CN103544660A - Method for safety testing before online implementation of electric power information system - Google Patents
Method for safety testing before online implementation of electric power information system Download PDFInfo
- Publication number
- CN103544660A CN103544660A CN201310525141.0A CN201310525141A CN103544660A CN 103544660 A CN103544660 A CN 103544660A CN 201310525141 A CN201310525141 A CN 201310525141A CN 103544660 A CN103544660 A CN 103544660A
- Authority
- CN
- China
- Prior art keywords
- strategy
- power information
- security
- standard
- information system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention provides a method for safety testing before online implementation of an electric power information system. The method comprises the following steps that an operation system safety configuration file, a middleware safety configuration file and a database safety configuration file are extracted from user configuration files of the electric power information system; whether the operation system safety configuration file, the middleware safety configuration file and the database safety configuration file conform to a preset operation system standard safety strategy, a preset middleware standard safety strategy and a preset database standard safety strategy or not are judged respectively and correspondingly; if a safety configuration file does not conform to the corresponding strategy, the safety configuration file is adjusted so as to conform to the corresponding safety strategy; permeability testing is independently conducted on an operation system, middleware and a database of the electric power information system respectively so as to obtain the safety performance of the electric power information system. The method for safety testing before online implementation of the electric power information system is high in testing efficiency and high in testing accuracy.
Description
Technical field
The present invention relates to information security technology, safety detecting method before relating in particular to power information system and reaching the standard grade.
Background technology
Electric power enterprise is applied rapidly infotech in recent years, and being applied in to enterprise of new infotech turns round to be with huge convenience and simultaneously efficient, also brought potential security risk.Its reason is, Information Technology Development excessive velocities, and the information security technology escorting is for it as very uneven in aspect development such as database, the tests of WEB information system security.Due to domestic power information system (systems such as ERP, electric power MIS) and Software Testing System thereof starting evening, in addition the singularity of power information system self, its development is still immature, a lot of domestic power information systems are all just directly to have reached the standard grade without safety test in the situation that, and if find that after reaching the standard grade safety problem manages to overcome again.Like this, due to without safety test before reaching the standard grade, these power information systems bring potential safety hazard probability larger after reaching the standard grade.
Also there is at present small part power information system before reaching the standard grade, to carry out safety test, but, it is that whole power information system integral body is carried out to testing permeability, once a certain link of test process makes a mistake, need all test rollback, again start anew to test, thereby affected testing efficiency.And the factor of security configuration is not considered in this test, if the security configuration situation of power information system has problem, can directly affect the result of testing permeability, thereby cause correctly reflecting the true security performance of power information system.
Summary of the invention
Safety detecting method before the object of the present invention is to provide a kind of power information system to reach the standard grade, to improve testing efficiency and the test accuracy of power information system.
For achieving the above object, safety detecting method before the invention provides a kind of power information system and reaching the standard grade, comprises the following steps:
From the user profile of power information system, extract operating system security configuration file, middleware secure configuration file and database security configuration file;
Correspondence judges whether described operating system security configuration file, described middleware secure configuration file and described database security configuration file meet default operating system standard security strategy, middleware standard security strategy and database standard security strategy respectively;
If have incongruently, adjust this secure configuration file and make it to meet corresponding security strategy;
The operating system of described power information system, middleware and database are independently carried out respectively to testing permeability, obtain described power information system security performance.
The present invention before safety test first the secure configuration file to power information system check, to guarantee that all security configurations are all correct, carrying out testing permeability on this basis, thus the true security performance that tests out power information system that can be correct.In addition, the embodiment of the present invention is divided into three independently parts (being operating system, middleware and database) by whole power information system, and these three portions are independently carried out respectively to testing permeability, a part of when a certain link of test process makes a mistake arbitrarily in operating system, middleware or three parts of database, only need re-start test for error section, other two parts are without retesting, thereby will whole power information system all not retest, thereby improved testing efficiency.
Accompanying drawing explanation
Accompanying drawing described herein is used to provide a further understanding of the present invention, forms the application's a part, does not form limitation of the invention.In the accompanying drawings:
Fig. 1 is the process flow diagram of safety detecting method before embodiment of the present invention power information system is reached the standard grade.
Embodiment
For making the object, technical solutions and advantages of the present invention clearer, below in conjunction with embodiment and accompanying drawing, the present invention is described in further details.At this, schematic description and description of the present invention is used for explaining the present invention, but not as a limitation of the invention.
Below in conjunction with accompanying drawing, the specific embodiment of the present invention is described in further detail.
Refer to shown in Fig. 1, the power information system of the embodiment of the present invention reach the standard grade before safety detecting method, comprise the following steps:
Step S1, from the user profile of power information system, extract operating system security configuration file, middleware secure configuration file and database security configuration file;
Step S2, whether corresponding decision operation security of system configuration file, middleware secure configuration file and database security configuration file meet default operating system standard security strategy, middleware standard security strategy and database standard security strategy respectively.If operating system security configuration file, middleware secure configuration file and the equal correspondence of database security configuration file meet default operating system standard security strategy, middleware standard security strategy and database standard security strategy, directly perform step step S4, otherwise execution step S3 and subsequent step thereof.
If step S3 has incongruent, adjust this secure configuration file and make it to meet corresponding security strategy.
Step S4, the operating system of power information system, middleware and database are independently carried out respectively to testing permeability, obtain power information system security performance.Testing permeability is wherein Black-box Testing, white-box testing or the test of grey box.Selectable, in order further to improve testing efficiency, the testing permeability of the operating system of power information system, middleware and database can independently synchronously carry out respectively.
In embodiments of the present invention, operating system standard security strategy comprises standard Windos System Security Policy; Standard Windos System Security Policy comprises account management and Certificate Authority control strategy, daily record collocation strategy, communication protocol selection strategy and closes with business or apply irrelevant system service strategy etc.
In embodiments of the present invention, operating system standard security strategy comprises standard Unix System Security Policy; Standard Unix System Security Policy comprises system environments collocation strategy, network and service safe control strategy, user account safety control strategy and file system safe control strategy etc.
In embodiments of the present invention, middleware standard security strategy is specially standard weblogic middleware security strategy, and it comprises that account management and Certificate Authority control strategy, daily record collocation strategy, communication protocol selection strategy, weblogic operational mode strategy, embedded Light Directory Access Protocol server custom strategy, security baseline decision plan, socket maximum open restricted number strategy and example procedure deletion strategy etc.
In embodiments of the present invention, database standard security strategy comprises account management and Certificate Authority control strategy, daily record collocation strategy, communication protocol selection strategy, audiomonitor password collocation strategy and connects overtime restriction strategy etc.
The embodiment of the present invention is independently carried out respectively testing permeability by the operating system of power information system, middleware and database
From the user profile of power information system, extract operating system security configuration file, middleware secure configuration file and database security configuration file;
Correspondence judges whether described operating system security configuration file, described middleware secure configuration file and described database security configuration file meet default operating system standard security strategy, middleware standard security strategy and database standard security strategy respectively;
If have incongruently, adjust this secure configuration file and make it to meet corresponding security strategy;
The present invention before safety test first the secure configuration file to power information system check, to guarantee that all security configurations are all correct, carrying out testing permeability on this basis, thus the true security performance that tests out power information system that can be correct.In addition, the embodiment of the present invention is divided into three independently parts (being operating system, middleware and database) by whole power information system, and these three portions are independently carried out respectively to testing permeability, a part of when a certain link of test process makes a mistake arbitrarily in operating system, middleware or three parts of database, only need re-start test for error section, other two parts are without retesting, thereby will whole power information system all not retest, thereby improved testing efficiency.
Above-described specific embodiment; object of the present invention, technical scheme and beneficial effect are further described; institute is understood that; the foregoing is only specific embodiments of the invention; the protection domain being not intended to limit the present invention; within the spirit and principles in the present invention all, any modification of making, be equal to replacement, improvement etc., within all should being included in protection scope of the present invention.
Claims (8)
- Power information system reach the standard grade before a safety detecting method, it is characterized in that, comprise the following steps:From the user profile of power information system, extract operating system security configuration file, middleware secure configuration file and database security configuration file;Correspondence judges whether described operating system security configuration file, described middleware secure configuration file and described database security configuration file meet default operating system standard security strategy, middleware standard security strategy and database standard security strategy respectively;If have incongruently, adjust this secure configuration file and make it to meet corresponding security strategy;The operating system of described power information system, middleware and database are independently carried out respectively to testing permeability, obtain described power information system security performance.
- Power information system according to claim 1 reach the standard grade before safety detecting method, it is characterized in that, if described operating system security configuration file, described middleware secure configuration file and the equal correspondence of described database security configuration file meet default operating system standard security strategy, middleware standard security strategy and database standard security strategy, directly the operating system of described power information system, middleware and database are independently carried out respectively to testing permeability, obtain described power information system security performance.
- Power information system according to claim 1 and 2 reach the standard grade before safety detecting method, it is characterized in that, described the operating system of power information system, middleware and database are independently carried out respectively to testing permeability, be specially:The operating system of described power information system, middleware and database are independently synchronously carried out respectively to testing permeability.
- Power information system according to claim 1 and 2 reach the standard grade before safety detecting method, it is characterized in that, described testing permeability comprises Black-box Testing, white-box testing or the test of grey box.
- Power information system according to claim 1 reach the standard grade before safety detecting method, it is characterized in that, described operating system standard security strategy comprises standard Windos System Security Policy; Described standard Windos System Security Policy comprises account management and Certificate Authority control strategy, daily record collocation strategy, communication protocol selection strategy and closes with business or apply irrelevant system service strategy.
- Power information system according to claim 1 reach the standard grade before safety detecting method, it is characterized in that, described operating system standard security strategy comprises standard Unix System Security Policy; Described standard Unix System Security Policy comprises system environments collocation strategy, network and service safe control strategy, user account safety control strategy and file system safe control strategy.
- Power information system according to claim 1 reach the standard grade before safety detecting method, it is characterized in that, described middleware standard security strategy is specially standard weblogic middleware security strategy, and it comprises that account management and Certificate Authority control strategy, daily record collocation strategy, communication protocol selection strategy, weblogic operational mode strategy, embedded Light Directory Access Protocol server custom strategy, security baseline decision plan, socket maximum open restricted number strategy and example procedure deletion strategy.
- Power information system according to claim 1 reach the standard grade before safety detecting method, it is characterized in that, described database standard security strategy comprises account management and Certificate Authority control strategy, daily record collocation strategy, communication protocol selection strategy, audiomonitor password collocation strategy and connects overtime restriction strategy.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310525141.0A CN103544660A (en) | 2013-10-30 | 2013-10-30 | Method for safety testing before online implementation of electric power information system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310525141.0A CN103544660A (en) | 2013-10-30 | 2013-10-30 | Method for safety testing before online implementation of electric power information system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103544660A true CN103544660A (en) | 2014-01-29 |
Family
ID=49968087
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310525141.0A Pending CN103544660A (en) | 2013-10-30 | 2013-10-30 | Method for safety testing before online implementation of electric power information system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103544660A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103902453A (en) * | 2014-04-03 | 2014-07-02 | 国家电网公司 | Embedded equipment security detection method based on components |
| CN108769074A (en) * | 2018-07-05 | 2018-11-06 | 郑州云海信息技术有限公司 | A kind of web server method for testing security and system |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102541729A (en) * | 2010-12-31 | 2012-07-04 | 航空工业信息中心 | Detection device and method for security vulnerability of software |
| KR20120076935A (en) * | 2010-12-30 | 2012-07-10 | 한남대학교 산학협력단 | Design of proxy server module for voip security |
-
2013
- 2013-10-30 CN CN201310525141.0A patent/CN103544660A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20120076935A (en) * | 2010-12-30 | 2012-07-10 | 한남대학교 산학협력단 | Design of proxy server module for voip security |
| CN102541729A (en) * | 2010-12-31 | 2012-07-04 | 航空工业信息中心 | Detection device and method for security vulnerability of software |
Non-Patent Citations (1)
| Title |
|---|
| 陈威等: "如何做好信息系统上线前安全测试", 《华北电力技术》, no. 12, 19 March 2012 (2012-03-19), pages 42 - 45 * |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103902453A (en) * | 2014-04-03 | 2014-07-02 | 国家电网公司 | Embedded equipment security detection method based on components |
| CN103902453B (en) * | 2014-04-03 | 2016-07-13 | 国家电网公司 | A kind of embedded device safety detection method of Component-Based Development |
| CN108769074A (en) * | 2018-07-05 | 2018-11-06 | 郑州云海信息技术有限公司 | A kind of web server method for testing security and system |
| CN108769074B (en) * | 2018-07-05 | 2021-02-09 | 苏州浪潮智能科技有限公司 | Web server security testing method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102420902B (en) | A kind of method of classification management over right of using functions and mobile terminal | |
| EP2933973A1 (en) | Data protection method, apparatus and system | |
| CN103200021B (en) | Network management system, client, service end and the method for realizing batch configuration data | |
| CN109033857B (en) | Method, device and equipment for accessing data and readable storage medium | |
| CN104462970A (en) | Android application program permission abuse detecting method based on process communication | |
| JP2015092374A5 (en) | ||
| JP2012084159A5 (en) | ||
| CN102571792A (en) | Identity authentication method allowing intelligent mobile wireless terminal to access cloud server | |
| CN103905464A (en) | Network security strategy verification system and method on basis of formalizing method | |
| CN107153571A (en) | A kind of dispositions method and device of virtual management node | |
| CN102413220B (en) | Method for controlling right of using connection function and mobile terminal | |
| CN103581187A (en) | Method and system for controlling access rights | |
| CN104765629A (en) | System application installation method and device | |
| CN111601304A (en) | Method for generating unique identification code of mobile terminal equipment for controlling security risk | |
| CN103226603A (en) | File synchronization update method and system based on portable storage device | |
| CN109711162A (en) | A kind of security application method and system based on block chain | |
| CN104135483A (en) | Automatic configuration management system for network security | |
| CN103544660A (en) | Method for safety testing before online implementation of electric power information system | |
| CN104657276A (en) | Configuration iozone cluster testing method | |
| CN104506611A (en) | Method for remote management of Linux operating system | |
| CN105740729A (en) | Credible checking method for system service programs | |
| CN103500140A (en) | Method for rapidly learning invalidation of distributed cluster nodes | |
| CN106953874B (en) | Website falsification-proof method and device | |
| CN103336740A (en) | Comprehensive test method and device for operation system of power secondary system | |
| CN204557485U (en) | A kind of privately owned cloud device reaching terminal device reduction by finger print identifying |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20140129 |
|
| RJ01 | Rejection of invention patent application after publication |