CN103390133A - Automatic Windows system security configuration check method - Google Patents
Automatic Windows system security configuration check method Download PDFInfo
- Publication number
- CN103390133A CN103390133A CN2012101375547A CN201210137554A CN103390133A CN 103390133 A CN103390133 A CN 103390133A CN 2012101375547 A CN2012101375547 A CN 2012101375547A CN 201210137554 A CN201210137554 A CN 201210137554A CN 103390133 A CN103390133 A CN 103390133A
- Authority
- CN
- China
- Prior art keywords
- security
- security configuration
- configuration
- check
- windows system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention aims at providing an automatic Windows system security configuration check method, which can obtain Windows system security configuration data through an automatic software technique, make a comparison with security configuration check specifications built in software, automatically obtain overall scores of Windows system security configuration check and a specific security configuration check result according to an algorithm, and correspondingly give a reasonable suggestion. An automatic Windows system security configuration check technique has the ability of remotely and locally checking the security configuration of the Windows system and satisfies the requirements of configuration specifications; and since a friendly man-machine interface and a rich report system are provided, the intelligence and the automation of security check are fully realized. Moreover, the automatic Windows system security configuration check method can also be widely used for security work such as product admittance, network access testing, work acceptance, system operation and maintenance configuration, self-evaluation, security reinforcing and security inspection.
Description
Technical field
The present invention relates generally to the safety technique field of computer information system.
Background technology
Along with the business development, the network size expanding day, it is produced, the network structure of business support system also becomes and becomes increasingly complex.Wherein, quantity and the kind of important application and server are increasing,, in case maintainer's maloperation occurs, perhaps adopt unalterable starter system setting and have ignored requirement for security control, just may affect greatly the normal operation of system.Therefore set up the baseline security standard of security checkpoints and operating guidance for the operation system of industry, become the most urgent thing of industry-by-industry safety manager.The baseline security standard will form detailed Checklist form and the operating guidance for different system, for standardized technical security operation provides framework and standard.Its range of application is very extensive, the safety inspection of reaching the standard grade, the third party who mainly comprises the new business system network safety inspection, close rule safety inspection (higher level's inspection), routine safety inspection etc.
Carry out the regular job of specification technique personnel on sorts of systems by adopting unified security configuration standard, allow the O﹠M personnel that the mark post that checks the acquiescence risk has been arranged, but in the face of kind in network is numerous and diverse, equipment and the software of One's name is legion, really complete system configuration and the reparation of compliance, but become a thing that wastes time and energy:
Security configuration inspection and problem reparation all need manually be carried out, and supervisory personnel's skills and experience is had relatively high expectations; The minute inspection of doing a popularization expends time in longer, and if spot-check instead would check comprehensive just very poor; Checking oneself and checking all needs login system to carry out, and more multiplex's work is more loaded down with trivial details for object, and work efficiency is not high yet; Manual record is all wanted in every inspection, slightly has careless omission just need to again mend survey.
Concerning check oneself or the supervisory personnel, require a great deal of time and energy carrys out checkout facility, collects data, making and the report of audit risk, to identify every system that does not meet safety standard requirements.How realize fast and effectively reaching the standard grade on the new business system safety inspection, third party network safety inspection, close the comprehensive equipment inspections such as rule safety inspection (higher level's inspection), routine safety inspection, the result how about centralized collection is verified, and making risk audit report, and finally identify those and the incongruent project of safety standard, close the requirement of rule to reach rectification, these are new difficult problems that the network O﹠M personnel face.
Summary of the invention
The object of the present invention is to provide a kind of Windows security of system configuration inspection method of robotization, it can be by the software engineering of robotization, obtain Windows security of system configuration data, and with the built-in security configuration of software, check that standard compares, robotization draw overall score and the concrete security configuration check result of Windows security of system configuration inspection and the corresponding conductive suggestion that provides according to algorithm.
The Windows security of system configuration inspection method of robotization has long-range and local ability of the Windows system being carried out the security configuration inspection, and meet the configuration specification requirement, have simultaneously friendly man-machine interface and abundant reporting system, realized intellectuality, the robotization of safety inspection work fully.Can also be widely used in the trouble free services such as product access, network access testing, the acceptance of work, the configuration of system O﹠M, self-assessment, security hardening, safety patrol inspection.
The function of the Windows security of system configuration inspection method major embodiment of robotization is as shown in the table:
Description of drawings
With reference to the detailed description below in conjunction with accompanying drawing, it is more obvious that feature of the present invention, advantage and other side thereof will become, wherein:
Fig. 1 has schematically shown the baseline security model figure of service based system;
Fig. 2 has schematically shown the system architecture schematic diagram of one embodiment of the present of invention;
Fig. 3 has schematically shown the process flow diagram of one embodiment of the invention;
Embodiment
1. access mode
● support local the inspection and two kinds of test modes of long-range inspection;
● NetBIOS, WMI are used in the long-range inspection to Windows;
● can specify the information such as login username and password.
● destination host is also supported test mode by the springboard main frame
2. scan mode
● support the scan task of multiaddress section target;
● support automatically to find the function of main frame and Intelligent Recognition goal systems type;
● support the automated intelligent matching feature of the configuration specification that target and inspection are used.
3. user interface
● support graphic user interface;
● support Chinese interface and Chinese environment;
● all operations is based on menu mode but not command line mode.
● possess detailed help information;
● functions of shortcut key is arranged;
● support distributed deployment and centralized control;
● easy and simple to handle, support local the inspection and long-range checking ability
● in long-range inspection, as long as check that target and instrument are that IP can reach, and check the open related service of target and port, just can carry out long-range inspection;
● all check results can be preserved, and can derive the statement forms such as Excel/PDF;
● support the association statistics and analysis of check result.
4. configuration is installed
● instrument mounting platform: support Chinese windows platform;
● deployment way: support standalone version deployment way and client/server deployment way.
5. system typical deployed mode
The security baseline configuration is verified Platform deployment in intranet, with the other assets of enterprise information system, by network, can reach.It can carry out quick-searching to assets information based on the IP address.
Claims (7)
1. robotization security configuration inspection method, it is characterized in that, auto acquisition system security configuration data, and with the built-in security configuration of software, check that standard compares, robotization draw overall score and the concrete security configuration check result of security of system configuration inspection and the corresponding suggestion for revision that provides according to algorithm.
2. auto acquisition system security configuration data according to claim 1, is characterized in that, local self-verifying and remote auto inspection, and the remote auto test mode is used NetBIOS, WMI.Automatic acquisition comprises scanister and testing fixture.
Scanister, for whole opening imformation data of scanning system.
Testing fixture, for the security configuration information data of check system.
3. security configuration according to claim 1 checks standard, it is characterized in that comprising: detection method, fill order, matched rule, suggestion for revision.
4. according to claim 2 testing fixture, is characterized in that, shows that the configuration item comparison checks standard, counts the score according to algorithm.
5. according to claim 3 detection method, is characterized in that comprising, the reference configuration operation, and decision condition, detect operation.
6. suggestion for revision according to claim 3, its feature are comprising, the reference configuration operation, and the complement operation explanation, decision condition, detect operation.
7. algorithm according to claim 4, its feature is comprising: total system scoring method, historical trend algorithm, asset level algorithm.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2012101375547A CN103390133A (en) | 2012-05-07 | 2012-05-07 | Automatic Windows system security configuration check method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2012101375547A CN103390133A (en) | 2012-05-07 | 2012-05-07 | Automatic Windows system security configuration check method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN103390133A true CN103390133A (en) | 2013-11-13 |
Family
ID=49534402
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN2012101375547A Pending CN103390133A (en) | 2012-05-07 | 2012-05-07 | Automatic Windows system security configuration check method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103390133A (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103368965A (en) * | 2013-07-18 | 2013-10-23 | 北京随方信息技术有限公司 | Working method for mapping network safety norms to attribution requirements corresponding to network |
CN106789237A (en) * | 2016-12-20 | 2017-05-31 | 曙光信息产业(北京)有限公司 | The configuration device and collocation method of operating system |
CN107977311A (en) * | 2017-11-15 | 2018-05-01 | 中国电力科学研究院有限公司 | A kind of automatic method and system for carrying out distribution terminal information security detection |
CN108062470A (en) * | 2017-12-13 | 2018-05-22 | 广东电网有限责任公司电力科学研究院 | A kind of computer information safe reinforcement means |
CN108900527A (en) * | 2018-07-20 | 2018-11-27 | 南京方恒信息技术有限公司 | A kind of security configuration check system |
-
2012
- 2012-05-07 CN CN2012101375547A patent/CN103390133A/en active Pending
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103368965A (en) * | 2013-07-18 | 2013-10-23 | 北京随方信息技术有限公司 | Working method for mapping network safety norms to attribution requirements corresponding to network |
CN106789237A (en) * | 2016-12-20 | 2017-05-31 | 曙光信息产业(北京)有限公司 | The configuration device and collocation method of operating system |
CN107977311A (en) * | 2017-11-15 | 2018-05-01 | 中国电力科学研究院有限公司 | A kind of automatic method and system for carrying out distribution terminal information security detection |
CN107977311B (en) * | 2017-11-15 | 2021-10-22 | 中国电力科学研究院有限公司 | Method and system for automatically detecting information safety of power distribution terminal |
CN108062470A (en) * | 2017-12-13 | 2018-05-22 | 广东电网有限责任公司电力科学研究院 | A kind of computer information safe reinforcement means |
CN108900527A (en) * | 2018-07-20 | 2018-11-27 | 南京方恒信息技术有限公司 | A kind of security configuration check system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103390133A (en) | Automatic Windows system security configuration check method | |
CN103390132A (en) | Automatic Unix system security configuration check method | |
CN102306258B (en) | UNIX host safety configuration auditing method based on configurable knowledge base | |
CN109767081B (en) | Method and device for generating power worksheet | |
Chong et al. | Improving quality and performance of facility management using building information modelling | |
KR20140070237A (en) | System and method for managing food safety through online | |
CN110430081A (en) | The intelligent method for inspecting and device of automatic editing based on instruction | |
CN103714434A (en) | Chemical industry production site patrol system based on internet of things technology | |
Guo et al. | Improved safety checklist analysis approach using intelligent video surveillance in the construction industry: a case study | |
CN103971188A (en) | Fire protection management service platform and implementation method thereof | |
CN104199819A (en) | WEB system error processing method and device | |
CN113722747A (en) | Road water transport engineering test detection big data system and early warning method | |
CN112232339B (en) | Aviation display equipment fault detection method and monitoring device based on convolutional neural network | |
CN114186650A (en) | Maritime personnel emergency management system and management method | |
CN111260251A (en) | Operation and maintenance service management platform and operation method thereof | |
CN114399265A (en) | Electric power engineering construction project overall process management and control system | |
CN113872332A (en) | Intelligent operation and maintenance and anti-error management and control system and method for secondary pressing plate of transformer substation | |
CN112685743A (en) | Automatic reinforcing method and system for host security baseline | |
Xu et al. | Effectiveness Study of Artificial Intelligent Facility System in Maintaining Building Fire Safety (Case Study: Typical Public Building Cases of Fire‐Fighting Facilities Management in China) | |
CN115239144A (en) | Dual prevention mechanism information system based on regional risk management | |
CN115017491A (en) | Abnormal mail monitoring method and device combining RPA and AI and electronic equipment | |
CN116073520B (en) | Power grid inspection method and device, electronic equipment and storage medium | |
CN104751268A (en) | Mobile real estate field service checking system | |
CN101980212A (en) | Aviation electronic checklist and implementation method thereof | |
CN115424212A (en) | Electric power operation field violation identification system and application thereof |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20131113 |