CN101056198A - An information security management platform - Google Patents
An information security management platform Download PDFInfo
- Publication number
- CN101056198A CN101056198A CN 200610074445 CN200610074445A CN101056198A CN 101056198 A CN101056198 A CN 101056198A CN 200610074445 CN200610074445 CN 200610074445 CN 200610074445 A CN200610074445 A CN 200610074445A CN 101056198 A CN101056198 A CN 101056198A
- Authority
- CN
- China
- Prior art keywords
- security
- safety
- management
- information
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Alarm Systems (AREA)
Abstract
The invention discloses an information safety management platform, which includes: safety base domain, for monitoring the network safety status, generating and sending the safety report to the safety management domain; safety management domain, for receiving the safety report from the safety base domain, and extract the safety information from the safety information domain, according to the analysis for the safety report received from the relevant safety information, acquire the network safety alarm and network safety configuration suggestions; the safety information domain, used for saving the safety information and output to the safety management domain. The invention may realize the automatic management of dynamic network information safety.
Description
Technical field
The present invention relates to information security technology, particularly a kind of information security management platform.
Background technology
Along with the development of information technology, information security issue is also serious day by day, so technology such as information security and network security have become the hot technology of present research and development.There are two category information safe practices in industry, associated reaction system (CRS, Correlative Reacting System) and security management center (SOC, Security Operation Centre) substantially at present.The realization principle of these two kinds of information security technologies is summarized as follows:
One, CRS is primarily aimed at the Access Layer of communication network, be used for user's access and visit are managed and control, carry out linkage analysis and operation by a plurality of interlock nodes in the CRS and/or a plurality of CRS subsystem, access and accessing operation to the user are implemented safety discriminating and control, thereby guarantee the information security of network at Access Layer.But the shortcoming of this technology is and can't directly protects the network core management level.
Two, SOC carries out association analysis by network management system to network safety event and relevant information to obtain safety message at network management system.The SOC technology also stops on the automanual network security model, it that is to say: though can realize the collection and the association analysis of network safety event, and provide the correlation analysis result to the network management personnel, but can not further provide concrete network security configuration suggestion (such as the version number of suggesting system for wearing upgrading, equipment configuration parameter etc.), more can not in certain allowed band, upgrade the configuration of Network Security Device automatically, thereby can't realize the automated network safety management.Therefore, the operation of SOC also needs a large amount of workflows and artificial supervision to cooperate.
Under this background, key foundation based on information security, the communications industry has proposed the theory of network security operation and management platform that can compatible existing network infrastructure, this platform information security management platform (ISMP, Information Security Management Platform) that is otherwise known as.Described information security management platform is used for information such as network safety event, network security alarm or security knowledge are carried out association analysis, to realize to each riskless asset of network (Security Asset, or claim Security Product) carry out united and coordinating and management, or be the network management system safety measure suggestion of submitting necessary information.
Though, technology and standard at the information security and the network information security is existing a lot of both at home and abroad at present, but these standards all are the overviews of carrying out at information security, abstract and obscure, and do not propose specific embodiment and architecture design, yet do not have relevant patent both at home and abroad at communications network security operation and information security management platform framework.Current communication network as the IT industry core develops towards directions such as many net fusions, terminal equipment intellectuality, network configuration IPization, professional guiding, but information security issue and the influence that causes thereof simultaneously also add at faster speed huge, security threat spreads to network core from user and end side gradually, thinks that originally safe network core management system is faced with huge safe pressure just gradually.Therefore press for one can the integration networks secure resources safe operation and information of managing safety management platform so that communication network can utilize existing safety means lifting network safety prevention and pre-alerting ability on the basis of this platform.
Summary of the invention
In view of this, main purpose of the present invention is to provide a kind of information security management platform, can realize dynamic network information security management.
For achieving the above object, technical scheme of the present invention is achieved in that
The invention discloses a kind of information security management platform, this platform comprises:
The foundation for security territory is used for the safe condition of monitor network, produces also to send safety message to safety management domain;
Safety management domain is used for receiving safety message from the foundation for security territory, extracts security information from safety information domain, according to this security information the safety message that receives is analyzed and is produced network security alarm and corresponding security configuration suggestion;
Safety information domain is used to preserve security information and exports described safety management domain to.
Wherein, described foundation for security territory comprises: with safety management, monitoring, riskless asset that protection is relevant.
Wherein, described riskless asset comprises: any one in host operating system, traffic monitoring equipment, viral checkout equipment, intrusion detection device and the fire compartment wall or combination in any.
Wherein, described network security alarm and the suggestion of corresponding security configuration comprise: security incident, security alarm, network security Asset Allocation scheme and Managed Solution that security incident may take place; Described security information comprises: security notice, security knowledge and security strategy; Described safety management domain comprises:
The security incident management entity, be used for from safety information domain query safe notice, security knowledge and security strategy, periodically receive various safety messages from the foundation for security territory, and all the safety message analyses from the foundation for security territory are obtained taking place the security incident of security incident and report to the safety risk management entity;
The safety risk management entity, be used for from safety information domain query safe notice, security knowledge and security strategy, receive the security alarm that security audit produces from the foundation for security territory, receive the security incident report that security incident may take place from the security incident management entity, according to security information the security risk of network is analyzed, produced network security risk report or security alarm to control centre from safety information domain;
Control centre is used for safety information domain and safety management domain are controlled and managed, and directly or indirectly security control and management is carried out in the foundation for security territory; Receive network security risk report or security alarm from the safety risk management entity, and according to the security configuration scheme and the safety management measure that produce the network security assets from the corresponding security strategy of safety information domain; Directly carry out the security configuration scheme and the safety management measure of the network security assets that produced, perhaps the security configuration scheme with these network security assets is submitted to the external network management system that self is connected with the safety management measure, is carried out the security configuration scheme and the safety management measure of these network security assets by this network management system.
Wherein, described safety risk management entity is further used for according to default audit strategy the security incident and the artificial safety behavior of initiating that are obtained being audited, and judges whether to carry out security alarm according to auditing result.
Wherein, described safety message comprises: security incident report and/or device security status report.
Wherein, any one in described security incident management entity, safety risk management entity and the control centre or combination in any are implemented among the same physical entity;
In the time of when described security incident management entity, safety risk management entity and among control centre is implemented in different physical entities respectively, described security incident management entity is the security incident management server, described safety risk management entity is the safety risk management server, and described control centre is the security control center server.
Wherein, described security information comprises: security notice, security strategy and security knowledge; Described safety information domain comprises:
The security notice entity is used to preserve security notice and exports described safety management domain to;
The security strategy entity is used to preserve security strategy and exports described safety management domain to;
The security knowledge entity is used to preserve security knowledge and exports described safety management domain to.
Wherein, described security notice entity is further used for from the new security notice of outside reception; Described security knowledge entity is further used for receiving new security knowledge from described safety management domain.
Wherein, described security notice entity is the security notice database, and described security strategy entity is a Security Policy Database, and described security knowledge entity is the security knowledge database.
Therefore, information security management platform provided by the present invention can be realized the information security management of dynamic flexible, for network provides the safety measure suggestion, and can provide concrete security configuration suggestion, and then the information security of network realization automation is reshuffled.The present invention provides the basic security capabilities that can carry out security event associative analysis for communication network, make telecommunication management network have the ability of safety product being carried out the united and coordinating configuration, can carry out the asset risk assessment and the degree of risk ordering is provided for telecommunications network, thereby realize the management of automated network safe task, make the further electronization of half dynamic flow, the high efficiency of original information security management.
Description of drawings
Fig. 1 is the logical construction schematic diagram of platform General layout Plan of the present invention;
Fig. 2 is the General layout Plan based on Fig. 1, and structural representation is formed in platform one preferred embodiment of the present invention.
Embodiment
The present invention is further described in more detail below in conjunction with drawings and the specific embodiments.
The invention discloses a kind of information security management platform, this platform mainly comprises three levels: foundation for security territory, safety management domain and safety information domain.Below the basic function in these three territories is described.
One, foundation for security territory
The foundation for security territory is as the security information supporting layer of the platform bottom of the present invention, the safe condition that is used for real-time monitor network, for the safety management domain in the platform of the present invention provides various safety messages, this safety message comprises: security incident report and device security status report.Wherein this foundation for security territory is made of various riskless assets, comprise: various safety means, operating system and client secure agent software that safety message can be provided are (here, for equipment that safety message can not initiatively be provided or host computer system the submission that this type of client secure agent software is realized safety message can be installed), be present in audit and alarm module in all systems simultaneously in addition.So-called security incident refers to safety means or the various safety behaviors that system produced, such as: incidents such as poisoning intrusion, system's operation exception, login management system are arranged.
Two, safety management domain
Safety management domain, be used for receiving safety messages such as various safe packets and security incident from above-mentioned foundation for security territory, receive security information from safety information domain, with reference to this security information safety message is carried out security incident management (Security Events Management), safety risk management (Security RiskManagement), produce network security alarm and corresponding security configuration suggestion.Network security alarm that is produced and corresponding security configuration suggestion can comprise: security incident, security alarm, network security Asset Allocation scheme and Managed Solution that security incident may take place; Described security information comprises: security notice, security knowledge and security strategy.The network security configuration that safety management domain can directly implement to be produced is advised or is advised for the external network management system provides the network security configuration.
So-called security incident management mainly be by gather, filter, converge, means such as association analysis are to fully analyzing from all security incidents of writing down in the safety message of foundation for security territory, and the security incident of security incident (Security Accident) wherein may take place in examination, and seriousness is carried out in security incident sort, make network can preferentially know and handle the higher security incident of seriousness rank.
So-called security risk assessment and management are the Core Features of safety management domain of the present invention, can carry out global analysis to each link existence of network or the security risk (comprising: equipment labile state, operating system OS leak, virus infections state, human operational error or malicious sabotage etc.) that produces, thereby produce targetedly the network security allocation plan or issue improved safety management flow process and measure, to realize the information security management target of network from the network architecture and O﹠M flow process.The security alarm that send for the report and the system audit mechanism of the submission of security incident management entity in security risk assessment and information of managing source.
So-called security audit and alarm be exactly according to certain audit strategy to the security incident that produces by safety means and artificial safety behavior of initiating (such as: keeper to system carry out the security attribute configuration operation, for the operating system patch installing, upgrade security strategy etc.) audit, and judge whether to carry out security alarm according to auditing result.
Three, safety information domain
Safety information domain, be used to preserve the security information that safety management domain need be inquired about, security information is meant data information and the security strategy that is used to support safety management, and safety management domain will be to the obtaining of these information, store, upgrade, unified management and standard are carried out in use, issue etc.This safety information domain can be made of one or more databases that are used to preserve security information.
So-called security information mainly is divided three classes: security notice (Security Notification), security strategy (Security Policy) and security knowledge (Security Knowledge).Wherein, security notice is meant various and the information security dependent instruction and the announcement that will issue to network, comprising: administrative instruction, internet worm early warning report, operating system leak and patch notice; Security knowledge is meant some empirical datas that accumulate in the information security management process, comprising: security attack history, threat, system vulnerability, virus etc., and this knowledge should possess certain accumulation before system start-up; Security strategy is exactly information such as the rule of carrying out safety management time institute foundation, evaluation criterion.
Above-mentioned security information need set in advance in each database in safety information domain, also can bring in constant renewal in the security information of preserving in the database after information security management platform of the present invention moves.At this moment, safety information domain is wanted externally to provide the operation-interface of the renewal with strict access control requirement simultaneously, is used for from the outside or safety management domain receives new security information to upgrade existing security information.
Described in detail below in conjunction with the specific implementation principle of accompanying drawing platform of the present invention.
Fig. 1 is the logical construction schematic diagram of platform General layout Plan of the present invention.As shown in Figure 1, this platform comprises: safety information domain, safety management domain and foundation for security territory.Wherein, safety information domain can comprise: security notice entity, security knowledge entity and security strategy entity; Safety management domain can comprise: security incident management entity, safety risk management entity and control centre; The foundation for security territory then can be by constituting with safety management, monitoring, riskless asset that protection is relevant.
In the foundation for security territory, riskless asset is used for the safe condition of monitor network, generates various safety messages, and is sent to safety management domain.Described safety message comprises: security incident report and/or device security status report.Described riskless asset comprises: any one in host operating system, traffic monitoring equipment, viral checkout equipment, intrusion detection device and the fire compartment wall etc. or combination in any.
In safety management domain, security incident management entity and safety risk management entity are used for receiving various safety messages from the riskless asset in foundation for security territory, obtain security information such as security notice, security knowledge and security strategy from safety information domain, and with reference to security information the safety message that receives is carried out security incident management and safety risk management processing respectively.
Wherein, the security incident management entity mainly be responsible for to various security incidents collect, screening, association analysis, statistical analysis etc., coprocessor among the similar PC, be responsible for the safety risk management entity SAR and case data are provided, directly accept the management and the control of control centre simultaneously.This security incident management entity is used for reference to security information fully analyzing from the safety message in foundation for security territory, and the security incident of security incident wherein may take place in examination, and security incident carried out seriousness ordering and by control centre's informing network, make network can preferentially know and handle the higher security incident of seriousness rank.
The safety risk management entity is used to carry out work such as risk assessment, risk record, risk alarm, coprocessor among the also similar PC, it mainly receives the following control command that passes of report and control centre that audit is alarmed, the security incident management entity is uploaded, by collection and arrangement to preceding two class data, and with reference to security information from safety information domain, carry out risk assessment according to assessment models, do not operate or report to the police or upgrade security knowledge base to control centre according to the significance level of assessment result.
Control centre (Control Centre), the riskless asset and the safety information domain in territory, attachment security basis, attachment security incident management entity and safety risk management entity, master station as whole information security management platform is used for the various processing of safety management domain security incident management entity and safety risk management entity are totally controlled, provide interactive interface to the administrator, main responsible all server and performance of database and operational managements, and the configuration and the renewal of the safety means relevant with this platform, the access control when responsible information security management platform and external system are mutual.This control centre is according to the network risks report or the warning that obtain from the safety risk management entity, according to related security policies, Automatic Combined goes out the security configuration scheme or the improved safety management flow process/measure of network security assets targetedly, directly carries out the security configuration scheme of these assets or improved safety management flow process/measure or the security configuration scheme by issuing these assets to network management system (nms) or improved safety management flow process/measure with management and the control of indirect realization to network security.
Here, described security incident management entity, be used for from safety information domain query safe notice, security knowledge and security strategy, periodically receive various safety messages from the foundation for security territory, and all the safety message analyses from the foundation for security territory are obtained taking place the security incident of security incident and report to the safety risk management entity; Described safety risk management entity, be used for from safety information domain query safe notice, security knowledge and security strategy, receive the security alarm that security audit produces from the foundation for security territory, receive the security incident report that security incident may take place from the security incident management entity, according to security information the security risk of network is analyzed, produced network security risk report or security alarm to control centre from safety information domain; Described control centre is used for safety information domain and safety management domain are controlled and managed, and directly or indirectly security control and management is carried out in the foundation for security territory; Receive network security risk report or security alarm from the safety risk management entity, and according to the security configuration scheme and the safety management measure that produce the network security assets from the corresponding security strategy of safety information domain; Directly carry out the security configuration scheme and the safety management measure of the network security assets that produced, perhaps the security configuration scheme with these network security assets is submitted to the external network management system that self is connected with the safety management measure, is carried out the security configuration scheme and the safety management measure of these network security assets by this network management system.This safety risk management entity also can be further used for according to default audit strategy the security incident and the artificial safety behavior of initiating that are obtained being audited, and judges whether to carry out security alarm according to auditing result.
Wherein, three kinds of entities in the safety management domain are three separate in logic entities, and physically, any one in these three kinds of entities or combination in any can be implemented among the physical entity, and the present invention does not limit this.
In safety information domain, security notice entity, security knowledge entity and security strategy entity are respectively applied for preserves security notice, security knowledge and security strategy, and the inquiry of each entity in the reception safety management domain, export security notice, security knowledge and the security strategy of self preserving respectively to the entity of safety management domain.Here, security notice entity, security knowledge entity and security strategy entity can be embodied as three separate databases physically.
Fig. 2 is the General layout Plan based on Fig. 1, and structural representation is formed in platform one preferred embodiment of the present invention.In the present embodiment, as shown in Figure 2, the composition structure of this platform is as described below:
In the foundation for security territory, riskless asset is made of multiple safety means and client secure agent software, comprising: traffic monitoring equipment, viral checkout equipment, intrusion detection device, operating system equipment and fire compartment wall or the like.Riskless assets such as traffic monitoring equipment shown in Figure 2, viral checkout equipment, intrusion detection device, operating system equipment and fire compartment wall are reported security incident management server and safety risk management server to the safety management domain by the territory passage between foundation for security territory and the safety management domain with self monitoring security incident, safe condition and security audit result respectively.
Here, riskless asset of the present invention refers to that all can provide equipment, operating system and the client secure agent software of network safe state information in the network, be not limited to this several equipment and software shown in Figure 2, everyly can provide the physics of network safe state information or the category that logic entity all belongs to riskless asset of the present invention.
In safety information domain, Security Policy Database, security knowledge database and security notice database are respectively applied for preserves corresponding security strategy, security knowledge and security notice separately, and accept the query requests of each entity in the safety management domain, respectively by territory passage output safety strategy, security knowledge and security notice between safety information domain and the safety management domain to safety management domain.
Wherein, the security strategy in the Security Policy Database will be pre-configured in this database; Further, after platform operation of the present invention, can upgrade this Security Policy Database by manual mode.The various security knowledges of preserving in the security knowledge database also will be configured in advance; Further, after platform operation of the present invention, mode that can be manual is upgraded this security knowledge database, also can upgrade this security knowledge database by security incident management server and safety risk management server, belong to Virus such as: security incident management server detecting certain program, the information of this Virus can be added this security knowledge database, perhaps because certain security attack before finds that subordinate's safety product (or operating system) back door occurs or finds new defective, then can charge to knowledge base with this information.Security notice in the security notice database is pre-configured in this database; Further, after platform operation of the present invention, upgrading in time of security notice information such as this security notice database energy accomplished in various ways network security announcement information, patch and virus base, such as: mode that can be manual is upgraded this security notice database, yet can connect outside Internet or other proprietary networks, therefrom obtain new security notice information by the security control center server.
In safety management domain, security incident management entity, safety risk management entity and among control centre is implemented in different physical entities respectively are respectively security incident management server, safety risk management server and security control center server.Between this three, solid lines represent data stream connects, and on behalf of control flows, dotted line connect.
Wherein, for the data flow of solid line is connected, be used for to take place alternately security incident and the network security allocation plan and the improved safety management flow process/measure of security incident between security incident management server and the safety risk management server.Security incident management server and safety risk management server also are connected from safety information domain with the data flow of solid line by the territory passage between safety management domain and the safety information domain respectively and extract security information, for own reference.Security incident management server and safety risk management server also are connected from the foundation for security territory with the data flow of solid line by the territory passage between safety management domain and the foundation for security territory respectively and receive safety message.The control flows that has dotted line between security control center server and security incident management server, safety risk management server and safety information domain and the foundation for security territory is connected, be used for control and Administrative Security incident management server, safety risk management server and safety information domain, and where necessary safety means relevant with this platform in the network be configured and upgrade.This security control center server also can further be connected with the network management system of outside, so that network management system can in time take countermeasure to guarantee the network information security according to the various information that receive.
Here, security incident management server and safety risk management server have multiple from the mode of safety information domain extraction security information: can download security strategy, security knowledge and security notice to this locality from Security Policy Database, security knowledge database, security notice database when initialization; Also can be in running according to managerial demand from Security Policy Database, security knowledge database, security notice data base querying corresponding security strategy, security knowledge and security notice; Perhaps, at first when initialization, download security strategy, security knowledge and security notice to this locality from Security Policy Database, security knowledge database, security notice database, and in running according to managerial demand from Security Policy Database, security knowledge database, security notice database security strategy, security knowledge and the security notice of down loading updating this locality at any time.
In sum, information security management platform proposed by the invention can be realized dynamically, the flexible net information security management, this programme can provide the basic security capabilities that can carry out security event associative analysis for communication network, make telecommunication management network have the ability that to carry out the united and coordinating configuration to safety product, can carry out the asset risk assessment and the degree of risk ordering is provided for telecommunications network, the management of automated network safe task be can realize, original half dynamic information security management flow process electronization, high efficiency more made.In addition, the present invention program also provides the update mechanism of security information, thereby the safety analysis ability of this platform can constantly be promoted by demand.The present invention proposes a kind of brand-new information security management framework, this framework can provide good basis for the automatic management that realizes the network information security.
The above is preferred embodiment of the present invention only, is not to be used to limit protection scope of the present invention.All any modifications of being done within the spirit and principles in the present invention, be equal to replacement, improvement etc., all be included in protection scope of the present invention.
Claims (10)
1, a kind of information security management platform is characterized in that, this platform comprises:
The foundation for security territory is used for the safe condition of monitor network, produces also to send safety message to safety management domain;
Safety management domain is used for receiving safety message from the foundation for security territory, extracts security information from safety information domain, according to this security information the safety message that receives is analyzed and is produced network security alarm and corresponding security configuration suggestion;
Safety information domain is used to preserve security information and exports described safety management domain to.
2, platform according to claim 1 is characterized in that, described foundation for security territory comprises: with safety management, monitoring, riskless asset that protection is relevant.
3, platform according to claim 2 is characterized in that, described riskless asset comprises:
In host operating system, traffic monitoring equipment, viral checkout equipment, intrusion detection device and the fire compartment wall any one or combination in any.
4, platform according to claim 1 is characterized in that, described network security alarm and the suggestion of corresponding security configuration comprise: security incident, security alarm, network security Asset Allocation scheme and Managed Solution that security incident may take place; Described security information comprises: security notice, security knowledge and security strategy;
Described safety management domain comprises:
The security incident management entity, be used for from safety information domain query safe notice, security knowledge and security strategy, periodically receive various safety messages from the foundation for security territory, and all the safety message analyses from the foundation for security territory are obtained taking place the security incident of security incident and report to the safety risk management entity;
The safety risk management entity, be used for from safety information domain query safe notice, security knowledge and security strategy, receive the security alarm that security audit produces from the foundation for security territory, receive the security incident report that security incident may take place from the security incident management entity, according to security information the security risk of network is analyzed, produced network security risk report or security alarm to control centre from safety information domain;
Control centre is used for safety information domain and safety management domain are controlled and managed, and directly or indirectly security control and management is carried out in the foundation for security territory; Receive network security risk report or security alarm from the safety risk management entity, and according to the security configuration scheme and the safety management measure that produce the network security assets from the corresponding security strategy of safety information domain; Directly carry out the security configuration scheme and the safety management measure of the network security assets that produced, perhaps the security configuration scheme with these network security assets is submitted to the external network management system that self is connected with the safety management measure, is carried out the security configuration scheme and the safety management measure of these network security assets by this network management system.
5, platform according to claim 4, it is characterized in that, described safety risk management entity is further used for according to default audit strategy the security incident and the artificial safety behavior of initiating that are obtained being audited, and judges whether to carry out security alarm according to auditing result.
6, platform according to claim 4 is characterized in that, described safety message comprises: security incident report and/or device security status report.
According to each described platform of claim 4 to 6, it is characterized in that 7, any one in described security incident management entity, safety risk management entity and the control centre or combination in any are implemented among the same physical entity;
In the time of when described security incident management entity, safety risk management entity and among control centre is implemented in different physical entities respectively, described security incident management entity is the security incident management server, described safety risk management entity is the safety risk management server, and described control centre is the security control center server.
8, platform according to claim 1 is characterized in that, described security information comprises: security notice, security strategy and security knowledge; Described safety information domain comprises:
The security notice entity is used to preserve security notice and exports described safety management domain to;
The security strategy entity is used to preserve security strategy and exports described safety management domain to;
The security knowledge entity is used to preserve security knowledge and exports described safety management domain to.
9, platform according to claim 8 is characterized in that, described security notice entity is further used for from the new security notice of outside reception; Described security knowledge entity is further used for receiving new security knowledge from described safety management domain.
10, according to Claim 8 or 9 described platforms, it is characterized in that described security notice entity is the security notice database, described security strategy entity is a Security Policy Database, and described security knowledge entity is the security knowledge database.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CNB200610074445XA CN100550768C (en) | 2006-04-10 | 2006-04-10 | A kind of information security management platform |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CNB200610074445XA CN100550768C (en) | 2006-04-10 | 2006-04-10 | A kind of information security management platform |
Publications (2)
Publication Number | Publication Date |
---|---|
CN101056198A true CN101056198A (en) | 2007-10-17 |
CN100550768C CN100550768C (en) | 2009-10-14 |
Family
ID=38795825
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CNB200610074445XA Expired - Fee Related CN100550768C (en) | 2006-04-10 | 2006-04-10 | A kind of information security management platform |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN100550768C (en) |
Cited By (19)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2009056022A1 (en) * | 2007-10-31 | 2009-05-07 | Huawei Technologies Co., Ltd. | Method, apparatus and system for obtaining network security state |
CN101789948A (en) * | 2010-02-21 | 2010-07-28 | 浪潮通信信息系统有限公司 | Hierarchical type mobile internet security monitoring and protecting system |
CN101916341A (en) * | 2010-07-23 | 2010-12-15 | 中兴通讯股份有限公司 | Method and system for safely executing RSS (Really Simple Syndication) service |
CN101335655B (en) * | 2008-04-23 | 2011-02-09 | 成都市华为赛门铁克科技有限公司 | Safety information communicating method, device and system |
CN102025725A (en) * | 2010-11-22 | 2011-04-20 | 中兴通讯股份有限公司 | Safety system of telecommunication service environment and realizing method thereof |
CN101582883B (en) * | 2009-06-26 | 2012-05-09 | 西安电子科技大学 | General network safety management system and management method thereof |
CN102916836A (en) * | 2012-10-18 | 2013-02-06 | 北京奇虎科技有限公司 | Method and system for carrying out safety monitoring on monitored terminals |
CN103067395A (en) * | 2012-12-31 | 2013-04-24 | 苏州山石网络有限公司 | Method and device for diagnosing network firewall |
CN101714990B (en) * | 2009-10-30 | 2013-06-05 | 清华大学 | Network security safeguarding integrated system and control method thereof |
CN103875222A (en) * | 2011-09-15 | 2014-06-18 | 迈可菲公司 | System and method for real-time customized threat protection |
CN103916376A (en) * | 2013-01-09 | 2014-07-09 | 台达电子工业股份有限公司 | Cloud system with attract defending mechanism and defending method thereof |
CN104767757A (en) * | 2015-04-17 | 2015-07-08 | 国家电网公司 | Multiple-dimension security monitoring method and system based on WEB services |
CN105763574A (en) * | 2016-05-13 | 2016-07-13 | 北京洋浦伟业科技发展有限公司 | Firewall system based on big data analysis |
CN107248936A (en) * | 2017-06-19 | 2017-10-13 | 深圳市盛路物联通讯技术有限公司 | A kind of method and forward node by adjacent node control terminal device upgrade |
CN107431716A (en) * | 2015-02-06 | 2017-12-01 | 霍尼韦尔国际公司 | For generating the notification subsystem of notice merge, filtered and based on associated safety risk |
CN108449345A (en) * | 2018-03-22 | 2018-08-24 | 深信服科技股份有限公司 | A kind of networked asset continues method for safety monitoring, system, equipment and storage medium |
CN108875016A (en) * | 2018-06-20 | 2018-11-23 | 上海百林通信网络科技服务股份有限公司 | A kind of sample technology of sharing and evaluation method based on face recognition application |
CN114553500A (en) * | 2022-01-28 | 2022-05-27 | 新华三信息安全技术有限公司 | Safety operation management method, device, equipment and machine readable storage medium |
WO2024198691A1 (en) * | 2023-03-27 | 2024-10-03 | 华为云计算技术有限公司 | Method for application program interface security management and api management platform |
-
2006
- 2006-04-10 CN CNB200610074445XA patent/CN100550768C/en not_active Expired - Fee Related
Cited By (26)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2009056022A1 (en) * | 2007-10-31 | 2009-05-07 | Huawei Technologies Co., Ltd. | Method, apparatus and system for obtaining network security state |
CN101425920B (en) * | 2007-10-31 | 2011-02-16 | 华为技术有限公司 | Network security status acquiring method, apparatus and system |
CN101335655B (en) * | 2008-04-23 | 2011-02-09 | 成都市华为赛门铁克科技有限公司 | Safety information communicating method, device and system |
CN101582883B (en) * | 2009-06-26 | 2012-05-09 | 西安电子科技大学 | General network safety management system and management method thereof |
CN101714990B (en) * | 2009-10-30 | 2013-06-05 | 清华大学 | Network security safeguarding integrated system and control method thereof |
CN101789948B (en) * | 2010-02-21 | 2013-03-20 | 浪潮通信信息系统有限公司 | Hierarchical type mobile internet security monitoring and protecting system |
CN101789948A (en) * | 2010-02-21 | 2010-07-28 | 浪潮通信信息系统有限公司 | Hierarchical type mobile internet security monitoring and protecting system |
CN101916341A (en) * | 2010-07-23 | 2010-12-15 | 中兴通讯股份有限公司 | Method and system for safely executing RSS (Really Simple Syndication) service |
CN102025725A (en) * | 2010-11-22 | 2011-04-20 | 中兴通讯股份有限公司 | Safety system of telecommunication service environment and realizing method thereof |
CN102025725B (en) * | 2010-11-22 | 2016-12-07 | 北京百卓网络技术有限公司 | Safety system of telecommunication service environment and its implementation |
CN103875222A (en) * | 2011-09-15 | 2014-06-18 | 迈可菲公司 | System and method for real-time customized threat protection |
CN102916836A (en) * | 2012-10-18 | 2013-02-06 | 北京奇虎科技有限公司 | Method and system for carrying out safety monitoring on monitored terminals |
CN102916836B (en) * | 2012-10-18 | 2015-11-25 | 北京奇虎科技有限公司 | A kind of method and system monitored terminal being carried out to security monitoring |
CN103067395B (en) * | 2012-12-31 | 2016-03-30 | 山石网科通信技术有限公司 | The method of diagnostic network fire compartment wall and device |
CN103067395A (en) * | 2012-12-31 | 2013-04-24 | 苏州山石网络有限公司 | Method and device for diagnosing network firewall |
CN103916376A (en) * | 2013-01-09 | 2014-07-09 | 台达电子工业股份有限公司 | Cloud system with attract defending mechanism and defending method thereof |
CN107431716A (en) * | 2015-02-06 | 2017-12-01 | 霍尼韦尔国际公司 | For generating the notification subsystem of notice merge, filtered and based on associated safety risk |
CN107431716B (en) * | 2015-02-06 | 2020-08-11 | 霍尼韦尔国际公司 | Notification subsystem for generating consolidated, filtered, and relevant security risk-based notifications |
CN104767757A (en) * | 2015-04-17 | 2015-07-08 | 国家电网公司 | Multiple-dimension security monitoring method and system based on WEB services |
CN104767757B (en) * | 2015-04-17 | 2018-01-23 | 国家电网公司 | Various dimensions safety monitoring method and system based on WEB service |
CN105763574A (en) * | 2016-05-13 | 2016-07-13 | 北京洋浦伟业科技发展有限公司 | Firewall system based on big data analysis |
CN107248936A (en) * | 2017-06-19 | 2017-10-13 | 深圳市盛路物联通讯技术有限公司 | A kind of method and forward node by adjacent node control terminal device upgrade |
CN108449345A (en) * | 2018-03-22 | 2018-08-24 | 深信服科技股份有限公司 | A kind of networked asset continues method for safety monitoring, system, equipment and storage medium |
CN108875016A (en) * | 2018-06-20 | 2018-11-23 | 上海百林通信网络科技服务股份有限公司 | A kind of sample technology of sharing and evaluation method based on face recognition application |
CN114553500A (en) * | 2022-01-28 | 2022-05-27 | 新华三信息安全技术有限公司 | Safety operation management method, device, equipment and machine readable storage medium |
WO2024198691A1 (en) * | 2023-03-27 | 2024-10-03 | 华为云计算技术有限公司 | Method for application program interface security management and api management platform |
Also Published As
Publication number | Publication date |
---|---|
CN100550768C (en) | 2009-10-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN101056198A (en) | An information security management platform | |
RU2417417C2 (en) | Real-time identification of resource model and resource categorisation for assistance in protecting computer network | |
EP2080317B1 (en) | Apparatus and a security node for use in determining security attacks | |
US10140453B1 (en) | Vulnerability management using taxonomy-based normalization | |
US20060155738A1 (en) | Monitoring method and system | |
CN105138920A (en) | Method for realizing safety management of intranet terminal | |
CN103563302A (en) | Network asset information management | |
CN1703007A (en) | Method, system for checking and repairing a network configuration | |
CN101056211A (en) | A method and system for auditing the network access behavior of the user | |
KR101761781B1 (en) | Big data processing method for applying integrated management framework for the open source database | |
CN104811506B (en) | Rapeseed oil remote monitoring system and method based on wireless sensor network | |
CN107683467A (en) | System and method for handling the event for being related to computing system and network using structural monitoring system | |
CN1175352C (en) | Automatic WINDOWS NT course protecting system | |
CN113282474A (en) | User behavior monitoring method, system, equipment and medium based on bastion machine | |
CN1417690A (en) | Application process audit platform system based on members | |
CN107370724A (en) | A kind of distributed cloud computing system | |
CN111400720A (en) | Terminal information processing method, system and device and readable storage medium | |
CN118316736B (en) | Network threat active defense system and method based on large model | |
CN115712646A (en) | Alarm strategy generation method, device and storage medium | |
CN1949805A (en) | Method for implementing configurational performance measurement in communication system | |
CN205510080U (en) | A safety control platform for catenet | |
CN1196296C (en) | Easy-to-expand network invasion detecting and safety auditing system | |
CN116055194A (en) | Big data platform-oriented security assessment method based on group portraits | |
CN213042309U (en) | Rail transit engineering construction safety risk monitoring and management information system | |
Kazmi et al. | A qos-aware integrated management of iot deployments in smart cities |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20091014 Termination date: 20190410 |