CN101453388B - Inspection method for Internet service operation field terminal safety - Google Patents
Inspection method for Internet service operation field terminal safety Download PDFInfo
- Publication number
- CN101453388B CN101453388B CN2008102081991A CN200810208199A CN101453388B CN 101453388 B CN101453388 B CN 101453388B CN 2008102081991 A CN2008102081991 A CN 2008102081991A CN 200810208199 A CN200810208199 A CN 200810208199A CN 101453388 B CN101453388 B CN 101453388B
- Authority
- CN
- China
- Prior art keywords
- place
- test
- check
- business end
- sign
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Debugging And Monitoring (AREA)
Abstract
The invention discloses an internet access service business site operation safety control testing method. The method is carried out on the basis of a test platform and comprises system role identification and authentication test, system operation logbook test and security service test. The method obtained according to the technical proposal can evaluate and examine the functions and performance of the internet access service business site operation safety control.
Description
Technical field:
The present invention relates to a kind of inspection technology, particularly a kind of method of inspection of internet service operation field terminal safety control operation to the internet access service providing site connecting internet system.
Background technology:
Because the networking is in vogue, internet access service providing site is in continuous increase, and there is very big leak in these operation field terminal safety control operations.
Also do not have at present a kind of to internet access service providing site end security of operation ensure the method for testing can be effectively at the requirement of industry standards of public safety GA557-2005 internet service business place information safety management code, GA558-2005 internet service business place information safety management system data DIF and GA559-2005 internet access service providing site end correlation function.
Summary of the invention:
The present invention is directed to above-mentioned prior art and net the existing problem in service end security of operation guarantee aspect, place of business on the internet, can ensure the effective method of inspection of being correlated with to internet access service providing site end security of operation and provide a kind of.
In order to achieve the above object, the technical solution used in the present invention:
The method of inspection of internet service operation field terminal safety control operation, this method are based on that detection platform carries out, and this method comprises system actor sign and check, the check of System Operation Log and the check of security service differentiated.
The check of described sign and discriminating may further comprise the steps:
(1) indicates and the establishment of differential test use-case;
(2) check system actor sign and authentication scheme and the technological system that the place of business end provides, and carry out corresponding systemic-function by different role;
(3) system actor sign and the data of differentiating are carried out initialization;
(4) by different role system identification data is operated;
(5) by wrong authentication data login, whether check place of business end stops session; And by the maximum frequency of failures that allow of authorized administrator setting, whether automatically the checking system record differentiates the cut-and-try process of failing;
(6) obtain assay by test with sample.
The check of described System Operation Log may further comprise the steps:
(11) System Operation Log test case establishment;
(12) login system is carried out associative operation, and Query System Log;
(13) according to system documentation system journal is increased, deletes, changes operation, the parameter of system's automated back-up, deletion daily record is set simultaneously;
(14) with unauthorized user visit, Query System Log;
(15) with authorized user local and long-range system journal is inquired about;
(16) through aforesaid operations, test draws assay with sample.
Described security service check may further comprise the steps:
(21) establishment security service test case;
(22) anti-to the audit security strategy by the inspection of bypass measure;
(23) use exist cyberspace vulnerability or not the main frame of upgrade patch program as terminal online use;
(24) by software network is attacked, perhaps the Internet is attacked by access terminals;
(25), draw assay with sample by test through aforesaid operations.
Can evaluate and test and check function and performance that internet access service providing site end security of operation ensures according to this method that technique scheme obtains.
The combine closely demand of Ministry of Public Security regulation internet access service providing site of platform is followed function and performance requirement that the Ministry of Public Security ensures security of operation in the internet access service providing site end technically fully.The high efficiency of the test that this method can guarantee, consistency, reproducibility and comparativity.High efficiency: since detailed regulation method of testing and test case, the time of testing shortens greatly, efficient improves greatly; Consistency: each test result unanimity of identical product; Reproducibility: certain test result of certain product can accessiblely be reproduced; Comparativity: the test request of different product is identical with input, so the result has comparativity.
Description of drawings:
Further specify the present invention below in conjunction with the drawings and specific embodiments.
Fig. 1 is the topological diagram of test environment of the present invention.
Fig. 2 is the flow chart of steps of the inventive method.
Embodiment:
For technological means, creation characteristic that the present invention is realized, reach purpose and effect is easy to understand, below in conjunction with concrete diagram, further set forth the present invention.
This detection method is concrete on detection platform implements concrete steps following (as shown in Figure 2):
The first step, platform user are according to the requirement of " internet service business place information safety management system test detailed rules for the implementation ", make up test environment (as shown in Figure 1), be included as test required software and hardware configuration and network configuration and installation internet service business place information safety management system management end interface test module.
As shown in Figure 1, two kinds of access sides can be arranged among the present invention: gateway is connected in series or is installed on same main frame with system under test (SUT) place of business end during a mode; Gateway connecting hub during the b mode.
For the difference of access mechanism, system under test (SUT) place of business end equipment generally has the form of two kinds of connecting systems, and a mode is a series form, and place of business end equipment is connected to network exit with the form of gateway/bridge; The b mode is parallel form, and place of business end equipment operates on hub/switch with listen mode.For other access waies, should be adjusted testing environment according to himself characteristic.
Each system's place of business end uses an Internet outlet simultaneously, but can should realize the application of this service on internal server in the Internet of its application of internal simulation service for some as far as possible, as: WEB, FTP, Mail etc.Topological diagram according to shown in Figure 1 builds testing environment, and each test suite is as shown in table 1 among Fig. 1:
The explanation of table 1 test suite
2. prepare before detecting
Detection person prepares:
Knowledge expertise:
Before carrying out the detection of internet service business place information safety management system, the inspector must learn and on top of following knowledge, software and instrument:
(1) Windows 2000Professional, Windows XP Professional simplified form of Chinese Character version operating system;
(2) network environment based on ICP/IP protocol makes up and analyzes;
(3) principle and the basic configuration of application layer protocol such as HTTP, FTP, SMTP, POP/POP3, IMAP, TELNET, NNTP, RSTP, MMS and service;
(4) Windows 2000Server and IIS 5.0, Redhat Linux 9.0 and Sendmail;
(5) protocol analyzer;
(6) stopwatch.
The inspector must learn and can use following application program:
(1) media play software: Realplayer10.5, Windows Media Player 10 etc.;
(2) Mail Clients: Outlook6 simplified Chinese edition, Foxmail 6.0 etc.;
(3) MSN: MSN Messenger 8.5, ICQ V5.04, Yahoo Messenger 7.5, UC2005, QQ 2008, Sina Web click-through V1.3.0.0, AOL Instant Messenger 5.9, POPO 2008, search the logical V4.20 of Q V3.6, E words etc.;
(4) network game client: connection crowd, legend 3, China online, the Xuanyuan sword Online etc. that plays;
(5) WEB browser: IE 6.0 simplified Chinese editions etc.
Testing environment is prepared:
Before detecting beginning, detection person must carry out following preparation:
(1) explanation is ready to detect needed hardware device according to table 1 test suite, and install corresponding operating system and software for it (except that terminating machine E, F, any main frame should not installed unnecessary software and services, in order to avoid systemic-function and performance index are had a negative impact);
(2) build test network according to Fig. 1 testing environment network topology structure figure, and the service for preparing network attribute such as corresponding IP address for it and need;
(3) be foundation with distribution of censorship system and operation document, censorship internet service business place information safety management system is installed;
(4) if the system under test (SUT) place of business end A of censorship is a software, then the main frame software and hardware of preparing for this system of installation can be configured according to demand fully, simultaneously configuring condition is charged to the detection original record;
(5) system clock of All hosts in the synchronous good testing environment;
(6) confirm whether the censorship system can normally move, after obtaining confirming, preparation is finished, and can begin to detect.
Standard is prepared:
When detecting, detection person still needs and is ready to following standard, and reads over standard, and basic grasp standard content is so that inquiry.
(1) GA557-2005 internet service business place information safety management code;
(2) GA558-2005 internet service business place information safety management system data DIF;
(3) GA559-2005 internet service business place information safety management system place of business end functional requirement;
(4) GA560-2005 internet service business place information safety management system place of business end and place of business system of operation and management interfacing requirement;
(5) GA561-2005 internet service business place information safety management system management end functional requirement;
(6) GA562-2005 internet service business place information safety management system management end interface specification requirement;
(7) GB/T 2260 administrative regional division of the People's Republic of China's codes
(8) GB 2312-1980 Chinese Character Set Code for Informati baseset
(9) expansion of GB 18030-2000 information technology Chinese Character Set Code for Informati baseset
(10) GA/Z02-2005 public business basic data element code collection
Second step, system under test (SUT) is installed according to product description;
The 3rd the step, according to method of testing and test case sample design test case according to design of Platform;
Make the test case that is fit to system to be detected characteristics according to each bar test basis.Test case must comprise use-case sequence number, use-case author, design date and concrete input/output information, so that reduce the uncertainty of test, and it can be reproduced when reviewing mistake.
When test case is write, have following principle and the method can reference:
(1) need scrutinize the standard implication, analyze each situation that may occur in actual conditions, the method that adopts equivalence class to divide is then done more comprehensive coverage test;
(2) should adopt the method for boundary value to test as far as possible to test with critical value;
(3) according to the experience that detects at ordinary times, can append some test cases with mistake supposition method;
(4) suggestion is put every pairing standard feature point of Business Stream in order according to the rule of Business Stream, detects according to Business Stream, will detect the minimizing workload owing to having avoided duplicate detection to compare by the standard pointwise.
The 4th goes on foot, place of business end security of operation security function is tested with sample according to the test of design, and it is divided into three parts (as shown in Figure 2):
1. sign and discriminating
Test basis:
The place of business end provides system actor sign and authentication scheme and technological system, and system allows to authorize the role, prevent that the unauthorized role from carrying out corresponding systemic-function, prevents that system banner and authentication data from being reused, usurping;
The place of business end provides the function of initializing of system actor sign with authentication data;
The place of business end prevents system identification data by unauthorized query, modification, deletion, increase, guarantees authentication scheme and technological system security of operation, reliable, stable;
Differentiate failure, the place of business end stops conversation procedure.Authorized administrator is set and is allowed the frequency of failure at most, and system writes down the cut-and-try process of differentiating failure automatically.
Inspection principle:
The content that can be divided into following several parts about sign and the test basis of differentiating in principle:
(1) the initial discriminating;
(2) visit is differentiated and is ensured;
(3) refusal is differentiated in visit;
(4) authentication data autoprotection;
(5) prevent password violence conjecture.
Therefore, in design verification method, also need design at above content.Corresponding relation is as follows:
The basic principle that corresponding test case is followed is then done following classification:
| Basic principle | Method is sorted out |
| Directly checking | G |
| Equivalence class is divided | A、B、C |
| Boundary value | ?F |
| Mistake is inferred | ?A、B、C、D、E |
The method of inspection:
The developer provides the technical documentation of place of business end system role identification and authentication scheme, the employed sign of detailed description system, and how to prevent reusing, usurping of authentication data.To authorize role and unauthorized role to attempt executive system function.If the developer can not provide corresponding document, or document content and actual conditions are not inconsistent, and this is judged to defective.If the mandate that the function that different roles can carry out in the system obtains with it is inconsistent, this is judged to defective.
The function that using system provides, initialization system role identification and authentication data.If system does not provide this function; Or the initialization mistake appears; Or initialization result and document description are inconsistent, and this is judged to defective.
The system actor sign that provides according to the developer and the technical documentation of authentication scheme are respectively to authorize and undelegated ID inquiring, modification, deletion, increase system identification data.If the unauthorized identity can be carried out above operation, this is judged to defective.If unusual, mistake and any unsettled situation occur in operating process, thereby cause authentication scheme and technological system to lose efficacy, this is judged to defective.
Use wrong authentication data login place of business end system, whether the check conversation procedure can be ended.With the authorized administrator login system, maximum permission frequency of failures are set.The purpose that prevents password violence conjecture can be reached if system takes other measures, also qualified function should be considered as.Query System Log, whether the cut-and-try process that check is differentiated can be recorded.If the trial that failure is differentiated can not cause the termination of conversation procedure, or do not have the measure that other prevent password violence conjecture, this is judged to defective.
Test case sample in this method of inspection is shown in table 2 and 3:
Table 2 sign and authentication scheme
Content is that it is divided into 7 parts to the sign of tested place of business end system and the content of authentication scheme Function detection in the table 2:
1, be " place of business owner " role with authorized user admin, the place of business end logined in password 123456, and whether check can login the place of business end, if can login whether can partly carry out owner's associated rights function; Whether can carry out upper management person's privilege feature in check; At last assay is charged in the table.
2, be " upper management person " role with authorized user super, password 123qwe logins the place of business end, and whether check can login the place of business end, if can login whether can partly carry out owner's associated rights function; Whether can carry out upper management person's privilege feature in check; At last assay is charged in the table.
3, be respectively Admin and 123456 login place of business ends with username and password, whether check can login the place of business end, at last assay is charged in the table.
4, be respectively admin and 123qwe with username and password, login place of business end, whether check can login the place of business end, at last assay is charged in the table.
5, be respectively Super and 123qwe with username and password, login place of business end, whether check can login the place of business end, at last assay is charged in the table.
6, be respectively super:123456 with username and password, login place of business end, whether check can login the place of business end, at last assay is charged in the table.
7, the use agreement analyzer is intercepted and captured the network remote authentication data, and whether check available authentication data, at last assay is charged in the table.
Table 3 sign is authorized with discriminating
Content is the sign and the content of differentiating that authorization function detects to tested place of business end system in the table 2, and it is divided into 8 operation parts:
1, logins the place of business end with the identity of admin, and inquire about, revise, delete the sign of super and the operation of authentication data, check this operation whether can carry out.
2, login the place of business end with the identity of admin, and, check this operation whether can carry out at sign and authentication data that this user increases upper management person's Role Users.
3, login the place of business end with the identity of super, and inquire about, revise, delete the sign of admin and the operation of authentication data, check this operation whether can carry out.
4, login the place of business end with the identity of super, and, check this operation whether can carry out at sign and authentication data that this user increases place of business owner's Role Users.
5, login the place of business end with the identity of admin, and inquire about, revise sign and the authentication data of admin, check this operation whether can carry out.
6, login the place of business end with the identity of admin, and increase, delete the sign of place of business owner's Role Users and the operation of authentication data, check this operation whether can carry out.
7, login the place of business end with the identity of super, and inquire about, revise sign and the authentication data of super, check this operation whether can carry out.
8, login the place of business end with the identity of super, and increase, delete the sign of upper management person's Role Users and the operation of authentication data, check this operation whether can carry out.
According to the detection of above-mentioned 8 parts, and testing result charged in the table.
2. System Operation Log
Test basis:
Place of business all users' of end record local terminal operation information, operation information should comprise the content of table 4 at least;
Table 4
| Sequence number | Operation information |
| 1 | User's discriminating and login attempt comprise success and failure |
| 2 | The trial of user's modification authentication information, as: password revised |
| 3 | The trial of user's modification system configuration |
| 4 | User's modification and issue the trial of audit strategy |
| 5 | Increase, revise and the deletion user |
| 6 | Report to the police and disposition |
| 7 | Data Receiving with issue |
| 8 | Backup and recovery |
| 9 | The startup of system with close |
| 10 | Other |
Every system's log event is the content of record sheet 5 at least;
Table 5
| Sequence number | The syslog event recorded content |
| 1 | Main body (behavior initiator) |
| 2 | Object (object of action) |
| 3 | Behavior |
| 4 | Date |
| 5 | Time |
| 6 | The result |
The place of business end prevents the daily record of unauthorized user access system;
Take technological means, the place of business end guarantees that the system journal record is by Any user modification, deletion, increase; System carries out bookkeepings such as the backup, deletion of regular system log message automatically;
Take technological means, place of business end assurance system journal record is not inquired about by unauthorized user, supports the local and remote inquiry of authorized user.Searching keyword should comprise the content of table 6 at least.
Table 6
| Sequence number | Querying condition |
| 1 | Main body |
| 2 | Object |
| 3 | User behavior is according to GA557.8-2005 System Operation Log operation behavior code |
| 4 | Start Date and time, Close Date and time are according to GA/Z02-2005 |
Inspection principle:
The content that can be divided into following several parts about the test basis of System Operation Log in principle:
(1) data generate;
(2) data content;
(3) data structure;
(4) data protection;
(5) data backup;
(6) data query.
Therefore, in design verification method, also need design at above content.Corresponding relation is as follows:
The basic principle that corresponding test case is followed is then done following classification:
| Basic principle | Method is sorted out |
| Directly checking | F、H |
| Equivalence class is divided | A、B、C、D、E、G |
| Boundary value | G |
| Mistake is inferred | A、B、C、D、E |
The method of inspection:
Login place of business end system is operated Query System Log according to the requirement in the table 4.If system journal can not be write down corresponding daily record according to the operation behavior of table 4, this is judged to defective.Differentiate that wherein part should write down the successful information of differentiating at least.
Query System Log, the recorded content of analytical system log event.If recorded content does not meet the requirement in the table 5, this is judged to defective.
With the daily record of unauthorized user access system.If not authorized user can the access system daily record, this is judged to defective.
The developer provides document, describes the safeguard measure of syslog file in detail, according to document, and the operation that system journal is increased, deletes, changes.The parameter of automated back-up, deletion daily record is set, and checking system carries out the function of log management automatically.If the developer can not provide document, or document description and actual conditions are not inconsistent, and this is judged to defective.If the measure of daily record unprotect, can make amendment, delete, increase it, system can not automated back-up, the deletion daily record, and this also is judged to defective.
The access control mechanisms that the developer provides document to describe system journal in detail is simultaneously with unauthorized user Query System Log information.If the developer can not provide document, or document description and actual conditions are not inconsistent, and this is judged to defective.If not authorized user can be visited, Query System Log information, this is judged to defective.
With authorized user local and long-range, according to the condition query system journal in the table 6.If authorized user can not be in this locality and remote inquiry, or can not be according to the condition query system journal in the table 6, this is judged to defective.Wherein, can in entry, omit object for the clear and definite record of object.
This part test case sample as table 7 to shown in 12:
Table 7 log record
Table 7 is to place of business end system log recording function test contents, the sequence number of the used sample of record test in its use-case sequence number one hurdle, have 9 test cases in this table, import a hurdle and test the operation that place of business end system log recording function is carried out for the tester, expection output one hurdle carries out in the input field behind the associative operation for the place of business end system, the corresponding contents that system journal should be write down in theory, actual result one hurdle carries out in the input field behind the associative operation for the place of business end system, the content of the actual record of system journal, whether the content of exporting in the hurdle according to actual result one hurdle and expection compares the log recording function of detection system qualified at last.
The control of table 8 log access
Table 8 is to place of business end system log access controlled function test contents, the sequence number of the used sample of record test in its use-case sequence number one hurdle, have 1 test case in this table, import a hurdle and test the operation that place of business end system log access controlled function is carried out for the tester, test case in this table, carry out 4 these associative operations altogether, expection output one hurdle carries out in the input field behind the associative operation for the place of business end system, the situation that the access system daily record should obtain in theory, actual result one hurdle carries out in the input field behind the associative operation for the place of business end system, the situation of access system daily record reality, whether the content of exporting in the hurdle according to actual result one hurdle and expection compares the log access controlled function of detection system qualified at last.
Table 9 daily record protection
Table 9 is to place of business end system daily record defencive function test contents; the sequence number of the used sample of record test in its use-case sequence number one hurdle; have 1 test case in this table; import a hurdle and test the operation that place of business end system daily record defencive function is carried out for the tester; test case in this table; carry out the operation of 4 correlations altogether; expection output one hurdle carries out in the input field behind the associative operation for the place of business end system; the situation that system should obtain after daily record is protected in theory; actual result one hurdle carries out in the input field behind the associative operation for the place of business end system; actual situation about obtaining, whether the content of exporting in the hurdle according to actual result one hurdle and expection compares the daily record defencive function of detection system qualified at last.
Table 10 remote access
Table 9 is to place of business end system remote access function test contents, the sequence number of the used sample of record test in its use-case sequence number one hurdle, have 2 test cases in this table, import a hurdle and test the remote access operation that place of business end system remote access function is carried out for tester in each test case, each test case in this table, carry out the operation of 1 correlations altogether, expection output one hurdle carries out in the input field behind the associative operation for the place of business end system, the situation that should obtain in theory after the remote access operation that system is correlated with, actual result one hurdle is that the place of business end system is according to after the record associative operation carries out remote access in the input field, actual situation about obtaining, whether the content of exporting in the hurdle according to actual result one hurdle and expection compares the remote access function of detection system qualified at last.
Table 11 local search
Table 11 is the content to place of business end system local search functional test, the sequence number of the used sample of record test in its use-case sequence number one hurdle, have 1 test case in this table, import a hurdle and test the operation that place of business end system local search function is carried out for tester in each test case, test case in this table, carry out the operation of 1 correlations altogether, expection output one hurdle carries out in the input field behind the associative operation for the place of business end system, the situation that should obtain in theory after the local search operation that system is correlated with, actual result one hurdle is for after the place of business end system carries out in the input field record associative operation, actual situation about obtaining, whether the content of exporting in the hurdle according to actual result one hurdle and expection compares the local search function of detection system qualified at last.
Table 12 schedule backup and deletion
Table 12 is to place of business end system schedule backup and delete function test contents, the sequence number of the used sample of record test in its use-case sequence number one hurdle, have 2 test cases in this table, import a hurdle and test the operation that place of business end system schedule backup and delete function are carried out for tester in each test case, each test case in this table, carry out the operation of 1 correlations altogether, expection output one hurdle carries out in the input field behind the associative operation for the place of business end system, the situation that should obtain in theory after schedule backup that system is correlated with and the deletion action, actual result one hurdle is for after the place of business end system carries out in the input field relevant schedule backup of record and deletion action, whether actual situation about obtaining at last compares the schedule backup of detection system and delete function qualified according to actual result one hurdle and content in expection output one hurdle.
3. security service
Test basis:
Should guarantee that the audit security strategy can not be at the employed access terminals of online personnel by bypass with technological means.
The owner that newfound cyberspace vulnerability and corresponding patch information thereof should in time be accused on the main frame in place of business.
Should be able to assist the place of business security official internet behavior that notes abnormalities, for example find assault place network, perhaps attack by the place network implementation.Unusual internet behavior should comprise the content of table 13 at least.
Table 13
| Sequence number | Project name |
| 1 | IP spoofing |
| 2 | Cryptographic attack |
| 3 | Denial of Service attack |
| 4 | Application layer attack |
| 5 | Network sweep |
Inspection principle:
The content that can be divided into following several parts about the test basis of security service in principle:
(1) address spoofing;
(2) cryptographic attack;
(3) Denial of Service attack;
(4) application layer attack;
(5) network sweep.
Therefore, in design verification method, also need design at above content.Corresponding relation is as follows:
The basic principle that corresponding test case is followed is then done following classification:
| Basic principle | Method is sorted out |
| Directly checking | F |
| Equivalence class is divided | A、B、C、D、E |
| Boundary value | |
| Mistake is inferred | B、D |
The method of inspection:
The developer provides document, is described in detail in the security mechanism of auditing on the terminal, and prevents by the safety measure of bypass.If the developer can not provide respective document, or document content and actual conditions are not inconsistent, and this is judged to defective.
Use has cyberspace vulnerability or the main frame of upgrade patch program (behind installing operating system, patch not being installed or the program of plugging a hole of not upgrading) is not as terminal online use, and whether checking system can point out or alarm.If system can not point out newfound cyberspace vulnerability on the main frame and corresponding patch information thereof, this is judged to defective.
Use BLADE software or other scanning class software (as ISS, CyberCop etc.) that network is attacked, perhaps by the terminal of online the Internet is attacked, can checking system find the network behavior that these are unusual.If system can not report to the police or prompting place of business security official according to one of listed network abnormal behaviour of table 13, this is judged to defective.
This part function that the statement of detection system supporting paper has.
This part test case sample is as shown in table 14:
Table 14 log record
Table 14 is to the log recording function test contents of place of business end system when under attack, the sequence number of the used sample of record test in its use-case sequence number one hurdle, have 3 test cases in this table, import a hurdle and test the operation that log recording function carried out of place of business end system when under attack for tester in each test case, each test case in this table, carry out the operation of 1 correlations altogether, expection output one hurdle carries out in the input field behind the associative operation for the place of business end system, the situation that should obtain in theory after the operation that system is correlated with, actual result one hurdle is for after the place of business end system carries out in the input field record associative operation, actual situation about obtaining, whether the content of exporting in the hurdle according to actual result one hurdle and expection compares the log recording function of detection system when under attack qualified at last.
More than show and described basic principle of the present invention and principal character and advantage of the present invention.The technical staff of the industry should understand; the present invention is not restricted to the described embodiments; that describes in the foregoing description and the specification just illustrates principle of the present invention; without departing from the spirit and scope of the present invention; the present invention also has various changes and modifications, and these changes and improvements all fall in the claimed scope of the invention.The claimed scope of the present invention is defined by appending claims and equivalent thereof.
Claims (1)
1. the method for inspection of internet service operation field terminal safety control operation, this method is based on that detection platform carries out, method comprises system actor sign and check, the check of System Operation Log and the check of security service differentiated, it is characterized in that the check of described sign and discriminating may further comprise the steps:
(1) sign and the establishment of differential test use-case;
(2) check system actor sign and authentication scheme and the system that the place of business end provides, and carry out corresponding systemic-function by different role;
(3) system actor sign and the data of differentiating are carried out initialization;
(4) by different role system identification data is operated;
(5) by wrong authentication data login, whether check place of business end stops session; And by the maximum frequency of failures that allow of authorized administrator setting, whether automatically the checking system record differentiates the cut-and-try process of failing;
(6) obtain assay by test case;
The check of described System Operation Log may further comprise the steps:
(11) System Operation Log test case establishment;
(12) login system is carried out associative operation, and Query System Log;
(13) according to system documentation system journal is increased, deletes, changes operation, the parameter of system's automated back-up, deletion daily record is set simultaneously;
(14) with unauthorized user visit, Query System Log;
(15) with authorized user local and long-range system journal is inquired about;
(16) through aforesaid operations, test case draws assay;
Described security service check may further comprise the steps:
(21) establishment security service test case;
(22) to audit security strategy and preventing by the inspection of the measure of bypass;
(23) use exist cyberspace vulnerability or not the main frame of upgrade patch program as terminal online use;
(24) by software network is attacked, perhaps the Internet is attacked by access terminals;
(25), draw assay by test case through aforesaid operations.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2008102081991A CN101453388B (en) | 2008-12-30 | 2008-12-30 | Inspection method for Internet service operation field terminal safety |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2008102081991A CN101453388B (en) | 2008-12-30 | 2008-12-30 | Inspection method for Internet service operation field terminal safety |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101453388A CN101453388A (en) | 2009-06-10 |
| CN101453388B true CN101453388B (en) | 2011-02-09 |
Family
ID=40735417
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2008102081991A Expired - Fee Related CN101453388B (en) | 2008-12-30 | 2008-12-30 | Inspection method for Internet service operation field terminal safety |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101453388B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102567499A (en) * | 2011-12-26 | 2012-07-11 | 苏州风采信息技术有限公司 | Safety management method for journal inquiry |
| CN106211217A (en) * | 2015-04-30 | 2016-12-07 | 深圳市商机无限网络科技有限公司 | A kind of WIFI network method for auditing safely, platform |
| CN113364745A (en) * | 2021-05-21 | 2021-09-07 | 北京国联天成信息技术有限公司 | Log collecting and analyzing processing method |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060122913A1 (en) * | 2004-11-23 | 2006-06-08 | International Business Machines Corporation | Generating performance workload definitions with shopping cart software |
| CN1926801A (en) * | 2003-11-14 | 2007-03-07 | 株式会社Nets | Extranet access management apparatus and method |
| CN1960255A (en) * | 2006-09-21 | 2007-05-09 | 上海交通大学 | Distributed access control method in multistage securities |
-
2008
- 2008-12-30 CN CN2008102081991A patent/CN101453388B/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1926801A (en) * | 2003-11-14 | 2007-03-07 | 株式会社Nets | Extranet access management apparatus and method |
| US20060122913A1 (en) * | 2004-11-23 | 2006-06-08 | International Business Machines Corporation | Generating performance workload definitions with shopping cart software |
| CN1960255A (en) * | 2006-09-21 | 2007-05-09 | 上海交通大学 | Distributed access control method in multistage securities |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101453388A (en) | 2009-06-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10356044B2 (en) | Security information and event management | |
| McHugh | Intrusion and intrusion detection | |
| US7325252B2 (en) | Network security testing | |
| US8561175B2 (en) | System and method for automated policy audit and remediation management | |
| CN105391687A (en) | System and method for supplying information security operation service to medium-sized and small enterprises | |
| CN111586033A (en) | Asset data middle platform of data center | |
| Fonseca et al. | Vulnerability & attack injection for web applications | |
| CN110535806B (en) | Method, device and equipment for monitoring abnormal website and computer storage medium | |
| CN108989296A (en) | A kind of Internet of things system safety comprehensive assessment system and method | |
| JP2003108521A (en) | Fragility evaluating program, method and system | |
| CN111510463B (en) | Abnormal behavior recognition system | |
| KR20140035146A (en) | Apparatus and method for information security | |
| CN106230857A (en) | A kind of active leakage location towards industrial control system and detection method | |
| Zamiri-Gourabi et al. | Gas what? i can see your gaspots. studying the fingerprintability of ics honeypots in the wild | |
| CN101453388B (en) | Inspection method for Internet service operation field terminal safety | |
| CN108965317B (en) | Network data protection system | |
| RU2481633C2 (en) | System and method for automatic investigation of safety incidents | |
| CN113868669A (en) | Vulnerability detection method and system | |
| Kersten et al. | 'Give Me Structure': Synthesis and Evaluation of a (Network) Threat Analysis Process Supporting Tier 1 Investigations in a Security Operation Center | |
| CN110086812A (en) | A kind of safely controllable intranet security patrol police's system and method | |
| CN105577369B (en) | A kind of the remote validation method, apparatus and system of credible evidence | |
| CN101465764B (en) | Inspection method for internet service business place information safety management | |
| CN101459555B (en) | Detection method for on-line person interest protection at Internet access service providing site | |
| CN111698199A (en) | Firewall monitoring method and device | |
| Kumazaki et al. | Cyber Attack Stage Tracing System based on Attack Scenario Comparison. |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20110209 Termination date: 20171230 |