CN105306460A - Unified vulnerability patch management system - Google Patents
Unified vulnerability patch management system Download PDFInfo
- Publication number
- CN105306460A CN105306460A CN201510655855.2A CN201510655855A CN105306460A CN 105306460 A CN105306460 A CN 105306460A CN 201510655855 A CN201510655855 A CN 201510655855A CN 105306460 A CN105306460 A CN 105306460A
- Authority
- CN
- China
- Prior art keywords
- vulnerability patch
- management systems
- unified vulnerability
- patch management
- unified
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Abstract
The invention discloses a unified vulnerability patch management system. The unified vulnerability patch management system adopts a Sotower platform based on JavaEE architecture, the unified vulnerability patch management system comprises an enterprise directory module, an identity management service module, an authentication management service module, a directory audit service module and a unified user management tool module, which are connected in sequence; the unified vulnerability patch management system is good, stable and reliable in operation, strong in system practicability and good in usability, meets the development demands of vulnerability patch retrieval management work, provides a strong information system support for the vulnerability patch retrieval works of various grades of units of the State Grid Corporation of China and reaches the construction target of the national system.
Description
Technical field
The invention belongs to network security management technical field, relate to a kind of unified vulnerability patch management systems particularly.
Background technology
Rise so far from the Internet, the network safety event utilizing leak to attack is continuous, and in the situation be on the rise.The economic loss that the annual whole world causes because of leak is huge and increasing year by year, and leak has become one of arch-criminal of harm the Internet.System vulnerability gets more and more in recent years, utilize the speed goes of leak fast, cyber-attack techniques and attack tool make rapid progress, and have defined the hacker group that the division of labor is clear and definite, well organized, implement criminal offence to obtain economic interests, and network security situation is very severe.
Although present various security patch and ROMPaq issuing time interval is short, quantity is many, the day-to-day operation of various safety prevention measure to company's application system serves the effect escort, and security threat is still being showed every day.The safe condition of whole information system is among the dynamic equilibrium of network-combination yarn all the time, so require to dispose fast security patch and ROMPaq, the fastest speed is repaired leak and upgraded to protection tools such as anti-virus softwares.
The Eleventh Five-Year Plan period, company's constituent parts is in order to strengthen protecting information safety work, all be configured with hole scanner, but because constituent parts is purchased voluntarily, the security scan product category that company of each province and branch use is various, and practical function is similar, but the technology used and scanning strategy fail to realize unification, the technical problem causing constituent parts information system to exist is difficult to mutually compare, and lacks the unified vulnerability evaluation criteria for electric power enterprise.Superior unit can not understand and grasp the safe condition of subordinate's constituent parts information system in time, lacks vulnerability information data summarization and the safety evaluation of the whole network.From the whole network, constituent parts carries out patch deployment work voluntarily, and company lacks management and control to constituent parts patch installation situation, also just immediately, comprehensively cannot carry out patch deployment work by supervision and guidance constituent parts targetedly.
Integration operation and maintenance supervising platform mainly realizes the supervision to O&M, its safety management module achieves the management to registration assets, lacks the unified task management, totally and the unified management link such as precise circumstances analysis, the whole network leak Trend tracing, leak repairing inspection found the whole network leak.Desktop standardized management module achieves the push function to Intranet user terminal Windows system mend, lacks and stores from gathering, classifying polymorphic type (application system etc. that Anti-Virus, Linux, Solaris, MacOS, Database Systems, non-Microsoft provide) patch and ROMPaq, be distributed to the unified management function that patch installs each working links such as supervising as required.
Therefore, need to provide a kind of patch management systems to solve the problems existed in above-mentioned management function.
Summary of the invention
For the deficiencies in the prior art, the object of this invention is to provide a kind of unified vulnerability patch management systems to guarantee that leak patch service application one-level deployment system runs under safety, reliable, orderly, controlled environment.
A kind of unified vulnerability patch management systems, described unified vulnerability patch management systems adopts the Sotower platform based on JavaEE framework, and described unified vulnerability patch management systems comprises the enterprise content module, identity management services module, authentication management service module, catalogue auditing service module and the Union user management tool model that connect successively;
Described enterprise content module provides storage to organization, user, enterprise role, application message and application role and inquiry; Described identity management services module provides the function of similar data/address bus, realizes the data syn-chronization of catalogue and external system; Described authentication management service module realizes the unified certification to user, simultaneously based on reversed proxy server, realizes the agency service to service application, protection of resources, access control, single-sign-on; Described catalogue auditing service provides the critical event information gathering to enterprise content, identity management services, authentication management service, and is centrally stored in audit database; Described Union user management instrument provides the graduation authorization management to the organization in enterprise content, user, role, application, provides Self-Service to user simultaneously.
Preferably, described unified vulnerability patch management systems achieves on-line analysis and the Report Customization function of form by CognosTM1ExecutiveViewer instrument.
Preferably, described unified vulnerability patch management systems passes through the realization of CognosTM1MidMarketEdition instrument the sustainable management of Corporate Performance, operating performance, client's performance and organizational performance and monitoring.
Preferably, described unified vulnerability patch management systems realizes representing of online form and chart by CognosTM1Web instrument.
Preferably, described unified vulnerability patch management systems has the data security of data cell rank by CognosTM1Web instrument, in conjunction with audit-trail, makes date restoring become the selection of a safety.
Preferably, the issuing function that described unified vulnerability patch management systems is carried by TM1 itself, issues the model of TM1, can according to manually or timing issue, by data syn-chronization to other databases to realize data sharing.
Preferably, the data mining function that described unified vulnerability patch management systems is provided by TM1 understands the detailed formation of data and the situation of associated services data, TM1 does not limit for the degree of depth of data mining, and user can oneself define the path drilled through.
Preferably, described unified vulnerability patch management systems analyzes model by the various panel board of TM1 fast custom, TM1 is supported in data analysis process and arranges some assumed condition as required, provide user very easily method to carry out various similar what-if.
Preferably, described unified vulnerability patch management systems can easily embed local application system by TM1.
Technical scheme of the present invention has following beneficial effect:
A kind of unified vulnerability patch management systems provided by the invention, system is optimized leak patch retrieval service flow process and traffic handing capacity by information-based means, remarkable lifting is had to the operating efficiency of business personnel, by project management business, user grasps the direction and focus of Corporation system leak patch retrieval work, specification leak patch retrieval flow and element task in time, implements the project evaluation and reflection achievement.Simultaneously, the design of each functional module facilitates leak patch retrieval personnel and carries out searching and adding up each annual data data information, strengthen the construct and manage of leak patch retrieval, important support is provided to the leak patch retrieval work carrying out State Grid Corporation of China further.
Unified vulnerability patch management systems operational excellence, reliable and stable, system availability is strong, ease for use is good, meet the needs of leak patch searching, managing job development, leak patch retrieval work for unit at different levels of State Grid Corporation of China provides powerful information system and supports, and reaches national system construction object.
Accompanying drawing explanation
Below by drawings and Examples, technical scheme of the present invention is described in further detail.
Fig. 1 is the structural representation of a kind of unified vulnerability patch management systems of the present invention;
Embodiment
In order to have a clear understanding of technical scheme of the present invention, its detailed structure will be proposed in the following description.Obviously, the concrete execution of the embodiment of the present invention also not enough specific details being limited to those skilled in the art and haveing the knack of.The preferred embodiments of the present invention are described in detail as follows, and except these embodiments described in detail, can also have other execution modes.
Below in conjunction with drawings and Examples, the present invention is described in further details.
Unified identity authentication management system (also known as " directory service ") is the important component part of State Grid Corporation of China's enterprise-level integration information integrated platform, this system synthesis uses X.500 Directory technology, data synchronization technology, reversed proxy server, identity identifying technology, the enterprise-level information technology that access control technology etc. are advanced and mature, for leak patch service application one-level deployment system provides unified certification, identity is synchronous, protection of resources, access control, access audit waits infrastructure service, realize the lifecycle management of subscriber identity information, guarantee that leak patch service application one-level deployment system is in safety, reliably, in order, run under controlled environment, the important information security infrastructure of State Grid Corporation of China.
With reference to Fig. 1, a kind of unified vulnerability patch management systems is disclosed in figure, adopt the Sotower platform based on JavaEE framework, described unified vulnerability patch management systems comprises the enterprise content module, identity management services module, authentication management service module, catalogue auditing service module and the Union user management tool model that connect successively;
Described enterprise content module provides storage to organization, user, enterprise role, application message and application role and inquiry; Described identity management services module provides the function of similar data/address bus, realizes the data syn-chronization of catalogue and external system; Described authentication management service module realizes the unified certification to user, simultaneously based on reversed proxy server, realizes the agency service to service application, protection of resources, access control, single-sign-on; Described catalogue auditing service provides the critical event information gathering to enterprise content, identity management services, authentication management service, and is centrally stored in audit database; Described Union user management instrument provides the graduation authorization management to the organization in enterprise content, user, role, application, provides Self-Service to user simultaneously.
Enterprise content is the function basis of this system, mainly provides the storage to data such as organization, user (employee or non-employee), enterprise role, application message, application roles and inquiry.
Identity management services and authentication management service are two large Core Features of this system, and identity management services, based on the catalogue of bottom, mainly provides the function of similar data/address bus, realize catalogue synchronous with the data (organization, user, role) of external system.Authentication management service for authentication infrastructure, realizes the unified certification to user with the subscriber identity information in catalogue, simultaneously based on reversed proxy server, realizes the agency service to service application, protection of resources, access control, single-sign-on.
Catalogue auditing service provides the critical event information gathering to enterprise content, identity management services, authentication management service, and is centrally stored in audit database.
Union user management instrument mainly provides the graduation authorization management to information such as the organization in enterprise content, user, role, application, provides Self-Service to user simultaneously.IBMCognosTM1 realizes a kind of real-time merging, checks and edit the method for a large amount of multi-dimensional data, and can be realized the functions such as self-defined analysis, self-defined statistics by CUBE function, user just can implement to represent analysis data by pulling.Specific as follows:
1) by can realize on-line analysis and the Report Customization function of form to the research of CognosTM1ExecutiveViewer instrument.
2) by complete performance management solution can be provided to the research of CognosTM1MidMarketEdition instrument, the sustainable management to Corporate Performance, operating performance, client's performance and organizational performance and monitoring is reached.
3) by can be implemented in representing of report from a liner table and chart to the research of CognosTM1Web instrument.
4) by can have the data security of data cell rank to the research of CognosTM1Web instrument, in conjunction with audit-trail, date restoring is made to become the selection of a safety.
5) by the issuing function that TM1 itself carries, the model of TM1 is issued, can according to manually or timing issue, by data syn-chronization to other databases to realize data sharing.
6) the data mining function provided by TM1 understands the detailed formation of data and the situation of associated services data, and TM1 does not limit for the degree of depth of data mining, and user can oneself define the path drilled through.
7) can analyze model by the various panel board of fast custom by TM1, TM1 is supported in data analysis process and arranges some assumed condition as required, provide user very easily method to carry out various similar what-if.
8) local application system can easily be embedded by TM1.TM1 provides URLAPI, the multiple second development interface such as DotNetAPI, JavaAPI, ActiveX.Utilize these interfaces, easily TM1 can be embedded local Web system, application program, Word, PowerPoint, Outlook etc., and transmit authority information between different systems.
Leak patch retrieval service application one-level deployment system continues to use the Multi-tier distributive system of B/S pattern, based on SoTowerV2.1.2 platform development, adopts J2EE technology, uses Oracle10g database and WebLogic9.2 application server.Meanwhile, because this project is based on J2EE technology, according to multi-layer framework Model Design and enforcement, make system have good expandability, reusability, portability, simultaneously safe and reliable, practicality is very strong, has fully demonstrated the advance of system.
System is optimized leak patch retrieval service flow process and traffic handing capacity by information-based means, remarkable lifting is had to the operating efficiency of business personnel, by project management business, user grasps the direction and focus of Corporation system leak patch retrieval work, specification leak patch retrieval flow and element task in time, implements the project evaluation and reflection achievement.Simultaneously, the design of each functional module facilitates leak patch retrieval personnel and carries out searching and adding up each annual data data information, strengthen the construct and manage of leak patch retrieval, important support is provided to the leak patch retrieval work carrying out State Grid Corporation of China further.
Leak patch retrieval service application one-level deployment system is since on-line running, operational excellence, reliable and stable, system availability is strong, ease for use is good, meet the needs of leak patch searching, managing job development, the leak patch retrieval work for unit at different levels of State Grid Corporation of China provides powerful information system and supports, and reaches national system construction object.
Finally should be noted that: above embodiment is only in order to illustrate that technical scheme of the present invention is not intended to limit; although with reference to above-described embodiment to invention has been detailed description; those of ordinary skill in the field still can modify to the specific embodiment of the present invention or equivalent replacement; these do not depart from any amendment of spirit and scope of the invention or equivalent replacement, are all applying within the claims awaited the reply.
Claims (9)
1. a unified vulnerability patch management systems, it is characterized in that, described unified vulnerability patch management systems adopts the Sotower platform based on JavaEE framework, and described unified vulnerability patch management systems comprises the enterprise content module, identity management services module, authentication management service module, catalogue auditing service module and the Union user management tool model that connect successively;
Described enterprise content module provides storage to organization, user, enterprise role, application message and application role and inquiry; Described identity management services module provides the function of similar data/address bus, realizes the data syn-chronization of catalogue and external system; Described authentication management service module realizes the unified certification to user, simultaneously based on reversed proxy server, realizes the agency service to service application, protection of resources, access control, single-sign-on; Described catalogue auditing service provides the critical event information gathering to enterprise content, identity management services, authentication management service, and is centrally stored in audit database; Described Union user management instrument provides the graduation authorization management to the organization in enterprise content, user, role, application, provides Self-Service to user simultaneously.
2. unified vulnerability patch management systems according to claim 1, is characterized in that, described unified vulnerability patch management systems achieves on-line analysis and the Report Customization function of form by CognosTM1ExecutiveViewer instrument.
3. unified vulnerability patch management systems according to claim 1, it is characterized in that, described unified vulnerability patch management systems passes through the realization of CognosTM1MidMarketEdition instrument the sustainable management of Corporate Performance, operating performance, client's performance and organizational performance and monitoring.
4. unified vulnerability patch management systems according to claim 1, is characterized in that, described unified vulnerability patch management systems realizes representing of online form and chart by CognosTM1Web instrument.
5. unified vulnerability patch management systems according to claim 1, it is characterized in that, described unified vulnerability patch management systems has the data security of data cell rank by CognosTM1Web instrument, in conjunction with audit-trail, make date restoring become the selection of a safety.
6. unified vulnerability patch management systems according to claim 2, it is characterized in that, the issuing function that described unified vulnerability patch management systems is carried by TM1 itself, the model of TM1 is issued, can according to manually or timing issue, by data syn-chronization to other databases to realize data sharing.
7. unified vulnerability patch management systems according to claim 2, it is characterized in that, the data mining function that described unified vulnerability patch management systems is provided by TM1 understands the detailed formation of data and the situation of associated services data, TM1 does not limit for the degree of depth of data mining, and user can oneself define the path drilled through.
8. unified vulnerability patch management systems according to claim 2, it is characterized in that, described unified vulnerability patch management systems analyzes model by the various panel board of TM1 fast custom, TM1 is supported in data analysis process and arranges some assumed condition as required, provide user very easily method to carry out various similar what-if.
9. unified vulnerability patch management systems according to claim 2, is characterized in that, described unified vulnerability patch management systems can easily embed local application system by TM1.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510655855.2A CN105306460A (en) | 2015-10-13 | 2015-10-13 | Unified vulnerability patch management system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510655855.2A CN105306460A (en) | 2015-10-13 | 2015-10-13 | Unified vulnerability patch management system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105306460A true CN105306460A (en) | 2016-02-03 |
Family
ID=55203212
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510655855.2A Pending CN105306460A (en) | 2015-10-13 | 2015-10-13 | Unified vulnerability patch management system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105306460A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109698821A (en) * | 2018-11-23 | 2019-04-30 | 广东电网有限责任公司信息中心 | Transregional vulnerability database is shared and cooperative disposal system and method |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1417690A (en) * | 2002-12-03 | 2003-05-14 | 南京金鹰国际集团软件系统有限公司 | Application process audit platform system based on members |
| CN101119231A (en) * | 2007-07-19 | 2008-02-06 | 南京联创网络科技有限公司 | Method to centralized manage and automatic download mend of computer security leak base |
| CN101383030A (en) * | 2008-10-21 | 2009-03-11 | 上海汽车集团股份有限公司 | Problem tracking system and method in process of project progressing |
| CN103400226A (en) * | 2013-07-31 | 2013-11-20 | 湖南省烟草公司永州市公司 | Integrated tobacco industry information security, operation and maintenance application platform system |
| CN104683394A (en) * | 2013-11-27 | 2015-06-03 | 上海墨芋电子科技有限公司 | Cloud computing platform database benchmark test system for new technology and method thereof |
-
2015
- 2015-10-13 CN CN201510655855.2A patent/CN105306460A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1417690A (en) * | 2002-12-03 | 2003-05-14 | 南京金鹰国际集团软件系统有限公司 | Application process audit platform system based on members |
| CN101119231A (en) * | 2007-07-19 | 2008-02-06 | 南京联创网络科技有限公司 | Method to centralized manage and automatic download mend of computer security leak base |
| CN101383030A (en) * | 2008-10-21 | 2009-03-11 | 上海汽车集团股份有限公司 | Problem tracking system and method in process of project progressing |
| CN103400226A (en) * | 2013-07-31 | 2013-11-20 | 湖南省烟草公司永州市公司 | Integrated tobacco industry information security, operation and maintenance application platform system |
| CN104683394A (en) * | 2013-11-27 | 2015-06-03 | 上海墨芋电子科技有限公司 | Cloud computing platform database benchmark test system for new technology and method thereof |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109698821A (en) * | 2018-11-23 | 2019-04-30 | 广东电网有限责任公司信息中心 | Transregional vulnerability database is shared and cooperative disposal system and method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112102111B (en) | Intelligent processing system for power plant data | |
| USRE48073E1 (en) | Methods of deploying a server | |
| CN208227074U (en) | Electric power monitoring system network security monitors terminal | |
| Song | Testing and evaluation system for cloud computing information security products | |
| CN101562609B (en) | VPN network security loophole detection and global admittance controlling system | |
| CN104683127A (en) | Method and system for centrally checking weak passwords of equipment | |
| CN104486346A (en) | Stepping stone system | |
| CN102621971A (en) | Sharing maintenance system ensuring normal operation of wind turbines and realization method thereof | |
| Leitão et al. | Quo vadis industry 4.0? Position, trends, and challenges | |
| CN105094961A (en) | Task scheduling management system based on quartz frame and method thereof | |
| CN112988865B (en) | Industrial Internet service management system | |
| CN104573885A (en) | Auditing service working platform based on Internet cloud computing service function | |
| CN104766240A (en) | Electronic banking data processing system and method | |
| CN105512780A (en) | Cooperative resource management workbench | |
| Алекперов et al. | Migration issues of SCADA systems to the cloud computing environment | |
| CN105306460A (en) | Unified vulnerability patch management system | |
| Wu et al. | Application research of Hadoop resource monitoring system based on Ganglia and Nagios | |
| Qi | Operation maintenance and management model on informationization system of small and medium enterprises | |
| Zebzeev | Designing of complex information and control system of the deposit" Urubcheno-Tohomskoe" | |
| Zhang et al. | Intelligent Grid Operation and Maintenance Management and Command Platform Based on Computer Distributed Network | |
| Chen et al. | Research on System Development and Application of Electrical Equipment Intelligent IoT Platform | |
| Zhang | Research on the management information of scientific research institutes | |
| Bo et al. | Application research on the informationization architecture of diversified state-owned enterprise groups based on TOGAF | |
| KR20160069777A (en) | System for generating HTML5 form based on BPM and main frame | |
| Baranov et al. | LIFE CYCLE MANAGEMENT SERVICE FOR THE COMPUTE NODES OF THE TIER1, TIER2 SITES (JINR) |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160203 |