CN105025006A - An active information safety operation platform - Google Patents
An active information safety operation platform Download PDFInfo
- Publication number
- CN105025006A CN105025006A CN201510309436.3A CN201510309436A CN105025006A CN 105025006 A CN105025006 A CN 105025006A CN 201510309436 A CN201510309436 A CN 201510309436A CN 105025006 A CN105025006 A CN 105025006A
- Authority
- CN
- China
- Prior art keywords
- information
- enterprise
- safety operation
- safe
- safety
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/107—Network architectures or network communication protocols for network security for controlling access to devices or network resources wherein the security policies are location-dependent, e.g. entities privileges depend on current location or allowing specific operations only from locally connected terminals
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/50—Network service management, e.g. ensuring proper service fulfilment according to agreements
- H04L41/5003—Managing SLA; Interaction between SLA and QoS
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/50—Network service management, e.g. ensuring proper service fulfilment according to agreements
- H04L41/5061—Network service management, e.g. ensuring proper service fulfilment according to agreements characterised by the interaction between service providers and their network customers, e.g. customer relationship management
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Business, Economics & Management (AREA)
- General Business, Economics & Management (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses an active information safety operation platform which can provide one-stop type information safety operation service for information systems of enterprises. The platform is characterized in that the platform comprises a safety operation data acquisition module, a safety operation data analysis module, a safety operation business module and a safety operation database module. Through the safety operation data acquisition module, safety information, network management information and business information of the information systems of the enterprises can be collected, and real time linkage, etc. can be realized through modification of configuration of a router and a switch. The invention solves operation problems of the enterprise information systems.
Description
Technical field
The present invention relates to information security, network management and service management technical field, refer more particularly to a kind of implementation method of information safety operation and maintenance platform.
Background technology
At present, the information system of a lot of enterprise is provided with the information technoloy equipments such as a fairly large number of information safety devices, the network equipment, and on the other hand, the operation of enterprise information system is faced with professional not strong, the not high predicament of efficiency.Industry there is no a information safety operation and maintenance platform and solves each enterprise information system institute problems faced, and provides the safe O&M service of " one-stop " for these enterprises.
Summary of the invention
In view of this, the invention provides a kind of method for designing of positive information safety operation and maintenance platform.
The technical scheme that the present invention solves the problem is:
Described information safety operation and maintenance platform comprises safe operation/maintenance data acquisition module, safe operation/maintenance data analysis module, safe O&M business module and safe operation/maintenance data library module.
Described safe operation/maintenance data acquisition module comprises safety information acquisition submodule, network management information gathers submodule and business information gathers submodule.
Described safety information acquisition submodule can gather the security event information sended over of the various information safety means in each enterprise information system in several ways.The mode of collecting comprises following several: (1) is based on SNMP Trap and Syslog mode Collection Events; (2) the regarding safety information of equipment in various database is obtained by ODBC bank interface;
(3) by OPSec interface event.It is sent to the safe operation/maintenance data storehouse of owned enterprise after the security information form received is carried out standardization, such as, as the safe operation/maintenance data storehouse of the enterprise 1 in Fig. 1.
Described network management information gathers submodule can gather the network management information that disparate networks equipment in each enterprise information system and safety means send in several ways.The mode of collecting comprises following several: (1) collects network management information (also can revise Equipments Setting) based on SNMP and MML mode; (2) the relevant network management information of equipment in various database is obtained by odbc database interface; (3) by XML interface network management information.It occurs to the safe operation/maintenance data storehouse of owned enterprise after the network management information received is carried out standardization, such as, as the safe operation/maintenance data storehouse of the enterprise 2 in Fig. 1.
Described business information gathers the business information sended over that submodule can gather disparate networks equipment in each enterprise information system and safety means in several ways.The mode of collecting comprises following several: (1) sing on web Service mode collects business information; (2) relevant service information of equipment in various database is obtained by odbc database interface;
(3) by XML interface business information.It occurs to the safe operation/maintenance data storehouse of owned enterprise after the business information received is carried out standardization, such as, as the safe operation/maintenance data storehouse of the enterprise N in Fig. 1.
Described safe operation/maintenance data analysis module comprises monitoring in real time and event handling submodule, statistical analysis submodule and event correlation and alarm association submodule.
Described real-time monitoring and event handling submodule are by monitoring the log informations such as the various network equipment of each enterprise network, safety means and server, the security incident that Timeliness coverage and is occurring and equipment alarm, and take measures, ensure safety, the reliability service of network and operation system.
Described statistical analysis submodule can be analyzed to remove a hidden danger etc. to each enterprise network flow, use service conditions etc. to add up to grasp the internet behavior of user to user.
Described association analysis submodule analyzes each enterprise security O&M event respectively, by built-in security O&M rule base, originally isolated real-time event is carried out longitudinal time shaft and historical events comparison and horizontal attribute axis and other event comparison, identify threat event; The warning information produced by said process carries out safe O&M information standardization, standardization by XML format, and warning information is centrally stored in safe operation/maintenance data storehouse, can meet the demand held long-time information and store.
Described safe O&M business module comprises risk assessment submodule, Topology Management submodule, event response submodule and safe O&M strategy submodule.
Enterprise Information Security risk is divided into five grades by described risk assessment submodule exactly, is respectively from low to high: gentle breeze danger, average risk, medium risk, excessive risk and high risk; Utilize the result of risk assessment to carry out setting loss analysis, and triggering tasks list and response reduce asset risk automatically, the effect reaching management and control risk.
Described Topology Management submodule can (1) find to add the equipment in enterprise network and connection thereof by Network Sniffing automatically, obtains the assets information that each enterprise is initial; (2) network topology is monitored, the running status of monitoring enterprise network node; (3) node that enterprise network newly adds and exits is identified; (4) enterprise network topology structure is changed.
Described event response submodule by the interlock of each system, event information passing interface is provided to third party, exports the modes such as task work order and realize; Automatic response mechanism can be passed through for the safe O&M event confirmed, provide as multiple alarm modes such as safe O&M panel board display, mail, notes on the one hand, on the other hand, by safety interaction mechanism, attack as router Long-distance Control, switch remote control etc. stop; Link between each system by the integrated information in conjunction with fire compartment wall, intrusion detection, Anti-Virus, scanner, by automatically adjusting the security strategy of each safety means of each enterprise, to weaken or to eliminate the impact of safe O&M event.
Described safe O&M strategy submodule is responsible for the security strategy of each enterprise information system, and be managed for configuration, configuration is unified to the assets of each enterprise information system and strategy is unified issues, change current needs each equipment administrative burden of bringing of distributing policy respectively, and constantly optimize and adjust.
Described safe operation/maintenance data library module comprises safe O&M daily record storehouse and safe O&M policy library.
Described safe O&M daily record storehouse be exactly storage security operation/maintenance data acquisition module collect security log, webmaster daily record and business diary.Can the Sybases such as Oracle, SQLServer be adopted realize.
Described safe O&M policy library, its major function transmits all kinds of safe O&M information, all kinds of safe O&M method of process and scheme collected meanwhile, forming safe sharing database, providing training resource for cultivating the high-quality safe O&M talent.The information that this database stores comprises safe O&M information, risk assessment information, safe O&M early warning information, safe O&M strategy and safe O&M case library etc.
Information safety operation and maintenance platform provided by the present invention, there is extensibility and high availability, the information safety operation and maintenance service of " one-stop " can be provided for the information system of various enterprise, specific to the service of each enterprise, can customize respectively according to the demand of enterprise, with the demand for services of satisfied different enterprise.
Accompanying drawing explanation
Fig. 1 is information safety operation and maintenance paralell composition provided by the invention;
Fig. 2 is the procedure chart of data acquisition.
Embodiment
Here be with reference to the accompanying drawings with example to further description of the present invention:
A kind of positive information safety operation and maintenance paralell composition provided by the invention as shown in Figure 1.This platform comprises safe operation/maintenance data acquisition module, safe operation/maintenance data analysis module, safe O&M business module and safe operation/maintenance data storehouse.
Safe operation/maintenance data acquisition module
This module comprises safety information acquisition submodule, network management information gathers submodule and business information gathers submodule; These 3 submodules are responsible for gathering security information, network management information and the business information in each enterprise information system respectively, and are stored into respectively in enterprise safe operation/maintenance data storehouse separately.Platform can gather the security information of all kinds of safety means, the network equipment and server in each enterprise information system, network management information and business information in several ways.The mode gathered comprises following several:
(1) information is collected based on SNMP and Syslog mode;
(2) the regarding safety information of equipment in various database is obtained by odbc database interface;
(3) by OPSec interface information;
(4) information is received by MML, XML and web Service interface.
Security information, network management information and business information gather submodule after these information of reception, also message format standardization will be carried out, just can be sent in safe operation/maintenance data storehouse, and store respectively according to enterprise's difference, such as, safe operation/maintenance data storehouse (enterprise 1) in Fig. 1, safe operation/maintenance data storehouse (enterprise 2) and safe operation/maintenance data storehouse (enterprise N).
Safe operation/maintenance data analysis module
Association analysis: respectively association analysis is carried out to the safe operation/maintenance data storehouse of each enterprise, and output in the respective safe operation/maintenance data storehouse of enterprise and panel board.By built-in security O&M rule base, originally isolated real-time event is carried out longitudinal time shaft and historical events comparison and horizontal attribute axis and other event comparison, identify threat event; Association analysis submodule is the part that safe operation platform is the most complicated, and it comprises correlation analysis, structured analysis, intrusion path analysis, behavioural analysis.
Real-time monitoring and event handling: the safe operation situation being responsible for real-time monitor network grasps one of the attack threat of each enterprise network and the important means of alarm status in real time.By monitoring the log informations such as the various network equipment of each enterprise network, host computer system, safety means, the security incident that Timeliness coverage and is occurring and equipment alarm, and taking measures, ensureing safety, the reliability service of network and operation system.The warning information produced by said process carries out safe O&M information standardization, standardization by XML format, and warning information is centrally stored in safe operation/maintenance data storehouse, can meet the demand held long-time information and store.
Statistical analysis: can analyze to remove a hidden danger to each enterprise network flow, uses service conditions to add up to grasp user's internet behavior etc. to the user of enterprise network.
Safe O&M business module
Safe O&M business module respectively each enterprise provides safe O&M service, and the kind of safe O&M service comprises following but is not limited to as follows:
(1) security evaluation service
At present according to GB (GB/T20984-2007 information security risk evaluation specification), information system security risk is divided into five grades, is respectively from low to high: gentle breeze danger, average risk, medium risk, excessive risk and high risk; Platform, by receiving the analysis result of safe operation/maintenance data analysis module, completes the Information Security Risk evaluation work of assets, and carries out setting loss analysis, and triggering tasks list and response reduce asset risk automatically, the effect reaching management and control risk.
(2) Topology Management service
This submodule function has: 1) automatically find to add the equipment in enterprise network and connection thereof by Network Sniffing, obtain initial assets information; 2) network topology is monitored, the running status of monitor node; 3) node newly adding and exit is identified; 4) network topology structure is changed.
(3) event response service
This submodule by the interlock of each system, event information passing interface is provided to third party, exports the modes such as task work order and realize; Automatic response mechanism can be passed through for the security incident confirmed, provide as multiple alarm modes such as safe O&M panel board display, mail, notes on the one hand, on the other hand, by safety interaction mechanism, attack as router Long-distance Control, switch remote control etc. stop; Link between each system by the integrated information in conjunction with fire compartment wall, intrusion detection, Anti-Virus, scanner, by automatically adjusting the security strategy of each safety means of owned enterprise, to weaken or to eliminate the impact of safe O&M event.
(4) safe O&M policy service
This submodule is responsible for the security strategy of each enterprise information system, be managed for configuration, configuration is unified to the assets of each enterprise information system and strategy is unified issues, change current needs each equipment administrative burden of bringing of distributing policy respectively, and constantly optimize and adjust.
The flow process of data acquisition module as shown in Figure 2.Data acquisition module supports syslog, SNMP, SMTP, HTML etc.It is made up of agency by agreement, application proxy and scheduler.
Agency by agreement receives the information (such as, the attack of Apache 2.0 server) sended over by host-host protocols such as such as syslog, SNMP, and makes received data send to scheduler.Scheduler, after determining this type of message, will forward this message to relevant application proxy.
Application proxy is responsible for these information format standardization, and sends respectively in the safe operation/maintenance data storehouse of owned enterprise and store.These two agencies realize interconnecting by scheduler.
The foregoing is only preferred embodiment of the present invention, be not used for limiting practical range of the present invention; Every equivalence done according to the present invention changes and amendment, is all regarded as the scope of the claims of the present invention and contains.
Claims (2)
1. information safety operation and maintenance platform according to claim 1, it is characterized in that, described safe operation/maintenance data acquisition module, receives the security information of each enterprise information system various kinds of equipment, network management information and business information, and is unified by the journal format of these external equipments.
2. information safety operation and maintenance platform according to claim 1, is characterized in that, described data acquisition module can change router or the real-time linkage being configured to realization event with switch.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510309436.3A CN105025006B (en) | 2015-06-09 | 2015-06-09 | A kind of positive information safety operation and maintenance platform |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510309436.3A CN105025006B (en) | 2015-06-09 | 2015-06-09 | A kind of positive information safety operation and maintenance platform |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105025006A true CN105025006A (en) | 2015-11-04 |
| CN105025006B CN105025006B (en) | 2018-04-17 |
Family
ID=54414711
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510309436.3A Active CN105025006B (en) | 2015-06-09 | 2015-06-09 | A kind of positive information safety operation and maintenance platform |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105025006B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106055984A (en) * | 2016-05-27 | 2016-10-26 | 浪潮电子信息产业股份有限公司 | Hierarchical management method applied to security baseline software |
| CN109902079A (en) * | 2019-02-21 | 2019-06-18 | 广东电网有限责任公司信息中心 | A method of for reaching the automatic safe management of dream database |
| CN112270417A (en) * | 2020-10-28 | 2021-01-26 | 首都信息发展股份有限公司 | Intelligent acquisition method and system for operation and maintenance data of domestic equipment |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102510524A (en) * | 2011-10-26 | 2012-06-20 | 国家广播电影电视总局广播科学研究院 | Control system for broadcasting network |
| EP2541512A1 (en) * | 2011-01-19 | 2013-01-02 | Sichuan Electric Power Test & Research Institute | Intelligent electric meter centralized recharging terminal and control method thereof |
| CN103532744A (en) * | 2013-09-29 | 2014-01-22 | 国网辽宁省电力有限公司信息通信分公司 | Information-communication integrated supporting platform of intelligent power grid |
| CN104637265A (en) * | 2015-02-06 | 2015-05-20 | 宁波永耀信息科技有限公司 | Dispatch-automated multilevel integration intelligent watching alarming system |
-
2015
- 2015-06-09 CN CN201510309436.3A patent/CN105025006B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2541512A1 (en) * | 2011-01-19 | 2013-01-02 | Sichuan Electric Power Test & Research Institute | Intelligent electric meter centralized recharging terminal and control method thereof |
| CN102510524A (en) * | 2011-10-26 | 2012-06-20 | 国家广播电影电视总局广播科学研究院 | Control system for broadcasting network |
| CN103532744A (en) * | 2013-09-29 | 2014-01-22 | 国网辽宁省电力有限公司信息通信分公司 | Information-communication integrated supporting platform of intelligent power grid |
| CN104637265A (en) * | 2015-02-06 | 2015-05-20 | 宁波永耀信息科技有限公司 | Dispatch-automated multilevel integration intelligent watching alarming system |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106055984A (en) * | 2016-05-27 | 2016-10-26 | 浪潮电子信息产业股份有限公司 | Hierarchical management method applied to security baseline software |
| CN109902079A (en) * | 2019-02-21 | 2019-06-18 | 广东电网有限责任公司信息中心 | A method of for reaching the automatic safe management of dream database |
| CN112270417A (en) * | 2020-10-28 | 2021-01-26 | 首都信息发展股份有限公司 | Intelligent acquisition method and system for operation and maintenance data of domestic equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105025006B (en) | 2018-04-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11848951B2 (en) | Vector-based anomaly detection | |
| CN104506393B (en) | A kind of system monitoring method based on cloud platform | |
| CN103563302B (en) | Networked asset information management | |
| AU2019203412B2 (en) | Cybersecurity system | |
| CN105493450B (en) | The method and system of service exception in dynamic detection network | |
| US7801985B1 (en) | Data transfer for network interaction fraudulence detection | |
| US20150229661A1 (en) | Method and system for confident anomaly detection in computer network traffic | |
| US20120011590A1 (en) | Systems, methods and devices for providing situational awareness, mitigation, risk analysis of assets, applications and infrastructure in the internet and cloud | |
| US20190044961A1 (en) | System and methods for computer network security involving user confirmation of network connections | |
| US9729563B2 (en) | Data transfer for network interaction fraudulence detection | |
| US8160855B2 (en) | System and method for simulating network attacks | |
| CN103338128A (en) | Information security management system with integrated security management and control function | |
| CN103166788B (en) | A kind of collection control Control management system | |
| CN107547228B (en) | Implementation architecture of safe operation and maintenance management platform based on big data | |
| CN103716173A (en) | Storage monitoring system and monitoring alarm issuing method | |
| Trammell et al. | mPlane: an intelligent measurement plane for the internet | |
| CN105025006A (en) | An active information safety operation platform | |
| KR100984282B1 (en) | An enterprise security management system using an memory cache | |
| Bezas et al. | Comparative analysis of open source security information & event management systems (SIEMs) | |
| CN103597473B (en) | For merging the system and method for partially polymerized query result | |
| Amann et al. | Count me in: Viable distributed summary statistics for securing high-speed networks | |
| CN113194087A (en) | Safety risk high-intensity monitoring system for different information domains | |
| KR20100003099A (en) | The enterprise network analysis system and its method | |
| KR102267411B1 (en) | A system for managing security of data by using compliance | |
| Wang et al. | A novel method of filtering internet background radiation traffic |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 210012, Nanjing high tech Zone, Jiangsu, Nanjing Software Park, No. 99 unity Road, Eagle building, block A, 14 floor Applicant after: Nanjing Liancheng science and technology development Limited by Share Ltd Address before: A small road in Yuhuatai District of Nanjing City, Jiangsu province 210012 Building No. 158 Building 1 new ideal Applicant before: NANJING LIANCHENG TECHNOLOGY DEVELOPMENT CO., LTD. |
|
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: 210000 14F, building A, Eagle building, 99 solidarity Road, Nanjing Software Park, Nanjing hi tech Zone, Jiangsu Applicant after: Nanjing Liancheng science and technology development Limited by Share Ltd Address before: 210000, Nanjing high tech Zone, Jiangsu, Nanjing Software Park, No. 99 unity Road, Eagle building, block A, 14 floor Applicant before: Nanjing Liancheng science and technology development Limited by Share Ltd |
|
| CB02 | Change of applicant information | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |