CN105471919A - Network security vulnerability scanning and managing system - Google Patents
Network security vulnerability scanning and managing system Download PDFInfo
- Publication number
- CN105471919A CN105471919A CN201610026034.7A CN201610026034A CN105471919A CN 105471919 A CN105471919 A CN 105471919A CN 201610026034 A CN201610026034 A CN 201610026034A CN 105471919 A CN105471919 A CN 105471919A
- Authority
- CN
- China
- Prior art keywords
- module
- scanning
- security
- vulnerability
- qualitative
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a network security vulnerability scanning and managing system, comprising a detection module, a scanning module, a qualitative module, a restoration module, an examination module and a vulnerability database. The detection module discovers network resources; the scanning module identifies resource attributes and scans security vulnerabilities; the qualitative module perform qualitative analysis on a security risk according to the security vulnerability scanned by the qualitative module; the restoration module provides a restoration suggestion and a preventive measure according to the risk of the vulnerability; the examination module effectively examines the restoration suggestion and the preventive measure after restoration; and the vulnerability database stores system and data vulnerabilities in a current network system. The system can support a plurality of operating systems and network devices to be used as detecting and scanning objects, perform accurate qualitative analysis on the security risk of a scanning object, and provide a restoration strategy to restore equipment security risks.
Description
Technical field
The present invention relates to the scanning of a kind of network security vulnerabilities and management system.
Background technology
Along with developing rapidly of computer technology, the business processed on computers is also by based on the mathematical operation of unit, file process, and interior business process, office automation etc. based on the simple internal network connected develop into based on the enterprise-class computers treatment system of the in-house network (Intranet) of complexity, extranet (Extranet), Global Internet (Internet) and worldwide information sharing and Business Processing.
While system processing power improves, the concatenation ability of system is also in continuous improve.But while concatenation ability information, negotiability improve, the safety problem of connection Network Based also becomes increasingly conspicuous, and overall network security is mainly manifested in the following aspects: the safety etc. of the physical security of network, network topology structure safety, network system security, application system security and network management.
Network security work is the game of defense and attack, is ensure information security, the cornerstone that everything goes well with your work carries out.In time, examine the weakness of oneself information work accurately closely, examine leak and the problem of oneself information platform closely, in the safe war of this field information, first chance could be in, establish oneself in an unassailable position.Only accomplish the safety of self, could be based on own job, the operation that guarantee company's business is sane, this is the first step of carrying out the work the information age.
Summary of the invention
The object of the invention is to overcome the deficiencies in the prior art, a kind of network security vulnerabilities is provided to scan and management system, this system can support that several operation systems, the network equipment are as detection and sweep object, can carry out the security risk of sweep object accurately qualitative, correcting strategy can be provided device security risk is repaired.
The object of the invention is to be achieved through the following technical solutions: network security vulnerabilities scanning and management system, it comprises detection module, scan module, Qualitative module, repair module, auditing module and vulnerability scan, described detection module finds networked asset, described scan module identification Asset Attributes, scanning security breaches, described Qualitative module is according to the qualitative security risk of security breaches of scanning, described reparation module provides according to the risk of leak and repairs suggestion and precautionary measures, described auditing module is effectively audited reparation suggestion and precautionary measures after reparation completes, system in described vulnerability scan storage covering current network and data leak.
This system also comprises wireless security module, and wireless security module finds wireless device, terminal and model distribution situation in institute overlay area in real time, assists to identify rogue wireless equipment, terminal.
Described scan module adopts gradual scanning analysis mode, and the identification of employing operation system fingerprint, intelligent miniport service identification accurately present the information of sweep object.
Leak quantity in described vulnerability scan is more than 12000 kinds.
Described vulnerability scan keeps fortnightly regular vulnerability database to upgrade, and upgrades immediately when finding great leak.
Described system provides 15 kinds of scanning strategies.
The invention has the beneficial effects as follows: the invention provides the scanning of a kind of network security vulnerabilities and management system, this system can support that several operation systems, the network equipment are as detection and sweep object, can carry out the security risk of sweep object accurately qualitative, correcting strategy can be provided device security risk is repaired; The accurate judgement of vulnerability information, except using conventional method scanning, can also adopt the scan method of number of different types to carry out association verification for same leak, accurately judge effect to reach; Strong scan efficiency ensures that integrated use multiple technologies complete discovery and scanning process fast, scans overall efficiency and occupy first place in multinomial like product comparation and assessment.
Accompanying drawing explanation
Fig. 1 is system architecture diagram.
Embodiment
Below in conjunction with accompanying drawing, technical scheme of the present invention is described in further detail, but protection scope of the present invention is not limited to the following stated.
As shown in Figure 1, network security vulnerabilities scanning and management system, it comprises detection module, scan module, Qualitative module, repair module, auditing module and vulnerability scan, described detection module finds networked asset, described scan module identification Asset Attributes, scanning security breaches, described Qualitative module is according to the qualitative security risk of security breaches of scanning, described reparation module provides according to the risk of leak and repairs suggestion and precautionary measures, described auditing module is effectively audited reparation suggestion and precautionary measures after reparation completes, system in described vulnerability scan storage covering current network and data leak.
This system also comprises wireless security module, wireless security module finds wireless device, terminal and model distribution situation in institute overlay area in real time, assist to identify rogue wireless equipment, terminal, concerning security matters unit is helped to find wireless signal, and can find the wireless security hidden danger existing for the dangerous configuration of wireless device further, provide wired, wireless network vulnerability analysis total solution.
Described scan module adopts gradual scanning analysis mode, and the identification of employing operation system fingerprint, intelligent miniport service identification accurately present the information of sweep object.
Leak quantity in described vulnerability scan is more than 12000 kinds.
Described vulnerability scan keeps fortnightly regular vulnerability database to upgrade, and upgrades immediately when finding great leak.
Described system provides 15 kinds of scanning strategies.
Network security vulnerabilities of the present invention scanning with management system with the most authoritative, the most comprehensive domestic Chinese leak knowledge base (CNCVE) for support, contain abundant research experience and deep knowledge accumulation, can be worth for client carries products application that is lasting, high-quality.Detection module detects the networked asset found in protection range in real time; scan module carries out Attribute Recognition to the networked asset found; and scan the security breaches whether existed in vulnerability scan; Qualitative module is according to the harm of security breaches its security risk qualitative; repair module and provide reparation suggestion and precautionary measures, auditing module carries out validity examination to reparation suggestion and precautionary measures after repair.
Claims (6)
1. network security vulnerabilities scanning and management system, it is characterized in that: it comprises detection module, scan module, Qualitative module, repair module, auditing module and vulnerability scan, described detection module finds networked asset, described scan module identification Asset Attributes, scanning security breaches, described Qualitative module is according to the qualitative security risk of security breaches of scanning, described reparation module provides according to the risk of leak and repairs suggestion and precautionary measures, described auditing module is effectively audited reparation suggestion and precautionary measures after reparation completes, system in described vulnerability scan storage covering current network and data leak.
2. network security vulnerabilities scanning according to claim 1 and management system, it is characterized in that: this system also comprises wireless security module, wireless security module finds wireless device, terminal and model distribution situation in institute overlay area in real time, assists to identify rogue wireless equipment, terminal.
3. network security vulnerabilities scanning according to claim 1 and management system, it is characterized in that: described scan module adopts gradual scanning analysis mode, the identification of employing operation system fingerprint, intelligent miniport service identification accurately present the information of sweep object.
4. network security vulnerabilities scanning according to claim 1 and management system, is characterized in that: the leak quantity in described vulnerability scan is more than 12000 kinds.
5. network security vulnerabilities scanning according to claim 4 and management system, is characterized in that: described vulnerability scan keeps fortnightly regular vulnerability database to upgrade, and upgrades immediately when finding great leak.
6. network security vulnerabilities scanning according to claim 1 and management system, is characterized in that: described system provides 15 kinds of scanning strategies.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610026034.7A CN105471919A (en) | 2016-01-15 | 2016-01-15 | Network security vulnerability scanning and managing system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610026034.7A CN105471919A (en) | 2016-01-15 | 2016-01-15 | Network security vulnerability scanning and managing system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105471919A true CN105471919A (en) | 2016-04-06 |
Family
ID=55609189
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610026034.7A Pending CN105471919A (en) | 2016-01-15 | 2016-01-15 | Network security vulnerability scanning and managing system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105471919A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107220742A (en) * | 2017-04-13 | 2017-09-29 | 中国南方电网有限责任公司超高压输电公司曲靖局 | A kind of development of information system common support method analyzed based on system vulnerability and platform |
| CN109088790A (en) * | 2018-07-20 | 2018-12-25 | 南京方恒信息技术有限公司 | A kind of scanning of multi engine exposed assets and management system |
| CN111538994A (en) * | 2020-04-20 | 2020-08-14 | 中科三清科技有限公司 | System security detection and repair method, device, storage medium and terminal |
| CN112738068A (en) * | 2020-12-25 | 2021-04-30 | 北京天融信网络安全技术有限公司 | Network vulnerability scanning method and device |
| CN114884719A (en) * | 2022-04-29 | 2022-08-09 | 广州市昊恒信息科技有限公司 | Network equipment security vulnerability early warning system |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104683377A (en) * | 2013-11-27 | 2015-06-03 | 上海墨芋电子科技有限公司 | Mass data backup and restoration method for cloud computing cluster group in new technology |
| CN104683378A (en) * | 2013-11-27 | 2015-06-03 | 上海墨芋电子科技有限公司 | Computing and debugging system for novel cloud computing service platform adopting new technology |
-
2016
- 2016-01-15 CN CN201610026034.7A patent/CN105471919A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104683377A (en) * | 2013-11-27 | 2015-06-03 | 上海墨芋电子科技有限公司 | Mass data backup and restoration method for cloud computing cluster group in new technology |
| CN104683378A (en) * | 2013-11-27 | 2015-06-03 | 上海墨芋电子科技有限公司 | Computing and debugging system for novel cloud computing service platform adopting new technology |
Non-Patent Citations (1)
| Title |
|---|
| 田小平: "涉密信息系统设计与实现", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107220742A (en) * | 2017-04-13 | 2017-09-29 | 中国南方电网有限责任公司超高压输电公司曲靖局 | A kind of development of information system common support method analyzed based on system vulnerability and platform |
| CN109088790A (en) * | 2018-07-20 | 2018-12-25 | 南京方恒信息技术有限公司 | A kind of scanning of multi engine exposed assets and management system |
| CN111538994A (en) * | 2020-04-20 | 2020-08-14 | 中科三清科技有限公司 | System security detection and repair method, device, storage medium and terminal |
| CN112738068A (en) * | 2020-12-25 | 2021-04-30 | 北京天融信网络安全技术有限公司 | Network vulnerability scanning method and device |
| CN114884719A (en) * | 2022-04-29 | 2022-08-09 | 广州市昊恒信息科技有限公司 | Network equipment security vulnerability early warning system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105471919A (en) | Network security vulnerability scanning and managing system | |
| CN103281177A (en) | Method and system for detecting hostile attack on Internet information system | |
| CN106407813B (en) | Heterogeneous vulnerability scanner data normalization processing device and method | |
| CN101593253A (en) | A kind of rogue program determination methods and device | |
| CN102467633A (en) | Method and system for safely browsing webpage | |
| CN106557695A (en) | A kind of malicious application detection method and system | |
| CN109376537B (en) | Asset scoring method and system based on multi-factor fusion | |
| CN111835781B (en) | Method and system for discovering host of same source attack based on lost host | |
| CN106506545A (en) | A kind of network security threats assessment system and method | |
| CN102567674A (en) | Method and equipment for judging whether software contains viruses or not on basis of behaviors | |
| CN103441869A (en) | Vulnerable main machine recognition method and device of power system | |
| CN111314292A (en) | Data security inspection method based on sensitive data identification | |
| CN111985192A (en) | Web attack report generation method, device, equipment and computer medium | |
| KR20190099816A (en) | Method and system for detecting counterfeit of web page | |
| CN105429996A (en) | Method for intelligently finding and locating address translation equipment | |
| CN110636077A (en) | Network security protection system and method based on unified platform | |
| CN117590278A (en) | Transformer fault detection method, device, equipment and medium based on power cabinet | |
| KR101624276B1 (en) | Method and apparatus for detecting icon spoofing of mobile application | |
| CN105516193A (en) | Network security configuration checking management system | |
| CN115643044A (en) | Data processing method, device, server and storage medium | |
| CN113721960A (en) | Application program bug fixing method and device based on RPA and AI | |
| CN112464249A (en) | Asset equipment attack vulnerability repairing method, device, equipment and storage medium | |
| CN111209149A (en) | Server stability testing method and system | |
| CN112651447B (en) | Ontology-based resource classification labeling method and system | |
| CN109409127A (en) | Generation method, device and the storage medium of network data security strategy |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160406 |