CN101605065A - The implementation method of security incident monitoring in the system of security centre - Google Patents
The implementation method of security incident monitoring in the system of security centre Download PDFInfo
- Publication number
- CN101605065A CN101605065A CNA2009100315091A CN200910031509A CN101605065A CN 101605065 A CN101605065 A CN 101605065A CN A2009100315091 A CNA2009100315091 A CN A2009100315091A CN 200910031509 A CN200910031509 A CN 200910031509A CN 101605065 A CN101605065 A CN 101605065A
- Authority
- CN
- China
- Prior art keywords
- security
- watch
- centre
- dog
- strategy
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention provides a kind of many watch-dogs is connected with security centre, based on the design framework of the distributed network behavior real-time monitoring system of B/S model, the security incident monitoring is divided into two parts, security centre's configuration security strategy, security strategy is issued to watch-dog, and self-defined alarm mode; The real-time supervisory user network behavior of watch-dog, security incident, local security policy real-time report are given security centre; Security centre analyzes security incident and notifies the keeper with mailing/short message mode, realizes the real-time monitoring to the user network behavior.The present invention adopts the telecommunication mode to realize the management of security centre to watch-dog, the security incident of centralized management watch-dog, thus realized the security incident monitoring of security centre to many watch-dogs.
Description
Technical field
The present invention relates to the method that a kind of network data analysis is handled, particularly the implementation method of security incident monitoring belongs to the network management system technical field.
Background technology
Along with the high speed development of Internet, network application is more and more, and some key businesses of most of enterprises also begin to provide by Internet.And the big characteristic of Internet is open, and this just opening has constituted serious threat to the safety that Internet goes up service.In order to guarantee healthy and orderly development, must on network security, provide strong assurance.
Because traditional information security management is a terminal equipment, an equipment can only be managed the appointment network segment, security strategy is by the local administrator setting, information is relatively inaccessible, for many watch-dogs, information can not be shared, the human resources serious waste, monitor asynchronously, serious information security issue can occur.
The system of security centre is based on the design framework of the distributed network behavior real-time monitoring system of B/S model, watch-dog reports local policy and security incident to security centre in real time, the security policy synchronization of watch-dog and security centre, effectively utilize resource, share security strategy, realized requirement the real-time monitoring of user network behavior.
The security incident monitoring of system of security centre provides following function and characteristic:
1) security strategy: the keeper disposes corresponding security strategy according to network condition, selects the alarm mode;
2) security strategy issues: security strategy is issued to the appointment watch-dog;
3) security incident reports: the security incident that the watch-dog real-time report triggers, in security centre's unified management;
4) self-defined alarm: when security centre produces security incident, can adopt mail, short message mode to notify the related personnel, make the related personnel in time handle great security incident;
5) efficient resource utilization: the security incident unified management, effectively utilize Internet resources and human resources, increase work efficiency.
Security centre's management system belongs to network information security program and uses, the information security of effective management company network, dispose with the C/S frame mode, realize the information security unified management, strategy is shared, many monitor device resources are shared, and have improved the information security of whole network, make things convenient for the management of multiple devices terminal.
Summary of the invention
The objective of the invention is to overcome the deficiency that prior art exists, the implementation method of security incident monitoring in the system of a kind of security centre is provided.
Purpose of the present invention is achieved through the following technical solutions:
The implementation method of security incident monitoring in the system of security centre, characteristics are: many watch-dogs are connected with security centre, and the security incident monitoring is divided into two parts, and the one,, security centre's configuration security strategy, security strategy is issued to watch-dog; The 2nd,, the real-time supervisory user network behavior of watch-dog produces security incident and reports security centre, and security strategy is reported to security centre; Security centre analyzes security incident and notifies the keeper with mail/short message mode, thereby realizes the real-time monitoring to the user network behavior.
Further, the implementation method of security incident monitoring in the above-mentioned system of security centre, described security strategy comprises that security strategy issues, security strategy reports, security incident reports, self-defined alarm mode, wherein, described security strategy issues, system program by security centre is handed down to watch-dog by long-range connection, and watch-dog receives security strategy and is loaded in the supervisory control system network behavior of supervisory user; Described security strategy reports, and reports the current safety strategy by watch-dog to security centre, understands the security strategy of current watch-dog in the system of security centre; Described security incident reports, and the user has triggered the security incident that is provided with, and watch-dog initiatively reports to security centre, understands the current network running status in security centre; The described alarm mode of making by oneself is selected mail/short message alarm, when the user has triggered security incident, and in very first time notice, with problem and the potential safety hazard that occurs in the timely processing network.
Further, the implementation method of security incident monitoring in the above-mentioned system of security centre, when watch-dog starts, at first watch-dog and security centre connect, carry out Login Register, behind user's editing safety strategy, read the security strategy that need issue by the SOC server cycle, issue to watch-dog request security strategy; Watch-dog cycle security strategy reports, the security policy synchronization that keeps security centre and watch-dog when watch-dog triggers security incident, is reported by the security incident of watch-dog request security centre, thereby realize the security policy synchronization of server and client, the real-time report security incident.
Substantive distinguishing features and obvious improvement that technical solution of the present invention is outstanding are mainly reflected in:
The implementation of the security incident monitoring of security centre of the present invention adopts the telecommunication mode to realize the management of security centre to watch-dog, the security incident of centralized management watch-dog, thus realized the security incident monitoring of security centre to many watch-dogs.Be rated as have novelty, the good technology of creativeness, practicality, have a extensive future.
Description of drawings
Below in conjunction with accompanying drawing technical solution of the present invention is described further:
Fig. 1: the configuration diagram of security centre's system safety event-monitoring;
Fig. 2: security centre's overall system configuration diagram;
Fig. 3: the handling process schematic diagram of security centre's system safety event-monitoring.
The implication of each Reference numeral sees the following form among the figure:
| Reference numeral | Implication | Reference numeral | Implication | | Implication | |
| 1 | Security centre's equipment | 2 | Client device | 3 | Security strategy issues | |
| 4 | Security strategy reports | 5 | Security incident reports | 6 | The SOC management system | |
| 7 | Security strategy | 8 | Security incident | 9 | The service of SOC backstage |
| Reference numeral | Implication | Reference numeral | Implication | Reference numeral | Implication |
| Program | |||||
| 10 | The |
11 | The OTSOC module | 12 | Security strategy |
| 13 | Security incident is checked | 14 | The FMS module | 15 | The FUM module |
| 16 | OfficeTen equipment | 17 | Note/mail sending module |
Embodiment
The implementation method of security incident monitoring in the system of security centre adopts SOCKET to realize the two-way interconnection technique of server/customer end, to the processing of data business, is divided into two classes; Server issues security strategy, and client receives the security strategy from server, reports local security policy to server according to demand, when terminal triggers security incident, the then security incident that real-time report triggered.
Based on the design framework of the distributed network behavior real-time monitoring system of B/S model, watch-dog reports security incident to security centre in real time, and security centre issues security strategy to watch-dog, and security centre analyzes security incident and also notifies the related management personnel.Many watch-dogs are connected with security centre, and the security incident monitoring is divided into two parts, and the one,, security centre's configuration security strategy, security strategy is issued to watch-dog; The 2nd,, the real-time supervisory user network behavior of watch-dog produces security incident and reports security centre, and security strategy is reported to security centre; Security centre analyzes security incident and notifies the keeper with mail/short message mode, thereby realizes the real-time monitoring to the user network behavior.
Wherein, described security strategy comprises that security strategy issues, security strategy reports, security incident reports, self-defined alarm mode, described security strategy issues, system program by security centre is handed down to watch-dog by long-range connection, watch-dog receives security strategy and is loaded in the supervisory control system network behavior of supervisory user; Described security strategy reports, and reports the current safety strategy by watch-dog to security centre, understands the security strategy of current watch-dog in the system of security centre; Described security incident reports, and the user has triggered the security incident that is provided with, and watch-dog initiatively reports to security centre, understands the current network running status in security centre; The described alarm mode of making by oneself is selected mail/short message alarm, when the user has triggered security incident, and in very first time notice, with problem and the potential safety hazard that occurs in the timely processing network.
Fig. 1 has explained the implementation of security incident, when client device 2 starts, at first connects with security centre equipment 1, carry out Login Register, behind user's editing safety strategy, the SOC server cycle is read the security strategy that need issue, and issues 3 to client device 2 request security strategies; 2 cycle of client device security strategy reports 4, the security policy synchronization that keeps security centre's equipment 1 and client device 2, when client device 2 triggers security incident, equipment 1 security incident of client device 2 request security centres reports 5, thereby realize the security policy synchronization of server and client, the real-time report security incident.
Fig. 2 has explained the system architecture of security centre, administrative staff are by Web login security centre management system, security strategy is issued to OfficeTen equipment, OfficeTen equipment reports security strategy, administrative staff are by the security incident of web browsing OfficeTen equipment, by the security incident of the system monitoring OfficeTen of security centre equipment.
Fig. 3 has explained the specific implementation process of security centre's system safety incident, and SOC management system 6 is in charge of security strategy 7 operations, and the security strategy 12 of setting sends to SOC backstage service routine 9; Security incident 8 is browsed; SOC backstage service routine 9 is responsible for the deal with data business, periodic duty 10 cycles of managing are read the security strategy that the keeper is provided with, be issued to the OfficeTen equipment of specifying, OTSOC module 11 connects with long-range OfficeTen equipment, two-way communication, issue security strategy 3,13 orders are checked in the 9 active process security incidents of SOC background program, the security incident 5 that reception preservation OfficeTen reports and the security strategy of OfficeTen equipment end, according to the warning strategies that the user is provided with, call note/mail sending module 17; In OfficeTen equipment end 16, FMS module 14 is responsible for communicating by letter and the deal with data business with administrative center, the security strategy 3 that sends over from security centre is transmitted to 15 processing of FUM module through FMS module 14, the OfficeTen equipment end loads security strategy and operation, when system triggers the security strategy of equipment, produce security incident and local alarm, 14 cycles of FMS module read warning information and produce security incident and send to security centre's processing, the security strategy at the regular synchronous safety of FMS center and local security strategy, the security strategy that security centre formulated is issued to OfficeTen equipment like this, and whether the enforcement supervisory user breaks the rules, when the user has triggered security strategy, OfficeTen equipment implements to be reported to security centre, and remote network management login security centre just can grasp the security situation of local network.
The OTSOC service realizes two-way connection the, the Business Processing between processing server and the client with watch-dog FMS module 14 in the system of security centre.Watch-dog sends connection request to security centre, and security centre confirms the legitimacy and the corresponding watch-dog of request, and wherein: safety verification mechanism adopts based on the safety verification of password or based on the safety verification mechanism of key.Watch-dog reports the security incident of current triggering to security centre, and local security strategy, and the security strategy that can manage all watch-dogs in security centre is effectively utilized resource.Administrative staff formulate security strategy in the system of security centre, the equipment that selection issues, and OTSOC module 11 is responsible for the current safety policy distribution to specified machine.Administrative staff specify safety regulation in security centre, select the alarm mode of security incident, can select mail or short message mode.The alarm mode that OTSOC chooses according to safety regulation, mail or way of short messages notify the related personnel to handle in the very first time.Above-mentioned Business Processing mode, wherein: OTSOC manages business, and the cycle is read task, and note/mail is alarmed mode at the server end real time execution, the security incident of watch-dog real-time report.
In sum, the implementation of the security incident monitoring of above-mentioned security centre, adopt the telecommunication mode to realize the management of security centre to the OfficeTen watch-dog, the security incident of centralized management OfficeTen watch-dog, thus realized the security incident monitoring of security centre to many OfficeTen watch-dogs.
What need understand is: above-mentioned explanation is not to be limitation of the present invention, and in the present invention conceived scope, the interpolation of being carried out, conversion, replacement etc. also should belong to protection scope of the present invention.
Claims (3)
1. the implementation method of security incident monitoring in the system of security centre, it is characterized in that: many watch-dogs are connected with security centre, and security incident is monitored and is divided into two parts, and the one,, security centre disposes security strategy, and security strategy is issued to watch-dog; The 2nd,, the real-time supervisory user network behavior of watch-dog produces security incident and reports security centre, and security strategy is reported to security centre; Security centre analyzes security incident and notifies the keeper with mail/short message mode, thereby realizes the real-time monitoring to the user network behavior.
2. the implementation method of security incident monitoring in the system of security centre according to claim 1 is characterized in that: described security strategy comprises that security strategy issues, security strategy reports, security incident reports, self-defined alarm mode; Wherein, described security strategy issues, and is handed down to watch-dog by the system program of security centre by long-range connection, and watch-dog receives security strategy and also is loaded in the watch-dog system network behavior of supervisory user; Described security strategy reports, and reports the current safety strategy by watch-dog to security centre, understands the security strategy of current watch-dog in the system of security centre; Described security incident reports, and the user has triggered the security incident that is provided with, and watch-dog initiatively reports to security centre, understands the current network running status in security centre; The described alarm mode of making by oneself is selected mail/short message alarm, when the user has triggered security incident, and in very first time notice, with problem and the potential safety hazard that occurs in the timely processing network.
3. the implementation method of security incident monitoring in the system of security centre according to claim 1, it is characterized in that: when watch-dog starts, at first watch-dog and security centre connect, carry out Login Register, behind user's editing safety strategy, read the security strategy that need issue by the SOC server cycle, issue to watch-dog request security strategy; Watch-dog cycle security strategy reports, the security policy synchronization that keeps security centre and watch-dog when watch-dog triggers security incident, is reported by the security incident of watch-dog request security centre, thereby realize the security policy synchronization of server and client, the real-time report security incident.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2009100315091A CN101605065A (en) | 2009-04-22 | 2009-04-22 | The implementation method of security incident monitoring in the system of security centre |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2009100315091A CN101605065A (en) | 2009-04-22 | 2009-04-22 | The implementation method of security incident monitoring in the system of security centre |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101605065A true CN101605065A (en) | 2009-12-16 |
Family
ID=41470625
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA2009100315091A Pending CN101605065A (en) | 2009-04-22 | 2009-04-22 | The implementation method of security incident monitoring in the system of security centre |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101605065A (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101789948A (en) * | 2010-02-21 | 2010-07-28 | 浪潮通信信息系统有限公司 | Hierarchical type mobile internet security monitoring and protecting system |
| CN102075927A (en) * | 2011-01-11 | 2011-05-25 | 中国联合网络通信集团有限公司 | Security configuration method and system for wireless network equipment |
| CN103297294A (en) * | 2013-05-20 | 2013-09-11 | 东莞市富卡网络技术有限公司 | Large-scale network security monitoring core data model processing decentralized load sharing method and system |
| CN103916397A (en) * | 2014-04-13 | 2014-07-09 | 北京工业大学 | Safety monitoring method under distributed network environment |
| CN105357170A (en) * | 2014-08-21 | 2016-02-24 | 中兴通讯股份有限公司 | Security service audit processing method and device |
| CN105491026A (en) * | 2015-11-24 | 2016-04-13 | 无锡江南计算技术研究所 | Remote loading method of security policy |
| CN111078660A (en) * | 2018-10-19 | 2020-04-28 | 厦门靠谱云股份有限公司 | Cloud database performance safety monitoring method |
| CN112269834A (en) * | 2020-11-05 | 2021-01-26 | 武汉烽火众智数字技术有限责任公司 | Public security big data distributed management and control system and method |
| CN114666161A (en) * | 2022-04-29 | 2022-06-24 | 深信服科技股份有限公司 | Component security policy management method, device, equipment and storage medium |
| CN116114220A (en) * | 2020-08-07 | 2023-05-12 | 上海诺基亚贝尔股份有限公司 | Security management services in management plane |
-
2009
- 2009-04-22 CN CNA2009100315091A patent/CN101605065A/en active Pending
Cited By (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101789948A (en) * | 2010-02-21 | 2010-07-28 | 浪潮通信信息系统有限公司 | Hierarchical type mobile internet security monitoring and protecting system |
| CN101789948B (en) * | 2010-02-21 | 2013-03-20 | 浪潮通信信息系统有限公司 | Hierarchical type mobile internet security monitoring and protecting system |
| CN102075927A (en) * | 2011-01-11 | 2011-05-25 | 中国联合网络通信集团有限公司 | Security configuration method and system for wireless network equipment |
| CN103297294A (en) * | 2013-05-20 | 2013-09-11 | 东莞市富卡网络技术有限公司 | Large-scale network security monitoring core data model processing decentralized load sharing method and system |
| CN103297294B (en) * | 2013-05-20 | 2016-01-20 | 东莞市富卡信息科技有限公司 | Large-scale network security monitoring core data model processing decentralized load sharing method and system |
| CN103916397A (en) * | 2014-04-13 | 2014-07-09 | 北京工业大学 | Safety monitoring method under distributed network environment |
| CN103916397B (en) * | 2014-04-13 | 2017-09-29 | 北京工业大学 | Method for safety monitoring under a kind of distributed network environment |
| WO2016026403A1 (en) * | 2014-08-21 | 2016-02-25 | 中兴通讯股份有限公司 | Security service auditing method and apparatus |
| WO2016026303A1 (en) * | 2014-08-21 | 2016-02-25 | 中兴通讯股份有限公司 | Auditing processing method and apparatus for security service |
| CN105357170A (en) * | 2014-08-21 | 2016-02-24 | 中兴通讯股份有限公司 | Security service audit processing method and device |
| CN105491026A (en) * | 2015-11-24 | 2016-04-13 | 无锡江南计算技术研究所 | Remote loading method of security policy |
| CN105491026B (en) * | 2015-11-24 | 2018-07-06 | 无锡江南计算技术研究所 | A kind of remote loading method of security strategy |
| CN111078660A (en) * | 2018-10-19 | 2020-04-28 | 厦门靠谱云股份有限公司 | Cloud database performance safety monitoring method |
| CN116114220A (en) * | 2020-08-07 | 2023-05-12 | 上海诺基亚贝尔股份有限公司 | Security management services in management plane |
| CN112269834A (en) * | 2020-11-05 | 2021-01-26 | 武汉烽火众智数字技术有限责任公司 | Public security big data distributed management and control system and method |
| CN114666161A (en) * | 2022-04-29 | 2022-06-24 | 深信服科技股份有限公司 | Component security policy management method, device, equipment and storage medium |
| CN114666161B (en) * | 2022-04-29 | 2024-04-09 | 深信服科技股份有限公司 | Component security policy management method, device, equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101605065A (en) | The implementation method of security incident monitoring in the system of security centre | |
| CN103283208B (en) | Based on the remote real-time monitoring system of cloud computing | |
| CN105282772A (en) | Wireless network data communication equipment monitoring system and equipment monitoring method | |
| CN102646230A (en) | Information system for realizing fast power restoration management of power distribution network faults | |
| CN201623722U (en) | Supervising platform for running and maintaining information security of electric power secondary system | |
| CN101877618A (en) | Monitoring method, server and system based on proxy-free mode | |
| CN112688819A (en) | Comprehensive management system for network operation and maintenance | |
| CN107911387A (en) | Power information acquisition system account logs in the monitoring method with abnormal operation extremely | |
| CN103533084A (en) | Real-time DMS (device management system) of B/S (browser/server) framework and method thereof | |
| CN112787404A (en) | Regional monitoring system based on intelligent operation and network security deep fusion | |
| CN107943670A (en) | A kind of ups power equipment monitoring system | |
| CN102571413A (en) | Method for resource management under cluster environment | |
| CN111582817A (en) | Network province two-stage electric power spot market technical support system based on cloud platform and construction method thereof | |
| CN110445694A (en) | A method of trigger notice is monitored based on Zabbix | |
| CN110908325A (en) | Operation and maintenance monitoring system for power equipment of information machine room of high-speed rail station | |
| CN101511095A (en) | Base station alarm intelligent monitoring system | |
| CN103489073A (en) | Enterprise safe production monitoring information system | |
| CN113592210A (en) | Internet of things integrated management platform for water supply non-negative-pressure secondary water supply facility | |
| CN205121640U (en) | Distribution fault handling information interaction terminal based on remove operation technology | |
| CN203630603U (en) | Sewage treatment system | |
| CN110008085A (en) | A kind of monitoring system of big data platform | |
| CN107480855A (en) | Managing and control system is rushed to repair in distribution | |
| CN202488492U (en) | Energy power environment monitoring device | |
| CN110278578B (en) | Management system for battery power and signal strength of public network interphone | |
| CN114665604A (en) | Distributed power supply grid-connected monitoring device and method and power grid operation monitoring system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Open date: 20091216 |