CN105139139A - Data processing method, device and system for operation and maintenance audit - Google Patents

Data processing method, device and system for operation and maintenance audit Download PDF

Info

Publication number
CN105139139A
CN105139139A CN201510549959.5A CN201510549959A CN105139139A CN 105139139 A CN105139139 A CN 105139139A CN 201510549959 A CN201510549959 A CN 201510549959A CN 105139139 A CN105139139 A CN 105139139A
Authority
CN
China
Prior art keywords
auditing
equipment
target
audit
behavior
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201510549959.5A
Other languages
Chinese (zh)
Other versions
CN105139139B (en
Inventor
徐铁军
杨宗跃
张文飞
王旭
李生帛
苏蔚
王有虎
李宏波
金金
丁明静
李晖
雷晓萍
佟芳
秦浩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Corp of China SGCC
Beijing China Power Information Technology Co Ltd
State Grid Qinghai Electric Power Co Ltd
Information and Telecommunication Branch of State Grid Qinghai Electric Power Co Ltd
Original Assignee
State Grid Corp of China SGCC
Beijing China Power Information Technology Co Ltd
State Grid Qinghai Electric Power Co Ltd
Information and Telecommunication Branch of State Grid Qinghai Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Corp of China SGCC, Beijing China Power Information Technology Co Ltd, State Grid Qinghai Electric Power Co Ltd, Information and Telecommunication Branch of State Grid Qinghai Electric Power Co Ltd filed Critical State Grid Corp of China SGCC
Priority to CN201510549959.5A priority Critical patent/CN105139139B/en
Publication of CN105139139A publication Critical patent/CN105139139A/en
Application granted granted Critical
Publication of CN105139139B publication Critical patent/CN105139139B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Abstract

The invention discloses a data processing method, device and system for operation and maintenance audit. The method comprises the steps: receiving an external input account number; obtaining a preset inlet address, wherein the preset inlet address is a unique inlet address of an operation and maintenance audit system for audit operation; logging in the operation and maintenance audit system from the preset inlet address according to the external input account number; determining an operation and maintenance behavior corresponding to operation and maintenance authority where the external input account number belongs to after the logging-in of the operation and maintenance audit system; monitoring the operation and maintenance behavior, and obtaining monitoring results; and finally obtaining audit results of the monitoring results after audit processing. The method, device and system improve the safety and reliability of operation and maintenance management.

Description

For data processing method and the Apparatus and system of O&M audit
Technical field
The present invention relates to the communications field, in particular to a kind of data processing method for O&M audit and Apparatus and system.
Background technology
Audit is as a kind of independent, objectively movable, by systematization and normalized method, evaluate and the risk management of monitoring enterprise, control and governance process, its object is to by the internal control of promoting enterprise Erecting and improving and comprehensive Risk Management System is that enterprise increases the operational paradigm being worth and improving enterprise, guarantees the operation security of enterprise.Infosystem realizes the critical facility of its operations objective as enterprise, should consider that operation management and operation supervise and control mechanism are to prevent, to find mistake or violation event, thus to Internet technology (InformationTechnology, referred to as IT) risk is taken precautions against in advance, mid-event control, subsequent supervision and correction combination control.Auditing to IT system, is an important means of controlling internal risk.If infosystem self does not have security audit function, then need to configure special security audit equipment, security audit is carried out to infosystem.
At present, the security of IT system password to IT system has vital role.Along with increasing of IT system quantity, the account password management workload of IT system is increasing, and complexity is also more and more higher.In order to meet IT system safety management requirement, the account password of IT system needs periodic modification, this considerably increases the workload of account password management.On the other hand, operation maintenance personnel is also very inconvenient to the maintenance of audit work, and account password is often recorded on notepad by maintainer, easily causes account password to reveal.In practical operation, account password is set to very regular, readily appreciates that the account password of other system like this, because part system provides O&M service by outsourcing manufacturer, also easily causes account password to reveal.Some unit does not have account password management strategy, thus makes account password management system not strict, potential safety hazard of hiding.
Along with the complicacy that IT system is formed, can be safeguarded in O&M process by multiple entrance to IT system, this makes cannot to carry out unified management to IT system, unification arranges security strategy etc., thus causes various potential safety hazard.
In IT system O&M process, there is multiple role of manager, multiple managerial personnel are existed too for same role.These managerial personnel, when safeguarding, may use the same account number of IT system, like this once go wrong in O&M process, are just difficult to the operation of the concrete someone in location.
Faced by gather around privileged user, due to its operation can not be controlled, the resource that can not ensure to only have believable user could access it and have authority, cannot avoid going beyond one's commission or the phenomenon of violation operation.
System journal is independent, cannot prevent from being tampered, may delete daily record after managerial personnel have done violation operation, causes cannot trace, cannot locate violation operation.Further, system logging information is not comprehensive, and the information of record is relatively simple, is not easy to retrieval.
At present, all O&M security audit equipment, carries out duplicate on-line monitoring, offline playback, analysis, statistics to all O&M processes, according to the sensitivity of target O&M equipment, can not carry out targeted and distinctive audit operation.When O&M session number of concurrent is very high, O&M security audit equipment can affect the response speed of O&M operation, reduces the reliability of operation management.
Along with the importance of IT system and increasing on operation system impact, relevant laws and regulations have clear and definite requirement to its security, sustainability work, IT operational risk and enterprise's internal control etc.At present in the face of these compliance check, can only be institutional inspection, there is no effective data and technology to illustrate how these systems are implemented, the needs that compliance checks can not be met, cause the security performance of operation management to reduce.
In operation management process, cannot have operation management process Problems existing and quantitatively or qualitatively analyze data, simply can only be described from security incident aspect, can not potential risk be found, thus auxiliary enterprises improves the Security Construction of IT system further.
For in correlation technique owing to not having omnibearing operation audit method to cause the problem that the safety and reliability of operation management is low, at present effective solution is not yet proposed.
Summary of the invention
Fundamental purpose of the present invention is to provide a kind of data processing method for O&M audit and Apparatus and system, with the problem that the safety and reliability at least solving operation management is low.
To achieve these goals, according to an aspect of the present invention, a kind of data processing method for O&M audit is provided.The method comprises: receive outside input account; Obtain and preset entry address, wherein, default entry address is the sole inlet address that O&M auditing system carries out audit operation; O&M auditing system is logged in from default entry address according to outside input account; After login O&M auditing system, determine the O&M behavior that belonging to outside input account, O&M authority is corresponding; The behavior of monitoring O&M, obtains monitored results; And obtain monitored results is audited the auditing result that obtains after process.
Further, determine that the O&M behavior that belonging to outside input account, O&M authority is corresponding comprises: determine the role that outside input account is corresponding; And input role corresponding to account to the mandate of outside input account according to outside input account and outside, obtain O&M authority.
Further, this monitoring O&M behavior be used in the data processing method of O&M audit comprises: the bearing capacity of the central processing unit of Real-Time Monitoring target O&M equipment, core buffer and the network bandwidth, judges the sensitivity of target O&M equipment; If the bearing capacity of the central processing unit of target O&M equipment, core buffer and the network bandwidth is large and when judging that the sensitivity of target O&M equipment is low, the audit form switching target O&M equipment is inspection-free audit form; And if the bearing capacity of the central processing unit of target O&M equipment, core buffer and the network bandwidth is little and when judging the sensitivity height of target O&M equipment, switch the audit form of target O&M equipment for entirely to examine audit form.
Further, this monitoring O&M behavior be used in the data processing method of O&M audit comprises: the running status of Real-Time Monitoring target O&M equipment, wherein, running status comprises process status and the thread state of O&M agreement between auditing system and target O&M equipment and O&M session; According to the behavior of running status record O&M, obtain O&M record; O&M record is converted into graphic interface.
Further, monitored results comprises the operating process to O&M behavior, by O&M record and to the operation process recording of O&M behavior in dissimilar daily record, obtain and the monitored results auditing result that obtains after process of auditing is comprised: from dissimilar daily record, retrieve O&M record and the operating process to O&M behavior, obtain result for retrieval; Result for retrieval is inquired about, or filing, obtain Query Result, or filing result.
Further, after the auditing result obtained after process is audited in acquisition to monitored results, this data processing method being used for O&M audit also comprises: back up dissimilar daily record, backup auditing result, wherein, auditing result comprises result for retrieval, Query Result and filing result, regularly the account password of automatic modifying target O&M equipment.
To achieve these goals, according to a further aspect in the invention, a kind of data processing equipment for O&M audit is additionally provided.This data processing equipment being used for O&M audit comprises: receiving element, for receiving outside input account; First acquiring unit, for obtaining default entry address, wherein, default entry address is the sole inlet address that O&M auditing system carries out audit operation; Log in unit, for logging in O&M auditing system according to outside input account from default entry address; Determining unit, for after login O&M auditing system, determines the O&M behavior that belonging to outside input account, O&M authority is corresponding; Monitoring unit, for monitoring O&M behavior, obtains monitored results; And second acquisition unit, for obtaining, monitored results is audited the auditing result that obtains after process.
Further, this data processing equipment being used for O&M audit also comprises: determination module, for determining the role that outside input account is corresponding; And authorization module, for inputting role corresponding to account according to outside input account and outside to the mandate of outside input account, obtain O&M authority.
Further, this monitoring unit of data processing equipment being used for O&M audit comprises: detection module, for the bearing capacity of the central processing unit of Real-Time Monitoring target O&M equipment, core buffer and the network bandwidth; Judge module, for judging the sensitivity of target O&M equipment; First handover module, for when the bearing capacity of the central processing unit of target O&M equipment, core buffer and the network bandwidth is large and when judging that the sensitivity of target O&M equipment is low, the audit form switching target O&M equipment is inspection-free audit form; And second handover module, if for when the bearing capacity of the central processing unit of target O&M equipment, core buffer and the network bandwidth little and when judging the sensitivity height of target O&M equipment, switch the audit form of target O&M equipment for entirely to examine audit form.
To achieve these goals, according to a further aspect in the invention, a kind of data handling system for O&M audit is additionally provided.This data handling system being used for O&M audit comprises: fire wall; Switch; Server; And O&M auditing system, for receiving outside input account; Obtain and preset entry address, wherein, default entry address is the sole inlet address that O&M auditing system carries out audit operation; O&M auditing system is logged in from default entry address according to outside input account; After login O&M auditing system, determine the O&M behavior that belonging to outside input account, O&M authority is corresponding; The behavior of monitoring O&M, obtains monitored results; And obtain monitored results is audited the auditing result that obtains after process.
By the present invention, adopt and receive outside input account; Then obtain and preset entry address, wherein, default entry address is the sole inlet address that O&M auditing system carries out audit operation, achieves and carries out unified management to entry address, reduces the potential safety hazard of operation management.O&M auditing system is logged in from default entry address again according to outside input account; After login O&M auditing system, determine the O&M behavior that belonging to outside input account, O&M authority is corresponding, achieve and only have reliable user ability visit data resource; Monitor O&M behavior again, obtain monitored results, improve the security of operation of target O&M equipment; Finally obtain and monitored results is audited the auditing result that obtains after process, solve owing to not having omnibearing operation audit method to cause the problem that the safety and reliability of operation management is low, and then reach the safety and reliability that improve operation management.
Accompanying drawing explanation
The accompanying drawing forming a application's part is used to provide a further understanding of the present invention, and schematic description and description of the present invention, for explaining the present invention, does not form inappropriate limitation of the present invention.In the accompanying drawings:
Fig. 1 is the schematic diagram of the data handling system for O&M audit according to a first embodiment of the present invention;
Fig. 2 is the schematic diagram of the data handling system for O&M audit according to a second embodiment of the present invention;
Fig. 3 is the process flow diagram of the data processing method for O&M audit according to the embodiment of the present invention; And
Fig. 4 is the schematic diagram of the data processing equipment for O&M audit according to the embodiment of the present invention.
Embodiment
It should be noted that, when not conflicting, the embodiment in the application and the feature in embodiment can combine mutually.Below with reference to the accompanying drawings and describe the present invention in detail in conjunction with the embodiments.
The application's scheme is understood better in order to make those skilled in the art person, below in conjunction with the accompanying drawing in the embodiment of the present application, technical scheme in the embodiment of the present application is clearly and completely described, obviously, described embodiment is only the embodiment of the application's part, instead of whole embodiments.Based on the embodiment in the application, those of ordinary skill in the art are not making the every other embodiment obtained under creative work prerequisite, all should belong to the scope of the application's protection.
It should be noted that, term " first ", " second " etc. in the instructions of the application and claims and above-mentioned accompanying drawing are for distinguishing similar object, and need not be used for describing specific order or precedence.Should be appreciated that the data used like this can be exchanged, in the appropriate case so that the embodiment of the application described herein.In addition, term " comprises " and " having " and their any distortion, intention is to cover not exclusive comprising, such as, contain those steps or unit that the process of series of steps or unit, method, system, product or equipment is not necessarily limited to clearly list, but can comprise clearly do not list or for intrinsic other step of these processes, method, product or equipment or unit.
The invention provides a kind of data handling system for O&M audit.
Fig. 1 is the schematic diagram of the data handling system for O&M audit according to a first embodiment of the present invention.As shown in Figure 1, this data handling system being used for O&M audit comprises: fire wall 10, switch 20, server 30 and O&M auditing system 40.
Fire wall 10, for controlling the O&M audit of target O&M equipment, specifically, the security strategy can formulated according to concrete operation management allows, refuses or monitors the information flow of discrepancy network, the direct logon server of client can be forbidden and then sign in target O&M equipment, avoiding client directly to manage target O&M equipment.Alternatively, identified by the identity of mode to user of password authentication, thus improve the safety in utilization of auditing system.
O&M is audited, and can provide abundant statistical study for user, helps the potential safety hazard of user's Timeliness coverage target O&M equipment, optimizes using and managing Internet resources simultaneously.Client can be avoided directly to manage target O&M equipment by fire wall 10.Wherein, manage to comprise to target O&M equipment monitor stages and the operation in the ex-post analysis stage in the preparatory stage in advance in O&M process, thing are controlled.Alternatively, operation in preparatory stage in advance in O&M process comprises and managing the login account of target O&M equipment, manages, controls the authority of O&M behavior and control etc. the operation of O&M sensitivity order the role of operation maintenance personnel; Operation in thing in monitor stages comprises to be monitored O&M order, monitors and carry out in real time monitoring etc. to maintenance work state to on-line session; Operation in the ex-post analysis stage is comprised the information of retrieving and inquiring about, returning system the order of user's input and retrieves and inquire about, to be retrieved and inquire about and carry out playback etc. to O&M operating process by many condition combination to audit information.
Switch 20, for regenerating the O&M information in O&M process, completing the O&M message exchange between auditing system and server and the forwarding of O&M information, can provide additional bandwidth for the server that bandwidth usage is larger.Preferably, switch 20 is three-tier switch, thus the O&M information data accelerating LAN (Local Area Network) inside exchanges.
Server 30, according to the difference of target O&M equipment, server 30 can be the Linux server based on (SuSE) Linux OS, based on the unix server of UNIX operating system, also can be the Window server based on Windows operating system, can also be database server.
O&M auditing system 40, for receiving outside input account; Obtain and preset entry address, wherein, default entry address is the sole inlet address that O&M auditing system carries out audit operation; O&M auditing system is logged in from default entry address according to outside input account; After login O&M auditing system, determine the O&M behavior that belonging to outside input account, O&M authority is corresponding; The behavior of monitoring O&M, obtains monitored results; And obtain monitored results is audited the auditing result that obtains after process.
This data handling system being used for O&M audit adopts single armed bypass mode to dispose, and also, adopts the deployment way of physical bypass and logic gateway to dispose.Adopt single armed bypass mode to be again configured network, need not topology of networks be changed, and not be used in the software or hardware of server 30 and client being installed any autonomic activities.At the procotol (InternetProtocol of O&M auditing system 40, referred to as IP) the IP address of address and target O&M equipment can reach, and O&M auditing system 40 is with in the addressable situation of agreement of target O&M equipment room, realize managing concentratedly the account of target O&M equipment, user logs in the single-sign-on once just can accessing all believable application systems, thus O&M process is controlled in real time, real-time auditing, and audit information can not arbitrarily be revised, fabricate, and then the object minimizing control reached operation management operational risk.
Fig. 2 is the schematic diagram of the data handling system for O&M audit according to a second embodiment of the present invention.As shown in Figure 2, this system comprises fire wall 10, switch 20, switch 201, switch 202, switch 203, server 301, server 302 and server 303, O&M auditing system 40, client 501 and client 502.
The data handling system for O&M audit of this embodiment adopts physical bypass, the deployment way of logic gateway.When client carries out O&M audit, by switch 20, switch 201, the O&M information of O&M auditing system 40 in O&M process regenerates by switch 202 and switch 203, complete O&M auditing system 40 and server 301, the O&M message exchange of server 302 and server 303 and O&M information forward, alternatively, the connection of switch 201 and server 301, the connection of switch 202 and server 302, switch 203 and the connection of server 303, can be connected by netting twine or optical fiber.
Server 301, server 302 and server 303 can be the Linux server based on (SuSE) Linux OS, based on the unix server of UNIX operating system, based on any one in the server in the Window server of Windows operating system and database server.Each server sets the IP address of management objectives O&M equipment, the IP address of O&M auditing system and the IP address of target O&M equipment can reach.Default entry address is the sole inlet address of carrying out audit operation, obtain and preset entry address, preferably, logged in by this unique login entry address of O&M auditing system 40 and carry out communication with server, achieve and O&M login entry address is carried out to unified management, arranged the object of uniform security policies.
Alternatively, client 501 is avoided directly under the effect of switch 20, signing in server 301, server 302 and server 303 by fire wall 10.Client 502 also directly can sign in server 301 under the effect of switch 20, server 302 and server 303.
In the thing preparatory stage of O&M audit, receive outside input account, O&M auditing system is logged in from default entry address according to outside input account, user can pass through entrance Portal unified login, and the connection device of compatible client and server (Client/Server, referred to as C/S).Wherein, outside input account, alternatively, be user account, user is logged in O&M auditing system 40 and is logged in by user account.This user account is the unique identification that representative of consumer logs in identity, and user can be operation maintenance personnel or auditor.Default entry address is the sole inlet address that O&M auditing system carries out audit operation.After user logs in O&M auditing system 40 success, alternatively, by the account password of O&M auditing system 40 to target O&M equipment input target O&M equipment, then the operation that target O&M equipment carries out O&M audit is logged in, thus make user no longer need to know the account password of target O&M equipment when operating, but inputted the account password of target O&M equipment by O&M auditing system 40.In addition, O&M auditing system 40 can carry out unified management to the account password of target O&M equipment, regularly amendment automatically.The account password difference that each O&M agreement is corresponding, the account password of each O&M agreement is adopted and uses once, encryption once, strengthen the security of protocol conversation certification, thus enhance the management of the account password of target O&M equipment and the account password intensity that improve target O&M equipment.The O&M behavior that outside input account is corresponding different according to affiliated O&M authority after logging in O&M auditing system 40, operation maintenance personnel logs in O&M auditing system 40, O&M auditing system 40 can be authorized operation maintenance personnel according to mandate relation table, specifically, O&M auditing system 40 carries out combination mandate by providing based on operation maintenance personnel account, operation maintenance personnel Role Management, O&M target device, O&M target device group, O&M time period etc., thus realizes the control of O&M auditing system 40 pairs of O&M behaviors.Alternatively, operation maintenance personnel can by licensable electronic file to the authoring system application O&M authority corresponding with O&M auditing system 40, by O&M situation is described, there is provided the hardware characteristics code of O&M auditing system 40, after the application time, authoring system is through confirming, there is provided license file to operation maintenance personnel, license file is uploaded to O&M auditing system 40 by operation maintenance personnel can complete authority application.After operation maintenance personnel obtains O&M authority, normally could log in target O&M equipment and carry out operation management.
Monitor stages in the thing of O&M audit, also be, after operation maintenance personnel logs in O&M auditing system 40 and obtains corresponding O&M authority, O&M auditing system 40 can monitor O&M behavior, specifically, the bearing capacity of the central processing unit of Real-Time Monitoring target O&M equipment, core buffer and the network bandwidth, judges the sensitivity of target O&M equipment.Preferably, target O&M equipment has inspection-free audit form and entirely examines audit form.If the bearing capacity of the central processing unit of target O&M equipment, core buffer and the network bandwidth is large, and when judging that the sensitivity of target O&M equipment is low, then target O&M equipment is not suitable for auditing, and the audit form switching target O&M equipment is inspection-free audit form.If the central processing unit of target O&M equipment, the bearing capacity of core buffer and the network bandwidth is little, and when judging the sensitivity height of target O&M equipment, then target O&M equipment can be audited, switch the audit form of target O&M equipment for entirely to examine audit form, thus by the central processing unit according to target O&M equipment, the bearing capacity of core buffer and the network bandwidth and the sensitivity of target O&M equipment, the intelligence realizing the multistage audit of O&M auditing system 40 switches, realize the multistage Audit control of fine granularity, improve the reliability of O&M audit process.
In the thing of O&M audit in monitor procedure, O&M auditing system 40 also follows blacklist mechanism, controls the O&M order forbidden and O&M command set.In the process of online O&M session being carried out to monitoring in real time, when O&M auditing system 40 detects that violation is ordered, just report to the police to managerial personnel immediately, enhance risk control dynamics.Meanwhile, O&M auditing system 40 can also carry out real-time session blocking-up, blocking O&M auditing system 40 immediately and being connected with the operation between operation maintenance personnel, preventing dangerous accident when monitoring dangerous O&M operation.On the other hand, O&M auditing system 40 can record operation maintenance personnel and operate at the O&M of whole O&M process, the character relevant with O&M behavior is analyzed, comprise to order line operation order and echo message and non-character type operation time information analyze, such as, analyze operation maintenance personnel and information is knocked to keyboard or mouse, further record is carried out to the information of knocking of keyboard or mouse.
In the thing of O&M audit in monitor procedure, the running status of O&M auditing system 40 Real-Time Monitoring target O&M equipment, wherein, running status comprises process status and the thread state of O&M agreement between O&M auditing system 40 and target O&M equipment and O&M session; According to the behavior of running status record O&M, obtain O&M record; O&M record is converted into graphic interface.Specifically, O&M auditing system 40 not only provides the information monitoring of hardware resource, network state, operating system process status, and process status and the thread state of often kind of O&M agreement and O&M session are monitored in fine granularity ground.Wherein, process status comprises: process identification number (Identification, referred to as ID), buffer size, listening port, mode of operation, session number etc.; Thread state comprises: O&M client ip, port, target O&M device IP, session buffer size, mode of operation etc.By the record to running status, obtain O&M record, can the operation conditions of accurately master goal O&M equipment, Timeliness coverage is abnormal, improves the reliability of O&M auditing system 40 to greatest extent.O&M auditing system 40 also adopts analyzes O&M agreement, based on reduction and the Intel Virtualization Technology of packet, O&M record is converted into graphic interface, further the operation of all O&Ms is converted into graphic interface to be represented, achieve the simulation to O&M operation interface, thus grasp all O&M operations of operation maintenance personnel exactly, reach the object that the operation information about O&M behavior is not lost, be convenient to collect evidence in the ex-post analysis stage of O&M.
The behavior of monitoring O&M, obtains monitored results.The monitored results of O&M behavior comprises the operating process to O&M behavior, specifically comprises managerial personnel, Security Officer, auditor to the operating process of O&M behavior.By O&M record and to the operation process recording of O&M behavior in dissimilar daily record, such as, be recorded in system journal, system manager's daily record, safety officer's daily record, security audit person's daily record and operation maintenance personnel daily record etc.The operational process of O&M auditing system 40 and all kinds of personnel are recorded in detail to the operating process to target O&M equipment by dissimilar daily record.Auditor can log in O&M auditing system and audit to monitored results, by systematization or normalized method, evaluates and monitoring risk management and regulation effect etc., obtains auditing result.Then obtain and monitored results is audited the auditing result that obtains after process.Obtain and the monitored results auditing result that obtains after process of auditing is comprised: from dissimilar daily record, retrieve O&M record and the operating process to O&M behavior, obtain result for retrieval; Result for retrieval is inquired about, or filing, obtain Query Result, or filing result, thus ensure O&M record and do not lose about the operation information of O&M behavior.
After the auditing result obtained after process is audited in acquisition to monitored results, auditing system 40 can back up dissimilar daily record, backup auditing result, wherein, auditing result comprises the result for retrieval retrieved O&M record and obtain the operating process of O&M behavior from dissimilar daily record, and to the Query Result of result for retrieval and filing result.For example, backup has record O&M record and to the system journal of the operating process of O&M behavior, system manager's daily record, safety officer's daily record, security audit person's daily record and operation maintenance personnel daily record etc., and the result for retrieval to different daily record and the Query Result to result for retrieval and filing result.Back mechanism can be two-node cluster hot backup pattern or strange land standby pattern mutually, meets the continuity requirement of business; The data backup dump of auditing result can be carried out, provide manual or automatically schedule backup is carried out to the data of auditing result, meet the call data storage of auditing result; Can be daily record data backup dump, provide manual or automatically schedule backup is carried out to audit log, meet the memory requirement of audit log; Can also be that backup dump is carried out to the configuration data of system, provide manual or automatically schedule backup is carried out to the configuration data of system.
Alternatively, the modular design method that this software and hardware being used for the data handling system of O&M audit adopts dynamic on-demand to load, improves the stability of system, and is easy to later stage expansion.This system not only can pass through browser and server (Browser/Server, referred to as B/S) complete basic configuration requirement, can also with existing O&M workflow management, or existing management platform, or monitor supervision platform realizes integrating, and realizes more fine-grained operation management.This system supports single armed, serial connection deployment mode, and the business that do not affect normally is run, and supports the system management based on B/S and operative configuration, and whole operative configuration process is simple, can realize the configuration of basic function at short notice, thus reach requirement of reaching the standard grade.
This embodiment being used for the data handling system of O&M audit makes client 501 avoid directly under the effect of switch 20, signing in server 301, server 302 and server 303 by fire wall 10.Client 502 also directly can sign in server 301 under the effect of switch 20, server 302 and server 303.By switch 20, switch 201, the O&M information of O&M auditing system 40 in O&M process regenerates by switch 202 and switch 203, completes O&M auditing system 40 and server 301, and the O&M message exchange of server 302 and server 303 and O&M information forward.O&M audit device 40 is for obtaining default entry address, and wherein, default entry address is the sole inlet address of carrying out audit operation; Obtain and preset account; Log in from default entry address according to outside input account, wherein, the O&M behavior that outside input account is corresponding different according to affiliated O&M authority after the login; The behavior of monitoring O&M, obtains monitored results; And monitored results is audited, obtain auditing result, improve the safety and reliability of operation management.
The embodiment of the present invention additionally provides a kind of data processing method for O&M audit.
Fig. 3 is the process flow diagram of the data processing method for O&M audit according to the embodiment of the present invention, it should be noted that, this data processing method being used for O&M audit can be used for performing the data handling system for O&M audit.As shown in Figure 3, the method comprises the following steps:
Step S302, receives outside input account.
In the preparatory stage in advance of O&M process, receive outside income account.Outside input account, alternatively, for user account, user is logged in O&M auditing system and is logged in by user account, this user account is the coding relatively unique in user's system of particular user, and representative of consumer logs in the unique identification of identity, can be the identification card number of user, user's job number, computing machine network address or other and user's account one to one, the operation behavior of user in O&M process and user account are bound, and then gets up with user-association.Wherein, user can be operation maintenance personnel or auditor.Receive outside input account, also, receive user account.
Step S304, obtain and preset entry address, wherein, default entry address is the sole inlet address that O&M auditing system carries out audit operation.
The IP address of O&M auditing system and the IP address of target O&M equipment can reach.Default entry address is the sole inlet address of carrying out audit operation, obtains and presets entry address, preferably, obtains the IP address of this unique login entrance of O&M auditing system.
Step S306, logs in O&M auditing system according to outside input account from default entry address.
O&M auditing system is logged in from default entry address according to outside input account, also be, according to user account with and the IP address registration O&M auditing system of O&M auditing system, thus achieve and entry address is logged in O&M carry out unified management, the object of uniform security policies is set.Alternatively, operation maintenance personnel only need input outside input account and input password corresponding to account with outside and can log in O&M auditing system when logging in, O&M auditing system fills out the account password of target O&M equipment for operation maintenance personnel generation, then log in the operation that target O&M equipment carries out O&M audit, thus make user no longer need to know the account password of target O&M equipment when operating.Alternatively, operation maintenance personnel can by licensable electronic file to the authoring system application O&M authority corresponding with O&M auditing system, by O&M situation is described, the hardware characteristics code of O&M auditing system is provided, application time, then confirm through authoring system, provide license file to operation maintenance personnel, license file is uploaded to O&M auditing system by operation maintenance personnel can complete authority application.After operation maintenance personnel obtains the authority of O&M behavior, normally could log in target O&M operate.
Step S308, after login O&M auditing system, determines the O&M behavior that belonging to outside input account, O&M authority is corresponding.
After user logs in O&M auditing system, according to the security strategy of O&M process and the responsibilities of operation maintenance personnel, right assignment is carried out to operation maintenance personnel, determine which target O&M equipment is operation maintenance personnel can access, which operation is carried out to target O&M equipment.Determine the role that outside input account is corresponding, specifically, can be defined user by O&M auditing system, pass through password, or authentication code, or the modes such as double factor authentication carry out role's certification to user, such as, the role of authenticated is operation maintenance personnel, or auditor, or managerial personnel, or Security Officer etc., thus according to different roles, user is managed.Input role corresponding to account to the mandate of outside input account according to outside input account and outside, obtain O&M authority, make operation maintenance personnel can only carry out the O&M behavior be authorized to.Going beyond one's commission or violation operation for operation maintenance personnel, can give a warning, so that Security Officer can analyze this generic operation, further by managerial personnel to go beyond one's commission or violation operation is prevented, just finds when avoiding occurring serious consequence.Alternatively, according to operation maintenance personnel account, the role of operation maintenance personnel, O&M target device, O&M target device group, the O&M time period etc. carries out combination and authorizes, and obtains the O&M behavior that O&M authority described in operation maintenance personnel is corresponding, ensures that operation maintenance personnel can only operate and belongs to target O&M equipment in terms of reference of employment and carry out O&M behavior.And the operation of operation maintenance personnel is carried out to specification and the restriction of command-levels, prevent the unforeseen result may brought due to maloperation or malicious operation.Also can ZOOM analysis authority further to super keeper, system manager, safety officer, security audit person, guarantee the safety and reliability of O&M auditing system, thus improve the safety and reliability of operation management.
Step S310, the behavior of monitoring O&M, obtains monitored results.
After determining the O&M behavior that belonging to outside input account, O&M authority is corresponding, stage in the thing of O&M process, the bearing capacity of the central processing unit of Real-Time Monitoring target O&M equipment, core buffer and the network bandwidth, judges the sensitivity of target O&M equipment.Preferably, target O&M equipment has inspection-free audit form and entirely examines audit form.If the bearing capacity of the central processing unit of target O&M equipment, core buffer and the network bandwidth is large, and when judging that the sensitivity of target O&M equipment is low, then target O&M equipment is not suitable for auditing, and the audit form switching target O&M equipment is inspection-free audit form.If the bearing capacity of the central processing unit of target O&M equipment, core buffer and the network bandwidth is little, and when judging the sensitivity height of target O&M equipment, then target O&M equipment can be audited, switch the audit form of target O&M equipment for entirely to examine audit form, thus by the central processing unit according to target O&M equipment, core buffer and the bearing capacity of the network bandwidth and the sensitivity of target O&M equipment, the intelligence realizing multistage audit switches and the multistage Audit control of fine granularity, improves the reliability of O&M audit process.
In monitor procedure, follow blacklist mechanism, can control the O&M order forbidden and O&M command set in the thing of O&M audit, and time control event in violation of rules and regulations.Carrying out online O&M session, in the real-time process monitored, when detecting that violation is ordered, reporting to the police immediately, recognize there is order in violation of rules and regulations in time to make managerial personnel, thus prevention violation O&M operates, and enhances risk control dynamics, and then eliminates risk.Meanwhile, blocking the operation of operation maintenance personnel when monitoring dangerous O&M operation immediately, realizing real-time session and blocking, preventing the generation of dangerous accident.On the other hand, record operation maintenance personnel operates at the O&M of whole O&M process, the character relevant with O&M behavior is analyzed, comprise to order line operation order and echo message and non-character type operation time information analyze, such as, analyze operation maintenance personnel and information is knocked to keyboard or mouse, further record is carried out to the information of knocking of keyboard or mouse.Alternatively, operation maintenance personnel in the O&M operation note of whole O&M process in operation maintenance personnel daily record, thus accurately can grasp all O&M operations of operation maintenance personnel, independently open with system journal, prevent from distorting O&M operation note after having done violation operation, causing cannot the details of positioning action, comprises the information such as operating personnel, running time, operation behavior, and then cannot trace responsibility.
In the thing of O&M audit in monitor procedure, the running status of Real-Time Monitoring target O&M equipment.Wherein, the running status of target O&M equipment comprises process status and the thread state of O&M agreement between O&M auditing system and target O&M equipment and O&M session; According to the behavior of running status record O&M, obtain O&M record; O&M record is converted into graphic interface.Specifically, O&M auditing system not only provides the information monitoring of hardware resource, network state, operating system process status, and process status and the thread state of often kind of O&M agreement and O&M session are monitored in fine granularity ground.Alternatively, process status comprises: process ID, buffer size, listening port, mode of operation, session number etc.; Thread state comprises: O&M client ip, target O&M device IP, port, session buffer size, mode of operation etc.Like this can the operation conditions of accurately master goal O&M equipment, Timeliness coverage is abnormal, improves the reliability of O&M auditing system to greatest extent.O&M auditing system adopts analyzes O&M agreement, alternatively, O&M agreement comprises: remote terminal protocol Telnet, safety shell protocol (SecureShell in station command operation, referred to as SSH), RDP (RemoteDesktopProtocol, referred to as RDP) in Windows image.O&M auditing system also supports Virtual network computer (VirtualNetworkComputer, referred to as VNC), remote control software pcAnywhere, remote control software DameWare, VNC in Unix/Linux figure, files passe and the file transfer protocol (FTP) (FileTransferProtocol in downloading, referred to as FTP), Secure File Transfer Protocol (SecureFileTransferProtocol, referred to as SFTP), based on the HTML (Hypertext Markup Language) (HyperTextTransferProtocol in B/S operation, referred to as HTTP), security socket layer HTML (Hypertext Markup Language) (HyperTextTransferProtocoloverSecureSocketLayer, referred to as HTTPS).The instrument of O&M auditing system support comprises all instruments such as the SOLPlus order in database management tools.In addition, Telnet, FTP, SFTP, SSH, RDP, VNC O&M agreement can provide complete record, analysis, audit, and can provide the operation playback of graphic based.Telnet, FTP, SFTP, SSH, RDP, VNC, HTTP, HTTPS agreement and graphical user interface XWindows agreement can carry out intactly transparent forwarding.Simultaneously, O&M auditing system is based on the reduction of packet and Intel Virtualization Technology, O&M record is converted into graphic interface, the operation of all O&Ms is converted into graphic interface represented, achieve the simulation to O&M operation interface, and then grasp all O&M operations of operation maintenance personnel exactly, reach the object that the operation information about O&M behavior is not lost, be convenient to collect evidence in the ex-post analysis stage of O&M.
The monitored results of O&M behavior comprises the operating process to O&M behavior, also be, comprise managerial personnel, Security Officer, auditor is to the operating process of O&M behavior, by O&M record and to the operation process recording of O&M behavior in dissimilar daily record, such as, be recorded in system journal, system manager's daily record, safety officer's daily record, security audit person's daily record and operation maintenance personnel daily record etc., the operational process of O&M auditing system itself and all kinds of personnel can be recorded in detail independently to the operating process of target O&M equipment, prevent log recording from being distorted by unrelated person, causing cannot the details of positioning action, comprise operating personnel, running time, the information such as operation behavior, and then cannot responsibility be traced.
Step S312, obtains and to audit the auditing result that obtains after process to monitored results.
In the behavior of monitoring O&M, after obtaining monitored results, in the ex-post analysis stage of O&M process, auditor can log in O&M auditing system and audit to monitored results, by systematization or normalized method, evaluate and monitoring risk management and regulation effect etc., obtain auditing result.Obtain and the monitored results auditing result that obtains after process of auditing is comprised: from dissimilar daily record, retrieve O&M record and the operating process to O&M behavior, obtain result for retrieval; Result for retrieval is inquired about, or filing, obtain Query Result, or filing result, meanwhile, auditor can also carry out graphical playback to O&M record, thus ensures O&M record and do not lose about the operation information of O&M behavior.
After the auditing result obtained after process is audited in acquisition to monitored results, back up dissimilar daily record, backup auditing result, wherein, auditing result comprises the result for retrieval retrieved O&M record and obtain the operating process of O&M behavior from dissimilar daily record, and to the Query Result of result for retrieval and filing result.For example, backup has record O&M record and to the system journal of the operating process of O&M behavior, system manager's daily record, safety officer's daily record, security audit person's daily record and operation maintenance personnel daily record etc., and the result for retrieval to different daily record and the Query Result to result for retrieval and filing result.Back mechanism can be two-node cluster hot backup pattern or strange land standby pattern mutually, meets the continuity requirement of business; The data backup dump of auditing result can be carried out, provide manual or automatically schedule backup is carried out to the data of auditing result, meet the call data storage of auditing result; Can be daily record data backup dump, provide manual or automatically schedule backup is carried out to audit log, meet the memory requirement of audit log; Can also be that backup dump is carried out to the configuration data of system, provide manual or automatically schedule backup is carried out to the configuration data of system.
Preferably, after the auditing result obtained after process is audited in acquisition to monitored results, O&M auditing system is to the account password of the regular modifying target O&M equipment automatically of target O&M equipment, alternatively, according to each O&M agreement, the account password of target device can be use once, encryption once, strengthen the security intensity of the account password of target O&M equipment, and the O&M account unified management to all kinds of target O&M equipment, reduce the workload of account password management.The account password of amended target O&M equipment can be inserted in target O&M equipment by O&M auditing system generation, also can be manually to insert in target O&M equipment after operation maintenance personnel is obtained by O&M auditing system.
This embodiment being used for the data processing method of O&M audit adopts and receives outside input account, obtain and preset entry address, wherein, default entry address is the sole inlet address that O&M auditing system carries out audit operation, then auditing system is logged according to outside input account from default entry address, after login auditing system, determine the O&M behavior that belonging to outside input account, O&M authority is corresponding, the behavior of monitoring O&M, obtain monitored results, finally obtain and monitored results is audited the auditing result that obtains after process, improve the safety and reliability of operation management.
It should be noted that, can perform in the computer system of such as one group of computer executable instructions in the step shown in the process flow diagram of accompanying drawing, and, although show logical order in flow charts, but in some cases, can be different from the step shown or described by order execution herein.
Present invention also offers a kind of data processing equipment for O&M audit, it should be noted that, this device can be used for performing the data processing method for O&M audit.Fig. 4 is the schematic diagram of the data processing equipment for O&M audit according to the embodiment of the present invention, and as shown in Figure 4, this device comprises: receiving element 50, the first acquiring unit 60, logs in unit 70, determining unit 80, monitoring unit 90 and second acquisition unit 100.
Receiving element 50, for receiving outside input account.In the preparatory stage in advance of O&M process, receiving element 50 receives outside income account.Outside input account, alternatively, for user account, user is logged in O&M auditing system and is logged in by user account, this user account is the coding relatively unique in user's system of particular user, and representative of consumer logs in the unique identification of identity, can be the identification card number of user, user's job number, computing machine network address or other and user's account one to one, the operation behavior of user in O&M process and user account are bound, and then gets up with user-association.Wherein, user can be operation maintenance personnel or auditor.Receiving element 50 receives outside input account, and also, receiving element 50 receives user account.
First acquiring unit 60, for obtaining default entry address, wherein, default entry address is the sole inlet address that O&M auditing system carries out audit operation.The IP address of O&M auditing system and the IP address of target O&M equipment can reach.First acquiring unit 60 obtains presets entry address, and preferably, the first acquiring unit 60 obtains the IP address of this unique login entry address of O&M auditing system.
Log in unit 70, for logging in auditing system according to outside input account from default entry address.Log in unit 70 and log in O&M auditing system according to outside input account from default entry address, also be, log in the IP address registration O&M auditing system of unit 70 according to user account and O&M auditing system, thus achieve and entry address is logged in O&M carry out unified management, the object of uniform security policies is set.Alternatively, operation maintenance personnel only need input outside input account and input password corresponding to account with outside and log in O&M auditing system by logging in unit 70 when logging in.Alternatively, O&M auditing system fills out the account password of target O&M equipment for operation maintenance personnel generation, then log in unit 70 and log in the operation that target O&M equipment carries out O&M audit, thus make user no longer need to know the account password of target O&M equipment when operating, but inputted the account password of target O&M equipment by O&M auditing system.
Determining unit 80, for after login auditing system, determines the O&M behavior that belonging to outside input account, O&M authority is corresponding.This determining unit 80 also comprises determination module, for determining the role that outside input account is corresponding, and authorization module, for inputting role corresponding to account and outside input account according to outside to the mandate of outside input account, obtain O&M authority.
After logging in O&M auditing system by login unit 70, determination module determines the role that outside input account is corresponding, specifically, O&M auditing system can define user, by password, or authentication code, or the modes such as double factor authentication carry out role's certification to user, such as, the role of authenticated is operation maintenance personnel, auditor, managerial personnel, Security Officer etc., thus manages user according to different roles.Determination module determines the role of user, comprise the responsibilities of security strategy according to O&M process and operation maintenance personnel, right assignment is carried out to operation maintenance personnel, specifically, determines which target O&M equipment is operation maintenance personnel can access and carry out which operation to target O&M equipment.Authorization module inputs role corresponding to account to the mandate of outside input account according to outside input account and outside, obtains O&M authority, makes operation maintenance personnel can only carry out the O&M behavior be authorized to.Alternatively, authorization module is according to the account of operation maintenance personnel, the role of operation maintenance personnel, O&M target device, O&M target device group, the O&M time period etc. carries out combination and authorizes, and obtains the O&M behavior that O&M authority described in operation maintenance personnel is corresponding, ensures that operation maintenance personnel can only operate and belongs to target O&M equipment in terms of reference of employment and O&M operation.Authorization module also can ZOOM analysis authority further to super keeper, system manager, safety officer, security audit person, guarantees the safety and reliability of O&M auditing system, thus improves the safety and reliability of operation management.
Monitoring unit 90, for monitoring O&M behavior, obtains monitored results.This monitoring unit comprises detection module, judge module, the first handover module and the second handover module.Wherein, detection module is used for the bearing capacity of the central processing unit of Real-Time Monitoring target O&M equipment, core buffer and the network bandwidth; Judge module, for judging the sensitivity of described target O&M equipment; First handover module, for when the bearing capacity of the central processing unit of described target O&M equipment, core buffer and the network bandwidth is large and when judging that the sensitivity of described target O&M equipment is low, the audit form switching described target O&M equipment is inspection-free audit form; And second handover module, if for when the bearing capacity of the central processing unit of described target O&M equipment, core buffer and the network bandwidth little and when judging the sensitivity height of described target O&M equipment, switch the audit form of described target O&M equipment for entirely to examine audit form.
Monitoring unit 90 also comprises monitoring modular, logging modle and conversion module.Wherein, monitoring modular is used for the running status of Real-Time Monitoring target O&M equipment, and running status comprises process status and the thread state of O&M agreement between auditing system and target O&M equipment and O&M session; Logging modle, for according to the behavior of running status record O&M, obtains O&M record; Conversion module, for being converted into graphic interface by O&M record.
Second acquisition unit 100, to audit the auditing result that obtains after process to monitored results for obtaining.
Monitored results comprises the operating process to O&M behavior, by O&M record and to the operation process recording of O&M behavior in dissimilar daily record, second acquisition unit 100 comprises retrieval module and enquiry module or profiling module.Wherein, retrieval module is used for from dissimilar daily record, retrieve O&M record and the operating process to O&M behavior, obtains result for retrieval; Enquiry module is used for inquiring about result for retrieval, Query Result; Profiling module is used for filing result for retrieval, obtains filing result.
After the auditing result obtained after second acquisition unit 100 obtains process of auditing to monitored results, this device also comprises the first backup units, the second backup units and amendment unit.Wherein, the first backup units, for backing up dissimilar daily record; Second backup units, for backing up auditing result, wherein, auditing result comprises result for retrieval, Query Result and filing result; Amendment unit, for the account password of regular modifying target O&M equipment automatically.
After the auditing result obtained after process is audited in acquisition to monitored results, first backup units backs up dissimilar daily record, second backup units backup auditing result, wherein, auditing result comprises the result for retrieval retrieved O&M record and obtain the operating process of O&M behavior from dissimilar daily record, and to the Query Result of result for retrieval and filing result.For example, first backup units backup has record O&M record and to the system journal of the operating process of O&M behavior, system manager's daily record, safety officer's daily record, security audit person's daily record and operation maintenance personnel daily record etc., and the result for retrieval of the second backup units to different daily record and the Query Result to result for retrieval and filing result back up.Back mechanism can be two-node cluster hot backup pattern or strange land standby pattern mutually, meets the continuity requirement of business; The data backup dump of auditing result can be carried out, provide manual or automatically schedule backup is carried out to the data of auditing result, meet the call data storage of auditing result; Can be daily record data backup dump, provide manual or automatically schedule backup is carried out to audit log, meet the memory requirement of audit log; Can also be that backup dump is carried out to the configuration data of system, provide manual or automatically schedule backup is carried out to the configuration data of system.
Preferably, after the auditing result obtained after process is audited in second acquisition unit acquisition to monitored results, the account password of the regular modifying target O&M equipment automatically of amendment unit, alternatively, according to each O&M agreement, the account password of target device can be use once, encryption once, strengthen the security intensity of the account password of target O&M equipment, and the O&M account unified management to all kinds of target O&M equipment, reduce the workload of account password management.The account password of the target O&M equipment after amendment unit periodic modification can be inserted in target O&M equipment by O&M auditing system generation, also can be manually to insert in target O&M equipment after operation maintenance personnel is obtained by O&M auditing system.
This embodiment being used for the data processing method of O&M audit receives outside input account by receiving element, obtained by the first acquiring unit and preset entry address, wherein, default entry address is the sole inlet address that O&M auditing system carries out audit operation, then auditing system is logged according to outside input account from default entry address by logging in unit, by determining unit after login auditing system, determine the O&M behavior that belonging to outside input account, O&M authority is corresponding, by the behavior of monitoring unit monitoring O&M, obtain monitored results, obtain finally by second acquisition unit and monitored results is audited the auditing result that obtains after process, achieve the audit of omnibearing O&M, improve the safety and reliability of operation management.
Obviously, those skilled in the art should be understood that, above-mentioned of the present invention each module or each step can realize with general calculation element, they can concentrate on single calculation element, or be distributed on network that multiple calculation element forms, alternatively, they can realize with the executable program code of calculation element, thus, they can be stored and be performed by calculation element in the storage device, or they are made into each integrated circuit modules respectively, or the multiple module in them or step are made into single integrated circuit module to realize.Like this, the present invention is not restricted to any specific hardware and software combination.
The foregoing is only the preferred embodiments of the present invention, be not limited to the present invention, for a person skilled in the art, the present invention can have various modifications and variations.Within the spirit and principles in the present invention all, any amendment done, equivalent replacement, improvement etc., all should be included within protection scope of the present invention.

Claims (10)

1., for a data processing method for O&M audit, it is characterized in that, comprising:
Receive outside input account;
Obtain and preset entry address, wherein, described default entry address is the sole inlet address that O&M auditing system carries out audit operation;
Described O&M auditing system is logged in from described default entry address according to described outside input account;
After the described O&M auditing system of login, determine the O&M behavior that belonging to described outside input account, O&M authority is corresponding;
Monitor described O&M behavior, obtain monitored results; And
Obtain and described monitored results is audited the auditing result that obtains after process.
2. method according to claim 1, is characterized in that, determines that the O&M behavior that belonging to described outside input account, O&M authority is corresponding comprises:
Determine the role that described outside input account is corresponding; And
Input role corresponding to account to the mandate of described outside input account according to described outside input account and described outside, obtain described O&M authority.
3. method according to claim 1, is characterized in that, monitors described O&M behavior and comprises:
The bearing capacity of the central processing unit of Real-Time Monitoring target O&M equipment, core buffer and the network bandwidth,
Judge the sensitivity of described target O&M equipment;
If the bearing capacity of the central processing unit of described target O&M equipment, core buffer and the network bandwidth is large and when judging that the sensitivity of described target O&M equipment is low, the audit form switching described target O&M equipment is inspection-free audit form; And
If the bearing capacity of the central processing unit of described target O&M equipment, core buffer and the network bandwidth is little and when judging the sensitivity height of described target O&M equipment, switch the audit form of described target O&M equipment for entirely to examine audit form.
4. method according to claim 3, is characterized in that, monitors described O&M behavior and comprises:
The running status of target O&M equipment described in Real-Time Monitoring, wherein, described running status comprises process status and the thread state of O&M agreement between described O&M auditing system and described target O&M equipment and O&M session;
O&M behavior according to described running status record, obtains O&M record;
Described O&M record is converted into graphic interface.
5. method according to claim 4, it is characterized in that, described monitored results comprises the operating process to described O&M behavior, by described O&M record and to the operation process recording of described O&M behavior in dissimilar daily record, obtain and the described monitored results auditing result obtained after process of auditing comprised:
From described dissimilar daily record, retrieve described O&M record and the operating process to described O&M behavior, obtain result for retrieval;
Described result for retrieval is inquired about, or filing, obtain Query Result, or filing result.
6. method according to claim 5, is characterized in that, after the auditing result obtained after process is audited in acquisition to described monitored results, described method also comprises:
Back up described dissimilar daily record,
Back up described auditing result, wherein, described auditing result comprises described result for retrieval, described Query Result and described filing result,
Regularly automatically revise the account password of described target O&M equipment.
7., for a data processing equipment for O&M audit, it is characterized in that, comprising:
Receiving element, for receiving outside input account;
First acquiring unit, for obtaining default entry address, wherein, described default entry address is the sole inlet address that O&M auditing system carries out audit operation;
Log in unit, for logging in described O&M auditing system according to described outside input account from described default entry address;
Determining unit, for after the described O&M auditing system of login, determines the O&M behavior that belonging to described outside input account, O&M authority is corresponding;
Monitoring unit, for monitoring described O&M behavior, obtains monitored results; And
Second acquisition unit, to audit the auditing result that obtains after process to described monitored results for obtaining.
8. device according to claim 7, is characterized in that, described determining unit comprises:
Determination module, for determining the role that described outside input account is corresponding; And
Authorization module, for inputting role corresponding to account according to described outside input account and described outside to the mandate of described outside input account, obtains described O&M authority.
9. device according to claim 8, is characterized in that, described monitoring unit comprises:
Detection module, for the bearing capacity of the central processing unit of Real-Time Monitoring target O&M equipment, core buffer and the network bandwidth;
Judge module, for judging the sensitivity of described target O&M equipment;
First handover module, for when the bearing capacity of the central processing unit of described target O&M equipment, core buffer and the network bandwidth is large and when judging that the sensitivity of described target O&M equipment is low, the audit form switching described target O&M equipment is inspection-free audit form; And
Second handover module, if for when the bearing capacity of the central processing unit of described target O&M equipment, core buffer and the network bandwidth little and when judging the sensitivity height of described target O&M equipment, switch the audit form of described target O&M equipment for entirely to examine audit form.
10., for a data handling system for O&M audit, it is characterized in that, comprising:
Fire wall;
Switch;
Server; And
O&M auditing system, for receiving outside input account; Obtain and preset entry address, wherein, described default entry address is the sole inlet address that O&M auditing system carries out audit operation; Described O&M auditing system is logged in from described default entry address according to described outside input account; After the described O&M auditing system of login, determine the O&M behavior that belonging to described outside input account, O&M authority is corresponding; Monitor described O&M behavior, obtain monitored results; And obtain described monitored results is audited the auditing result that obtains after process.
CN201510549959.5A 2015-08-31 2015-08-31 Data processing method and device and system for O&M audit Active CN105139139B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510549959.5A CN105139139B (en) 2015-08-31 2015-08-31 Data processing method and device and system for O&M audit

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510549959.5A CN105139139B (en) 2015-08-31 2015-08-31 Data processing method and device and system for O&M audit

Publications (2)

Publication Number Publication Date
CN105139139A true CN105139139A (en) 2015-12-09
CN105139139B CN105139139B (en) 2018-12-21

Family

ID=54724478

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510549959.5A Active CN105139139B (en) 2015-08-31 2015-08-31 Data processing method and device and system for O&M audit

Country Status (1)

Country Link
CN (1) CN105139139B (en)

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106330919A (en) * 2016-08-26 2017-01-11 国家电网公司 Operation and maintenance safety auditing method and system
CN107317820A (en) * 2017-07-18 2017-11-03 广州爱九游信息技术有限公司 Data safety processing method, device and equipment
CN107317873A (en) * 2017-07-21 2017-11-03 曙光信息产业(北京)有限公司 A kind of conversation processing method and device
CN107612736A (en) * 2017-09-21 2018-01-19 成都安恒信息技术有限公司 A kind of web browser operation audit method based on container
CN108712288A (en) * 2018-05-23 2018-10-26 郑州信大天瑞信息技术有限公司 A kind of cloud platform operation audit method
CN108810124A (en) * 2018-06-02 2018-11-13 上海清鹤科技股份有限公司 The remote access control system of a large amount of multimedia terminals under a kind of environment to public network
CN109150595A (en) * 2018-08-08 2019-01-04 郑州市景安网络科技股份有限公司 A kind of network O&M instruction method for pushing
CN110011848A (en) * 2019-04-03 2019-07-12 鼎信信息科技有限责任公司 A kind of mobile O&M auditing system
CN110881032A (en) * 2019-11-06 2020-03-13 国网浙江武义县供电有限公司 Identification method and device for unauthorized account operation
CN111404889A (en) * 2020-03-05 2020-07-10 网宿科技股份有限公司 Auditing method and device and client
CN111651756A (en) * 2020-06-04 2020-09-11 成都安恒信息技术有限公司 Automatic substitution and filling method applied to operation and maintenance audit navicat
CN111984974A (en) * 2020-08-31 2020-11-24 成都安恒信息技术有限公司 Windows remote operation and maintenance isolation method based on operation and maintenance audit
CN112383524A (en) * 2020-11-03 2021-02-19 中国南方电网有限责任公司 Operation and maintenance auditing method, device and medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102882708A (en) * 2012-09-05 2013-01-16 北京神州绿盟信息安全科技股份有限公司 Operation and maintenance auditing method, device and system
CN103841114A (en) * 2014-03-20 2014-06-04 北京中电普华信息技术有限公司 Intelligent operation and maintenance safety audit method and system
CN103973681A (en) * 2014-04-29 2014-08-06 上海上讯信息技术股份有限公司 Secondary-layer password on-behalf filling method and module for operation and maintenance management auditing system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102882708A (en) * 2012-09-05 2013-01-16 北京神州绿盟信息安全科技股份有限公司 Operation and maintenance auditing method, device and system
CN103841114A (en) * 2014-03-20 2014-06-04 北京中电普华信息技术有限公司 Intelligent operation and maintenance safety audit method and system
CN103973681A (en) * 2014-04-29 2014-08-06 上海上讯信息技术股份有限公司 Secondary-layer password on-behalf filling method and module for operation and maintenance management auditing system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
徐铁军: "关于运维操作系统审查与设计管理的分析", 《电子测试》 *

Cited By (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106330919A (en) * 2016-08-26 2017-01-11 国家电网公司 Operation and maintenance safety auditing method and system
CN107317820B (en) * 2017-07-18 2021-07-30 阿里巴巴(中国)有限公司 Data security processing method, device and equipment
CN107317820A (en) * 2017-07-18 2017-11-03 广州爱九游信息技术有限公司 Data safety processing method, device and equipment
CN107317873A (en) * 2017-07-21 2017-11-03 曙光信息产业(北京)有限公司 A kind of conversation processing method and device
CN107317873B (en) * 2017-07-21 2020-08-11 曙光信息产业(北京)有限公司 Session processing method and device
CN107612736A (en) * 2017-09-21 2018-01-19 成都安恒信息技术有限公司 A kind of web browser operation audit method based on container
CN107612736B (en) * 2017-09-21 2021-03-09 成都安恒信息技术有限公司 WEB browser operation and maintenance auditing method based on container
CN108712288A (en) * 2018-05-23 2018-10-26 郑州信大天瑞信息技术有限公司 A kind of cloud platform operation audit method
CN108810124A (en) * 2018-06-02 2018-11-13 上海清鹤科技股份有限公司 The remote access control system of a large amount of multimedia terminals under a kind of environment to public network
CN108810124B (en) * 2018-06-02 2020-07-31 北京清鹤科技有限公司 Remote access control system for large number of multimedia terminals in public network environment
CN109150595A (en) * 2018-08-08 2019-01-04 郑州市景安网络科技股份有限公司 A kind of network O&M instruction method for pushing
CN110011848A (en) * 2019-04-03 2019-07-12 鼎信信息科技有限责任公司 A kind of mobile O&M auditing system
CN110881032A (en) * 2019-11-06 2020-03-13 国网浙江武义县供电有限公司 Identification method and device for unauthorized account operation
CN110881032B (en) * 2019-11-06 2022-02-22 国网浙江武义县供电有限公司 Identification method and device for unauthorized account operation
CN111404889A (en) * 2020-03-05 2020-07-10 网宿科技股份有限公司 Auditing method and device and client
CN111651756A (en) * 2020-06-04 2020-09-11 成都安恒信息技术有限公司 Automatic substitution and filling method applied to operation and maintenance audit navicat
CN111651756B (en) * 2020-06-04 2022-05-31 成都安恒信息技术有限公司 Automatic substitution and filling method applied to operation and maintenance audit navicat
CN111984974A (en) * 2020-08-31 2020-11-24 成都安恒信息技术有限公司 Windows remote operation and maintenance isolation method based on operation and maintenance audit
CN112383524A (en) * 2020-11-03 2021-02-19 中国南方电网有限责任公司 Operation and maintenance auditing method, device and medium

Also Published As

Publication number Publication date
CN105139139B (en) 2018-12-21

Similar Documents

Publication Publication Date Title
CN105139139A (en) Data processing method, device and system for operation and maintenance audit
CN106534362B (en) Software resource sharing method and device based on cloud platform
CN105119750A (en) Distributed information security operation and maintenance management platform based on massive data
CN106330919A (en) Operation and maintenance safety auditing method and system
CN109729180B (en) Whole system intelligent community platform
CN105430000A (en) Cloud computing security management system
CN101719259A (en) Maintenance management method, device and system for bank network devices
CN102682245A (en) Systems and methods for detecting fraud associated with systems application processing
CN111209269A (en) Big data management system of wisdom city
CN106779485A (en) Total management system and data processing method based on SOA framework
CN112398860A (en) Safety control method and device
CN110398927A (en) A kind of integrated data information monitoring platform and monitoring system
CN102403796A (en) Protocol self-adapting access method of intensive management and control system of unwatched transformer substation
CN110033174A (en) A kind of industrial information efficient public security system building method
CN110875943A (en) Security service delivery method and related device
CN112688808A (en) Operation and maintenance management method and system of internet data center and electronic equipment
CN111212077A (en) Host access system and method
CN110768963B (en) Trusted security management platform with distributed architecture
CN106330982A (en) Network security monitoring platform and method
CN108966216B (en) Mobile communication method and system applied to power distribution network
WO2016091415A1 (en) Method and apparatus for monitoring a certification authority
CN110378120A (en) Application programming interfaces attack detection method, device and readable storage medium storing program for executing
CN110719298A (en) Method and device for supporting user-defined change of privileged account password
WO2018131802A1 (en) System and method for automatically switching security gateway of ap server through process behavior tracking
CN109600395A (en) A kind of device and implementation method of terminal network access control system

Legal Events

Date Code Title Description
PB01 Publication
C06 Publication
SE01 Entry into force of request for substantive examination
C10 Entry into substantive examination
GR01 Patent grant
GR01 Patent grant