CN112417459B - Large-scale terminal equipment safety assessment method and system and computer equipment - Google Patents

Large-scale terminal equipment safety assessment method and system and computer equipment Download PDF

Info

Publication number
CN112417459B
CN112417459B CN202011302275.2A CN202011302275A CN112417459B CN 112417459 B CN112417459 B CN 112417459B CN 202011302275 A CN202011302275 A CN 202011302275A CN 112417459 B CN112417459 B CN 112417459B
Authority
CN
China
Prior art keywords
information
terminal equipment
software
terminal device
terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011302275.2A
Other languages
Chinese (zh)
Other versions
CN112417459A (en
Inventor
胡滨
彭克坚
诸俊
朱天宇
瞿炜超
陈新秀
王广平
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Pudong Development Bank Co Ltd
Original Assignee
Shanghai Pudong Development Bank Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Pudong Development Bank Co Ltd filed Critical Shanghai Pudong Development Bank Co Ltd
Priority to CN202011302275.2A priority Critical patent/CN112417459B/en
Publication of CN112417459A publication Critical patent/CN112417459A/en
Application granted granted Critical
Publication of CN112417459B publication Critical patent/CN112417459B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention provides a large-scale terminal equipment safety evaluation method, a system and computer equipment, wherein the method comprises the following steps: sending an information acquisition script to the managed terminal equipment or adding the information acquisition script in a planning task of the terminal equipment, wherein the information acquisition script is used for acquiring software and hardware information related to the terminal equipment, service time information of the terminal equipment and operating system information used by the terminal equipment; determining parameter information of a safety evaluation model according to software and hardware information related to the terminal equipment, terminal equipment use time information and operating system information used by the terminal equipment, which are sent by an information acquisition script installed on each terminal equipment; grading each parameter information by using a safety evaluation model; calculating the comprehensive safety score of the terminal equipment according to the score of each parameter information; and determining the safety degree of the terminal equipment according to the comprehensive safety score. The safety degree of the terminal equipment can be accurately determined, and the method can adapt to more application scenes.

Description

Large-scale terminal equipment safety assessment method and system and computer equipment
Technical Field
The present disclosure relates to the field of security evaluation of terminal devices, and in particular, to a method, a system and a computer device for security evaluation of large-scale terminal devices.
Background
The safety evaluation of the computer plays an important role in the normal use of the computer. In the prior art, computer security evaluation only considers vulnerability evaluation and virus evaluation, and does not evaluate other aspects such as illegal software, administrator accounts and the like. In practical applications, such as the banking field, the security requirement is high, but the way of considering vulnerability assessment and virus assessment cannot meet the requirement of the high security field.
Disclosure of Invention
The method is used for overcoming the defects that a computer security assessment mode in the prior art is poor in accuracy and limited in application.
In order to solve the above technical problem, a first aspect of the present disclosure provides a large-scale terminal device security evaluation method, including:
sending an information acquisition script to a managed terminal device or adding the information acquisition script in a planning task of the terminal device, wherein the information acquisition script is used for acquiring software and hardware information related to the terminal device, service time information of the terminal device and operating system information used by the terminal device;
determining parameter information of a safety evaluation model according to the software and hardware information related to the terminal equipment, the using time information of the terminal equipment and the operating system information used by the terminal equipment, which are sent by the information acquisition script, wherein the safety evaluation model comprises a deduction algorithm of each parameter;
grading each parameter information by using the safety evaluation model;
calculating the comprehensive safety score of the terminal equipment according to the score of each parameter information;
and determining the safety degree of the terminal equipment according to the comprehensive safety score.
In a further embodiment of this document, the method for evaluating the security of the large-scale terminal device further includes:
and when the safety degree is lower than a preset threshold value, determining a solution strategy and sending the solution strategy to operation and maintenance personnel.
In a further embodiment of the present disclosure, the information acquisition script is further configured to acquire administrator account information of the terminal device;
the method further comprises the following steps: and carrying out illegal judgment on the administrator account information by utilizing an administrator coding rule, and sending alarm information if the judgment result is illegal login.
In a further embodiment herein, the information acquisition script is further configured to acquire device identification information of the terminal device;
before determining the information of the plurality of parameters of the security assessment model, the method further comprises:
and performing duplicate removal processing on software and hardware information related to the information sent by the information acquisition script by using the equipment identification information of the terminal equipment.
In a further embodiment of the present disclosure, the software and hardware information related to the terminal device includes: non-updated software time information, non-installed software information, and illegal software installation information.
In a further embodiment of this document, determining parameter information of a security assessment model according to software and hardware information related to a terminal device, usage time information of the terminal device, and operating system information used by the terminal device, which are sent by the information acquisition script, includes:
calculating the number of terminal devices which do not update the virus library and/or the patch in each preset time period according to the information of the un-updated software;
calculating the number of terminal devices which are not provided with the preset antivirus software according to the information of the uninstalled software;
and calculating the number of terminal equipment for installing each preset violation software according to the violation software installation information.
Calculating the number of terminal equipment with delivery dates meeting each preset judgment condition according to the service time information of the terminal equipment;
and calculating the number of the terminal equipment using each preset operating system according to the operating system information used by the terminal equipment.
In a further embodiment herein, scoring the parameter information using the security assessment model includes:
for each parameter under the parameter information, searching a deduction algorithm corresponding to the parameter from the preset safety evaluation model;
and calculating the parameters by using the searched deduction algorithm to obtain the scores of the parameters.
In a further embodiment herein, calculating a composite security score for the terminal device based on the score of the parameter information includes calculating the composite security score for the terminal device using the following formula:
S=X+f1(X1)+f2(X2)+f3(X3)+f4(X4)+f5(X5);
wherein X is a total score, f1 is a deduction algorithm set related to operating system information X1, f2 is a deduction algorithm set related to terminal equipment use time information X2, f3 is a deduction algorithm set related to un-updated software time information X3, f4 is a deduction algorithm set related to un-installed software information X4, and f5 is a deduction algorithm set related to illegal software installation information X5.
A second aspect herein provides a large-scale terminal device security assessment system, comprising:
the script issuing module is used for sending an information acquisition script to the managed terminal equipment or adding the information acquisition script in a planning task of the terminal equipment, wherein the information acquisition script is used for acquiring software and hardware information related to the terminal equipment, service time information of the terminal equipment and operating system information used by the terminal equipment;
the information analysis module is used for determining parameter information of a safety evaluation model according to the software and hardware information related to the terminal equipment, the using time information of the terminal equipment and the operating system information used by the terminal equipment, which are sent by the information acquisition script, wherein the safety evaluation model comprises a deduction algorithm of each parameter;
the single scoring module is used for scoring the parameter information by using the safety assessment model;
the comprehensive grading module is used for calculating comprehensive safety grading of the terminal equipment according to the grading of each parameter information;
and the safety degree determining module is used for determining the safety degree of the terminal equipment according to the comprehensive safety score.
A third aspect of the present disclosure provides a computer device, including a memory, a processor, and a computer program stored on the memory and executable on the processor, wherein the processor implements the large-scale terminal device security assessment method according to any of the foregoing embodiments when executing the computer program.
A fourth aspect of the present disclosure provides a computer-readable storage medium, which stores a computer program for executing, when executed by a processor, a large-scale terminal device security assessment method according to any of the foregoing embodiments.
According to the large-scale terminal equipment safety assessment method and system, the information acquisition script is sent to the managed and controlled terminal equipment or added to the planning task of the terminal equipment, wherein the information acquisition script is used for acquiring the relevant software and hardware information of the terminal equipment, and all the software and hardware information installed in the terminal equipment can be comprehensively acquired. Determining parameter information of a safety evaluation model through related software and hardware information of each terminal device; grading each parameter information by using a safety evaluation model; calculating the comprehensive safety score of the terminal equipment according to the score of each parameter information; and determining the safety degree of the terminal equipment according to the comprehensive safety score, accurately determining the safety degree of the terminal equipment and adapting to more application scenes.
In order to make the aforementioned and other objects, features and advantages of the present invention comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
In order to more clearly illustrate the embodiments or technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 illustrates a first flowchart of a large-scale terminal device security assessment method according to an embodiment of the present disclosure;
fig. 2 shows a second flowchart of a large-scale terminal device security assessment method according to an embodiment of the present disclosure;
fig. 3 shows a third flowchart of a large-scale terminal device security evaluation method according to an embodiment of the present disclosure;
fig. 4 shows a third flowchart of a large-scale terminal device security evaluation method according to an embodiment of the present disclosure;
FIG. 5 is a diagram illustrating a first configuration of a large-scale terminal device security assessment system according to an embodiment of the present disclosure;
fig. 6 is a second block diagram of the large-scale terminal device security evaluation system according to the embodiment of the present disclosure;
FIG. 7 is a block diagram illustrating a computer device according to an embodiment of the present disclosure.
Description of the figures the symbols:
510. a script issuing module;
520. an information analysis module;
530. a single item scoring module;
540. a comprehensive scoring module;
550. a safety degree determination module;
560. an information alarm module;
570. a positioning module;
702. a computer device;
704. a processor;
706. a memory;
708. a drive mechanism;
710. an input/output module;
712. an input device;
714. an output device;
716. a presentation device;
718. a graphical user interface;
720. a network interface;
722. a communication link;
724. a communication bus.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments herein without making any creative effort, shall fall within the scope of protection.
In an embodiment of the present disclosure, as shown in fig. 1, fig. 1 illustrates a first flowchart of a large-scale terminal device security evaluation method in an embodiment of the present disclosure, which is used to solve the defects of poor accuracy and limited application of a computer security evaluation method in the prior art. The method may be executed in an intelligent terminal, including a smart phone, a tablet computer, a desktop computer, and the like, and may be a separate application program, an applet embedded in another program, and the like, or may also be in a web page form, and the like, which is not limited herein.
Specifically, the large-scale terminal equipment safety evaluation method comprises the following steps:
step 110, sending an information acquisition script to the managed terminal device or adding the information acquisition script in a planning task of the terminal device, wherein the information acquisition script is used for acquiring software and hardware information related to the terminal device, service time information of the terminal device and operating system information used by the terminal device;
step 120, determining parameter information of a safety evaluation model according to software and hardware information related to the terminal equipment, terminal equipment use time information and operating system information used by the terminal equipment, which are sent by an information acquisition script installed on each terminal equipment, wherein the safety evaluation model comprises a deduction algorithm of each parameter;
step 130, scoring the information of each parameter by using a safety assessment model;
step 140, calculating the comprehensive safety score of the terminal equipment according to the scores of the parameter information;
and 150, determining the safety degree of the terminal equipment according to the comprehensive safety score.
The managed terminal devices described herein may be terminal devices involved in a predetermined business of the same enterprise, such as computer devices used by counter staff in a bank. Specifically, the terminal device includes, but is not limited to, a computer device, a server (windows and linux), a self-service terminal such as an ATM (Automated Teller Machine), a VTM (Video Teller Machine), and the like.
In this embodiment, all the software and hardware information installed in the terminal device can be comprehensively collected through the step 110. Through steps 120 to 150, the security degree of the terminal device can be accurately determined, and the method can be adapted to more application scenarios, not only limited to the evaluation of the existence of the vulnerability and the virus system, but also applicable to the security evaluation of the scenarios with higher security performance requirements, such as the security evaluation of a bank system, a financial system, and the like.
In an embodiment of this document, in step 110, the information collection script may be issued to each managed terminal device in a network push manner through a terminal management system such as microsoft SCCM system, symantec, or the like. For a terminal which cannot issue the information acquisition script through a network, the information acquisition script can be added in a planning task of the terminal equipment in a remote mode to complete the issuing of the information acquisition script. If the terminal equipment does not access the network for a long time and issues a plurality of versions of the information acquisition script during the period, in this case, the terminal equipment only acquires and executes the latest information acquisition script within the validity period after networking. During specific implementation, information can be acquired by manually running an information acquisition script. In specific implementation, the information acquisition script may be issued at intervals (e.g., two to three weeks). And the information collection script is set to have an effective life time, for example, three to four days.
In some embodiments, a starting mode of the information acquisition script may also be set, for example, the terminal device starts the automatic information acquisition script when the screen saver of the terminal device is started, and the information acquisition script is started at the same time. In other embodiments, in order to reduce the influence of the information acquisition script on the operation of the terminal device, the terminal device may be started when the memory proportion of the terminal device is less than a predetermined value.
The information acquisition script acquires software and hardware information installed on the terminal equipment by reading a Windows manager of the terminal equipment, and analyzes the software and hardware information related to the terminal equipment according to the software and hardware information installed on the terminal equipment. The Windows manager can access, configure, manage, and monitor almost all Windows resources.
The information acquisition script acquires the open port information through the read port so as to send and acquire software and hardware information related to the terminal equipment, the use time information of the terminal equipment and the operating system information used by the terminal equipment by using the open port information. Wherein, the relevant software and hardware information of terminal equipment includes: non-updated software time information, non-installed software information, and illegal software installation information. Wherein, each type of information comprises at least one parameter.
After the information acquisition script installed in the terminal equipment is started, the information can be acquired regularly at regular time intervals. The certain time interval is, for example, every 1 minute, and the specific time period can be set according to the requirement, which is not limited herein. In one embodiment, a shorter time interval may be set for high risk terminal devices and a longer time interval may be set for low risk terminal devices.
In an embodiment of the present invention, the parameter information in the security assessment model is a statistical value, and in a specific implementation, the step 120 includes:
according to the information of the un-updated software, calculating the number of terminal devices which do not update the virus library and/or the patch in each preset time period;
according to the information of the uninstalled software, calculating the number of terminal devices without the preset antivirus software;
calculating the number of terminal devices for installing each preset illegal software according to the illegal software installation information;
calculating the number of terminal equipment with delivery dates meeting each preset judgment condition according to the service time information of the terminal equipment;
and calculating the number of the terminal equipment using each preset operating system according to the operating system information used by the terminal equipment.
In an embodiment of this document, the step 130 of scoring the parameter information by using the security assessment model includes:
for each parameter of the parameter information, searching a deduction algorithm corresponding to the parameter from a preset safety evaluation model;
and calculating the parameters by using the searched deduction algorithm to obtain the scores of the parameters.
In one embodiment, in the step 140, calculating the composite security score of the terminal device according to the score of the parameter information includes calculating the composite security score of the terminal device by using the following formula:
S=X+f1(X1)+f2(X2)+f3(X3)+f4(X4)+f5(X5);
wherein X is a total score, f1 is a deduction algorithm set related to operating system information X1, f2 is a deduction algorithm set related to terminal equipment use time information X2, f3 is a deduction algorithm set related to non-updated software time information X3, f4 is a deduction algorithm set related to non-installed software information X4, and f5 is a deduction algorithm set related to illegal software installation information X5.
In one embodiment of the present disclosure, the security assessment model relates to an algorithm as shown in table 1 below.
TABLE 1
Figure BDA0002787205040000071
Figure BDA0002787205040000081
And N1-N13 are the number of terminal devices meeting the algorithm parameter, namely parameter information in the safety evaluation model. Table 1 is merely an exemplary illustration of the technical solution herein, and in a specific implementation, a specific scoring rule in the scoring algorithm may be set according to a requirement, which is not specifically limited herein.
In an embodiment of this document, in step 150, the security degree of the terminal device may be divided into a plurality of levels, where the specific number of the division is not limited, each level of the security degree corresponds to a comprehensive security score range, and the security degree is in direct proportion to the security score range, that is, the higher the security score range is, the higher the corresponding security degree is.
In an embodiment of the present invention, in order to facilitate the maintenance personnel to know the analysis result in time, after the step 150, the safety level is also displayed.
In an embodiment of this document, as shown in fig. 2, in order to facilitate the operation and maintenance staff to solve the problem in time, the method for evaluating the security of the scale terminal device further includes, in addition to the above steps 110 to 150:
and step 160, when the safety degree is lower than a preset threshold value, determining a solution strategy and sending the solution strategy to operation and maintenance personnel.
The solution policy may be preset according to the security level, and the content specifically included in the solution policy is not limited herein.
In an embodiment of the present disclosure, in order to avoid that a large number of terminal devices upload terminal device information at the same time, data congestion is generated, and then data is lost, a random function is set in an information acquisition script, and the information acquisition script is further configured to determine, by using the random function, a time point at which each terminal device sends terminal device information. Specifically, the random function considers the number of all terminal devices, so that a time point is randomly selected to upload terminal device information within a variable time range.
In view of the defects that in the prior art, whether an alarm is given based on an administrator login IP is inaccurate, and when the managed device has a huge data volume, the illegal login problem under the condition of administrator permission change cannot be identified, in an embodiment of the present disclosure, as shown in fig. 3, a large-scale terminal device security evaluation method includes:
step 310, sending an information acquisition script to the managed terminal device, wherein the information acquisition script is used for acquiring terminal device information, software and hardware information related to the terminal device, terminal device use time information and operating system information used by the terminal device; wherein, the terminal device information includes: acquiring identification information and administrator account information; the software and hardware information related to the terminal equipment comprises: the software time information is not updated, the software information is not installed, and the illegal software installation information is obtained;
step 320, receiving the terminal device information, the software and hardware information related to the terminal device, the use time information of the terminal device and the operating system information used by the terminal device sent by the information acquisition script, and performing deduplication processing on the terminal device information, the software and hardware information related to the terminal device, the use time information of the terminal device and the operating system information used by the terminal device received in a preset time period by using the device identification information;
step 330, using the administrator coding rule to carry out illegal judgment on the administrator account information in the terminal equipment information after duplication removal, and if the judgment result is illegal login, sending alarm information;
step 340, determining parameter information of a safety evaluation model according to the software and hardware information related to the terminal equipment after the duplication removal, the use time information of the terminal equipment and the operating system information used by the terminal equipment, wherein the safety evaluation model comprises a deduction algorithm of each parameter;
step 350, scoring the parameter information by using the safety assessment model;
step 360, calculating the comprehensive safety score of the terminal equipment according to the scores of the parameter information;
and step 370, determining the risk degree of the terminal equipment according to the comprehensive security score.
In specific implementation, steps 330, 340 to 370 may be executed in parallel or separately, and the execution sequence is not limited herein. The present embodiment can improve the alarm efficiency through the deduplication processing in step 320. In this embodiment, the step 330 can identify the illegal login after the administrator permission is changed, so as to implement effective monitoring and early warning. In this embodiment, through steps 340 to 370, the problem that the overall security of the large-scale terminal cannot be evaluated can be solved, the risk problem can be found in time, and the network security of the terminal device can be guaranteed.
In detail, the terminal device information acquired by the information acquisition script includes device identification information and administrator account information, where the device identification information may uniquely determine the terminal device, for example, including but not limited to a host name, an IP address, an MAC address, a host serial number, and a hard disk serial number of the terminal device. The serial numbers of hardware devices such as a mainboard, a memory card, a sound card, a magnetic disk, a display, a network card and the like can also be included. The specific content of the device identification information is not limited herein.
The administrator account information includes: administrator name, administrator privileges, and administrator number. The number of the administrators is calculated according to the names or the authorities of the administrators and is used for determining the current administrator setting condition of the terminal equipment.
The administrator encoding rule includes, for example, an administrator naming rule, and the content specifically included in the administrator encoding rule is not limited herein. In a specific embodiment, the administrator coding rule is LC-users of division agency suffix-admin. The step 330 of performing illegal determination on the administrator account information in the deduplicated terminal device information by using the administrator coding rule includes: removing the administrator account information which accords with the administrator coding rule from the terminal equipment information after the duplication removal; and the rest administrator account information is an illegally authorized administrator account, alarm information is generated by combining the equipment identification information, and the alarm information is sent to the intelligent terminal of the monitoring personnel.
In an embodiment of this document, as shown in fig. 4, after the step 330 determines that the illegal login is illegal, the method further includes:
step 331, determining the location information of the terminal device according to the device identification information in the terminal device information and the distribution relationship of the terminal device, wherein the distribution relationship of the terminal device includes the corresponding relationship between the device identification information and the location information. The distribution relation of the terminal equipment can embody the corresponding relation between the terminal equipment and the position of the terminal equipment;
step 332, sending the terminal device location information as part of the content of the alarm information.
In this embodiment, through the settings in step 331 and step 332, the terminal device having the authority of the illegal administrator can be quickly found.
Based on the same inventive concept, a large-scale terminal device security evaluation system is also provided herein, as described in the following embodiments. Because the problem solving principle of the large-scale terminal equipment safety assessment system is similar to that of the large-scale terminal equipment safety assessment method, the implementation of the large-scale terminal equipment safety assessment system can refer to the large-scale terminal equipment safety assessment method, and repeated parts are not repeated.
Specifically, as shown in fig. 5, the large-scale terminal device security evaluation system includes:
the script issuing module 510 is configured to send an information acquisition script to a managed terminal device or add the information acquisition script to a scheduled task of the terminal device, where the information acquisition script is used to acquire software and hardware information related to the terminal device, information of use time of the terminal device, and information of an operating system used by the terminal device;
the information analysis module 520 is configured to determine parameter information of a security assessment model according to software and hardware information related to the terminal device, terminal device usage time information, and operating system information used by the terminal device, which are sent by an information acquisition script installed on each terminal device, where the security assessment model includes a deduction algorithm of each parameter;
a single item scoring module 530, configured to score information of each parameter by using the security assessment model;
the comprehensive scoring module 540 is used for calculating comprehensive safety scores of the terminal equipment according to the scores of the parameter information;
and a security level determining module 550, configured to determine a security level of the terminal device according to the comprehensive security score.
In this embodiment, the script issuing module 510 sends an information acquisition script to the managed terminal device or adds the information acquisition script to a scheduled task of the terminal device, where the information acquisition script is used to acquire software and hardware information related to the terminal device, and can comprehensively acquire all software and hardware information installed in the terminal device. Determining parameter information of the safety evaluation model according to software and hardware information related to each terminal device through the information analysis module 520; the single item scoring module 530 scores the parameter information by using the security assessment model; the comprehensive scoring module 540 calculates the comprehensive security score of the terminal equipment according to the score of each parameter information; the safety degree determining module 550 determines the safety degree of the terminal device according to the comprehensive safety score, can accurately determine the safety degree of the terminal device, and can adapt to more application scenarios.
In an embodiment of this document, the script issuing module 510 may issue the information acquisition script to each managed and controlled terminal device in a network push manner through a terminal management system such as microsoft SCCM system, symantec, and the like. For a terminal which cannot issue the information acquisition script through a network, the information acquisition script can be added in a planning task of the terminal equipment in a remote mode to complete the issuing of the information acquisition script. If the terminal equipment does not access the network for a long time and issues information acquisition scripts of multiple versions in the period, the terminal equipment only acquires and executes the latest information acquisition script within the validity period after networking. In specific implementation, information can be acquired by manually operating the information acquisition script.
In an embodiment of this document, the determining, by the information analysis module 520, parameter information of the security assessment model according to software and hardware information related to the terminal device, which is sent by an information acquisition script installed in each terminal device, the terminal device usage time information, and the operating system information used by the terminal device, includes: calculating the number of terminal devices which do not update the virus library and/or the patch in each preset time period according to the information of the un-updated software; according to the information of the uninstalled software, calculating the number of terminal devices without the preset antivirus software; calculating the number of terminal devices for installing each preset illegal software according to the illegal software installation information; calculating the number of terminal equipment with delivery dates meeting each preset judgment condition according to the service time information of the terminal equipment; and calculating the number of the terminal equipment using each preset operating system according to the operating system information used by the terminal equipment.
In one embodiment, the single scoring module 530 scores the parameter information using a security assessment model, including: for each parameter of the parameter information, searching a deduction algorithm corresponding to the parameter from a preset safety evaluation model; and calculating the parameters by using the searched deduction algorithm to obtain the scores of the parameters.
In one embodiment, the calculating the composite security score of the terminal device by the composite scoring module 540 according to the score of each parameter information includes: calculating the comprehensive security score of the terminal equipment by using the following formula:
S=X+f1(X1)+f2(X2)+f3(X3)+f4(X4)+f5(X5);
wherein X is a total score, f1 is a deduction algorithm set related to operating system information X1, f2 is a deduction algorithm set related to terminal equipment use time information X2, f3 is a deduction algorithm set related to non-updated software time information X3, f4 is a deduction algorithm set related to non-installed software information X4, and f5 is a deduction algorithm set related to illegal software installation information X5.
In an embodiment of this document, the information collection script is further configured to collect terminal device information, where the terminal device information includes: as shown in fig. 6, the large-scale terminal device security evaluation system further includes:
and the information warning module 560 is configured to perform illegal determination on the administrator account information in the terminal device information by using the administrator coding rule, and send warning information if the determination result is illegal login.
And the positioning module 570 is configured to determine the location information of the terminal device according to the device identifier information in the terminal device information and the distribution relationship of the terminal device after the illegal login is determined as the determination result.
In an embodiment herein, as shown in fig. 7, there is also provided a computer device, the computer device 702 may include one or more processors 704, such as one or more Central Processing Units (CPUs), each of which may implement one or more hardware threads. The computer device 702 may also include any memory 706 for storing any kind of information, such as code, settings, data, etc. For example, and without limitation, the memory 706 can include any one or more of the following in combination: any type of RAM, any type of ROM, flash memory devices, hard disks, optical disks, etc. More generally, any memory may use any technology to store information. Further, any memory may provide volatile or non-volatile retention of information. Further, any memory may represent fixed or removable components of computer device 702. In one case, when the processor 704 executes associated instructions that are stored in any memory or combination of memories, the computer device 702 can perform any of the operations of the associated instructions. The computer device 702 also includes one or more drive mechanisms 708, such as a hard disk drive mechanism, an optical disk drive mechanism, or the like, for interacting with any of the memories.
Computer device 702 can also include an input/output module 710 (I/O) for receiving various inputs (via input device 712) and for providing various outputs (via output device 714)). One particular output mechanism may include a presentation device 716 and an associated graphical user interface 718 (GUI). In other embodiments, input/output module 710 (I/O), input device 712, and output device 714 may also not be included, as only one computer device in a network. Computer device 702 can also include one or more network interfaces 720 for exchanging data with other devices via one or more communication links 722. One or more communication buses 724 couple the above-described components together.
Communication link 722 may be implemented in any manner, such as over a local area network, a wide area network (e.g., the Internet), a point-to-point connection, etc., or any combination thereof. Communication link 722 may include any combination of hardwired links, wireless links, routers, gateway functions, name servers, etc., governed by any protocol or combination of protocols.
In an embodiment of this document, a computer-readable storage medium is further provided, where a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the computer program performs the steps of the large-scale terminal device security assessment method according to any of the above embodiments.
Embodiments herein also provide a computer readable instruction, wherein when the instruction is executed by a processor, the program causes the processor to perform the method for evaluating the security of a large-scale terminal device according to any of the embodiments.
It should be understood that, in various embodiments herein, the sequence numbers of the above-mentioned processes do not mean the execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation to the implementation process of the embodiments herein.
It should also be understood that, in the embodiments herein, the term "and/or" is only one kind of association relation describing an associated object, meaning that three kinds of relations may exist. For example, a and/or B, may represent: a exists alone, A and B exist simultaneously, and B exists alone. In addition, the character "/" herein generally indicates that the former and latter related objects are in an "or" relationship.
Those of ordinary skill in the art will appreciate that the elements and algorithm steps of the examples described in connection with the embodiments disclosed herein may be embodied in electronic hardware, computer software, or combinations of both, and that the components and steps of the examples have been described in a functional general in the foregoing description for the purpose of illustrating clearly the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present disclosure.
It can be clearly understood by those skilled in the art that, for convenience and simplicity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the several embodiments provided herein, it should be understood that the disclosed system, apparatus, and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one type of logical functional division, and other divisions may be realized in practice, for example, multiple units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may also be an electric, mechanical or other form of connection.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purposes of the embodiments herein.
In addition, functional units in the embodiments herein may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solutions in the present invention substantially or partially contribute to the prior art, or all or part of the technical solutions may be embodied in the form of a software product, which is stored in a storage medium and includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the methods described in the embodiments herein. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The principles and embodiments of this document are explained herein using specific examples, which are presented only to aid in understanding the methods and their core concepts; meanwhile, for a person skilled in the art, according to the idea of the present disclosure, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present disclosure should not be construed as a limitation to the present disclosure.

Claims (8)

1. A large-scale terminal equipment safety assessment method is characterized by comprising the following steps:
sending an information acquisition script to a managed terminal device or adding the information acquisition script in a planning task of the terminal device, wherein the information acquisition script is used for analyzing and determining software and hardware information related to the terminal device and acquiring service time information of the terminal device and operating system information used by the terminal device, and the software and hardware information related to the terminal device comprises: the software time information is not updated, the software information is not installed, and the illegal software installation information is obtained; the information acquisition script is provided with a random function and is also used for determining the time point of sending information by each terminal device by using the random function and uploading software and hardware information related to the terminal device, the use time information of the terminal device and the operating system information used by the terminal device according to the time point;
determining parameter information of a safety evaluation model according to the software and hardware information related to the terminal equipment, the service time information of the terminal equipment and the operating system information used by the terminal equipment, which are sent by the information acquisition script, wherein the safety evaluation model comprises a deduction algorithm of each parameter, and the parameter information of the safety evaluation model is a statistic value;
grading each parameter information by using the safety evaluation model;
calculating the comprehensive safety score of the terminal equipment according to the score of each parameter information;
determining the safety degree of the terminal equipment according to the comprehensive safety score;
determining parameter information of a safety assessment model according to the software and hardware information related to the terminal equipment, the using time information of the terminal equipment and the operating system information used by the terminal equipment, which are sent by the information acquisition script, comprises the following steps:
according to the time information of the un-updated software, calculating the number of terminal devices which do not update the virus library and/or the patch in each preset time period;
according to the information of the uninstalled software, calculating the number of terminal devices without the preset antivirus software;
calculating the number of terminal devices for installing each preset illegal software according to the illegal software installation information;
calculating the number of terminal equipment of which the delivery date meets each preset judgment condition according to the service time information of the terminal equipment;
and calculating the number of the terminal equipment using each preset operating system according to the operating system information used by the terminal equipment.
2. The method of claim 1, further comprising:
and when the safety degree is lower than a preset threshold value, determining a solution strategy and sending the solution strategy to operation and maintenance personnel.
3. The method of claim 1, wherein the information collection script is further configured to collect administrator account information of the terminal device;
the method further comprises the following steps: and carrying out illegal judgment on the administrator account information by utilizing an administrator coding rule, and sending alarm information if the judgment result is illegal login.
4. The method of claim 1, wherein the information collection script is further configured to collect device identification information of a terminal device;
before determining the plurality of parameter information of the security assessment model, the method further comprises the following steps:
and performing duplicate removal processing on software and hardware information related to the information sent by the information acquisition script by using the equipment identification information of the terminal equipment.
5. The method of claim 1, wherein scoring the parameter information using the security assessment model comprises:
for each parameter under the parameter information, searching a deduction algorithm corresponding to the parameter from the preset safety evaluation model;
and calculating the parameters by using the searched deduction algorithm to obtain the scores of the parameters.
6. The method of claim 1, wherein calculating a composite security score for the terminal device based on the score of the parameter information comprises calculating the composite security score for the terminal device using the formula:
S=X+f1(X1)+f2(X2)+f3(X3)+f4(X4)+f5(X5);
wherein X is a total score, f1 is a deduction algorithm set related to operating system information X1, f2 is a deduction algorithm set related to terminal equipment use time information X2, f3 is a deduction algorithm set related to non-updated software time information X3, f4 is a deduction algorithm set related to non-installed software information X4, and f5 is a deduction algorithm set related to illegal software installation information X5.
7. A large-scale terminal device security assessment system, comprising:
the script issuing module is used for sending an information acquisition script to the managed terminal equipment or adding the information acquisition script in a planning task of the terminal equipment, wherein the information acquisition script is used for analyzing and determining the relevant software and hardware information of the terminal equipment, acquiring the service time information of the terminal equipment and the operating system information used by the terminal equipment, and the relevant software and hardware information of the terminal equipment comprises: the software time information is not updated, the software information is not installed, and the illegal software installation information is obtained; the information acquisition script is provided with a random function and is also used for determining the time point of sending information by each terminal device by using the random function and uploading software and hardware information related to the terminal device, the use time information of the terminal device and the operating system information used by the terminal device according to the time point;
the information analysis module is used for determining parameter information of a safety evaluation model according to the software and hardware information related to the terminal equipment, the using time information of the terminal equipment and the operating system information used by the terminal equipment, which are sent by the information acquisition script, wherein the safety evaluation model comprises a deduction algorithm of each parameter, and the parameter information of the safety evaluation model is a statistical value;
the single scoring module is used for scoring the parameter information by using the safety assessment model;
the comprehensive grading module is used for calculating comprehensive safety grading of the terminal equipment according to the grading of each parameter information;
the safety degree determining module is used for determining the safety degree of the terminal equipment according to the comprehensive safety score;
determining parameter information of a safety assessment model according to the software and hardware information related to the terminal equipment, the using time information of the terminal equipment and the operating system information used by the terminal equipment, which are sent by the information acquisition script, comprises the following steps:
according to the time information of the un-updated software, calculating the number of terminal devices which do not update the virus library and/or the patch in each preset time period;
according to the information of the uninstalled software, calculating the number of terminal devices without the preset antivirus software;
calculating the number of terminal equipment for installing each preset violation software according to the violation software installation information;
calculating the number of terminal equipment with delivery dates meeting each preset judgment condition according to the service time information of the terminal equipment;
and calculating the number of the terminal equipment using each preset operating system according to the operating system information used by the terminal equipment.
8. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the large-scale terminal device security assessment method according to any one of claims 1 to 6 when executing the computer program.
CN202011302275.2A 2020-11-19 2020-11-19 Large-scale terminal equipment safety assessment method and system and computer equipment Active CN112417459B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011302275.2A CN112417459B (en) 2020-11-19 2020-11-19 Large-scale terminal equipment safety assessment method and system and computer equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011302275.2A CN112417459B (en) 2020-11-19 2020-11-19 Large-scale terminal equipment safety assessment method and system and computer equipment

Publications (2)

Publication Number Publication Date
CN112417459A CN112417459A (en) 2021-02-26
CN112417459B true CN112417459B (en) 2022-10-28

Family

ID=74774148

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011302275.2A Active CN112417459B (en) 2020-11-19 2020-11-19 Large-scale terminal equipment safety assessment method and system and computer equipment

Country Status (1)

Country Link
CN (1) CN112417459B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113407950A (en) * 2021-06-30 2021-09-17 绿盟科技集团股份有限公司 Risk assessment method and device

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102413011A (en) * 2011-11-18 2012-04-11 奇智软件(北京)有限公司 Local area network (LAN) security evaluation method and system
CN109886554A (en) * 2019-01-24 2019-06-14 平安科技(深圳)有限公司 Unlawful practice method of discrimination, device, computer equipment and storage medium
CN110555308A (en) * 2018-06-01 2019-12-10 北京安天网络安全技术有限公司 Terminal application behavior tracking and threat risk assessment method and system
CN110852641A (en) * 2019-11-15 2020-02-28 杭州安恒信息技术股份有限公司 Asset data monitoring method, system and related device
CN111091285A (en) * 2019-12-12 2020-05-01 国网吉林省电力有限公司电力科学研究院 Electric power terminal equipment safety risk body construction method

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10395040B2 (en) * 2016-07-18 2019-08-27 vThreat, Inc. System and method for identifying network security threats and assessing network security

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102413011A (en) * 2011-11-18 2012-04-11 奇智软件(北京)有限公司 Local area network (LAN) security evaluation method and system
CN110555308A (en) * 2018-06-01 2019-12-10 北京安天网络安全技术有限公司 Terminal application behavior tracking and threat risk assessment method and system
CN109886554A (en) * 2019-01-24 2019-06-14 平安科技(深圳)有限公司 Unlawful practice method of discrimination, device, computer equipment and storage medium
CN110852641A (en) * 2019-11-15 2020-02-28 杭州安恒信息技术股份有限公司 Asset data monitoring method, system and related device
CN111091285A (en) * 2019-12-12 2020-05-01 国网吉林省电力有限公司电力科学研究院 Electric power terminal equipment safety risk body construction method

Also Published As

Publication number Publication date
CN112417459A (en) 2021-02-26

Similar Documents

Publication Publication Date Title
US10291471B1 (en) Methods and apparatus for remediation execution
US20170041337A1 (en) Systems, Methods, Apparatuses, And Computer Program Products For Forensic Monitoring
US10277619B1 (en) System and methods of identifying system vulnerabilities
US20130073704A1 (en) Methods and apparatus for remediating policy test failures, including promoting changes for compliance review
US20120311562A1 (en) Extendable event processing
US20130073715A1 (en) Methods and apparatus for remediating policy test failures, including correlating changes to remediation processes
US11956264B2 (en) Method and system for verifying validity of detection result
CN104067283A (en) Identifying trojanized applications for mobile environments
CN111131221B (en) Interface checking device, method and storage medium
CN104038466A (en) Intrusion detection system, method and device for cloud calculating environment
CN110598996A (en) Risk processing method and device, electronic equipment and storage medium
CN116305155A (en) Program safety detection protection method, device, medium and electronic equipment
CN112306802A (en) Data acquisition method, device, medium and electronic equipment of system
CN112417459B (en) Large-scale terminal equipment safety assessment method and system and computer equipment
EP2761462A1 (en) Method and device for obtaining using-frequency of application program
CN110191097B (en) Method, system, equipment and storage medium for detecting security of login page
CN111400720A (en) Terminal information processing method, system and device and readable storage medium
CN112398695B (en) Large-scale terminal equipment control method, system, equipment and storage medium
CN113987508A (en) Vulnerability processing method, device, equipment and medium
US10614225B2 (en) System and method for tracing data access and detecting abnormality in the same
US10831584B2 (en) Management of computing machines with troubleshooting prioritization
CN111460459A (en) Risk information processing method and device
CN112699369A (en) Method and device for detecting abnormal login through stack backtracking
US11636021B2 (en) Preserving system integrity using file manifests
CN114154160B (en) Container cluster monitoring method and device, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant