CN114338072B - Remote login permission detection method for Root account of power distribution automation terminal - Google Patents
Remote login permission detection method for Root account of power distribution automation terminal Download PDFInfo
- Publication number
- CN114338072B CN114338072B CN202111315199.3A CN202111315199A CN114338072B CN 114338072 B CN114338072 B CN 114338072B CN 202111315199 A CN202111315199 A CN 202111315199A CN 114338072 B CN114338072 B CN 114338072B
- Authority
- CN
- China
- Prior art keywords
- power distribution
- distribution terminal
- account
- remote
- remote connection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Remote Monitoring And Control Of Power-Distribution Networks (AREA)
Abstract
The application provides a method for detecting remote login permission of a Root account of a power distribution automation terminal, which relates to the technical field of network security and comprises the following steps: connecting the terminal carrying the detection tool to a network of power distribution terminals; scanning remote connection ports of the power distribution terminal, and detecting the safety of all the remote connection ports; acquiring an account password of the secure remote connection power distribution terminal, inputting the account password into a detection tool, and attempting to remotely log in the power distribution terminal with Root authority; remotely logging in the power distribution terminal by the account password with common authority, and checking whether the account password is successfully logged in; and checking parameter values of parameters related to detection telnet in the distribution terminal system file. The method solves the problems that when the device permission is analyzed manually, the number of devices and the number of ports are too large, the condition of detecting, recording and managing all the devices by operation and maintenance personnel is very complex, and the workload is huge.
Description
Technical Field
The application relates to the technical field of network security, in particular to a method for detecting remote login permission of a Root account of a power distribution automation terminal.
Background
The distribution automation terminal (hereinafter referred to as distribution terminal) is widely applied to power equipment such as distribution network substations, switching stations, ring main units, pole switches, distribution transformers, box-type transformers and the like, and is used for protecting, monitoring and controlling the power equipment and is connected with a main station through a communication network to complete the whole distribution network automation management function. When the master station or the communication network is subjected to penetration attack, the power distribution terminal is an important attention target of hackers, and the damage is enlarged by acquiring the authority of the power distribution terminal to perform more attacks. Against such security threats, a layer of safeguards may be added to the rights limits of access to the distribution terminals. However, in the actual power industry, various devices are too many, so that management loopholes are easily caused, and authority management of a power distribution terminal is ignored, so that a large number of devices are at risk of being attacked to acquire authority.
The Root account is the "Root" account, which is the most privileged account on all Unix-like systems. The account enables the user to perform all aspects of system management including adding accounts, changing user passwords, checking log files, installing software, etc. The "root" account is not subject to any security restrictions, meaning that any action can be performed by the user. The system assumes that the user knows what he is doing and will execute exactly according to the issued command-without asking any questions. Therefore, root rights should not be easily used. The protection devices on the attacked equipment are protected from the actions with obvious threats such as virus protection, attack manipulation and the like, the actions with Root authorities can be selected to be released, or only the occurrence of the possible threat is reminded, but the handling operation is given to the privileged account, and the hacker has the Root authorities after remotely logging in, so that the protection devices can be easily closed, or the protection devices are disabled by utilizing a hacking tool.
For such situations, operation and maintenance personnel need to detect the intranet regularly, and the situation of each device is well known. At present, the detection mode of the power distribution terminal is very limited, more traditional network detection tools are utilized, and then the detection result is manually analyzed. Checking the Root telnet condition of the power distribution terminal can be manually completed. And a inspector can check the opening condition of the remote connection power distribution terminal by using a traditional port scanning tool. And then the inspector uses the common account to remotely log in the power distribution terminal, and checks the system file to detect whether the Root account authority is disabled.
The Chinese patent with the application number of CN201710847088.4 discloses an automatic detection method aiming at MySQL database configuration security, which comprises the steps of firstly obtaining version information of the MySQL database; detecting MySQL user account rights, and prompting security risks if the user is a Root user and a user capable of remotely logging in exists; if the non-administrator user has privileges, the security risk is prompted. After the user account with different authorities logs in, the application checks whether the Root authority or the authority capable of remotely logging in is obtained, but the security of the remote login port is not detected, and meanwhile, whether the system opens the related authority cannot be accurately judged.
The application mainly provides an efficient scheme for Root account remote login forbidden detection of the power distribution terminal, and provides automatic detection and a result, thereby providing a mode for operation and maintenance personnel to easily find out equipment authority management problems. This scheme intuitively detects rights opening by attempting to telnet with a Root account. And then scanning the equipment port to detect the remote connection opening condition of the power distribution terminal. And checking parameters of the system file to give out whether the remote connection of the Root account is open. The found problems are output to operation and maintenance personnel, and can be corrected and managed in time.
Disclosure of Invention
The application mainly provides an efficient scheme for Root account remote login forbidden detection of the power distribution terminal, and provides automatic detection and a result, thereby providing a mode for operation and maintenance personnel to easily find out equipment authority management problems.
In order to achieve the above purpose, the present application provides the following technical solutions:
a power distribution automation terminal Root account remote login permission detection method comprises the following steps:
s1, connecting a terminal carrying a detection tool into a network of a power distribution terminal;
s2, scanning remote connection ports of the power distribution terminal, and detecting the safety of all the remote connection ports;
s3, acquiring an account password of the secure remote connection power distribution terminal, inputting the account password into a detection tool, attempting to remotely log in the power distribution terminal with Root authority, and checking whether the account password is successfully logged in; if the login fails, the account password is regarded as a common account password for subsequent verification;
s4, remotely logging the account password into the power distribution terminal with the common authority, and checking whether the account password is successfully logged in;
s5, checking parameter values of parameters related to remote login in the power distribution terminal system file.
Preferably, in step S2, the manner of detecting the remote connection port of the scanning distribution terminal is as follows: the detection tool respectively sends data packets to all remote connection ports of the power distribution terminal, and checks data returned by the power distribution terminal to detect the opening condition of each remote connection port;
if the risk remote connection port is opened, the detection result is unqualified; if the risk remote connection port is not opened; the output test is qualified.
Preferably, the data packets transmitted are data packets of the TCP protocol or the UDP protocol.
Preferably, the opening condition of each remote connection port is detected by the method that,
and the returned data comprises effective TCP connection or UDP connection in the power distribution terminal system, whether the risk remote connection port is successfully connected is observed, the connection success is that the risk remote connection port is opened, and the risk remote connection port is not opened when the risk remote connection port is not connected.
Preferably, in step S3, when the account password attempts to remotely log in the power distribution terminal with Root authority, a Root login request is sent to the power distribution terminal; if the login is successful, the detection is not qualified.
Preferably, the opening condition of each remote connection port is detected by the method that,
and the detection personnel remotely logs in the power distribution terminal by using the common account, and checks the parameter values of the parameters related to the remote login in the system file of the power distribution terminal.
Preferably, when the parameter value is Yes and is effective, the detection result is failed; and if the parameter value is other values or the parameter is not effective, the detection result is qualified.
Preferably, the path of the system file is/etc/ssh/sshd_config, and the parameter is PermitrootLogin.
Compared with the prior art, the application has the following advantages:
the application provides a method for detecting remote login permission of a Root account of a power distribution automation terminal, which comprises the steps of automatically scanning a device port to detect the security of remote connection of the power distribution terminal, attempting to intuitively detect permission opening by utilizing the remote login of the Root account, and checking parameters of a system file to give out whether the remote connection of the Root account actually obtains permission of the system opening. The user needs to provide Root or ordinary access account of the power distribution terminal, and the subsequent process will automatically detect until the final result is output. The problems that the quantity of equipment and the quantity of ports are too large, the condition of detecting, recording and managing all equipment by operation and maintenance personnel is complex and the workload is huge when the result is analyzed manually at present are solved.
Drawings
FIG. 1 is a flow chart of a power distribution terminal root account telnet disable detection of the present application;
fig. 2 is a schematic diagram of the interaction process of the detection tool and the power distribution terminal in the present application.
Detailed Description
In order to make the purpose and technical solution of the embodiments of the present application more clear, the technical solution of the present application will be clearly and completely described below in connection with the embodiments of the present application.
In the description of the present application, it should be understood that the terms "length," "upper," "lower," "vertical," "horizontal," "top," "bottom," "inner," "outer," and the like indicate orientations or positional relationships based on the orientation or positional relationships shown in the drawings, merely to facilitate description of the present application and simplify the description, and do not indicate or imply that the devices or elements referred to must have a particular orientation, be configured and operated in a particular orientation, and thus should not be construed as limiting the present application.
As shown in fig. 1 and fig. 2, a method for detecting remote login permission of a Root account of a power distribution automation terminal includes the following steps:
s1, connecting a terminal carrying a detection tool into a network of a power distribution terminal, enabling the detection tool to access the power distribution terminal, and performing subsequent detection;
s2, scanning remote connection ports of the power distribution terminal, and detecting the safety of all the remote connection ports;
s3, acquiring an account password of the secure remote connection power distribution terminal, inputting the account password into a detection tool, attempting to remotely log in the power distribution terminal with Root authority, and checking whether the account password is successfully logged in; if the login fails, the account password is regarded as a common account password for subsequent verification;
s4, remotely logging the account password into the power distribution terminal with the common authority, and checking whether the account password is successfully logged in;
s5, checking parameter values of parameters related to remote login in the power distribution terminal system file.
Because several types of remote connections do not encrypt communication at present, and the common account can be easily upgraded after logging in, thereby bypassing the authority management and achieving the effect of Root authority logging in, the remote connections are strictly controlled. Therefore, in step S2, the manner of scanning the remote connection port of the power distribution terminal for detection is as follows: the detection tool respectively sends data packets to all remote connection ports of the power distribution terminal, and checks the data returned by the power distribution terminal to detect the opening condition of each remote connection port;
if the unsafe remote connection port is detected to be opened, the detection result is unqualified; if the remote connection port is not opened; the output test is qualified.
The data packet transmitted is a data packet of a TCP protocol or a UDP protocol. The TCP protocol is a connection-oriented, reliable, byte stream based transport layer communication protocol that requires a connection to be established between the detection tool and the distribution terminal prior to transmission to enable smooth data transmission. TCP and UDP (user datagram protocol) are two of the most commonly used data transmission protocols, and they all use a method of setting a listening port to complete data transmission. And the returned data comprises effective TCP connection or UDP connection in the power distribution terminal system, whether the risk remote connection port is successfully connected is observed, the connection success is that the risk remote connection port is opened, and the risk remote connection port is not opened when the risk remote connection port is not connected.
In step S3, there is uncertainty in the authority account password provided by the operation and maintenance personnel, and there is a possibility that a wrong account password is provided, or whether Root authority exists or not can be logged in. Therefore, when the operation and maintenance personnel provide the account passwords, login with Root authority is attempted, a login request is sent to the power distribution terminal, the state of the account passwords is judged by whether the login is successful, and whether remote login with the Root authority is available is detected most intuitively. There are two possible outcomes to be returned: the login failure caused by the unopened authority, the Root authority is successfully opened and logged in. If the login is successful, the account password provided has Root authority and can be logged in remotely, the detection is failed, and if the login is failed, the account password can be a common account password or a wrong account password, and the next test needs to be continued.
In step S4, after the login with Root authority fails, the subsequent verification is performed by logging in with a normal account. If the login fails, the operation and maintenance personnel provide a wrong account number and password, and the correct account number and password are required to be provided again for detection; if the login is successful, the account password is the correct common account password, and the system file is further referred.
The method for checking the system file comprises the following steps: the detecting personnel remotely logs in the power distribution terminal by using a common account, checks the parameter value of the parameter related to the remote login in the system file of the power distribution terminal, and confirms whether the remote login with Root authority is possible from the returned data.
Preferably, when the parameter value is Yes and is effective, the terminal is allowed to log in remotely with Root authority, and the detection result is unqualified; and if the parameter value is other values or the parameter is not effective, the terminal prohibits remote login with Root authority, and the detection result is qualified.
Preferably, the path of the system file is/etc/ssh/sshd_config, and the parameter is PermitrootLogin.
The above embodiments are only for illustrating the technical solution of the present application and not for limiting the same, and although the present application has been described in detail with reference to examples, it should be understood by those skilled in the art that modifications and equivalents may be made thereto without departing from the spirit and scope of the technical solution of the present application, which is intended to be covered by the scope of the claims of the present application.
Claims (5)
1. The method for detecting the remote login permission of the Root account of the power distribution automation terminal is characterized by comprising the following steps of:
s1, connecting a terminal carrying a detection tool into a network of a power distribution terminal;
s2, scanning remote connection ports of the power distribution terminal, and detecting the safety of all the remote connection ports; the detection mode of the remote connection port of the scanning power distribution terminal is as follows: the detection tool respectively sends data packets to all remote connection ports of the power distribution terminal, and checks data returned by the power distribution terminal to detect the opening condition of each remote connection port;
if the risk remote connection port is opened, the detection result is unqualified; if the risk remote connection port is not opened; then the output detection is qualified; the data packet sent is a data packet of TCP protocol or UDP protocol;
s3, acquiring an account password of the secure remote connection power distribution terminal, inputting the account password into a detection tool, attempting to remotely log in the power distribution terminal with Root authority, and checking whether the account password is successfully logged in; if the login fails, the account password is regarded as a common account password for subsequent verification; when the account password tries to remotely log in the power distribution terminal with Root authority, a Root login request is sent to the power distribution terminal; if the login is successful, detecting failure;
s4, remotely logging the account password into the power distribution terminal with the common authority, and checking whether the account password is successfully logged in;
s5, checking parameter values of parameters related to remote login in the power distribution terminal system file.
2. The method for detecting the remote login permission of the Root account of the power distribution automation terminal according to claim 1, wherein the method comprises the following steps of: the way to detect the opening of each remote connection port is,
and the returned data comprises effective TCP connection or UDP connection in the power distribution terminal system, whether the risk remote connection port is successfully connected is observed, the connection success is that the risk remote connection port is opened, and the risk remote connection port is not opened when the risk remote connection port is not connected.
3. The method for detecting the remote login permission of the Root account of the power distribution automation terminal according to claim 1, wherein the method comprises the following steps of: in step S4, the method for checking the system file includes:
and the detection personnel remotely logs in the power distribution terminal by using the common account, and checks the parameter values of the parameters related to the remote login in the system file of the power distribution terminal.
4. A method for detecting remote login permission of a Root account of a power distribution automation terminal according to claim 3, wherein the method comprises the following steps: when the parameter value is Yes and is effective, the detection result is unqualified; and if the parameter value is other values or the parameter is not effective, the detection result is qualified.
5. A method for detecting remote login permission of a Root account of a power distribution automation terminal according to claim 3, wherein the method comprises the following steps: the path of the system file is/etc/ssh/sshd_config, and the parameter is PermitrootLogin.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111315199.3A CN114338072B (en) | 2021-11-08 | 2021-11-08 | Remote login permission detection method for Root account of power distribution automation terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111315199.3A CN114338072B (en) | 2021-11-08 | 2021-11-08 | Remote login permission detection method for Root account of power distribution automation terminal |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114338072A CN114338072A (en) | 2022-04-12 |
| CN114338072B true CN114338072B (en) | 2023-09-22 |
Family
ID=81045407
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111315199.3A Active CN114338072B (en) | 2021-11-08 | 2021-11-08 | Remote login permission detection method for Root account of power distribution automation terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114338072B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105703925A (en) * | 2014-11-25 | 2016-06-22 | 上海天脉聚源文化传媒有限公司 | Security reinforcement method and system for Linux system |
| CN107590253A (en) * | 2017-09-19 | 2018-01-16 | 郑州云海信息技术有限公司 | A kind of automated detection method for MySQL database configuration security |
| CN111049817A (en) * | 2019-12-05 | 2020-04-21 | 紫光云(南京)数字技术有限公司 | Automatic deployment method for improving remote login security of elastic cloud host |
| CN111628973A (en) * | 2020-05-09 | 2020-09-04 | 深信服科技股份有限公司 | Remote login control method and device, computer equipment and storage medium |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103745160B (en) * | 2013-12-25 | 2018-03-27 | 北京奇虎科技有限公司 | Supervisor password management method and device on intelligent mobile terminal |
| IL243426A0 (en) * | 2015-12-31 | 2016-04-21 | Asaf Shabtai | Platform for protecting small and medium enterprises from cyber security threats |
-
2021
- 2021-11-08 CN CN202111315199.3A patent/CN114338072B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105703925A (en) * | 2014-11-25 | 2016-06-22 | 上海天脉聚源文化传媒有限公司 | Security reinforcement method and system for Linux system |
| CN107590253A (en) * | 2017-09-19 | 2018-01-16 | 郑州云海信息技术有限公司 | A kind of automated detection method for MySQL database configuration security |
| CN111049817A (en) * | 2019-12-05 | 2020-04-21 | 紫光云(南京)数字技术有限公司 | Automatic deployment method for improving remote login security of elastic cloud host |
| CN111628973A (en) * | 2020-05-09 | 2020-09-04 | 深信服科技股份有限公司 | Remote login control method and device, computer equipment and storage medium |
Non-Patent Citations (2)
| Title |
|---|
| 丁琳 ; .电力系统网络中UDP端口的攻击与防护.网络安全技术与应用.2020,(10),全文. * |
| 唐芸 ; 周学君 ; .网络扫描技术与安全防御策略研究.计算机与数字工程.2008,(04),全文. * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114338072A (en) | 2022-04-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11595396B2 (en) | Enhanced smart process control switch port lockdown | |
| CN108965215B (en) | Dynamic security method and system for multi-fusion linkage response | |
| US11652809B2 (en) | System and method for securely changing network configuration settings to multiplexers in an industrial control system | |
| RU2523927C2 (en) | Checking configuration modification for ied | |
| CN114598540B (en) | Access control system, method, device and storage medium | |
| CN111917714B (en) | Zero trust architecture system and use method thereof | |
| WO2018157247A1 (en) | System and method for securing communications with remote security devices | |
| US9608973B2 (en) | Security management system including multiple relay servers and security management method | |
| CN111277607A (en) | Communication tunnel module, application monitoring module and mobile terminal security access system | |
| EP3275157B1 (en) | Bi-directional data security for supervisor control and data acquisition networks | |
| CN115150208A (en) | Zero-trust-based Internet of things terminal secure access method and system | |
| Erdődi et al. | Attacking power grid substations: An experiment demonstrating how to attack the scada protocol iec 60870-5-104 | |
| CN114338072B (en) | Remote login permission detection method for Root account of power distribution automation terminal | |
| CN105897711A (en) | System for isolating industrial control system and management network | |
| CN115174262A (en) | Method and device for safely accessing internal network and electronic equipment | |
| CN105763518A (en) | B/S architecture-based remote data encryption method | |
| CN116318873B (en) | Remote security terminal management method and system for hardware equipment of Internet of things | |
| Persman et al. | Security analysis of a smartlock | |
| KR102160453B1 (en) | Protection system and method of electric power systems | |
| Євсєєв et al. | Researching Cyberattacks Methods in Industrial Internet of Things | |
| Yoo et al. | An Empirical Study on the Vulnerability of the Modbus Protocol Suitable for the SMEs Manufacturing Enterprises in Korea | |
| Sindhwad et al. | Security Challenges in Cyber Physical System Communication Protocols: Empirical Analysis Based on Disclosed Vulnerabilities | |
| CN117395241A (en) | System and method for safely and remotely debugging machine | |
| CN114244589A (en) | Intelligent firewall and method based on AAA authentication and authorization information | |
| Merry et al. | Survivable Systems Analysis of the North American Power Grid Communications Infrastructure. |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |