CN101119231A - Method to centralized manage and automatic download mend of computer security leak base - Google Patents
Method to centralized manage and automatic download mend of computer security leak base Download PDFInfo
- Publication number
- CN101119231A CN101119231A CNA200710025245XA CN200710025245A CN101119231A CN 101119231 A CN101119231 A CN 101119231A CN A200710025245X A CNA200710025245X A CN A200710025245XA CN 200710025245 A CN200710025245 A CN 200710025245A CN 101119231 A CN101119231 A CN 101119231A
- Authority
- CN
- China
- Prior art keywords
- patch
- management
- leak
- administrative center
- new
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Stored Programmes (AREA)
Abstract
The present invention discloses a computer safety loophole base central managing and automatic patch sending method. A loophole base is provided by the safety service center so as to provide the description in local language and the patch comes from the original software producer. The central management center obtains the latest loophole base and the patch procedure from the safety service center and the original software producer. The management center conducts the whole loophole analysis, patch sending, safety evaluation and reinforcement to the property which is in the range of the management through the subordinate terminal of the safety agent monitor. In the present invention, the management center in the enterprise conducts uniform management to the numerous terminal computers, reinforces the safety maintaining of the terminal computers from the aspects of the loopholes and the patches, and conducts safety assessment and monitoring to the property through a management based on the deploying. Hereby, the correctness of the management is improved, a relatively good safety state of the managed terminal device is always maintained, and the cost in management is reduced.
Description
Technical field
The present invention relates to the computer security method for updating, be specially the method that a kind of computer security vulnerability database centralized management also issues patch automatically.
Background technology
At present in the computer desktop security fields, mainly concentrate on the management of patch at the management of leak and patch, promptly the strategy that issues by the definition patch cooperates the detection of registration table to control issuing of patch.There is following shortcoming in the method:
1) mode that only detects patch by registration table makes it can not detect the leak of non-registered phenotype.For example:
A) Shared Folders leak
B) open the leak of not necessary service
C) GUEST account number leak
D) anonymous account right leak;
2) do not have the Vulnerability Description of making by oneself, cause only resting on the detection patch, issue patch, the stage of patch is installed.Can't make an appraisal to terminal use's general safety, propose personalized security hardening scheme;
3) do not have whole vulnerability scanning program, cause the analysis of patch can only depend on the validity of registration table, reliability and stability are very poor;
4) information such as explanation of no leak cause the terminal use to carry out self-repair according to leak.
In addition, also exist: 1. enterprises PC quantity is many, and it is wide to distribute, manually distribution difficulty, and workload is too big; 2. operating personnel's technical merit inequality, some can oneself upgrading not install patch; 3. the computer operating system patch upgrading is frequent; 4. wrong patch distribution can cause problems such as system crash.
Summary of the invention
The problem to be solved in the present invention is: perfect inadequately at the management of leak and patch in the active computer desktop security field, workload is big when especially a fairly large number of computer being managed, and easily makes mistakes.Need a kind of lasting assessment and monitoring policy, guarantee that all managed terminal equipments keep a safe condition preferably.
Technical scheme of the present invention is: the centralized management of computer security vulnerability database also issues the method for patch automatically, the vulnerability database of local language description is provided by the security service center, and provide the information such as the installation parameter of the corresponding patch of leak, the mounting means of suggestion, the information such as platform that are fit to are installed, former manufacturer provides the patch storehouse by software, administrative center obtains up-to-date vulnerability database and patch storehouse by security service center and the former manufacturer of software, administrative center monitors subordinate terminal by TSM Security Agent, assets in institute's range of management are carried out overall leak analysis, patch issues, security evaluation and reinforcing, management process is: 1) start administrative center; 2) start discovery automatically; 3) to newfound assets warehouse-in, grouping automatically; 4) new assets is carried out regular vulnerability scanning; 5) check the leak report according to assets or group of assets; 6) issue the assets that suitable patch is given appointment according to leak report and Asset Allocation; 7) regular maintenance.
Administrative center's patch more new technological process is: 1) patch new thread is more automatically opened by administrative center; 2) search and download the XML file; 3) download successfully? be to enter 4), do not get back to 2); 4) Analysis of X ML file finds the information of new patch; 5) according to the URL address of patch, the download patches bag; 6) download successfully? be to enter 7), do not return 5); 7) preserve service packs to local, more new database is notified the related personnel according to strategy.
Administrative center's leak more new technological process is: 1) vulnerability database new thread is more automatically opened by administrative center; 2) search and download vulnerability database XML file; 3) download successfully? be to enter 4), do not return 2); 4) Analysis of X ML file finds new leak information; 5) find the action of new leak according to strategy execution.
Administrative center can get in touch by Internet and security service center and the former manufacturer of software, and its regular maintenance comprises: patch management, vulnerability scanning, software and hardware configuration management, asset management.By collecting assets information affiliated assets are monitored, assess, and supervision and assessment result are responded, as shown in Figure 2.
In the inventive method, the security service center, the former manufacturer of software all is positioned at outer net, and administrative center is positioned at enterprises, by TSM Security Agent monitoring subordinate terminal.Administrative center can come vulnerability database and patch storehouse are upgraded by Internet, also can manually upgrade upgrading by administrative staff, administrative center comprises patch management, security audit and monitoring, software dispatch service, WEB service, data, services, and described assembly can be installed on one or more physical server.
The vulnerability database that the security service center provides among the present invention, it is a text based on the XML form, the vulnerability database of its data structure and the former manufacturer of software is similar, but has adopted the language description of patch and leak localization, and provides the installation parameter of each patch to supply to be provided with.
The inventive method is carried out unified management by the administrative center of enterprises to the great amount of terminals machine, strengthen security maintenance to terminating machine from leak and patch two aspects, and adopt based on the management of disposing, affiliated assets are carried out security audit and monitoring, improved the accuracy of management, guarantee that all managed terminal equipments always keep a safe condition preferably, saved management cost.
Description of drawings
Fig. 1 is the inventive method structure chart.
Fig. 2 is administrative center of the present invention management schematic diagram.
Fig. 3 is a configuration schematic diagram of the present invention.
Fig. 4 is an administrative center of the present invention operational flow diagram.
Fig. 5 is an administrative center of the present invention manual scanning flow chart.
Fig. 6 is an administrative center of the present invention automatic scan flow chart.
Fig. 7 issues the patch flow chart for the present invention.
Fig. 8 is a Vulnerability Management flow chart of the present invention.
Fig. 9 is leak of the present invention and patch renewal schematic diagram.
Figure 10 upgrades flow chart for patch of the present invention storehouse.
Figure 11 upgrades flow chart for vulnerability database of the present invention.
Embodiment
The security service center, the former manufacturer website of software is positioned at outer net, and administrative center is positioned at enterprises, by TSM Security Agent monitoring subordinate terminal, all connects by network, as shown in Figure 1.The configuration of administrative center and subordinate terminal as shown in Figure 3.
The operational process of administrative center such as Fig. 4, for: 1) start administrative center; 2) start discovery automatically; 3) to newfound assets warehouse-in, grouping automatically; 4) new assets is carried out vulnerability scanning; 5) check the leak report according to assets or group of assets; 6) report issues the assets that patch is given appointment according to leak; 7) regular maintenance.The keeper of administrative center can be provided with administrative center to management assets automatic scan or manual scanning, to upgrade the resource distribution table, keep the accuracy of monitoring, its flow chart such as Fig. 5, shown in Figure 6, the scanning back selects assets to issue patch or check leak, idiographic flow such as Fig. 7 and Fig. 8.
Fig. 9 is the renewal schematic diagram in vulnerability database of the present invention and patch storehouse, mainly be divided into three parts: outer net, enterprises, enterprise border, upgrading is carried out from top to bottom, and the former manufacturer of security service center and software official website is positioned at outer net, administrative center is positioned at enterprises, and each terminating machine is on the enterprise border.The vulnerability database that the security service center website provides is a text based on the XML form, the vulnerability database of its data structure and the former manufacturer of software is similar, but adopted the language description of patch and leak localization, and provide the installation parameter of each patch to supply to be provided with.When administrative center upgrades:
When 1, server had outer net to connect, the upgrading of vulnerability database and patch was automatic;
If 2 do not have outer net to connect, then can regularly publish vulnerability database and patch by the personnel at security service center, adopt the mode of administrator hand upgrading to upgrade;
3, issuing all of vulnerability database and patch distributed by the enterprise software Distributor;
4, all patches all are from official website.
Administrative center carries out the idiographic flow of leak and patch renewal and sees Figure 10 and Figure 11.The source of patch is the former manufacturer of software, and administrative center provides the automatic download function of patch, and the centralized management center by the official site of former manufacturer downloads to enterprise is issued to terminal by concentration of enterprises administrative center again.
Claims (4)
1. the centralized management of computer security vulnerability database also issues the method for patch automatically, it is characterized in that being provided with the vulnerability database that provides local language to describe by the security service center, and provide the information such as the installation parameter of the corresponding patch of leak, the mounting means of suggestion, the information such as platform that are fit to are installed, patch derives from the former manufacturer of software, for example the patch of Windows operating system derives from the distribution site www.microsoft.com of official of Microsoft, administrative center obtains up-to-date vulnerability database and patch by security service center and the former manufacturer of software, administrative center monitors subordinate terminal by TSM Security Agent, assets in institute's range of management are carried out overall leak analysis, patch issues, security evaluation and reinforcing, management process is: 1) start administrative center; 2) start discovery automatically; 3) to newfound assets warehouse-in, grouping automatically; 4) new assets is carried out regular vulnerability scanning; 5) check the leak report according to assets or group of assets; 6) issue the assets that suitable patch is given appointment according to leak report and Asset Allocation; 7) regular maintenance.
2. method according to claim 1, it is characterized in that administrative center's patch more new technological process be: 1) patch new thread is more automatically opened by administrative center; 2) search and download the XML file; 3) download successfully? be to enter 4), do not get back to 2); 4) Analysis of X ML file finds the information of new patch; 5) according to the URL address of patch, the download patches bag; 6) download successfully? be to enter 7), do not return 5); 7) preserve service packs to local, more new database is notified the related personnel according to strategy.
3. method according to claim 1, it is characterized in that administrative center's leak more new technological process be: 1) vulnerability database new thread is more automatically opened by administrative center; 2) search and download vulnerability database XML file; 3) download successfully? be to enter 4), do not return 2); 4) Analysis of X ML file finds new leak information; 5) find the action of new leak according to strategy execution.
4. method according to claim 1 is characterized in that administrative center gets in touch by Internet and security service center and the former manufacturer of software, and its regular maintenance comprises: patch management, vulnerability scanning, software and hardware configuration management, asset management.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA200710025245XA CN101119231A (en) | 2007-07-19 | 2007-07-19 | Method to centralized manage and automatic download mend of computer security leak base |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA200710025245XA CN101119231A (en) | 2007-07-19 | 2007-07-19 | Method to centralized manage and automatic download mend of computer security leak base |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101119231A true CN101119231A (en) | 2008-02-06 |
Family
ID=39055183
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA200710025245XA Pending CN101119231A (en) | 2007-07-19 | 2007-07-19 | Method to centralized manage and automatic download mend of computer security leak base |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101119231A (en) |
Cited By (19)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102087607A (en) * | 2011-02-21 | 2011-06-08 | 北京奇虎科技有限公司 | Method and device for installing patch packets |
| CN102622550A (en) * | 2012-04-06 | 2012-08-01 | 北京空间飞行器总体设计部 | Safe online patch check system facing terminal computers |
| CN101727548B (en) * | 2008-10-27 | 2012-12-19 | 联想(北京)有限公司 | Computer safety monitoring system and method, and comprehensive deciding device |
| CN102970305A (en) * | 2012-12-07 | 2013-03-13 | 成都康禾科技有限公司 | Deployment method suitable for automatic software installation |
| CN103177213A (en) * | 2011-12-20 | 2013-06-26 | 腾讯科技(深圳)有限公司 | Software bug fix method and software bug fix system |
| US8578372B2 (en) | 2008-08-15 | 2013-11-05 | International Business Machines Corporation | Business-in-a-box integration server and integration method |
| CN103782274A (en) * | 2011-08-29 | 2014-05-07 | 富士通株式会社 | System and method for installing a patch on a computing system |
| CN103823693A (en) * | 2011-02-21 | 2014-05-28 | 北京奇虎科技有限公司 | Service pack installation method |
| CN103955377A (en) * | 2011-03-02 | 2014-07-30 | 北京奇虎科技有限公司 | Method and device for realizing automatic analysis of patch |
| CN103955647A (en) * | 2014-05-12 | 2014-07-30 | 国家电网公司 | System bug scanning method |
| CN104796403A (en) * | 2015-03-13 | 2015-07-22 | 国家电网公司 | Realization method of fast patch scanning engine |
| CN105260214A (en) * | 2015-11-03 | 2016-01-20 | 用友网络科技股份有限公司 | Intelligent patch pushing method and system applied to complex ERP system |
| CN105306460A (en) * | 2015-10-13 | 2016-02-03 | 国家电网公司 | Unified vulnerability patch management system |
| CN107277021A (en) * | 2017-06-26 | 2017-10-20 | 云南电网有限责任公司信息中心 | A kind of new open leak coverage identification and remediation management system and method |
| CN107481173A (en) * | 2017-09-05 | 2017-12-15 | 王东红 | A kind of Platform of Experimental Teaching experimental project update method and system |
| CN107566394A (en) * | 2017-09-28 | 2018-01-09 | 小花互联网金融服务(深圳)有限公司 | A kind of newly-increased automatic discovery of cloud platform example host and quick vulnerability scanning method |
| CN108200029A (en) * | 2017-12-27 | 2018-06-22 | 北京知道创宇信息技术有限公司 | Loophole situation detection method, device, server and readable storage medium storing program for executing |
| CN110298179A (en) * | 2019-07-10 | 2019-10-01 | 中国民航信息网络股份有限公司 | Open Framework security flaw detection method and device |
| CN111444511A (en) * | 2018-12-29 | 2020-07-24 | 北京奇虎科技有限公司 | Safety protection method and system for vehicle-mounted system |
-
2007
- 2007-07-19 CN CNA200710025245XA patent/CN101119231A/en active Pending
Cited By (25)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8578372B2 (en) | 2008-08-15 | 2013-11-05 | International Business Machines Corporation | Business-in-a-box integration server and integration method |
| CN101727548B (en) * | 2008-10-27 | 2012-12-19 | 联想(北京)有限公司 | Computer safety monitoring system and method, and comprehensive deciding device |
| CN102087607A (en) * | 2011-02-21 | 2011-06-08 | 北京奇虎科技有限公司 | Method and device for installing patch packets |
| CN103823693A (en) * | 2011-02-21 | 2014-05-28 | 北京奇虎科技有限公司 | Service pack installation method |
| CN102087607B (en) * | 2011-02-21 | 2014-02-05 | 北京奇虎科技有限公司 | Method and device for installing patch packets |
| CN103955377A (en) * | 2011-03-02 | 2014-07-30 | 北京奇虎科技有限公司 | Method and device for realizing automatic analysis of patch |
| CN103782274A (en) * | 2011-08-29 | 2014-05-07 | 富士通株式会社 | System and method for installing a patch on a computing system |
| CN103177213A (en) * | 2011-12-20 | 2013-06-26 | 腾讯科技(深圳)有限公司 | Software bug fix method and software bug fix system |
| CN103177213B (en) * | 2011-12-20 | 2016-01-20 | 腾讯科技(深圳)有限公司 | A kind of software vulnerability restorative procedure and system |
| CN102622550B (en) * | 2012-04-06 | 2015-04-22 | 北京空间飞行器总体设计部 | Safe online patch check system facing terminal computers |
| CN102622550A (en) * | 2012-04-06 | 2012-08-01 | 北京空间飞行器总体设计部 | Safe online patch check system facing terminal computers |
| CN102970305A (en) * | 2012-12-07 | 2013-03-13 | 成都康禾科技有限公司 | Deployment method suitable for automatic software installation |
| CN102970305B (en) * | 2012-12-07 | 2015-12-23 | 成都康禾科技有限公司 | A kind of dispositions method being applicable to automatic software installation |
| CN103955647A (en) * | 2014-05-12 | 2014-07-30 | 国家电网公司 | System bug scanning method |
| CN104796403A (en) * | 2015-03-13 | 2015-07-22 | 国家电网公司 | Realization method of fast patch scanning engine |
| CN105306460A (en) * | 2015-10-13 | 2016-02-03 | 国家电网公司 | Unified vulnerability patch management system |
| CN105260214A (en) * | 2015-11-03 | 2016-01-20 | 用友网络科技股份有限公司 | Intelligent patch pushing method and system applied to complex ERP system |
| CN105260214B (en) * | 2015-11-03 | 2018-12-18 | 用友网络科技股份有限公司 | Intelligent patch method for pushing and system applied to complicated ERP system |
| CN107277021A (en) * | 2017-06-26 | 2017-10-20 | 云南电网有限责任公司信息中心 | A kind of new open leak coverage identification and remediation management system and method |
| CN107481173A (en) * | 2017-09-05 | 2017-12-15 | 王东红 | A kind of Platform of Experimental Teaching experimental project update method and system |
| CN107566394A (en) * | 2017-09-28 | 2018-01-09 | 小花互联网金融服务(深圳)有限公司 | A kind of newly-increased automatic discovery of cloud platform example host and quick vulnerability scanning method |
| CN108200029A (en) * | 2017-12-27 | 2018-06-22 | 北京知道创宇信息技术有限公司 | Loophole situation detection method, device, server and readable storage medium storing program for executing |
| CN111444511A (en) * | 2018-12-29 | 2020-07-24 | 北京奇虎科技有限公司 | Safety protection method and system for vehicle-mounted system |
| CN110298179A (en) * | 2019-07-10 | 2019-10-01 | 中国民航信息网络股份有限公司 | Open Framework security flaw detection method and device |
| CN110298179B (en) * | 2019-07-10 | 2021-11-16 | 中国民航信息网络股份有限公司 | Open source framework security vulnerability detection method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101119231A (en) | Method to centralized manage and automatic download mend of computer security leak base | |
| CN105763369B (en) | A kind of terminal unit remote software version distribution method and system | |
| US7590981B2 (en) | Update package for offline synchronization of software updates | |
| US10380079B1 (en) | Information technology configuration management | |
| US7698242B2 (en) | Systems and methods to maintain process control systems using information retrieved from a database storing general-type information and specific-type information | |
| CN100481005C (en) | System and method for updating a software program | |
| CN1882911B (en) | A method in a network of the delivery of files | |
| US9059898B2 (en) | System and method for tracking configuration changes in enterprise product | |
| US11086618B2 (en) | Populating a software catalogue with related product information | |
| US8635609B2 (en) | Software certification and update process | |
| EP3937013B1 (en) | Software distribution to medical devices via an intermediary which enforces maintenance of a transaction log | |
| US7680907B2 (en) | Method and system for identifying and conducting inventory of computer assets on a network | |
| CN102165419B (en) | Computer system, method, and computer program for managing batch job | |
| CN101878481B (en) | Methods and apparatus providing an e-enabled ground architecture | |
| US20050027846A1 (en) | Automated electronic software distribution and management method and system | |
| US20150032882A1 (en) | System and Method for Dynamically Grouping Devices Based on Present Device Conditions | |
| US20090249340A1 (en) | Managing the Progress of a Plurality of Tasks | |
| CN104317610A (en) | Method and device for automatic installation and deployment of hadoop platform | |
| WO2003052558A2 (en) | Method and system for integrated asset management | |
| EP2740062A2 (en) | Software distribution amongst medical devices taking into account dependencies between devices | |
| US20120191831A1 (en) | System and method for cataloging assets in a network | |
| EP1522015A1 (en) | Method and system for managing a computer system | |
| CN112988676A (en) | Equipment machine production program management method, device and system | |
| CN102713842A (en) | Verification of compatibility among telecommunication network features | |
| JP5051929B2 (en) | Software distribution operation management apparatus, method, and program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |