CN106559391B - Vulnerability scanning method and device - Google Patents

Vulnerability scanning method and device Download PDF

Info

Publication number
CN106559391B
CN106559391B CN201510628977.2A CN201510628977A CN106559391B CN 106559391 B CN106559391 B CN 106559391B CN 201510628977 A CN201510628977 A CN 201510628977A CN 106559391 B CN106559391 B CN 106559391B
Authority
CN
China
Prior art keywords
virtual machine
information
vulnerability scanning
identifier
scanning
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510628977.2A
Other languages
Chinese (zh)
Other versions
CN106559391A (en
Inventor
顾戎
李晨
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
Original Assignee
China Mobile Communications Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd filed Critical China Mobile Communications Group Co Ltd
Priority to CN201510628977.2A priority Critical patent/CN106559391B/en
Publication of CN106559391A publication Critical patent/CN106559391A/en
Application granted granted Critical
Publication of CN106559391B publication Critical patent/CN106559391B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The embodiment of the invention provides a vulnerability scanning method and a vulnerability scanning device, wherein the method comprises the following steps: acquiring a scanning request input by a user; acquiring an information list from a controller according to the scanning request, wherein the information list records first information of the virtual machine deployed on each server; according to the scanning request, the target virtual machine which needs to be subjected to vulnerability scanning is positioned from the information list, and vulnerability scanning is carried out on the target virtual machine.

Description

Vulnerability scanning method and device
Technical Field
The present invention relates to the field of network technologies, and in particular, to a vulnerability scanning method and apparatus.
Background
With the rapid development of network technology, tens of thousands of network security vulnerabilities are published, and network attackers are in endless and increasingly severe. In addition, because a system administrator is careless or inexperienced, the network vulnerability cannot be discovered artificially. The vulnerability scanning equipment for scanning objects such as various webpages, application systems, network environments and the like can detect potential safety hazards of an intranet host, remind safety management personnel of carrying out system upgrade and attack prevention on vulnerabilities, and therefore the vulnerability scanning equipment is concerned.
The traditional vulnerability scanning equipment identifies the type and version of a target host system and a service program by identifying and scanning the working state of a target host, identifies the state of a target host port, analyzes the vulnerability of the system according to the known vulnerability information, and finally generates a scanning result report. The most commonly used host alive scanning techniques include response (echo) scanning of Control Message Protocol (ICMP), ICMP broadcast scanning, and the like.
For a traditional host survival scanning technology for vulnerability scanning, survival detection of a host is realized based on an Interconnection Protocol (IP) between networks. When the vulnerability scanning equipment and a target host network can be reached, an ICMP echo request is sent to the host, and the host is waited for an ICMP response so as to judge whether the host survives; or by broadcasting the entire network segment to detect the survival of the entire network segment. This IP-based host alive scan technique distinguishes target hosts by IP. The target host is required to have non-conflict property of IP, so that limitation is brought, the selection of the target host is limited to be distinguished only by the IP, and the flexibility and the diversity are not provided.
In addition, for a scene with multiple public clouds and multiple tenants, due to the three-layer isolation of the multiple public clouds and the multiple tenants, IP addresses can be repeated, and the adoption of the existing vulnerability scanning equipment has essential problems, so that centralized vulnerability scanning cannot be realized, namely vulnerability scanning aiming at the whole network with the multiple public clouds and the multiple tenants. The current alternative solution is to deploy distributed missed-scan devices in the public cloud, and for each tenant, each missed-scan device scans the vulnerability of a single tenant in a small range. The distributed missing scanning equipment solves the problem of multi-tenant missing scanning service, and is huge in cost, troublesome and scattered in deployment, not easy to manage in a centralized manner, too high in cost of multiple sets of missing scanning equipment, and complicated in deployment of differential missing scanning service of users.
Disclosure of Invention
The embodiment of the invention aims to provide a vulnerability scanning method and device, which can be used for positioning a target virtual machine in multiple ways, so that vulnerability scanning of a network can be realized through a set of vulnerability scanning equipment, and deployment, operation and maintenance management of the vulnerability scanning equipment are facilitated.
In order to achieve the above object, an embodiment of the present invention provides a vulnerability scanning method, which is applied to vulnerability scanning equipment, and the method includes:
acquiring a scanning request input by a user;
acquiring an information list from a controller according to the scanning request, wherein the information list records first information of the virtual machine deployed on each server;
and positioning a target virtual machine needing vulnerability scanning from the information list according to the scanning request, and carrying out vulnerability scanning on the target virtual machine.
According to the scanning request, a target virtual machine which needs to be subjected to vulnerability scanning is positioned from the information list, and vulnerability scanning is carried out on the target virtual machine, and the vulnerability scanning method specifically comprises the following steps:
acquiring characteristic information of a virtual machine to be scanned in a scanning request, wherein the characteristic information of the virtual machine to be scanned comprises a physical address, an IP address, a subnet identifier and/or a tenant identifier;
inquiring whether first information matched with the characteristic information of the virtual machine to be scanned exists in the information list, wherein the first information comprises a physical address, an IP address, a subnet identification, a tenant identification and an identification of a virtual switch corresponding to the virtual machine;
when first information matched with the characteristic information exists in the information list, taking a virtual machine corresponding to the first information as a target virtual machine, and determining a path for vulnerability scanning of the target virtual machine according to the first information;
and scanning the target virtual machine for vulnerabilities through the path.
The embodiment of the invention also provides a vulnerability scanning device, which is applied to vulnerability scanning equipment and comprises the following steps:
the first acquisition module is used for acquiring a scanning request input by a user;
the second acquisition module is used for acquiring an information list from the controller according to the scanning request, wherein the information list records first information of the virtual machine deployed on each server;
and the positioning module is used for positioning the target virtual machine needing vulnerability scanning from the information list according to the scanning request and carrying out vulnerability scanning on the target virtual machine.
Wherein, the orientation module includes:
the device comprises a first acquisition unit, a second acquisition unit and a third acquisition unit, wherein the first acquisition unit is used for acquiring the characteristic information of the virtual machine to be scanned in the scanning request, and the characteristic information of the virtual machine to be scanned comprises a physical address, an IP address, a subnet identifier and/or a tenant identifier;
the device comprises an inquiring unit, a determining unit and a scanning unit, wherein the inquiring unit is used for inquiring whether first information matched with the characteristic information of the virtual machine to be scanned exists in an information list, the first information comprises a physical address, an IP (Internet protocol) address, a subnet identifier, a tenant identifier and an identifier of a virtual switch corresponding to the virtual machine, and the determining unit is triggered when the first information matched with the characteristic information exists in the information list;
the determining unit is used for taking the virtual machine corresponding to the first information as a target virtual machine according to the triggering of the inquiring unit, and determining a path for carrying out vulnerability scanning on the target virtual machine according to the first information;
and the scanning unit is used for carrying out vulnerability scanning on the target virtual machine through the path.
The embodiment of the invention also provides vulnerability scanning equipment which comprises the vulnerability scanning device.
The embodiment of the invention also provides a vulnerability scanning method which is applied to a controller and comprises the following steps:
acquiring second information of the virtual machine deployed on each server from the virtual switch;
storing the second information into an information list;
and transmitting the information list to vulnerability scanning equipment.
The obtaining of the second information of the virtual machine deployed on each server from the virtual switch specifically includes:
and acquiring second information of the virtual machine deployed on each server from the virtual switch through an openflow protocol, wherein the second information of the virtual machine comprises a physical address, an IP (Internet protocol) address, a subnet identifier and a tenant identifier of the virtual machine.
Wherein, store the second information into an information list, include specifically:
adding an identifier of a virtual switch corresponding to a virtual machine to which the second information belongs to the second information to obtain first information;
and storing the first information into an information list.
The embodiment of the invention also provides a vulnerability scanning device, which is applied to a controller and comprises the following components:
a third obtaining module, configured to obtain, from the virtual switch, second information of the virtual machine deployed on each server;
the storage module is used for storing the second information into an information list;
and the first transmission module is used for transmitting the information list to the vulnerability scanning equipment.
Wherein, the third acquisition module includes:
and the second obtaining unit is used for obtaining second information of the virtual machine deployed on each server from the virtual switch through an openflow protocol, wherein the second information of the virtual machine comprises a physical address, an IP address, a subnet identifier and a tenant identifier of the virtual machine.
Wherein, the storage module includes:
the adding unit is used for adding the identifier of the virtual switch corresponding to the virtual machine to which the second information belongs in the second information to obtain first information;
and the storage unit is used for storing the first information into the information list.
The embodiment of the invention also provides a controller which comprises the vulnerability scanning device.
The embodiment of the invention also provides a vulnerability scanning method, which is applied to the virtual switch and comprises the following steps:
acquiring second information of the virtual machine deployed on the server;
and transmitting the second information of the virtual machine to the controller.
Wherein, the second information of the virtual machine is transmitted to the controller, specifically:
and transmitting second information to the controller through an openflow protocol, wherein the second information of the virtual machine comprises a physical address, an IP address, a subnet identifier and a tenant identifier of the virtual machine.
The embodiment of the invention also provides a vulnerability scanning device, which is applied to a virtual switch and comprises the following steps:
the fourth obtaining module is used for obtaining second information of the virtual machine deployed on the server;
and the second transmission module is used for transmitting the second information of the virtual machine to the controller.
Wherein the second transmission module includes:
and the transmission unit is used for transmitting second information to the controller through an openflow protocol, wherein the second information of the virtual machine comprises a physical address, an IP (Internet protocol) address, a subnet identifier and a tenant identifier of the virtual machine.
The embodiment of the invention also provides a virtual switch which comprises the vulnerability scanning device.
The scheme of the invention at least comprises the following beneficial effects:
in the embodiment of the invention, the target virtual machine which needs to be subjected to vulnerability scanning is positioned from the information list acquired from the controller according to the acquired scanning request, and the vulnerability scanning is carried out on the target virtual machine, so that the problem that the target virtual machine can only be distinguished by IP (Internet protocol) and the vulnerability scanning needs to be carried out on the network by deploying a plurality of sets of vulnerability scanning equipment is solved, the target virtual machine is positioned in a plurality of ways, the vulnerability scanning on the network can be realized by one set of vulnerability scanning equipment, and the deployment, operation and maintenance management effects of the vulnerability scanning equipment are further facilitated.
Drawings
Fig. 1 is a flowchart of a vulnerability scanning method applied to a vulnerability scanning apparatus in a first embodiment of the present invention;
fig. 2 is a schematic diagram of a vulnerability scanning apparatus, a controller and a virtual switch in a first embodiment of the present invention;
fig. 3 is a schematic structural diagram of a vulnerability scanning apparatus applied to a vulnerability scanning device in a second embodiment of the present invention;
FIG. 4 is a flowchart illustrating a vulnerability scanning method applied to a controller according to a fourth embodiment of the present invention;
FIG. 5 is a schematic structural diagram of a vulnerability scanning apparatus applied to a controller according to a fifth embodiment of the present invention;
fig. 6 is a flowchart of a vulnerability scanning method applied to a virtual switch in a seventh embodiment of the present invention;
fig. 7 is a schematic structural diagram of an apparatus for vulnerability scanning applied to a virtual switch in an eighth embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
First embodiment
As shown in fig. 1, a first embodiment of the present invention provides a vulnerability scanning method, which is applied to vulnerability scanning equipment, where the method includes:
step S11, obtaining a scanning request input by a user;
in the first embodiment of the present invention, the scanning request carries feature information of a virtual machine to be scanned, and the feature information of the virtual machine to be scanned includes a physical (MAC) address, an IP address, a subnet identifier, and/or a tenant identifier of the virtual machine to be scanned, so that a vulnerability scanning device can distinguish a target virtual machine based on one or more of the physical address, the IP address, the subnet identifier, and the tenant identifier, and thus, a vulnerability scanning on a network can be implemented by a set of vulnerability scanning device, and deployment, operation, and maintenance management of the vulnerability scanning device are facilitated.
Step S12, according to the scanning request, obtaining an information list from the controller, wherein the information list records the first information of the virtual machine deployed on each server;
in the first embodiment of the present invention, the above-described server refers to a physical server.
In the first embodiment of the present invention, the first information of the virtual machine includes a physical address, an IP address, a subnet identifier, a tenant identifier, and an identifier of a virtual switch to which the virtual machine corresponds. It should be noted that the controller and the Virtual Switch (VSW) deployed on each server form an overlay network, where the physical address, the IP address, the subnet (VXLAN) identifier, and the Tenant (Tenant) identifier of the virtual machine in the first information are obtained by the controller from the virtual switch through the openflow protocol.
In the first embodiment of the present invention, the vulnerability scanning device may synchronize the information list on the controller in the form of a simple File Transfer, for example, a File Transfer Protocol (FTP) synchronization controller.
And step S13, positioning a target virtual machine needing vulnerability scanning from the information list according to the scanning request, and carrying out vulnerability scanning on the target virtual machine.
In a first embodiment of the present invention, the step S13 specifically includes:
the method comprises the steps that firstly, the characteristic information of a virtual machine to be scanned in a scanning request is obtained, and the target virtual machine is conveniently positioned according to the characteristic information in the following process;
secondly, inquiring whether first information matched with the characteristic information of the virtual machine to be scanned exists in the information list, when the first information matched with the characteristic information exists in the information list, taking the virtual machine corresponding to the first information as a target virtual machine, and determining a path for carrying out vulnerability scanning on the target virtual machine according to the first information;
it should be noted that the above-mentioned path for performing vulnerability scanning on the target virtual machine mainly refers to determining an identifier of a virtual switch corresponding to the target virtual machine, so that the vulnerability scanning device sends a request (for example, an ICMP echo request) to the target virtual machine through the virtual switch.
And thirdly, scanning the vulnerability of the target virtual machine through the determined path.
In the first embodiment of the present invention, the vulnerability scanning mode for the target virtual machine may be implemented in an existing mode, for example, the vulnerability scanning is performed by sending a request (for example, an ICMP echo request) to the target virtual machine through the path determined in the third step (i.e., the virtual switch corresponding to the target virtual machine). And then generating a vulnerability scanning report according to the response condition of the target virtual machine, so that an administrator can conveniently take corresponding security measures (such as system upgrade and the like).
In the first embodiment of the present invention, the vulnerability scanning device positions the target virtual machine in multiple ways, so that a set of vulnerability scanning device can scan vulnerabilities of a network (for example, a public cloud multi-tenant network), thereby facilitating deployment, operation and maintenance management of the vulnerability scanning device, and providing a vulnerability scanning report in a unified manner, thereby facilitating horizontal and vertical comparison. In addition, in the first embodiment of the present invention, the conventional underlying Network is not changed, and the virtual switch collects the physical address, the IP address, the subnet identifier, and the tenant identifier of the virtual machine by using the communication of the overlay Network, and reports them to the controller, so that the present invention is suitable for a Software Defined Network (SDN).
It should be noted that the conventional network includes a virtual machine or a physical server, so vulnerability scanning can be implemented according to the above steps S11 to S13 only by adding an access switch and an SDN controller that support the openflow protocol or by adding a virtual switch in the conventional network that supports the openflow protocol.
In the first embodiment of the present invention, the steps S11 to S13 are further described as a specific example. As shown in fig. 2, there are two users in the SDN network, Tenant 1(Tenant ID1) and Tenant 2(Tenant ID2), Tenant ID1 and Tenant ID2 represent the Tenant identities of Tenant 1 and Tenant 2, respectively, and the VXLAN identities of Tenant 1 and Tenant 2 are VXLAN ID1 and VXLAN ID2, respectively. Tenant 1 creates 4 Virtual Machines (VMs), VM1(MAC1, 10.1.1.2), VM2(MAC2, 10.1.1.3), VM3(MAC3, 10.1.1.4), VM4(MAC4, 10.1.1.5), where MAC1, MAC2, MAC3 and MAC4 represent the physical addresses of VM1, VM2, VM3 and VM4, respectively, 10.1.1.2, 10.1.1.3, 10.1.1.4 and 10.1.1.5 represent the IP addresses of VM1, VM2, VM3 and VM4, respectively, the lan identification and vxnad identification corresponding to VM4, VM4 and VM4 are vxnad 4 and vnad 4, respectively, and VM4 are located on a server equipped with VSW4, and VSW4 are located on a server equipped with VSW4, and thus table information of VSW4 and VSW 382 are shown as VSW4, respectively. For Tenant 2, there are also 4 virtual machines, respectively VM5(MAC5, 10.1.1.2), VM6(MAC6, 10.1.1.3), VM7(MAC7, 10.1.1.4), VM8(MAC8, 10.1.1.5), where MAC5, MAC6, MAC7, and MAC8 represent the physical addresses of VM5, VM6, VM7, and VM8, respectively, 10.1.1.2, 10.1.1.3, 10.1.1.4, and 10.1.1.5 represent the IP addresses of VM5, VM6, VM7, and VM8, respectively, the lan identification and the lan identification corresponding to VM8, and VM8 are vxnat 8 and Tenant ID 8, respectively, and VM8 and VSW 8 are located on a server equipped with VSW 8, and VSW 8 are located on a table, so that VSW 8 and VSW 8 store information on a table, respectively, and table 3, and table.
MAC address IP address VXLAN identification Tenant identification
MAC 1 10.1.1.2 VXLAN ID1 Tenant ID1
MAC 2 10.1.1.3 VXLAN ID1 Tenant ID1
TABLE 1
MAC address IP address VXLAN identification Tenant identification
MAC 3 10.1.1.4 VXLAN ID1 Tenant ID1
MAC 4 10.1.1.5 VXLAN ID1 Tenant ID1
TABLE 2
MAC address IP address VXLAN identification Tenant identification
MAC 5 10.1.1.2 VXLAN ID2 Tenant ID2
MAC 6 10.1.1.3 VXLAN ID2 Tenant ID2
TABLE 3
MAC address IP address VXLAN identification Tenant identification
MAC 7 10.1.1.4 VXLAN ID2 Tenant ID2
MAC 8 10.1.1.5 VXLAN ID2 Tenant ID2
TABLE 4
MAC address IP address VXLAN identification Tenant identification Identification of VSWs
MAC 1 10.1.1.2 VXLAN ID1 Tenant ID1 VSW1
MAC 2 10.1.1.3 VXLAN ID1 Tenant ID1 VSW1
MAC 3 10.1.1.4 VXLAN ID1 Tenant ID1 VSW2
MAC 4 10.1.1.5 VXLAN ID1 Tenant ID1 VSW2
MAC 5 10.1.1.2 VXLAN ID2 Tenant ID2 VSW3
MAC 6 10.1.1.3 VXLAN ID2 Tenant ID2 VSW3
MAC 7 10.1.1.4 VXLAN ID2 Tenant ID2 VSW4
MAC 8 10.1.1.5 VXLAN ID2 Tenant ID2 VSW4
TABLE 5
After the vulnerability scanning device obtains the scanning request input by the user, the information list shown in table 5 is synchronized from the controller. For example, when the feature information of the virtual machine to be scanned carried in the scan request is the virtual machine with IP 10.1.1.2 and TenantID1, the vulnerability scanning device finds that the scan path is the target host VM1(MAC1) through VSW1 by searching the information list shown in table 5, and then the vulnerability scanning device sends a request to the target host through VSW1 to perform vulnerability scanning. Similarly, if the feature information of the virtual machines to be scanned carried in the scanning request is all the virtual machines under Tenant ID1, the vulnerability scanning device finds that the target hosts of the scanning path VSW1 are VM1 and VM2 and the scanning path VSW2 by searching the information list shown in table 5, and the target hosts are VM3 and VM 4. Similarly, if the feature information of the virtual machines to be scanned carried in the scan request is all the virtual machines below Tenant ID1 and VXLAN ID1, the vulnerability scanning device finds that the target hosts of the scan path VSW1 are VM1 and VM2 and scan path VSW2 by searching the information list shown in table 5, and the target hosts are VM3 and VM 4. This enables the user to complete a customized scan request.
Second embodiment
As shown in fig. 3, a second embodiment of the present invention provides a vulnerability scanning apparatus, which is applied to vulnerability scanning equipment, and the apparatus includes:
a first obtaining module 31, configured to obtain a scanning request input by a user;
a second obtaining module 32, configured to obtain an information list from the controller according to the scanning request, where the information list records first information of the virtual machine deployed on each server;
and the positioning module 33 is configured to position a target virtual machine that needs vulnerability scanning from the information list according to the scanning request, and perform vulnerability scanning on the target virtual machine.
Wherein, the positioning module 33 includes:
the device comprises a first acquisition unit, a second acquisition unit and a third acquisition unit, wherein the first acquisition unit is used for acquiring the characteristic information of the virtual machine to be scanned in the scanning request, and the characteristic information of the virtual machine to be scanned comprises a physical address, an IP address, a subnet identifier and/or a tenant identifier;
the device comprises an inquiring unit, a determining unit and a scanning unit, wherein the inquiring unit is used for inquiring whether first information matched with the characteristic information of the virtual machine to be scanned exists in an information list, the first information comprises a physical address, an IP (Internet protocol) address, a subnet identifier, a tenant identifier and an identifier of a virtual switch corresponding to the virtual machine, and the determining unit is triggered when the first information matched with the characteristic information exists in the information list;
the determining unit is used for taking the virtual machine corresponding to the first information as a target virtual machine according to the triggering of the inquiring unit, and determining a path for carrying out vulnerability scanning on the target virtual machine according to the first information;
and the scanning unit is used for carrying out vulnerability scanning on the target virtual machine through the path.
In the second embodiment of the present invention, the vulnerability scanning device positions the target virtual machine in multiple ways, so that a set of vulnerability scanning device can scan vulnerabilities of a network (for example, a public cloud multi-tenant network), thereby facilitating deployment, operation and maintenance management of the vulnerability scanning device, and providing a vulnerability scanning report in a unified manner, thereby facilitating horizontal and vertical comparison.
It should be noted that the apparatus for vulnerability scanning applied to the vulnerability scanning device provided in the second embodiment of the present invention is an apparatus for applying the method for vulnerability scanning applied to the vulnerability scanning device, that is, all embodiments of the method for vulnerability scanning applied to the vulnerability scanning device are applicable to the apparatus, and can achieve the same or similar beneficial effects.
Third embodiment
A third embodiment of the present invention provides a vulnerability scanning apparatus, which includes the vulnerability scanning apparatus applied to the vulnerability scanning apparatus.
It should be noted that the vulnerability scanning apparatus provided in the third embodiment of the present invention is a vulnerability scanning apparatus including the vulnerability scanning apparatus applied to the vulnerability scanning apparatus, that is, all embodiments of the vulnerability scanning apparatus applied to the vulnerability scanning apparatus are applicable to the vulnerability scanning apparatus, and all embodiments can achieve the same or similar beneficial effects.
Fourth embodiment
As shown in fig. 4, a fourth embodiment of the present invention provides a vulnerability scanning method applied to a controller, where the method includes:
step S41, acquiring second information of the virtual machine deployed on each server from the virtual switch;
in a fourth embodiment of the present invention, the above-described server refers to a physical server.
In a fourth embodiment of the present invention, the controller and the vsw deployed on each server form an overlay network, and the controller may obtain, from the virtual switch, second information of the virtual machine deployed on each server through an openflow protocol, where the second information of the virtual machine includes a physical address, an IP address, a subnet identifier, and a tenant identifier of the virtual machine.
Step S42, storing the second information into an information list;
in a fourth embodiment of the present invention, after acquiring the second information of the virtual machine, the controller adds an identifier of a virtual switch corresponding to the virtual machine to which the second information belongs to the second information to obtain the first information, and stores the first information in the information list.
And step S43, transmitting the information list to the vulnerability scanning equipment.
In a fourth embodiment of the present invention, the controller may transmit the information list to the vulnerability scanning device in a simple File Transfer manner, for example, using a File Transfer Protocol (FTP) Protocol.
In a fourth embodiment of the present invention, the controller updates the information list in real time when the user creates, deletes or changes the virtual machine.
In the fourth embodiment of the present invention, the controller transmits the information list to the vulnerability scanning device, so that the vulnerability scanning device can locate the target virtual machine in multiple ways, and the vulnerability scanning device can scan the vulnerability of the network (for example, a public cloud multi-tenant network) through one set of vulnerability scanning device, thereby facilitating deployment, operation and maintenance management of the vulnerability scanning device, and uniformly issuing a vulnerability scanning report, thereby facilitating the horizontal and vertical comparison.
In the fourth embodiment of the present invention, the above step S42 is further described by an embodiment. Assuming that the second information of the virtual machine stored on the virtual switch (VSW ID1) is shown in table 6, the information list on the controller is shown in table 7, where MAC1, IP1, VXLAN ID1 and Tenant ID1 respectively represent the physical address, IP address, subnet identification and Tenant identification of the virtual machine, and VSW ID1 represents the identification of the virtual switch corresponding to the virtual machine.
MAC address IP address VXLAN identification Tenant identification
MAC 1 IP1 VXLAN ID1 Tenant ID1
TABLE 6
MAC address IP address VXLAN identification Tenant identification Identification of VSWs
MAC 1 IP1 VXLAN ID1 Tenant ID1 VSW ID1
TABLE 7
Fifth embodiment
As shown in fig. 5, a fifth embodiment of the present invention provides a vulnerability scanning apparatus, which is applied to a controller, and includes:
a third obtaining module 51, configured to obtain, from the virtual switch, second information of the virtual machine deployed on each server;
wherein, the third obtaining module 51 includes:
and the second obtaining unit is used for obtaining second information of the virtual machine deployed on each server from the virtual switch through an openflow protocol, wherein the second information of the virtual machine comprises a physical address, an IP address, a subnet identifier and a tenant identifier of the virtual machine.
The storage module 52 is used for storing the second information into an information list;
wherein the storage module 52 includes:
the adding unit is used for adding the identifier of the virtual switch corresponding to the virtual machine to which the second information belongs in the second information to obtain first information;
and the storage unit is used for storing the first information into the information list.
And the first transmission module 53 is configured to transmit the information list to the vulnerability scanning device.
In a fifth embodiment of the present invention, the controller transmits the information list to the vulnerability scanning device, so that the vulnerability scanning device can locate the target virtual machine in multiple ways, and the vulnerability scanning device can scan the vulnerability of the network (for example, a public cloud multi-tenant network) through one set of vulnerability scanning device, thereby facilitating deployment, operation and maintenance management of the vulnerability scanning device, and providing a vulnerability scanning report in a unified manner, thereby facilitating the horizontal and vertical comparison.
It should be noted that, the apparatus for vulnerability scanning applied to a controller according to the fifth embodiment of the present invention is an apparatus for applying the method for vulnerability scanning applied to a controller, that is, all embodiments of the method for vulnerability scanning applied to a controller are applicable to the apparatus, and can achieve the same or similar beneficial effects.
Sixth embodiment
The fourth embodiment of the invention provides a controller, which comprises the vulnerability scanning device applied to the controller.
It should be noted that the controller provided in the sixth embodiment of the present invention is a controller including the apparatus for bug scanning applied to the controller, that is, all embodiments of the apparatus for bug scanning applied to the controller are applicable to the controller, and all can achieve the same or similar beneficial effects.
Seventh embodiment
As shown in fig. 6, a seventh embodiment of the present invention provides a vulnerability scanning method applied to a virtual switch, where the method includes:
step S61, acquiring second information of the virtual machine deployed on the server;
in a seventh embodiment of the present invention, the above-described server refers to a physical server.
In a seventh embodiment of the present invention, when a user creates, deletes or changes a virtual machine, the virtual switch updates the second information of the virtual machine in real time.
In step S62, the second information of the virtual machine is transmitted to the controller.
In a seventh embodiment of the present invention, the virtual switch may transmit second information to the controller through an openflow protocol, where the second information of the virtual machine includes a physical address, an IP address, a subnet identifier, and a tenant identifier of the virtual machine.
In a seventh embodiment of the present invention, the virtual switch transmits the second information of the virtual machine to the controller, so that the controller generates an information list according to the second information, and transmits the information list to the vulnerability scanning device, so that the vulnerability scanning device can locate the target virtual machine in multiple ways, and a set of vulnerability scanning device can scan vulnerabilities of a network (for example, a public cloud multi-tenant network), thereby facilitating deployment and operation and maintenance management of vulnerability scanning devices, and providing a vulnerability scanning report in a unified manner, thereby facilitating horizontal and vertical comparison.
In a seventh embodiment of the present invention, further describing the above second information by a specific example, the second information of the virtual machine acquired by the virtual switch is shown in table 8, where MAC1, IP1, VXLAN ID1, and Tenant ID1 respectively represent the physical address, IP address, subnet identification, and Tenant identification of the virtual machine.
MAC address IP address VXLAN identification Tenant identification
MAC 1 IP1 VXLAN ID1 Tenant ID1
TABLE 8
Eighth embodiment
As shown in fig. 7, an eighth embodiment of the present invention provides an apparatus for vulnerability scanning, which is applied to a virtual switch, and includes:
a fourth obtaining module 71, configured to obtain second information of the virtual machine deployed on the server;
and a second transmission module 72, configured to transmit the second information of the virtual machine to the controller.
Wherein, the second transmission module 72 includes:
and the transmission unit is used for transmitting second information to the controller through an openflow protocol, wherein the second information of the virtual machine comprises a physical address, an IP (Internet protocol) address, a subnet identifier and a tenant identifier of the virtual machine.
In an eighth embodiment of the present invention, the virtual switch transmits the second information of the virtual machine to the controller, so that the controller generates an information list according to the second information, and transmits the information list to the vulnerability scanning device, so that the vulnerability scanning device can locate the target virtual machine in multiple ways, and a set of vulnerability scanning device can scan vulnerabilities of a network (for example, a public cloud multi-tenant network), thereby facilitating deployment and operation and maintenance management of vulnerability scanning devices, and providing a vulnerability scanning report in a unified manner, thereby facilitating horizontal and vertical comparison.
It should be noted that the apparatus for vulnerability scanning applied to the virtual switch provided by the eighth embodiment of the present invention is an apparatus for applying the method for vulnerability scanning applied to the virtual switch, that is, all embodiments of the method for vulnerability scanning applied to the virtual switch are applicable to the apparatus, and can achieve the same or similar beneficial effects.
Ninth embodiment
A ninth embodiment of the present invention provides a virtual switch, including the above apparatus for vulnerability scanning applied to the virtual switch.
It should be noted that the virtual switch provided in the ninth embodiment of the present invention is a virtual switch including the apparatus for vulnerability scanning applied to the virtual switch, that is, all embodiments of the apparatus for vulnerability scanning applied to the virtual switch are applicable to the virtual switch, and all can achieve the same or similar beneficial effects.
While the foregoing is directed to the preferred embodiment of the present invention, it will be understood by those skilled in the art that various changes and modifications may be made without departing from the spirit and scope of the invention as defined in the appended claims.

Claims (15)

1. A vulnerability scanning method is applied to vulnerability scanning equipment and is characterized by comprising the following steps:
acquiring a scanning request input by a user, wherein the scanning request comprises: acquiring characteristic information of a virtual machine to be scanned in the scanning request, wherein the characteristic information of the virtual machine to be scanned comprises a physical address, an IP address, a subnet identifier and/or a tenant identifier of the virtual machine;
acquiring an information list from a controller according to the scanning request, wherein the information list records first information of the virtual machine deployed on each server, and the first information comprises a physical address, an IP address, a subnet identifier, a tenant identifier and an identifier of a virtual switch corresponding to the virtual machine; the vulnerability scanning equipment adopts a simple file transmission mode to synchronize an information list on the controller, wherein the information list comprises: the physical address, the IP address, the subnet identifier, the tenant identifier of the virtual machine and the identifier of a virtual switch corresponding to the virtual machine;
and positioning a target virtual machine needing vulnerability scanning from the information list according to the scanning request, and carrying out vulnerability scanning on the target virtual machine.
2. The method according to claim 1, wherein the locating, according to the scanning request, a target virtual machine that needs vulnerability scanning from the information list, and performing vulnerability scanning on the target virtual machine specifically include:
after the characteristic information of the virtual machine to be scanned in the scanning request is obtained, whether first information matched with the characteristic information of the virtual machine to be scanned exists or not is inquired in the information list;
when first information matched with the characteristic information exists in the information list, taking a virtual machine corresponding to the first information as a target virtual machine, and determining a path for vulnerability scanning of the target virtual machine according to the first information;
and scanning the target virtual machine for vulnerabilities through the path.
3. The utility model provides a vulnerability scanning's device, is applied to vulnerability scanning equipment which characterized in that, the device includes:
the first obtaining module is used for obtaining a scanning request input by a user and comprises: acquiring characteristic information of a virtual machine to be scanned in the scanning request, wherein the characteristic information of the virtual machine to be scanned comprises a physical address, an IP address, a subnet identifier and/or a tenant identifier of the virtual machine;
a second obtaining module, configured to obtain an information list from a controller according to the scanning request, where the information list records first information of a virtual machine deployed on each server, and the first information includes a physical address, an IP address, a subnet identifier, a tenant identifier, and an identifier of a virtual switch corresponding to the virtual machine; the vulnerability scanning equipment adopts a simple file transmission mode to synchronize an information list on the controller, wherein the information list comprises: the physical address, the IP address, the subnet identifier, the tenant identifier of the virtual machine and the identifier of a virtual switch corresponding to the virtual machine;
and the positioning module is used for positioning a target virtual machine needing vulnerability scanning from the information list according to the scanning request and carrying out vulnerability scanning on the target virtual machine.
4. The apparatus of claim 3, wherein the positioning module comprises:
the first acquisition unit is used for acquiring the characteristic information of the virtual machine to be scanned in the scanning request;
the query unit is used for querying whether first information matched with the characteristic information of the virtual machine to be scanned exists in the information list and triggering the determination unit when the first information matched with the characteristic information exists in the information list;
the determining unit is used for taking the virtual machine corresponding to the first information as a target virtual machine according to the triggering of the inquiring unit, and determining a path for carrying out vulnerability scanning on the target virtual machine according to the first information;
and the scanning unit is used for carrying out vulnerability scanning on the target virtual machine through the path.
5. Vulnerability scanning device, characterized in that it comprises means of vulnerability scanning according to any of claims 3-4.
6. A vulnerability scanning method is applied to a controller and is characterized by comprising the following steps:
acquiring second information of the virtual machine deployed on each server from the virtual switch, wherein the second information of the virtual machine comprises a physical address, an IP (Internet protocol) address, a subnet identifier and a tenant identifier of the virtual machine;
storing the second information into an information list, wherein the information list comprises: the physical address, the IP address, the subnet identifier, the tenant identifier of the virtual machine and the identifier of a virtual switch corresponding to the virtual machine;
transmitting the information list to vulnerability scanning equipment; and the vulnerability scanning equipment synchronizes an information list on the controller in a simple file transmission mode, positions a target virtual machine needing vulnerability scanning from the information list according to the scanning request, and scans the vulnerability of the target virtual machine.
7. The method according to claim 6, wherein the obtaining the second information of the virtual machine deployed on each server from the virtual switch specifically includes:
and acquiring second information of the virtual machine deployed on each server from the virtual switch through the openflow protocol.
8. The method of claim 6, wherein storing the second information into an information list comprises:
adding an identifier of a virtual switch corresponding to a virtual machine to which the second information belongs to the second information to obtain first information;
and storing the first information into the information list.
9. The vulnerability scanning device is applied to a controller and comprises:
a third obtaining module, configured to obtain, from a virtual switch, second information of a virtual machine deployed on each server, where the second information of the virtual machine includes a physical address, an IP address, a subnet identifier, and a tenant identifier of the virtual machine;
the storage module is used for storing the second information into an information list, and the information list comprises: the physical address, the IP address, the subnet identifier, the tenant identifier of the virtual machine and the identifier of a virtual switch corresponding to the virtual machine;
the first transmission module is used for transmitting the information list to vulnerability scanning equipment; and the vulnerability scanning equipment synchronizes an information list on the controller in a simple file transmission mode, positions a target virtual machine needing vulnerability scanning from the information list according to the scanning request, and scans the vulnerability of the target virtual machine.
10. The apparatus of claim 9, wherein the third obtaining module comprises:
and the second obtaining unit is used for obtaining second information of the virtual machine deployed on each server from the virtual switch through an openflow protocol.
11. The apparatus of claim 9, wherein the storage module comprises:
an adding unit, configured to add, to the second information, an identifier of a virtual switch corresponding to a virtual machine to which the second information belongs, to obtain first information;
and the storage unit is used for storing the first information into the information list.
12. A controller comprising means for vulnerability scanning as claimed in any one of claims 9 to 11.
13. A vulnerability scanning method is applied to a virtual switch and is characterized by comprising the following steps:
acquiring second information of a virtual machine deployed on a server, wherein the second information of the virtual machine comprises a physical address, an IP address, a subnet identifier and a tenant identifier of the virtual machine;
transmitting the second information of the virtual machine to a controller, specifically: transmitting the second information to a controller through an openflow protocol; the vulnerability scanning equipment synchronizes an information list on a controller in a simple file transmission mode, a target virtual machine needing vulnerability scanning is located from the information list according to the scanning request, vulnerability scanning is carried out on the target virtual machine, and the information list comprises: the virtual machine comprises a physical address, an IP address, a subnet identifier, a tenant identifier of the virtual machine, and an identifier of a virtual switch corresponding to the virtual machine.
14. The vulnerability scanning device is applied to a virtual switch, and is characterized by comprising:
the fourth obtaining module is configured to obtain second information of the virtual machine deployed on the server, where the second information of the virtual machine includes a physical address, an IP address, a subnet identifier, and a tenant identifier of the virtual machine;
the second transmission module is used for transmitting the second information of the virtual machine to the controller; the vulnerability scanning equipment synchronizes an information list on a controller in a simple file transmission mode, positions a target virtual machine needing vulnerability scanning from the information list according to the scanning request, and scans vulnerabilities of the target virtual machine, wherein the information list comprises: the physical address, the IP address, the subnet identifier, the tenant identifier of the virtual machine and the identifier of a virtual switch corresponding to the virtual machine;
the second transmission module includes:
and the transmission unit is used for transmitting the second information to the controller through an openflow protocol.
15. A virtual switch comprising means for vulnerability scanning as claimed in claim 14.
CN201510628977.2A 2015-09-28 2015-09-28 Vulnerability scanning method and device Active CN106559391B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510628977.2A CN106559391B (en) 2015-09-28 2015-09-28 Vulnerability scanning method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510628977.2A CN106559391B (en) 2015-09-28 2015-09-28 Vulnerability scanning method and device

Publications (2)

Publication Number Publication Date
CN106559391A CN106559391A (en) 2017-04-05
CN106559391B true CN106559391B (en) 2021-01-01

Family

ID=58415780

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510628977.2A Active CN106559391B (en) 2015-09-28 2015-09-28 Vulnerability scanning method and device

Country Status (1)

Country Link
CN (1) CN106559391B (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107171979A (en) * 2017-06-30 2017-09-15 广州市品高软件股份有限公司 Vulnerability scanning method and system based on cloud computing and SDN
CN107563205A (en) * 2017-09-20 2018-01-09 杭州安恒信息技术有限公司 Typical smart machine leak detection method and permeability apparatus
CN111131131B (en) * 2018-10-31 2023-04-18 中移(苏州)软件技术有限公司 Vulnerability scanning method and device, server and readable storage medium
CN111585949B (en) * 2020-03-18 2023-04-07 平安科技(深圳)有限公司 Vulnerability scanning method and related equipment
CN112532658B (en) * 2021-02-08 2021-05-07 腾讯科技(深圳)有限公司 Cloud network escape event scanning method and device and computer readable storage medium
US11956270B2 (en) 2022-02-11 2024-04-09 Oracle International Corporation Parallel network-based vulnerability scanning
CN115296865A (en) * 2022-07-05 2022-11-04 北京瑞和云图科技有限公司 Shared missing scanning method under multi-network environment

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103236963A (en) * 2013-04-25 2013-08-07 西北工业大学 VMWare virtual machine remote detection method
CN103607426A (en) * 2013-10-25 2014-02-26 中兴通讯股份有限公司 Security service ordering method and security service ordering device
CN103825891A (en) * 2014-02-19 2014-05-28 曙光云计算技术有限公司 Security flaw scanning system under cloud network environment
CN104796388A (en) * 2014-01-21 2015-07-22 中国移动通信集团公司 Network equipment scanning method and system and related devices

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8584239B2 (en) * 2004-04-01 2013-11-12 Fireeye, Inc. Virtual machine with dynamic data flow analysis
US8391288B2 (en) * 2007-01-31 2013-03-05 Hewlett-Packard Development Company, L.P. Security system for protecting networks from vulnerability exploits
US8336079B2 (en) * 2008-12-31 2012-12-18 Hytrust, Inc. Intelligent security control system for virtualized ecosystems
US20100199351A1 (en) * 2009-01-02 2010-08-05 Andre Protas Method and system for securing virtual machines by restricting access in connection with a vulnerability audit
US20100175108A1 (en) * 2009-01-02 2010-07-08 Andre Protas Method and system for securing virtual machines by restricting access in connection with a vulnerability audit

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103236963A (en) * 2013-04-25 2013-08-07 西北工业大学 VMWare virtual machine remote detection method
CN103607426A (en) * 2013-10-25 2014-02-26 中兴通讯股份有限公司 Security service ordering method and security service ordering device
CN104796388A (en) * 2014-01-21 2015-07-22 中国移动通信集团公司 Network equipment scanning method and system and related devices
CN103825891A (en) * 2014-02-19 2014-05-28 曙光云计算技术有限公司 Security flaw scanning system under cloud network environment

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"面向云的高性能漏洞扫描引擎模块的设计与实现";李楠;《中国优秀硕士学位论文全文数据库信息科技辑》;20131115;全文 *

Also Published As

Publication number Publication date
CN106559391A (en) 2017-04-05

Similar Documents

Publication Publication Date Title
CN106559391B (en) Vulnerability scanning method and device
Kreeger et al. Network Virtualization Overlay Control Protocol Requirements
US20210152443A1 (en) Technologies for annotating process and user information for network flows
CN107070691B (en) Cross-host communication method and system of Docker container
CN110661669B (en) Network topology automatic discovery method of network equipment based on ICMP, TCP and UDP protocols
JP5855630B2 (en) Management server and management method for managing cloud appliance of virtual local area network
US9832136B1 (en) Streaming software to multiple virtual machines in different subnets
CN102316001B (en) Virtual network connection configuration realizing method and network equipment
US9525648B2 (en) Method for acquiring physical address of virtual machine
TW201904234A (en) Method and device for virtual network link detection
US20090182864A1 (en) Method and apparatus for fingerprinting systems and operating systems in a network
CN104205774A (en) Network address repository management
CN103607399A (en) Special IP network safety monitor system and method based on hidden network
US20120226791A1 (en) Method and apparatus to detect unidentified inventory
CN107547242B (en) The acquisition methods and device of VM configuration information
US10841274B2 (en) Federated virtual datacenter apparatus
CN104219340A (en) ARP (Address Resolution Protocol) response proxy method and apparatus
CN107547349A (en) A kind of method and device of virtual machine (vm) migration
CN105592062A (en) Method and device for remaining IP address unchanged
US20100318633A1 (en) Dynamic Time Weighted Network Identification and Fingerprinting for IP Based Networks Based on Collection
US11005706B2 (en) Method for configuring forwarding table for user equipment, apparatus, and system
CN103780494A (en) User information obtaining method and device
CN110049148B (en) Method for acquiring IP address of virtual machine in Vcenter environment
Kishimoto et al. An adaptive honeypot system to capture ipv6 address scans
CN109842692A (en) VxLAN switch, system and method for obtaining host information in physical network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant