CN101459555A - Detection method for on-line person interest protection at Internet access service providing site - Google Patents
Detection method for on-line person interest protection at Internet access service providing site Download PDFInfo
- Publication number
- CN101459555A CN101459555A CN 200810208191 CN200810208191A CN101459555A CN 101459555 A CN101459555 A CN 101459555A CN 200810208191 CN200810208191 CN 200810208191 CN 200810208191 A CN200810208191 A CN 200810208191A CN 101459555 A CN101459555 A CN 101459555A
- Authority
- CN
- China
- Prior art keywords
- test
- online
- personnel
- internet access
- service providing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention discloses a detecting method of internet people rights protection of network service business location on internet, which is mainly proceeded on a detecting platform. The detecting method is characterized in that the method comprises the following steps: firstly, setting detecting environment, secondly, mounting a measured system, thirdly, designing an example for testing, fourthly, testing system functions. The detecting method can guarantee high efficiency, consistency, reproducibility and comparability of detecting.
Description
Technical field:
The present invention relates to a kind of inspection technology of internet access service providing site connecting internet system, particularly a kind of method of inspection of on-line person interest protection at Internet access service providing site.
Background technology:
The method of inspection of online line person interest protection provided by the invention is at industry standards of public safety GA557-2005 internet service business place information safety management code; the test environment that the content of relevant online line person interest protection is formulated in GA558-2005 internet service business place information safety management system data DIF and the GA559-2005 internet service business place information safety management system place of business end functional requirement; method of testing and test case.
Online line person interest protection function is meant after the online personnel surf the Net end, should remove the internet information that is retained on the terminal, comprises online personnel individual privacy information.
Before the method for inspection of online line person interest protection was put into effect, there is no the ready-made method of inspection can adopt.
Summary of the invention:
The present invention is directed to the situation that above-mentioned internet access service providing site can't be protected in online personnel rights and interests, and a kind of method of inspection that can comparatively comprehensively check service on net business field existing problem aspect the online line person interest protection is provided.
For achieving the above object the technical solution used in the present invention:
The method of inspection of on-line person interest protection at Internet access service providing site, this method is mainly carried out under detection platform, and it mainly may further comprise the steps:
(1) makes up testing environment, requirement according to " internet service business place information safety management system test detailed rules for the implementation ", make up test environment, be included as test required software and hardware configuration and network configuration and installation internet service business place information safety management system management end interface test module;
(2) detected system is installed, the system that needs detect is installed according to the system product specification;
(3) design test case, treat the test case that examining system adapts according to each bar test basis design of contrast with this, this test case must comprise use-case sequence number, use-case author, design date and concrete input/output information, so that reduce the uncertainty of test, and when reviewing mistake, it can be reproduced;
(4) System Functional Test after the end of surfing the Net the online personnel, should be removed the internet information that is retained on the terminal, and it comprises that online personnel individual privacy information is a foundation, utilizes the test case of step (3) design that system is tested.
When making up testing environment in the described step (1), because the difference of access mechanism, system under test (SUT) place of business end equipment generally has the form of two kinds of connecting systems, and mode one is a series form, and place of business end equipment is connected to network exit with the form of gateway/bridge; Mode two is parallel form, and place of business end equipment operates on hub/switch with listen mode.
The method that adopts equivalence class to divide during described step (3) design test case is done more comprehensive coverage test to reach; Should adopt the method for boundary value to test as far as possible to test simultaneously with critical value.
Test in the described step (4) realizes by following steps:
(41) simulation online personnel internet usage is visited some and need be used the resource of account number and password login and use MSN to chat;
(42) these personnel surf the Net finish after, use same station terminal with the online personnel of another identity;
Whether have the leave over information that comprises previous online personnel individual privacy information, if there is the information of leaving over that comprises individual privacy information in the terminal, this is judged to defective if (43) landing back this terminal of check.
Described step (43) is to pass through search respectively: the history file of intrasystem cookie file, system Template file, browser folder, MSN are preserved the default position of chat record etc., and other may be because personnel surf the Net the file that contains online personnel privacy that increases newly is checked.
Individual privacy information in the described step (43) comprises local temporary files, Internet access history record, instant messaging chat record, other files that contain online personnel privacy that increased newly by online personnel online of all kinds of numbers of the account of storage and password.
Can evaluate and test and check the function and the performance of internet access service providing site according to this method that technique scheme obtains.
The combine closely demand of Ministry of Public Security regulation internet access service providing site of platform is followed function and the performance requirement of the Ministry of Public Security to the internet service business place information safety management system technically fully.The high efficiency of the test that this method can guarantee, consistency, reproducibility and comparativity.High efficiency: since detailed regulation method of testing and test case, the time of testing shortens greatly, efficient improves greatly; Consistency: each test result unanimity of identical product; Reproducibility: certain test result of certain product can accessiblely be reproduced; Comparativity: the test request of different product is identical with input, so the result has comparativity.
Description of drawings:
Further specify the present invention below in conjunction with the drawings and specific embodiments.
Fig. 1 is the topological diagram of test environment of the present invention.
Fig. 2 is the flow chart of steps of the inventive method.
Embodiment:
For technological means, creation characteristic that the present invention is realized, reach purpose and effect is easy to understand, further set forth the present invention below in conjunction with concrete diagram and embodiment.
This detection method is concrete on detection platform implements concrete steps following (as shown in Figure 2):
The first step, platform user are according to the requirement of " internet service business place information safety management system test detailed rules for the implementation ", make up test environment (as shown in Figure 1), be included as test required software and hardware configuration and network configuration and installation internet service business place information safety management system management end interface test module.
As shown in Figure 1, two kinds of access sides can be arranged among the present invention: gateway is connected in series or is installed on same main frame with system under test (SUT) place of business end during a mode; Gateway connecting hub during the b mode.
For the difference of access mechanism, system under test (SUT) place of business end equipment generally has the form of two kinds of connecting systems, and a mode is a series form, and place of business end equipment is connected to network exit with the form of gateway/bridge; The b mode is parallel form, and place of business end equipment operates on hub/switch with listen mode.For other access waies, should be adjusted testing environment according to himself characteristic.
Each system's place of business end uses an Internet outlet simultaneously, but can should realize the application of this service on internal server in the Internet of its application of internal simulation service for some as far as possible, as: WEB, FTP, Mail etc.Topological diagram according to shown in Figure 1 builds testing environment, and each test suite is as shown in table 1 among Fig. 1:
The explanation of table 1 test suite
2. prepare before detecting
Detection person prepares:
Knowledge expertise:
Before carrying out the detection of internet service business place information safety management system, the inspector must learn and on top of following knowledge, software and instrument:
(1) Windows 2000 Professional, Windows XP Professional simplified form of Chinese Character version operating system;
(2) network environment based on ICP/IP protocol makes up and analyzes;
(3) principle and the basic configuration of application layer protocol such as HTTP, FTP, SMTP, POP/POP3, IMAP, TELNET, NNTP, RSTP, MMS and service;
(4) Windows 2000 Server and IIS 5.0, Redhat Linux 9.0 and Sendmail;
(5) protocol analyzer;
(6) stopwatch.
The inspector must learn and can use following application program:
(1) media play software: Realplayer10.5, Windows Media Player 10 etc.;
(2) Mail Clients: Outlook6 simplified Chinese edition, Foxmail 6.0 etc.;
(3) MSN: MSN Messenger 8.5, ICQ V5.04, Yahoo Messenger 7.5, UC2005, QQ 2008, Sina Web click-through V1.3.0.0, AOL Instant Messenger 5.9, POPO 2008, search the logical V4.20 of Q V3.6, E words etc.;
(4) network game client: connection crowd, legend 3, China online, the Xuanyuan sword Online etc. that plays;
(5) WEB browser: IE 6.0 simplified Chinese editions etc.
Testing environment is prepared:
Before detecting beginning, detection person must carry out following preparation:
(1) explanation is ready to detect needed hardware device according to table 1 test suite, and install corresponding operating system and software for it (except that terminating machine E, F, any main frame should not installed unnecessary software and services, in order to avoid systemic-function and performance index are had a negative impact);
(2) build test network according to Fig. 1 testing environment network topology structure figure, and the service for preparing network attribute such as corresponding IP address for it and need;
(3) be foundation with distribution of censorship system and operation document, censorship internet service business place information safety management system is installed;
(4) if the system under test (SUT) place of business end A of censorship is a software, then the main frame software and hardware of preparing for this system of installation can be configured according to demand fully, simultaneously configuring condition is charged to the detection original record;
(5) system clock of All hosts in the synchronous good testing environment;
(6) confirm whether the censorship system can normally move, after obtaining confirming, preparation is finished, and can begin to detect.
Standard is prepared:
When detecting, detection person still needs and is ready to following standard, and reads over standard, and basic grasp standard content is so that inquiry.
(1) GA557-2005 internet service business place information safety management code;
(2) GA558-2005 internet service business place information safety management system data DIF;
(3) GA559-2005 internet service business place information safety management system place of business end functional requirement;
(4) GA560-2005 internet service business place information safety management system place of business end and place of business system of operation and management interfacing requirement;
(5) GA561-2005 internet service business place information safety management system management end functional requirement;
(6) GA562-2005 internet service business place information safety management system management end interface specification requirement;
(7) GB/T 2260 administrative regional division of the People's Republic of China's codes
(8) GB 2312-1980 Chinese Character Set Code for Informati baseset
(9) expansion of GB 18030-2000 information technology Chinese Character Set Code for Informati baseset
(10) GA/Z02-2005 public business basic data element code collection
Second step, system under test (SUT) is installed according to product description;
The 3rd the step, according to method of testing and test case sample design test case according to design of Platform;
Make the test case that is fit to system to be detected characteristics according to each bar test basis.Test case must comprise use-case sequence number, use-case author, design date and concrete input/output information, so that reduce the uncertainty of test, and it can be reproduced when reviewing mistake.
When test case is write, have following principle and the method can reference:
(1) need scrutinize the standard implication, analyze each situation that may occur in actual conditions, the method that adopts equivalence class to divide is then done more comprehensive coverage test;
(2) should adopt the method for boundary value to test as far as possible to test with critical value;
(3) according to the experience that detects at ordinary times, can append some test cases with mistake supposition method;
(4) suggestion is put every pairing standard feature point of Business Stream in order according to the rule of Business Stream, detects according to Business Stream, will detect the minimizing workload owing to having avoided duplicate detection to compare by the standard pointwise.
The 4th step, carry out System Functional Test according to the testing procedure of design of Platform;
Test basis:
After the online personnel surf the Net end, should remove the internet information that is retained on the terminal, comprise online personnel individual privacy information;
The information content that should remove should comprise the content of table 2 at least.
Table 2
| Sequence number | The online log-on message that the online personnel must remove |
| 1 | Store the local temporary files of all kinds of numbers of the account and password |
| 2 | Intcrnet access history record |
| 3 | Instant messaging (as MSN, QQ etc.) chat record |
| 4 | Other are the newly-increased file that contains online personnel privacy by online personnel online |
Inspection principle:
The content that can be divided into following several parts about the test basis of online line person interest protection in principle:
(1) file is removed zero the time;
(2) Visitor Logs is removed;
(3) chat record is removed;
(4) the privacy file is removed.
Therefore, in design verification method, also need design at above content.Corresponding relation is as follows:
| According to principle | The method principle | |
| File is removed in the time of zero | Remove compliance test result (A) | Confirmation of secretarial document (E) |
| Visitor Logs is removed | Remove compliance test result (B) | |
| Chat record is removed | Remove compliance test result (C) | |
| The privacy file is removed | Remove compliance test result (D) | |
The basic principle that corresponding test case is followed is then done following classification:
| Basic principle | Method is sorted out |
| Directly checking | A、B、C、D、E |
| Equivalence class is divided | A、B、C、D |
| Boundary value | |
| Mistake is inferred | A、B、C、D |
The method of inspection:
Simulation online personnel internet usage is visited some and need be used the resource of account number and password login and use MSN to chat.After these personnel surf the Net end, online personnel with another identity use same station terminal, difference search: the default position that the history file folder of intrasystem cookie file, system Template file, browser, MSN are preserved chat record etc., and other may be because the file that contains online personnel privacy that personnel online increases newly, and whether check has the information of leaving over that comprises previous online personnel privacy information.If comprise the information of leaving over of personnel's privacy information more than existing in the terminal, this is judged to defective.This part function that the statement of detection system supporting paper has.(as shown in table 3)
The test case sample:
Table 3 online line person interest protection
Provided test in this table to place of business end system online line person interest protection function, at first at terminating machine E, the following accessible with application software of the last use of F the Internet, Realplayer10.5, MSN Messenger 8.5, ICQ V5.04, Yahoo Messenger 7.5, UC2008, Sina Web click-through V1.3.0.0, connection is many, legend 3, IE 6.0 simplified Chinese editions, the Outlook6 simplified Chinese edition, Windows Media Player 10, QQ2008, AOL Instant Messenger 5.9, POPO 2008, search Q V3.6, the logical V4.20 of E words, China's recreation is online, Xuanyuan sword Online, after the user is off line, all relate to net user's file change by system log (SYSLOG); This moment is again with another user's identity login terminal E, F, difference search: the default position that the history file folder of intrasystem cookie file, system Template file, browser, MSN are preserved chat record etc., and other may be because the file that contains online personnel privacy that personnel online increases newly, and whether check has the information of leaving over that comprises previous online personnel privacy information; Behind aforesaid operations, the result that expection obtains is for except that program self file, and no any increment information that relates to the user is if after the practical operation, consistent with expected results, then this of system function is qualified, otherwise defective.Relevant testing result is logged in the table.
More than show and described basic principle of the present invention and principal character and advantage of the present invention.The technical staff of the industry should understand; the present invention is not restricted to the described embodiments; that describes in the foregoing description and the specification just illustrates principle of the present invention; without departing from the spirit and scope of the present invention; the present invention also has various changes and modifications, and these changes and improvements all fall in the claimed scope of the invention.The claimed scope of the present invention is defined by appending claims and equivalent thereof.
Claims (6)
1, the method for inspection of on-line person interest protection at Internet access service providing site, this method is mainly carried out under detection platform, it is characterized in that, and this method may further comprise the steps:
(1) makes up testing environment,, make up test environment, be included as test required software and hardware configuration and network configuration and installation internet service business place information safety management system management end interface test module according to related request;
(2) detected system is installed, the system that needs detect is installed according to the system product specification;
(3) design test case, treat the test case that examining system adapts according to each bar test basis design of contrast with this, this test case must comprise use-case sequence number, use-case author, design date and concrete input/output information, so that reduce the uncertainty of test, and when reviewing mistake, it can be reproduced;
(4) System Functional Test after the end of surfing the Net the online personnel, should be removed the internet information that is retained on the terminal, and it comprises that online personnel individual privacy information is a foundation, utilizes the test case of step (3) design that system is tested.
2, the method for inspection of on-line person interest protection at Internet access service providing site according to claim 1, it is characterized in that, when making up testing environment in the described step (1), because the difference of access mechanism, system under test (SUT) place of business end equipment generally has the form of two kinds of connecting systems, mode one is a series form, and place of business end equipment is connected to network exit with the form of gateway/bridge; Mode two is parallel form, and place of business end equipment operates on hub/switch with listen mode.
3, the method for inspection of on-line person interest protection at Internet access service providing site according to claim 1 is characterized in that, the method that adopts equivalence class to divide during described step (3) design test case is done more comprehensive coverage test to reach; Should adopt the method for boundary value to test as far as possible to test simultaneously with critical value.
4, the method for inspection of on-line person interest protection at Internet access service providing site according to claim 1 is characterized in that, the test in the described step (4) realizes by following steps:
(41) simulation online personnel internet usage is visited some and need be used the resource of account number and password login and use MSN to chat;
(42) these personnel surf the Net finish after, use same station terminal with the online personnel of another identity;
Whether have the leave over information that comprises previous online personnel individual privacy information, if there is the information of leaving over that comprises individual privacy information in the terminal, this is judged to defective if (43) landing back this terminal of check.
5, the method for inspection of on-line person interest protection at Internet access service providing site according to claim 4; it is characterized in that; described step (43) is to pass through search respectively: the history file of intrasystem cookie file, system Template file, browser folder, MSN are preserved the default position of chat record etc., and other may be because personnel surf the Net the file that contains online personnel privacy that increases newly is checked.
6, the method for inspection of on-line person interest protection at Internet access service providing site according to claim 4; it is characterized in that the individual privacy information in the described step (43) comprises local temporary files, Internet access history record, instant messaging chat record, other files that contain online personnel privacy that increased newly by online personnel online of all kinds of numbers of the account of storage and password.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200810208191 CN101459555B (en) | 2008-12-30 | 2008-12-30 | Detection method for on-line person interest protection at Internet access service providing site |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200810208191 CN101459555B (en) | 2008-12-30 | 2008-12-30 | Detection method for on-line person interest protection at Internet access service providing site |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101459555A true CN101459555A (en) | 2009-06-17 |
| CN101459555B CN101459555B (en) | 2013-01-23 |
Family
ID=40770198
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200810208191 Active CN101459555B (en) | 2008-12-30 | 2008-12-30 | Detection method for on-line person interest protection at Internet access service providing site |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101459555B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107819746A (en) * | 2017-10-25 | 2018-03-20 | 珠海金山网络游戏科技有限公司 | A kind of database server reads the method and device that account form control user logs in |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100502332C (en) * | 2004-09-01 | 2009-06-17 | 中兴通讯股份有限公司 | Method for increasing point-to-point protocol session capacity of broadband accessing server |
| CN100375451C (en) * | 2005-03-21 | 2008-03-12 | 中兴通讯股份有限公司 | Automatic test method for network protection system of optical SDH |
-
2008
- 2008-12-30 CN CN 200810208191 patent/CN101459555B/en active Active
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107819746A (en) * | 2017-10-25 | 2018-03-20 | 珠海金山网络游戏科技有限公司 | A kind of database server reads the method and device that account form control user logs in |
| CN107819746B (en) * | 2017-10-25 | 2020-09-04 | 珠海金山网络游戏科技有限公司 | Method and device for controlling user login by reading account table by database server |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101459555B (en) | 2013-01-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109033471B (en) | Information asset identification method and device | |
| US7627669B2 (en) | Automated capturing and characterization of network traffic using feedback | |
| Zou et al. | Modeling and simulation study of the propagation and defense of internet e-mail worms | |
| US7454523B2 (en) | Geographic location determination including inspection of network address | |
| CN111600781B (en) | Firewall system stability testing method based on tester | |
| US20030229695A1 (en) | System for use in determining network operational characteristics | |
| CN110519150B (en) | Mail detection method, device, equipment, system and computer readable storage medium | |
| US20060045019A1 (en) | Network testing agent with integrated microkernel operating system | |
| CN101360015A (en) | Method, system and apparatus for test network appliance | |
| CN112152871B (en) | Artificial intelligence test method, device and system for network security equipment | |
| CN112131057B (en) | AI test method, client and system of network security equipment | |
| CN102014145A (en) | File transfer security control system and method | |
| CN109698809A (en) | A kind of recognition methods of account abnormal login and device | |
| CN109446837A (en) | Text checking method, equipment and readable storage medium storing program for executing based on sensitive information | |
| CN112152837A (en) | Method, device and system for realizing intelligent supervision of network security equipment | |
| CN104734939B (en) | Session keep-alive method and equipment | |
| CN101459555B (en) | Detection method for on-line person interest protection at Internet access service providing site | |
| JP2014035595A (en) | Testing device for communication system, testing program for communication system, and testing method for communication system | |
| CN112328485A (en) | User behavior shunting test method and system | |
| CN107592243A (en) | A kind of method and device for verifying router static binding function | |
| CN101459540A (en) | Internet access system using performance detection method for Internet access service providing site | |
| CN101453388A (en) | Inspection method for Internet service operation field terminal safety control operation | |
| CN101465764B (en) | Inspection method for internet service business place information safety management | |
| Johansen et al. | Email Communities of Interest. | |
| CN107104853B (en) | Test bed system and test method for terminal safety management software |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |