CN104270389A - Method and system for automatically restoring security configuration vulnerability of router/ interchanger - Google Patents

Method and system for automatically restoring security configuration vulnerability of router/ interchanger Download PDF

Info

Publication number
CN104270389A
CN104270389A CN201410569384.9A CN201410569384A CN104270389A CN 104270389 A CN104270389 A CN 104270389A CN 201410569384 A CN201410569384 A CN 201410569384A CN 104270389 A CN104270389 A CN 104270389A
Authority
CN
China
Prior art keywords
security configuration
baseline
leak
security
configuration
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201410569384.9A
Other languages
Chinese (zh)
Inventor
刘祺
黄杰
喻潇
汪雪琼
龙凤
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Corp of China SGCC
Electric Power Research Institute of State Grid Hubei Electric Power Co Ltd
Original Assignee
Electric Power Research Institute of State Grid Hubei Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Electric Power Research Institute of State Grid Hubei Electric Power Co Ltd filed Critical Electric Power Research Institute of State Grid Hubei Electric Power Co Ltd
Priority to CN201410569384.9A priority Critical patent/CN104270389A/en
Publication of CN104270389A publication Critical patent/CN104270389A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/0813Configuration setting characterised by the conditions triggering a change of settings
    • H04L41/0816Configuration setting characterised by the conditions triggering a change of settings the condition being an adaptation, e.g. in response to network events

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a method and a system for automatically restoring a security configuration vulnerability of a router/interchanger. The method comprises the following steps: establishing a security configuration baseline library in advance according to a security baseline configuration specification, wherein the security configuration baseline library comprises basic information of each security configuration baseline item involved in the security baseline configuration specification; acquiring: remotely logging in the router/interchanger for executing a security configuration acquiring command, comparing to obtain the security configuration vulnerability and storing the security configuration vulnerability in a security configuration vulnerability library; restoring: acquiring a security configuration baseline value and a security configuration vulnerability restoring command from the security configuration baseline library, and remotely logging in the router/interchanger for executing the security configuration vulnerability restoring command. According to the technical scheme, compared with a manual method for restoring the security configuration of the router/interchanger, by the automatic method for restoring the security configuration of the router/interchanger, the security configuration restoring efficiency and accuracy in the security baseline monitoring and managing processes of the router/interchanger can be greatly improved.

Description

A kind of router/switch security configuration leak self-repairing method and system
Technical field
The invention belongs to field of information security technology, be a kind of with security baseline configuration specification for according to the technical scheme of carrying out underproof router/switch security configuration leak automatically repairing.
Background technology
Along with the fast development of attack technology, in information system, the safety problem of information assets becomes more and more important.Router/switch is one of topmost information assets in information system, and routers/switch implements security baseline monitoring and management is one of important method of security of information assets in a kind of protection information system.
Information security baseline configuration monitor and managment is by carrying out automation inspection to the information assets configuration compliance of various information system mostly, the relevant configuration of the information assets of the various information system in the monitored scope of Real-time Collection, and then by the configuration of the actual time safety of equipment and system is compared with the security baseline in security baseline storehouse, the safety defect of accurate discovery and navigation system or equipment existence and risk, and make corresponding report, but lack corresponding automatic reparation means.
At present, once the safety defect existed in discovery system or equipment and risk, government bodies, enterprises and institutions adopt the method for manually repairing for the system safety configuration that there is security risk.Due to information system in most of government bodies and enterprises and institutions information assets substantial amounts and security baseline is of a great variety, this method not only workload is large, loaded down with trivial details, and the information assets risk easily causing leaking through some configuration and make information system.
For the monitoring of security of information assets baseline and the problem of management of information system, document [1] has been set forth the classification of network security baseline and has been realized tool, the automation of the inspection of communications network security baseline.Document [2] provides baseline knowledge base and checks the construction process of list collection, gives the reform advice configured for defective security baseline.The baseline library of every security configuration information and customization is compared by document [3], and its comparison result can form various report output, can provide expert advice and complementary analysis to result.A kind of method automatically generating patch download list in windows service end is proposed in document [4].Said method does not all propose to implement automatically to repair to security configuration leak, does not systematically provide the restorative procedure of routers/switch security configuration leak yet.
Related documents: [1] Ma Guangyu; Shen Jing. how to play the effect of communications network security baseline better, 2011. [2] Zou Yulin. the security configuration check system of Security-Oriented grade test and appraisal, 2013. [3] Chen Zhihua. security baseline management application .2013. [4] Liu in enterprise accompany. based on the patch management systems research & design of OVAL Hole Detection, 2011.
Summary of the invention
For the problems referred to above, the present invention proposes a kind of router/switch security configuration leak autonomous repair technology scheme based on security baseline configuration specification.
Technical scheme of the present invention provides a kind of router/switch security configuration leak self-repairing method, for automatically repairing the security configuration leak of router or switch, comprise and set up security configuration baseline library according to security baseline configuration specification in advance, then perform gatherer process and repair process based on security configuration baseline library;
Described security configuration baseline library comprises the essential information of each security configuration baseline item involved by security baseline configuration specification, the essential information of each security configuration baseline item comprises security configuration baseline item title, security configuration baseline value, security configuration acquisition instructions and security configuration leak repair instruction, and for the security configuration baseline item ID of unique identification security configuration baseline item title;
Described gatherer process, comprises Telnet router/switch, performs every security configuration information of corresponding security configuration acquisition instructions Real-time Collection router/switch, obtains configuration data; Item by item security configuration value in the security configuration information collected is compared to the corresponding security configuration baseline item in security configuration baseline library, security configuration leak is defined as to the collection gained security configuration not meeting security configuration baseline value, and security configuration leak is kept in security configuration vulnerability database, obtain leak data; Described security configuration vulnerability database comprises the essential information of security configuration leak, the essential information of each security configuration leak comprises security configuration value in security configuration leak item title, the security configuration information that collects, and the security configuration leak ID consistent with security configuration baseline item ID;
Described repair process, comprise when there being the configuration leak do not repaired in security configuration vulnerability database, obtain security configuration leak from security configuration vulnerability database, obtain security configuration baseline value and the security configuration leak reparation instruction of corresponding security configuration baseline item according to security configuration leak ID from security configuration baseline library; Telnet router/switch, performing security configuration leak and repair instruction, is security configuration baseline value to the reparation of security configuration leak.
And Telnet router/switch adopts SSH or Telnet agreement.
The present invention is also corresponding provides a kind of router/switch security configuration leak automatic repair system, for automatically repairing the security configuration leak of router or switch, comprises with lower module,
Security configuration baseline library module, for setting up security configuration baseline library according to security baseline configuration specification in advance, described security configuration baseline library comprises the essential information of each security configuration baseline item involved by security baseline configuration specification, the essential information of each security configuration baseline item comprises security configuration baseline item title, security configuration baseline value, security configuration acquisition instructions and security configuration leak repair instruction, and for the security configuration baseline item ID of unique identification security configuration baseline item title;
Acquisition module, for Telnet router/switch, performs every security configuration information of corresponding security configuration acquisition instructions Real-time Collection router/switch, obtains configuration data; Item by item security configuration value in the security configuration information collected is compared to the corresponding security configuration baseline item in security configuration baseline library, security configuration leak is defined as to the collection gained security configuration not meeting security configuration baseline value, and security configuration leak is kept in security configuration vulnerability database, obtain leak data; Described security configuration vulnerability database comprises the essential information of security configuration leak, the essential information of each security configuration leak comprises security configuration value in security configuration leak item title, the security configuration information that collects, and the security configuration leak ID consistent with security configuration baseline item ID;
Repair module, for when there being the configuration leak do not repaired in security configuration vulnerability database, obtain security configuration leak from security configuration vulnerability database, obtain security configuration baseline value and the security configuration leak reparation instruction of corresponding security configuration baseline item according to security configuration leak ID from security configuration baseline library; Telnet router/switch, performing security configuration leak and repair instruction, is security configuration baseline value to the reparation of security configuration leak.
And Telnet router/switch adopts SSH or Telnet agreement.
Security configuration leak self-repairing method provided by the present invention was both suitable for router, also switch is suitable for, for the feature of router and switch, for basis for estimation provides, the method for automatically repairing is carried out to underproof security configuration with security baseline configuration specification, there is following characteristics:
(1) set up security configuration baseline library according to security baseline configuration specification, security configuration baseline library not only comprises security configuration baseline item title, security configuration baseline value, also comprises security configuration acquisition instructions and security configuration leak reparation instruction.
(2) according to security baseline configuration specification positioning security configuration leak.
(3) from security configuration baseline library, security configuration leak restorative procedure and instruction is obtained, automatically security configuration leak is repaired, greatly reduce the artificial workload revising security configuration leak, also greatly reduce the error rate of manual amendment security configuration leak, improve the efficiency of security baseline monitoring and management.
Accompanying drawing explanation
Fig. 1 is the scene graph of the embodiment of the present invention.
Fig. 2 is the flow chart of the embodiment of the present invention.
Fig. 3 is the implementation framework schematic diagram of the embodiment of the present invention.
embodiment
The present invention proposes a kind of router/switch security configuration leak autonomous repair technology scheme based on security baseline configuration specification, finds safety defect and call corresponding reparation instruction to realize automatic reparation by the security configuration of router/switch and security configuration baseline library being compared.Manually carried out router/switch security configuration leak restorative procedure relative to former employing, the router/switch security configuration leak autonomous repair technology scheme that the present invention relates to greatly can improve efficiency and the accuracy of security configuration correction work in the monitoring of router/switch security baseline and management process.
Technical solution of the present invention is described in detail below in conjunction with drawings and Examples.
A kind of router/switch security configuration leak self-repairing method based on security baseline configuration specification that embodiment provides, first sets up security configuration baseline library according to security baseline configuration specification; Then, by security baseline value comparison in the router/switch security configuration that collects and security configuration baseline library, the router/switch security configuration not meeting security baseline configuration specification is demarcated as security configuration leak; Finally, to security configuration leak being detected, using corresponding security configuration to repair instruction and security configuration leak is repaired automatically.
The embody rule scene of embodiment is as Fig. 1:
Security configuration baseline library is set up in advance according to security baseline configuration specification.Security configuration baseline library is the database set up according to security baseline configuration specification, security configuration baseline library comprises the essential information of each security configuration baseline item involved by security baseline configuration specification, the essential information of each security configuration baseline item comprises security configuration baseline item title, security configuration baseline value, security configuration acquisition instructions and security configuration leak repair instruction, and each security configuration baseline item has unique security configuration baseline item ID, for unique identification security configuration baseline item title.Then gatherer process and repair process is performed based on security configuration baseline library.Security configuration acquisition instructions is the instruction obtaining router/switch configuration, and security configuration leak repairs the instruction that instruction has been router/switch configuration, can preset when specifically implementing according to the corresponding security baseline configuration specification of security configuration baseline item.
Gatherer process: adopt SSH/Telnet agreement by computer network Telnet router/switch, perform every security configuration information of corresponding router/switch security configuration acquisition instructions Real-time Collection router/switch in security configuration baseline library, obtain configuration data.During concrete enforcement, Telnet generally adopts SSH agreement, requires forbidding Telnet.Only when router/switch does not support SSH agreement, adopt Telnet.
Item by item security configuration value in the security configuration information collected is compared to the corresponding security configuration baseline item in security configuration baseline library, security configuration leak is defined as to the collection gained security configuration not meeting security configuration baseline value, and security configuration leak is kept in security configuration vulnerability database, obtain leak data.Security configuration vulnerability database is the database of storage security configuration leak data, and security configuration vulnerability database comprises security configuration leak essential information, comprising security configuration value in security configuration leak item title, the security configuration information that collects.Each security configuration leak has unique security configuration leak ID, for unique identification security configuration leak title.Security configuration baseline item ID corresponding in security configuration leak ID and security configuration baseline library is equal, conveniently retrieves information required in security configuration baseline library with security configuration leak ID.
Repair process: comprise when there being the configuration leak do not repaired in security configuration vulnerability database, obtain security configuration leak from security configuration vulnerability database, obtain security configuration baseline value and the security configuration leak reparation instruction of security configuration leak corresponding security configuration baseline item according to security configuration leak ID from security configuration baseline library; By SSH/Telnet agreement by computer network Telnet router/switch, performing security configuration leak and repair instruction, is security configuration baseline value to the reparation of security configuration leak.
During concrete enforcement, computer can be set and realize above technical scheme, continue in real time to perform security configuration gatherer process and repair process by Telnet router/switch, can stop when security configuration vulnerability database does not have security configuration leak performing, repair until user requires to start to gather again.Those skilled in the art can adopt computer software technology to realize the automatic operation of above method, such as, provide configuration automatic repair procedure, for user installation on the computer equipments such as individual PC.
Visible, the present invention can provide the function of automatically repairing to the configuration with security risk existed in detected router/switch.If detect that a certain item security configuration does not meet specification, just call corresponding reparation instruction according to the baseline criteria in security configuration baseline library and perform reparation, greatly will improve efficiency and the accuracy of configuration modifications work in security baseline monitoring and management process like this.
For the sake of ease of implementation, provide the router/switch security configuration of embodiment automatically to repair flow process as shown in Figure 2, idiographic flow is as follows:
The first step: the security configuration information carrying out Real-time Collection router/switch according to the security configuration baseline item in security configuration baseline library, security configuration information acquisition method for router/switch is, simulation hyper terminal passes through SSH/Telnet Telnet router/switch, by the security configuration acquisition instructions acquisition configuration information of router/switch.
Second step: to gathering each security configuration baseline item related to, security configuration baseline value is read from security configuration baseline library, security configuration baseline value in the security configuration value come from router/switch collection and security configuration baseline library is compared, if both are unequal, then determine that this router/switch security configuration is security configuration leak, this security configuration leak is saved in security configuration vulnerability database, security configuration leak record number adds 1 simultaneously.
3rd step: obtain security configuration leak from security configuration vulnerability database.
4th step: if the security configuration leak record number obtained from security configuration vulnerability database is not 0, there is security configuration leak in explanation, then in security configuration baseline library, finds the security configuration leak of corresponding security configuration baseline item to repair instruction according to the ID of security configuration leak.
5th step: to each security configuration leak, the security configuration leak performing acquisition respectively repairs instruction, security configuration leak restorative procedure for router/switch is: simulation hyper terminal, by SSH/Telnet Telnet router/switch, repairs by performing corresponding security configuration leak the automatic reparation that instruction realizes security configuration.The first step is returned after reparation completes.
Whether be configured to forbidding for the telnet of Cisco Catalyst 3560 switch of Cisco System Co., positioning security configuration leak is described and repairs security configuration leak process, as shown in Figure 3, concrete implementation step is as follows for implementation framework:
The software run on computers can communicate with SSH or Telnet two kinds of communication modes with router/switch, Telnet communication is plaintext communication, there is safety problem, Telnet communication is the security configuration baseline item content in security baseline configuration specification, its baseline value requires as " Telnet is forbidden ", security configuration acquisition instructions is " show run ", security configuration leak repair mode is order " line vty 0 15 " and " transport input ssh ", and these contents are kept in security configuration baseline library.
(1) the automatic repair procedure SSH of configuration run on computers communicates, the username and password of the power user of switch and switch Cisco Catalyst 3560 is used to connect, send security configuration acquisition instructions to switch after entering switch privileged mode: show run, in the result of switch feedback, found the configuration information of telnet by keyword match: transport input telnet.Illustrate that telnet is for " enabling ".
(2) automatic repair procedure is configured by comparing same baseline entry value " transport input ssh " in telnet entry value " transport input telnet " next for collection and security configuration baseline library, known configuration data value " transport input telnet " is not equal to security configuration baseline value " transport input ssh ", correct configuration should be forbidding, existing user is configured to not forbid, and is defined as a security configuration leak.The title of this security configuration leak " telnet " and configuration data value " transport input telnet " are kept in security configuration vulnerability database.
(3) record in security configuration vulnerability database is retrieved, find the security configuration leak of " telnet ", configure automatic repair procedure and in security configuration baseline library, search corresponding security configuration baseline value " transport input ssh " according to " telnet " title, then configure automatic repair procedure SSH to communicate, the username and password of the power user of switch and switch is used to connect, after entering switch privileged mode, two orders are sent successively: " line vty 0 15 " and " transport input ssh " repairs this security configuration leak to switch.
The embodiment of the present invention is also corresponding provides a kind of router/switch security configuration leak automatic repair system, for automatically repairing the security configuration leak of router or switch, comprises with lower module;
Security configuration baseline library module, for setting up security configuration baseline library according to security baseline configuration specification in advance, described security configuration baseline library comprises the essential information of each security configuration baseline item involved by security baseline configuration specification, the essential information of each security configuration baseline item comprises security configuration baseline item title, security configuration baseline value, security configuration acquisition instructions and security configuration leak repair instruction, and for the security configuration baseline item ID of unique identification security configuration baseline item title;
Acquisition module, for Telnet router/switch, performs every security configuration information of security configuration acquisition instructions Real-time Collection router/switch, obtains configuration data; Item by item security configuration value in the security configuration information collected is compared to the corresponding security configuration baseline item in security configuration baseline library, security configuration leak is defined as to the collection gained security configuration not meeting security configuration baseline value, and security configuration leak is kept in security configuration vulnerability database, obtain leak data; Described security configuration vulnerability database comprises the essential information of security configuration leak, the essential information of each security configuration leak comprises security configuration value in security configuration leak item title, the security configuration information that collects, and the security configuration leak ID consistent with security configuration baseline item ID;
Repair module, for when there being the configuration leak do not repaired in security configuration vulnerability database, obtain security configuration leak from security configuration vulnerability database, obtain security configuration baseline value and the security configuration leak reparation instruction of corresponding security configuration baseline item according to security configuration leak ID from security configuration baseline library; Telnet router/switch, performing security configuration leak and repair instruction, is security configuration baseline value to the reparation of security configuration leak.
Each module specific implementation is corresponding to method step, and it will not go into details in the present invention.
Specific embodiment described herein is only to the explanation for example of the present invention's spirit.Those skilled in the art can make various amendment or supplement or adopt similar mode to substitute to described specific embodiment, but can't depart from spirit of the present invention or surmount the scope that appended claims defines.

Claims (4)

1. a router/switch security configuration leak self-repairing method, for automatically repairing the security configuration leak of router or switch, it is characterized in that: comprise and set up security configuration baseline library according to security baseline configuration specification in advance, then perform gatherer process and repair process based on security configuration baseline library;
Described security configuration baseline library comprises the essential information of each security configuration baseline item involved by security baseline configuration specification, the essential information of each security configuration baseline item comprises security configuration baseline item title, security configuration baseline value, security configuration acquisition instructions and security configuration leak repair instruction, and for the security configuration baseline item ID of unique identification security configuration baseline item title;
Described gatherer process, comprises Telnet router/switch, performs every security configuration information of corresponding security configuration acquisition instructions Real-time Collection router/switch, obtains configuration data; Item by item security configuration value in the security configuration information collected is compared to the corresponding security configuration baseline item in security configuration baseline library, security configuration leak is defined as to the collection gained security configuration not meeting security configuration baseline value, and security configuration leak is kept in security configuration vulnerability database, obtain leak data; Described security configuration vulnerability database comprises the essential information of security configuration leak, the essential information of each security configuration leak comprises security configuration value in security configuration leak item title, the security configuration information that collects, and the security configuration leak ID consistent with security configuration baseline item ID;
Described repair process, comprise when there being the configuration leak do not repaired in security configuration vulnerability database, obtain security configuration leak from security configuration vulnerability database, obtain security configuration baseline value and the security configuration leak reparation instruction of corresponding security configuration baseline item according to security configuration leak ID from security configuration baseline library; Telnet router/switch, performing security configuration leak and repair instruction, is security configuration baseline value to the reparation of security configuration leak.
2. router/switch security configuration leak self-repairing method according to claim 1, is characterized in that: Telnet router/switch adopts SSH or Telnet agreement.
3. the automatic repair system of router/switch security configuration leak, for automatically repairing the security configuration leak of router or switch, is characterized in that: comprise with lower module,
Security configuration baseline library module, for setting up security configuration baseline library according to security baseline configuration specification in advance, described security configuration baseline library comprises the essential information of each security configuration baseline item involved by security baseline configuration specification, the essential information of each security configuration baseline item comprises security configuration baseline item title, security configuration baseline value, security configuration acquisition instructions and security configuration leak repair instruction, and for the security configuration baseline item ID of unique identification security configuration baseline item title;
Acquisition module, for Telnet router/switch, performs every security configuration information of corresponding security configuration acquisition instructions Real-time Collection router/switch, obtains configuration data; Item by item security configuration value in the security configuration information collected is compared to the corresponding security configuration baseline item in security configuration baseline library, security configuration leak is defined as to the collection gained security configuration not meeting security configuration baseline value, and security configuration leak is kept in security configuration vulnerability database, obtain leak data; Described security configuration vulnerability database comprises the essential information of security configuration leak, the essential information of each security configuration leak comprises security configuration value in security configuration leak item title, the security configuration information that collects, and the security configuration leak ID consistent with security configuration baseline item ID;
Repair module, for when there being the configuration leak do not repaired in security configuration vulnerability database, obtain security configuration leak from security configuration vulnerability database, obtain security configuration baseline value and the security configuration leak reparation instruction of corresponding security configuration baseline item according to security configuration leak ID from security configuration baseline library; Telnet router/switch, performing security configuration leak and repair instruction, is security configuration baseline value to the reparation of security configuration leak.
4. the automatic repair system of router/switch security configuration leak according to claim 3, is characterized in that: Telnet router/switch adopts SSH or Telnet agreement.
CN201410569384.9A 2014-10-23 2014-10-23 Method and system for automatically restoring security configuration vulnerability of router/ interchanger Pending CN104270389A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410569384.9A CN104270389A (en) 2014-10-23 2014-10-23 Method and system for automatically restoring security configuration vulnerability of router/ interchanger

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410569384.9A CN104270389A (en) 2014-10-23 2014-10-23 Method and system for automatically restoring security configuration vulnerability of router/ interchanger

Publications (1)

Publication Number Publication Date
CN104270389A true CN104270389A (en) 2015-01-07

Family

ID=52161879

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410569384.9A Pending CN104270389A (en) 2014-10-23 2014-10-23 Method and system for automatically restoring security configuration vulnerability of router/ interchanger

Country Status (1)

Country Link
CN (1) CN104270389A (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107086997A (en) * 2017-04-20 2017-08-22 无锡锐格思信息技术有限公司 Pass through the method for the configuration information of syslog agreement reporting equipments
CN107194256A (en) * 2017-03-21 2017-09-22 北京神州泰岳信息安全技术有限公司 Riskless asset baseline reinforcement means and device
CN107204869A (en) * 2016-03-18 2017-09-26 卡巴斯基实验室股份制公司 Eliminate the method and system of the leak of intelligent apparatus
CN107566350A (en) * 2017-08-15 2018-01-09 深信服科技股份有限公司 Security configuration vulnerability monitoring method, apparatus and computer-readable recording medium
CN107679692A (en) * 2017-09-02 2018-02-09 深圳供电局有限公司 A kind of security baseline management system and method
CN110334248A (en) * 2019-06-26 2019-10-15 京东数字科技控股有限公司 A kind of system configuration information treating method and apparatus
CN112528295A (en) * 2020-12-22 2021-03-19 国家工业信息安全发展研究中心 Vulnerability repairing method and device of industrial control system
CN112688968A (en) * 2021-03-12 2021-04-20 深圳市乙辰科技股份有限公司 Network security configuration method and system based on wireless network equipment
CN114884699A (en) * 2022-04-13 2022-08-09 中国银行股份有限公司 Vulnerability detection method, device, equipment and storage medium
CN115314234A (en) * 2022-02-17 2022-11-08 深圳市捷力通信息技术有限公司 Router security configuration automatic repair monitoring method and system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101174973A (en) * 2006-10-31 2008-05-07 华为技术有限公司 Network safety control construction
CN102306258A (en) * 2011-09-23 2012-01-04 国网电力科学研究院 UNIX host safety configuration auditing method based on configurable knowledge base
CN103927491A (en) * 2014-04-30 2014-07-16 南方电网科学研究院有限责任公司 Security baseline assessment method based on SCAP

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101174973A (en) * 2006-10-31 2008-05-07 华为技术有限公司 Network safety control construction
CN102306258A (en) * 2011-09-23 2012-01-04 国网电力科学研究院 UNIX host safety configuration auditing method based on configurable knowledge base
CN103927491A (en) * 2014-04-30 2014-07-16 南方电网科学研究院有限责任公司 Security baseline assessment method based on SCAP

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
张宁: "漏洞自动检测及修补系统的设计与实现", 《万方数据知识服务平台》 *
邹玉林: "面向信息安全等级测评的安全配置核查系统", 《中国优秀硕士学位论文全文数据库信息科技辑》 *

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107204869B (en) * 2016-03-18 2020-07-17 卡巴斯基实验室股份制公司 Method and system for eliminating vulnerability of intelligent device
CN107204869A (en) * 2016-03-18 2017-09-26 卡巴斯基实验室股份制公司 Eliminate the method and system of the leak of intelligent apparatus
CN107194256A (en) * 2017-03-21 2017-09-22 北京神州泰岳信息安全技术有限公司 Riskless asset baseline reinforcement means and device
CN107086997A (en) * 2017-04-20 2017-08-22 无锡锐格思信息技术有限公司 Pass through the method for the configuration information of syslog agreement reporting equipments
CN107566350A (en) * 2017-08-15 2018-01-09 深信服科技股份有限公司 Security configuration vulnerability monitoring method, apparatus and computer-readable recording medium
CN107566350B (en) * 2017-08-15 2020-12-22 深信服科技股份有限公司 Security configuration vulnerability monitoring method and device and computer readable storage medium
CN107679692A (en) * 2017-09-02 2018-02-09 深圳供电局有限公司 A kind of security baseline management system and method
CN110334248A (en) * 2019-06-26 2019-10-15 京东数字科技控股有限公司 A kind of system configuration information treating method and apparatus
CN112528295A (en) * 2020-12-22 2021-03-19 国家工业信息安全发展研究中心 Vulnerability repairing method and device of industrial control system
CN112688968A (en) * 2021-03-12 2021-04-20 深圳市乙辰科技股份有限公司 Network security configuration method and system based on wireless network equipment
CN112688968B (en) * 2021-03-12 2021-06-11 深圳市乙辰科技股份有限公司 Network security configuration method and system based on wireless network equipment
CN115314234A (en) * 2022-02-17 2022-11-08 深圳市捷力通信息技术有限公司 Router security configuration automatic repair monitoring method and system
CN115314234B (en) * 2022-02-17 2024-05-14 深圳海昽科技有限公司 Automatic repair monitoring method and system for router security configuration
CN114884699A (en) * 2022-04-13 2022-08-09 中国银行股份有限公司 Vulnerability detection method, device, equipment and storage medium
CN114884699B (en) * 2022-04-13 2024-03-19 中国银行股份有限公司 Vulnerability detection method, device, equipment and storage medium

Similar Documents

Publication Publication Date Title
CN104270389A (en) Method and system for automatically restoring security configuration vulnerability of router/ interchanger
CN104346574A (en) Automatic host computer security configuration vulnerability restoration method and system based on configuration specification
CA2845059C (en) Test script generation system
CN103678093A (en) Automatic testing framework and testing method
CN103973858B (en) The Auto-Test System of mobile terminal
CN104376431A (en) Engineering project management method and system
CN111915143B (en) Complex product assembly management and control system based on intelligent contract
KR101874098B1 (en) DlAGNOSTIC AND MANAGING METHOD OF NEW RENEWABLE ENERGY APPATUS USING MOBILE DEVICE AND THE SYSTEM THEREOF
CN104778118A (en) Improvement method for automatic testing technology
CN105677567A (en) Automation testing method and system
US20160352573A1 (en) Method and System for Detecting Network Upgrades
CN105207797A (en) Fault locating method and fault locating device
CN112737124B (en) Method and device for constructing power equipment monitoring terminal
CN109087006B (en) Method and device for processing power equipment monitoring information
CN114173216B (en) Electric energy meter reading method and device, field meter reading terminal, storage medium and system
CN108363315A (en) A kind of long-distance intelligent TT&C system based on Internet of Things
CN113946822A (en) Security risk monitoring method, system, computer device and storage medium
CN113887754A (en) Construction method and system of power distribution terminal unified operation and maintenance platform and constructed platform
WO2015184750A1 (en) Data maintenance method and device of network element device
CN112348698A (en) Nuclear power plant group pile management method, device and system
CN107291610A (en) Testing case management and device
CN104734354A (en) Intelligent power grid overhaul system based on network topology and overhaul method
CN109741594A (en) The configuration method and device of device data acquisition
CN103501049A (en) Control method and system for distribution network
CN103678375A (en) Test state presentation and anomaly indexing system and method

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
ASS Succession or assignment of patent right

Owner name: STATE GRID CORPORATION OF CHINA

Free format text: FORMER OWNER: ELECTRIC POWER RESEARCH INSTITUTE OF STATE GRID HUBEI ELECTRIC POWER COMPANY

Effective date: 20150128

Owner name: ELECTRIC POWER RESEARCH INSTITUTE OF STATE GRID HU

Effective date: 20150128

C41 Transfer of patent application or patent right or utility model
COR Change of bibliographic data

Free format text: CORRECT: ADDRESS; FROM: 430077 WUHAN, HUBEI PROVINCE TO: 100031 XICHENG, BEIJING

TA01 Transfer of patent application right

Effective date of registration: 20150128

Address after: 100031 Xicheng District West Chang'an Avenue, No. 86, Beijing

Applicant after: State Grid Corporation of China

Applicant after: State Grid Hubei Electric Power Company Electric Power Technology Research Institute

Address before: 430077, 227 East Main Street, Hongshan District, Hubei, Wuhan

Applicant before: State Grid Hubei Electric Power Company Electric Power Technology Research Institute

WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20150107

WD01 Invention patent application deemed withdrawn after publication