Floating population management system
Sadvandi et al. Safety and security interdependencies in complex systems and sos: Challenges and perspectives
CN108343315A (en) Key management method and terminal device
CN112131544A (en) Shell script method for user management of springboard machine
CN109599943B (en) Power monitoring system reinforcing method, device and equipment based on AD domain
CN116070193A (en) Authority auditing method, system and storage medium for operation and maintenance personnel
Surridge et al. Serscis: Semantic modelling of dynamic, multi-stakeholder systems

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20181116