CN107483410A - Network safety managing method and device - Google Patents
Network safety managing method and device Download PDFInfo
- Publication number
- CN107483410A CN107483410A CN201710600774.1A CN201710600774A CN107483410A CN 107483410 A CN107483410 A CN 107483410A CN 201710600774 A CN201710600774 A CN 201710600774A CN 107483410 A CN107483410 A CN 107483410A
- Authority
- CN
- China
- Prior art keywords
- information
- technoloy equipment
- user
- facility information
- facility
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
Abstract
The present invention, which provides a kind of network safety managing method and device, method, to be included:The facility information of information technoloy equipment is obtained, the facility information includes operation system information, database information or middleware information;Pacify from net and cyberspace vulnerability corresponding to the facility information of the information technoloy equipment is searched in knowledge base, cyberspace vulnerability corresponding to each facility information is stored with the net peace knowledge base;According to cyberspace vulnerability corresponding to the facility information of the information technoloy equipment, network security management is carried out to the information technoloy equipment.So as to more targetedly carry out cyberspace vulnerability scanning and analysis to information technoloy equipment, and then overall network security management system is formed, be greatly improved business application system network safety prevention ability.
Description
Technical field
The present invention relates to network safety filed, more particularly to a kind of network safety managing method and device.
Background technology
With the continuous innovation of IT technologies, even more important is become to the network security management of information technoloy equipment.Existing network peace
In full management method, device network secure context lacks the standard criterion that can be for reference of shaping.For operating system, centre
These important steps for being subject to network attack of part, database, network configuration parameters dispose corresponding security protection without whole
Means.Safety inspection for network and equipment is all to assist to complete by the third company of risky assessment qualification, and for
Maintenance system outside examination scope still suffers from undiscovered Network Security Vulnerabilities.
On the other hand, existing information technoloy equipment Asset Tag can only show a small amount of information, and the information content as space is limited,
Read and lack security.The Asset Tag pattern and label that different assets ownership units use show content and lack uniformity and rule
Plasticity.
The content of the invention
The present invention provides a kind of network safety managing method and device, not complete enough for solving network security management system
It is kind, the problem of business application system network safety prevention ability is weaker.
The first aspect of the invention is to provide a kind of network safety managing method, including:Obtain the equipment letter of information technoloy equipment
Breath, the facility information include operation system information, database information or middleware information;Pacify from net in knowledge base and search institute
Cyberspace vulnerability corresponding to the facility information of information technoloy equipment is stated, net corresponding to each facility information is stored with the net peace knowledge base
Network security breaches;According to cyberspace vulnerability corresponding to the facility information of the information technoloy equipment, network peace is carried out to the information technoloy equipment
Full management.
Another aspect of the present invention is to provide a kind of network security management device, including:Acquisition module, for obtaining IT
The facility information of equipment, the facility information include operation system information, database information or middleware information;Search mould
Block, cyberspace vulnerability corresponding to the facility information of the information technoloy equipment is searched in knowledge base for pacifying from net, the net peace knowledge
Cyberspace vulnerability corresponding to each facility information is stored with storehouse;Management module, for the facility information according to the information technoloy equipment
Corresponding cyberspace vulnerability, network security management is carried out to the information technoloy equipment.
Network safety managing method and device provided by the invention, by by the facility information of information technoloy equipment, for example, operation system
System information, database information or middleware information, pacify the cyberspace vulnerability in knowledge base with net and be associated, so as to obtain
The cyberspace vulnerability of information technoloy equipment simultaneously carries out network security management to information technoloy equipment.So as to more targetedly be carried out to information technoloy equipment
Cyberspace vulnerability scans and analysis, and then forms overall network security management system, is greatly improved service application system
System network safety prevention ability.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing
There is the required accompanying drawing used in technology description to be briefly described, it should be apparent that, drawings in the following description are the present invention
Some embodiments, for those of ordinary skill in the art, on the premise of not paying creative work, can also basis
These accompanying drawings obtain other accompanying drawings.
Fig. 1 is the schematic flow sheet for the network safety managing method that the embodiment of the present invention one provides;
Fig. 2 is the schematic flow sheet for the network safety managing method that the embodiment of the present invention two provides;
Fig. 3 is the schematic flow sheet for the network safety managing method that the embodiment of the present invention three provides;
Fig. 4 is the schematic flow sheet for the network safety managing method that the embodiment of the present invention four provides;
Fig. 5 is the schematic flow sheet for the network safety managing method that the embodiment of the present invention five provides;
Fig. 6 is the structural representation for the network security management device that the embodiment of the present invention six provides;
Fig. 7 is the structural representation for the network security management device that the embodiment of the present invention seven provides;
Fig. 8 is the structural representation for the network security management device that the embodiment of the present invention eight provides;
Fig. 9 is the structural representation for the network security management device that the embodiment of the present invention nine provides;
Figure 10 is the structural representation for the network security management device that the embodiment of the present invention ten provides;
Figure 11 is the schematic flow sheet for the network safety managing method that the embodiment of the present invention one provides;
Figure 12 is the schematic flow sheet for the network safety managing method that the embodiment of the present invention two provides.
Embodiment
To make the purpose, technical scheme and advantage of the embodiment of the present invention clearer, below in conjunction with the embodiment of the present invention
In accompanying drawing, the technical scheme in the embodiment of the present invention is clearly and completely described, it is clear that described embodiment is
Part of the embodiment of the present invention, rather than whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art
The every other embodiment obtained under the premise of creative work is not made, belongs to the scope of protection of the invention.
Fig. 1 is the schematic flow sheet for the network safety managing method that the embodiment of the present invention one provides, as shown in figure 1, the party
Method includes:
101st, obtain information technoloy equipment facility information, the facility information include operation system information, database information or
Middleware information.
In practical application, the information technoloy equipment for being usually directed to network security is directed primarily to operation system information, such as commonly use
Windows, Linux, Solaris, Unix, AIX, Android etc., database information, such as conventional Oracle, Sybase,
Mysql, Sql Server, DB2, Informix etc., middleware information, for example, commonly used Apache, Tomcat, Resin,
Several aspects such as Nigix, WebSphere, WebLogic, Jboss, therefore when being managed to network security, it should obtain first
The facility information of information technoloy equipment, the facility information include but is not limited to operation system information, database information and middleware information
The facility information of information technoloy equipment.
102nd, pacify from net and cyberspace vulnerability corresponding to the facility information of the information technoloy equipment is searched in knowledge base, the net peace
Cyberspace vulnerability corresponding to each facility information is stored with knowledge base.
In the present embodiment, the IT including operation system information, database information or middleware information is got to set
After standby facility information, can pacify from net in knowledge base search corresponding with the facility information of information technoloy equipment cyberspace vulnerability and
Device-dependent security breaches problem list, wherein, it is to net the vulnerability information of peace website offer simultaneously based on authority to net peace knowledge base
The local personalized net peace knowledge base for being related to leak type and scope with reference to existing information technoloy equipment and generating, nets and is stored in peace knowledge base
There are overall network security breaches corresponding to the facility information of each information technoloy equipment.
103rd, the cyberspace vulnerability according to corresponding to the facility information of the information technoloy equipment, network peace is carried out to the information technoloy equipment
Full management.
In the present embodiment, after cyberspace vulnerability corresponding to the facility information of information technoloy equipment is got, to getting
Information technoloy equipment facility information corresponding to cyberspace vulnerability analyzed, according to Type division, and statistical correlation data, example
Such as:Main frame class risk class distribution situation (abnormally dangerous/than relatively hazardous/comparison is safe/very safe), leak risk distribution feelings
(system service leak/application leak/is for condition (high-risk leak/middle danger leak/low danger leak), leak kind of risk situation
Unite itself leak/leak discovery time etc.), weak passwurd distribution situation statistics.To net corresponding to the facility information of above-mentioned information technoloy equipment
Network security breaches are summarized, and according to its associated services system importance and priority in a manner of SMS or mail handle
The high-risk vulnerability information of equipment sends to specific attendant, attendant and carries out network security management to information technoloy equipment in time.
As a kind of enforceable mode, as shown in figure 11, on the basis of embodiment one, methods described can also wrap
Include:
111st, the all-network security breaches generation cyberspace vulnerability list got;
112nd, periodically the cyberspace vulnerability of information technoloy equipment is scanned, generates the cyberspace vulnerability row of different times
Table;
113rd, the cyberspace vulnerability list to different times is compared, to determine whether information technoloy equipment has new network to pacify
Full leak.
In the present embodiment, can be certainly after cyberspace vulnerability corresponding to the facility information of information technoloy equipment is got
The all-network security breaches generation cyberspace vulnerability list that dynamic basis is got.Because net peace knowledge base is to be based on authoritative net
The vulnerability information of network security website offer is simultaneously related to leak type and scope with reference to existing information technoloy equipment and generated and be local personalized
Net peace knowledge base, so, the cyberspace vulnerability stored in net peace knowledge base is also with all information technoloy equipments updated with current official website
Device network security breaches carry out real-time update corresponding to respectively.Therefore periodically the cyberspace vulnerability of information technoloy equipment can be swept
Retouch, generate the cyberspace vulnerability list of different times, and be compared, to determine whether information technoloy equipment has new network to pacify
Full leak.
Further, as shown in figure 12, on the basis of embodiment one, methods described can also include:
121st, net safety construction and the assessment to information technoloy equipment are realized by the net safety construction equipment of third party's specialty,
According to scanning and assessment result automatic generating network security evaluation report;
122nd, it is compared and rectifies and improves data for network security assessment report of the different time points to same device object
Analysis;
123rd, by the network security assessment of the network security modification report of the information technoloy equipment after rectification and information technoloy equipment report into
Row contrast, summarize, to understand the progress and effect that attendant rectifies and improves to the cyberspace vulnerability of the information technoloy equipment;
124th, according to the contrast of overall leak, summary situation, the report analysis of correlation is generated, related data is analyzed.
Specifically, the net safety construction to information technoloy equipment can be realized by the net safety construction equipment of third party's specialty
And assessment, according to scanning and assessment result automatic generating network security evaluation report and it can report progress certainly network security assessment
Dynamic filing, meanwhile, network security assessment report of the different time points to same device object can be directed to and be compared and rectify and improve
Data analysis, wherein, rectification data analysis specifically includes rectification schedule, does not rectify and improve leak quantity and other dependency numbers
Analyze according to statistics.Audited specifically, can be reported according to the network security assessment of the information technoloy equipment automatically generated, successively to IT
The cyberspace vulnerability of equipment is rectified and improved, specifically, the technological means rectified and improved to cyberspace vulnerability of generally use
It is the service of closing or port, upgrade-system version, upgrades software patch, change configuration parameter, change network security policy, be
The bug code of hidden danger is optimized and revised, rectifies and improves weak passwurd and had to system account operation authority.For the high-risk network of remote operation class
Potential safety hazard takes the long-range execute instruction of limitation, prevents remote information leakage, prevents long-range refusal service, limitation teledata from repairing
The workaround such as change.Accordingly, judge whether leak problem has solved, whether generally use checking hidden danger service or port close
Close, system or whether Software Edition updates, whether system strategy and authority set and rationally effectively refuse useless account, application
Code avoids the occurrence of the hidden danger situation such as SQL injection and cross site scripting execution, system and meets cryptosecurity rule using login password
Then, corresponding verification tool may be selected as needed to test.If do not solved, need to indicate the unresolved leak
Concrete reason and rectification during the abnormal conditions that find comb in order to historical analysis of the later stage for the problem;If inspection
The cyberspace vulnerability is tested to solve by technical approach, then mark problem has solved in network security assessment report,
And indicate solution method, confirm people, person approving, the data analysis for solving time and correlation, and according to rectification result generation net
The safe modification report of network.The network security assessment of the network security modification report of information technoloy equipment after rectification and information technoloy equipment is reported
Contrasted, summarized, to understand the progress and effect that attendant rectifies and improves to the cyberspace vulnerability of the information technoloy equipment, so as to realize
Cyberspace vulnerability rectification problem corresponding to the facility information of information technoloy equipment is effectively tracked.Attendant can also be according to overall leakage
Hole contrast, situation is summarized, generate the report analysis of correlation, related data is analyzed, realize solve leak to this trimming
Amount, remaining unresolved leak amount, rectification progress percentage, unresolved leak grade/leak system classification/leak service class/
The Poisson distribution situation of situations such as leak application level carries out dynamic analysis.
The network safety managing method that the present embodiment provides, by obtaining the facility information of information technoloy equipment, knows from network security
Know and cyberspace vulnerability corresponding to the facility information of information technoloy equipment is searched in storehouse, and network security management is carried out to information technoloy equipment, according to
Cyberspace vulnerability generation network security report, and the contrast reported according to network security, the process of leak reparation is monitored in real time,
Network security can also be reported and carry out automatic archiving.So as to more targetedly carry out cyberspace vulnerability scanning to information technoloy equipment
And analysis, and then overall network security management system is formed, it is greatly improved business application system network safety prevention energy
Power, additionally it is possible to improve the application degree of information technoloy equipment IT application in management.
Fig. 2 is the schematic flow sheet for the network safety managing method that the embodiment of the present invention two provides, as shown in Fig. 2 in reality
On the basis of applying example one, described pacify from net in knowledge base searches cyberspace vulnerability corresponding to the facility information of the information technoloy equipment,
Including:
201st, determine in each facility information, first facility information consistent with the facility information of the information technoloy equipment.
In the present embodiment, cyberspace vulnerability corresponding to the facility information of information technoloy equipment is searched in knowledge base is pacified from net
When, it should find first facility information consistent with the facility information of information technoloy equipment to be checked in net peace knowledge base first.
202nd, pacify cyberspace vulnerability corresponding to searching first facility information in knowledge base from net, set as the IT
Cyberspace vulnerability corresponding to standby facility information.
In actual applications, if operating system, database, the type and version of middleware that information technoloy equipment to be checked is installed
When this is with the operating system in certain facility information in net peace knowledge base, database, the type of middleware and consistent version, by net
Cyberspace vulnerability corresponding to the facility information is defined as network peace corresponding to the facility information of the device object in peace knowledge base
Full leak.Therefore from net peace knowledge base find first facility information consistent with the facility information of information technoloy equipment to be checked it
Afterwards, you can pacify from net in knowledge base and search cyberspace vulnerability corresponding to the first facility information, and the first equipment that will be found
Cyberspace vulnerability corresponding to information is as cyberspace vulnerability corresponding to the facility information of information technoloy equipment to be checked, so as to be formed
Overall network security management system.
The network safety managing method that the present embodiment provides, if the operating system installed by information technoloy equipment to be checked,
Database, the type of middleware and version and operating system, database, the type of middleware and the version phase one of net peace knowledge base
During cause, all relevant operation system cyberspace vulnerabilities are associated with the device object, overall network security pipe can be formed
Reason system, the maintenance system effectively checked outside scope whether there is undiscovered Network Security Vulnerabilities.
Fig. 3 is the schematic flow sheet for the network safety managing method that the embodiment of the present invention three provides, as shown in figure 3, in reality
On the basis of applying example one, this method also includes:
301st, the information inquiring request of user is received, described information inquiry request includes the mark of information technoloy equipment to be checked.
In actual applications, user can be inquired about the information of information technoloy equipment, when detect user need inquire about be
During the essential information of information technoloy equipment, i.e., information inquiring request is identified to obtain including information technoloy equipment to be checked according to what is received, by user
Need to inquire about is that the essential information of information technoloy equipment is presented to user, wherein, the form for showing essential information can be by User Defined.
302nd, verify whether the user is authorized user, if so, then obtaining net corresponding to the information technoloy equipment to be checked
Network security breaches are simultaneously returned to the user, otherwise, refusal inquiry response are returned to the user.
In actual applications, if detect user need inquire about be the details of information technoloy equipment when, for example, user inquire about
During the cyberspace vulnerability of certain information technoloy equipment, then need to verify the identity of user, if authenticating to the user to have authorized use
Family, i.e., the details of information technoloy equipment to be checked are showed into user, if it is unauthorized user to authenticate to the user, refusal is originally
Secondary request.Wherein, the details of information technoloy equipment include cyberspace vulnerability corresponding to information technoloy equipment to be checked, information technoloy equipment to be checked
The maintenance information etc. of assets information, information technoloy equipment to be checked.
The network safety managing method that the present embodiment provides, by receiving the information inquiring request of user, detection user needs
The levels of information of information technoloy equipment is inquired about, and after being verified to user identity, the various information of information technoloy equipment is shown to user, will
Information technoloy equipment is connected with network security association, so as to more targetedly carry out cyberspace vulnerability scanning to information technoloy equipment and divide
Analysis, and then overall network security management system is formed, it is greatly improved business application system network safety prevention ability.
Fig. 4 is the schematic flow sheet for the network safety managing method that the embodiment of the present invention four provides, as shown in figure 4, in reality
On the basis of applying example three, described information inquiry request also includes the identity information of the user;Whether the checking user
For authorized user, including:
401st, the identity information of the user and the identity information of authorized user are contrasted.
In actual applications, when detect user need inquire about be the details of information technoloy equipment when, then need to user's
Identity verified, the identity information of authorized user is summarized, and the identity information of the user and use will have been authorized
The identity information at family is contrasted.
If the 402, the identity information of the user is consistent with the identity information of any authorized user, the user is judged
For authorized user, otherwise, it is determined that the user is unauthorized user.
In actual applications, after the identity information of the identity information of the user and authorized user is contrasted, if than
Show that the identity information of user is consistent with a large amount of one of the identity informations of authorized user summarized to result, then can be determined that this
User is authorized user, and the details of information technoloy equipment are shown to the user.If comparison result shows the body of authorized user
When not including the information of the user in part information, then the user is judged for unauthorized user, then refuse to show that IT is set to the user
Standby details.
The network safety managing method that the present embodiment provides, inquiry IT is set by the identity information according to authorized user
The information of standby user is verified, to protect the network security of information technoloy equipment to be made that guarantee.
Fig. 5 is the schematic flow sheet for the network safety managing method that the embodiment of the present invention five provides, as shown in figure 5, in reality
On the basis of applying example one to any one of example IV, the facility information for obtaining information technoloy equipment, including:
501st, by scanning the Quick Response Code of the information technoloy equipment, the device identification of the information technoloy equipment is obtained.
In the present embodiment, existing facility information, length limitation is typically due to, a small amount of information can only be showed, and believe
Cease content and read and lack security, and the Asset Tag pattern of different assets ownership unit use and label show content shortage
Uniformity and normalization.Therefore can be encoded using QR Code, generation includes the two-dimension code label of information technoloy equipment information.When with
When family need to be inquired about the information of a certain information technoloy equipment, the Quick Response Code of information technoloy equipment information can be included by scanning, described in acquisition
The device identification of information technoloy equipment.
502nd, the facility information of the information technoloy equipment is found out in slave unit information bank, the facility information stock, which contains, respectively to be set
Facility information corresponding to standby mark, the facility information of the information technoloy equipment is equipment letter corresponding to the device identification of the information technoloy equipment
Breath.
In the present embodiment, after the device identification of information technoloy equipment is got, can respectively be set from being stored with of establishing in advance
The facility information of the information technoloy equipment, the facility information of the information technoloy equipment are found out in the facility information storehouse of facility information corresponding to standby mark
For facility information corresponding to the device identification of information technoloy equipment.
The network safety managing method that the present embodiment provides, is encoded by using QR Code, and generation includes information technoloy equipment
The two-dimension code label of information, assets information data are become perfect and effective.
Fig. 6 is the structural representation for the network security management device that the embodiment of the present invention six provides, as shown in fig. 6, the dress
Put including:
Acquisition module 61, for obtaining the facility information of information technoloy equipment, the facility information includes operation system information, data
Storehouse information or middleware information;
Searching modul 62, network security leakage corresponding to the facility information of the information technoloy equipment is searched in knowledge base for pacifying from net
Hole, the net, which is pacified in knowledge base, is stored with cyberspace vulnerability corresponding to each facility information;
Management module 63, for cyberspace vulnerability corresponding to the facility information according to the information technoloy equipment, the IT is set
It is standby to carry out network security management.
In practical application, the information technoloy equipment for being usually directed to network security is directed primarily to operation system information, such as commonly use
Windows, Linux, Solaris, Unix, AIX, Android etc., database information, such as conventional Oracle, Sybase,
Mysql, Sql Server, DB2, Informix etc., middleware information, for example, commonly used Apache, Tomcat, Resin,
Several aspects such as Nigix, WebSphere, WebLogic, Jboss, therefore when being managed to network security, it should obtain first
The facility information of information technoloy equipment, the facility information include but is not limited to operation system information, database information and middleware information
The facility information of information technoloy equipment.Acquisition module 61 is got including operation system information, database information or middleware information
After the facility information of information technoloy equipment, searching modul 62 can pacify from net searches net corresponding with the facility information of information technoloy equipment in knowledge base
Network security breaches and device-dependent security breaches problem list, wherein, net peace knowledge base is to be based on authority network safety net
The vulnerability information provided is provided and the local personalized net that is related to leak type and scope withs reference to existing information technoloy equipment and generates pacifies knowledge
Storehouse, net, which is pacified in knowledge base, is stored with overall network security breaches corresponding to the facility information of current information technoloy equipment.Set when getting IT
After cyberspace vulnerability corresponding to standby facility information, management module 63 is to net corresponding to the facility information of the information technoloy equipment got
Network security breaches are analyzed, according to Type division, and statistical correlation data, such as:Main frame class risk class distribution situation is (non-
It is often dangerous/than relatively hazardous/relatively safety/very safe), leak risk distribution situation (high-risk leak/middle danger leak/low danger leakage
Hole), leak kind of risk situation (system service leak/application leak/system itself leak/leak discovery time etc.),
Weak passwurd distribution situation counts.Cyberspace vulnerability corresponding to the facility information of above-mentioned information technoloy equipment is summarized, and according to it
Associated services system importance and priority in time send the high-risk vulnerability information of equipment extremely in a manner of SMS or mail
Specific attendant, attendant carry out network security management to information technoloy equipment.
As a kind of enforceable mode, on the basis of embodiment six, described device can also include network security and leak
Hole detection module, the all-network security breaches for that will get generate cyberspace vulnerability list;Periodically to information technoloy equipment
Cyberspace vulnerability is scanned, and generates the cyberspace vulnerability list of different times;To the cyberspace vulnerability of different times
List is compared, to determine whether information technoloy equipment has new cyberspace vulnerability.
In the present embodiment, can be certainly after cyberspace vulnerability corresponding to the facility information of information technoloy equipment is got
The all-network security breaches generation cyberspace vulnerability list that dynamic basis is got.Because net peace knowledge base is to be based on authoritative net
The vulnerability information of network security website offer is simultaneously related to leak type and scope with reference to existing information technoloy equipment and generated and be local personalized
Net peace knowledge base, so, the cyberspace vulnerability stored in net peace knowledge base is also with all information technoloy equipments updated with current official website
Device network security breaches carry out real-time update corresponding to respectively.Therefore periodically the cyberspace vulnerability of information technoloy equipment can be swept
Retouch, generate the cyberspace vulnerability list of different times, and be compared, to determine whether information technoloy equipment has new network to pacify
Full leak.
Further, on the basis of embodiment six, described device can also include network security assessment module, for
The net safety construction equipment of tripartite's specialty realizes net safety construction and the assessment to information technoloy equipment, according to scanning and assessment result
Automatic generating network security evaluation report;Compare for network security assessment report of the different time points to same device object
Pair and rectification data analysis;By the network security modification report of the information technoloy equipment after rectification and the network security assessment report of information technoloy equipment
Announcement is contrasted, summarized, to understand the progress and effect that attendant rectifies and improves to the cyberspace vulnerability of the information technoloy equipment;According to whole
The contrast of body drain hole, situation is summarized, generate the report analysis of correlation, related data is analyzed.
Specifically, the net safety construction to information technoloy equipment can be realized according to the net safety construction equipment of third party's specialty
And assessment, according to scanning and assessment result automatic generating network security evaluation report and it can report progress certainly network security assessment
Dynamic filing, meanwhile, network security assessment report of the different time points to same device object can be directed to and be compared and rectify and improve
Data analysis, wherein, rectification data analysis specifically includes rectification schedule, does not rectify and improve leak quantity and other dependency numbers
Analyze according to statistics.Audited specifically, can be reported according to the network security assessment of the information technoloy equipment automatically generated, successively to IT
The cyberspace vulnerability of equipment is rectified and improved, specifically, the technological means rectified and improved to cyberspace vulnerability of generally use
It is the service of closing or port, upgrade-system version, upgrades software patch, change configuration parameter, change network security policy, be
The bug code of hidden danger is optimized and revised, rectifies and improves weak passwurd and had to system account operation authority.For the high-risk network of remote operation class
Potential safety hazard takes the long-range execute instruction of limitation, prevents remote information leakage, prevents long-range refusal service, limitation teledata from repairing
The workaround such as change.Accordingly, judge whether leak problem has solved, whether generally use checking hidden danger service or port close
Close, system or whether Software Edition updates, whether system strategy and authority set and rationally effectively refuse useless account, application
Code avoids the occurrence of the hidden danger situation such as SQL injection and cross site scripting execution, system and meets cryptosecurity rule using login password
Then, corresponding verification tool may be selected as needed to test.If do not solved, need to indicate the unresolved leak
Concrete reason and rectification during the abnormal conditions that find comb in order to historical analysis of the later stage for the problem;If inspection
The cyberspace vulnerability is tested to solve by technical approach, then mark problem has solved in network security assessment report,
And indicate solution method, confirm people, person approving, the data analysis for solving time and correlation, and according to rectification result generation net
The safe modification report of network.The network security assessment of the network security modification report of information technoloy equipment after rectification and information technoloy equipment is reported
Contrasted, summarized, to understand the progress and effect that attendant rectifies and improves to the cyberspace vulnerability of the information technoloy equipment, so as to realize
Cyberspace vulnerability rectification problem corresponding to the facility information of information technoloy equipment is effectively tracked.Attendant can also be according to overall leakage
Hole contrast, situation is summarized, generate the report analysis of correlation, related data is analyzed, realize solve leak to this trimming
Amount, remaining unresolved leak amount, rectification progress percentage, unresolved leak grade/leak system classification/leak service class/
The Poisson distribution situation of situations such as leak application level carries out dynamic analysis.
The network security management device that the present embodiment provides, by obtaining the facility information of information technoloy equipment, pacify knowledge base from net
Cyberspace vulnerability corresponding to the middle facility information for searching information technoloy equipment, and network security management is carried out to information technoloy equipment, according to network
Security breaches generation network security report, and the contrast reported according to network security, monitor the process of leak reparation, may be used also in real time
Network security is reported and carries out automatic archiving.So as to more targetedly carry out cyberspace vulnerability scanning to information technoloy equipment and divide
Analysis, and then overall network security management system is formed, business application system network safety prevention ability is greatly improved, also
The application degree of information technoloy equipment IT application in management can be improved.
Fig. 7 is the structural representation for the network security management device that the embodiment of the present invention seven provides, as shown in fig. 7, in reality
On the basis of applying example six, the searching modul, including:
Determining unit 71, for determining in each facility information, consistent with the facility information of the information technoloy equipment first
Facility information;
First searching unit 72, network security leakage corresponding to first facility information is searched in knowledge base for pacifying from net
Hole, as cyberspace vulnerability corresponding to the facility information of the information technoloy equipment.
In the present embodiment, cyberspace vulnerability corresponding to the facility information of information technoloy equipment is searched in knowledge base is pacified from net
When, it should find consistent with the facility information of information technoloy equipment to be checked the in net peace knowledge base by determining unit 71 first
One facility information.If the type and version and net peace of the operating system that information technoloy equipment to be checked is installed, database, middleware are known
, will be in net peace knowledge base when knowing operating system in storehouse in certain facility information, database, the type of middleware and consistent version
Cyberspace vulnerability corresponding to the facility information is defined as cyberspace vulnerability corresponding to the facility information of the device object.Therefore
After net peace knowledge base finds first facility information consistent with the facility information of information technoloy equipment to be checked, you can pacify from net
Search cyberspace vulnerability corresponding to the first facility information in knowledge base, and by network corresponding to the first facility information found
Security breaches are as cyberspace vulnerability corresponding to the facility information of information technoloy equipment to be checked, so as to form overall network security
Management system.
The network security management device that the present embodiment provides, if the operating system installed by information technoloy equipment to be checked,
Database, the type of middleware and version and operating system, database, the type of middleware and the version phase one of net peace knowledge base
During cause, all relevant operation system cyberspace vulnerabilities are associated with the device object, overall network security pipe can be formed
Reason system, the maintenance system effectively checked outside scope whether there is undiscovered Network Security Vulnerabilities.
Fig. 8 is the structural representation for the network security management device that the embodiment of the present invention eight provides, as shown in figure 8, in reality
On the basis of applying example six, the device also includes:
Receiving module 81, for receiving the information inquiring request of user, described information inquiry request is set including IT to be checked
Standby mark;
Authentication module 82, for verifying whether the user is authorized user, set if so, then obtaining the IT to be checked
Standby corresponding cyberspace vulnerability is simultaneously returned to the user, otherwise, refusal inquiry response is returned to the user.
In actual applications, user can be inquired about the information of information technoloy equipment, when detect user need inquire about be
During the essential information of information technoloy equipment, i.e., information inquiring request is identified to obtain including information technoloy equipment to be checked according to what is received, by user
Need to inquire about is that the essential information of information technoloy equipment is presented to user, wherein, the form for showing essential information can be by User Defined.
If detect user need inquire about be the details of information technoloy equipment when, for example, user inquire about certain information technoloy equipment network security leakage
During hole, then need to verify the identity of user, if authenticating to the user as authorized user, i.e., by information technoloy equipment to be checked
Details show user, if it is unauthorized user to authenticate to the user, refuse this request.Wherein, information technoloy equipment
Details are set including cyberspace vulnerability, the assets information of information technoloy equipment to be checked, IT to be checked corresponding to information technoloy equipment to be checked
Standby maintenance information etc..
The network security management device that the present embodiment provides, by receiving the information inquiring request of user, detection user needs
The levels of information of information technoloy equipment is inquired about, and after being verified to user identity, the various information of information technoloy equipment is shown to user, will
Information technoloy equipment is connected with network security association, so as to more targetedly carry out cyberspace vulnerability scanning to information technoloy equipment and divide
Analysis, and then overall network security management system is formed, it is greatly improved business application system network safety prevention ability.
Fig. 9 is the structural representation for the network security management device that the embodiment of the present invention nine provides, as shown in figure 9, in reality
On the basis of applying example nine, described information inquiry request also includes the identity information of the user;The authentication module, including:
Comparison unit 91, for the identity information of the user and the identity information of authorized user to be contrasted;
Identifying unit 92, if the identity information for the user is consistent with the identity information of any authorized user,
The user is judged for authorized user, otherwise, it is determined that the user is unauthorized user.
In actual applications, when detect user need inquire about be the details of information technoloy equipment when, then need to user's
Identity verified, the identity information of authorized user is summarized, and by comparison unit 91 by the identity of the user
Information and the identity information of authorized user are contrasted.The identity information of the user and the identity information of authorized user are entered
After row contrast, if comparison result show the identity information of user and a large amount of identity informations of authorized user summarized one by one
Cause, then identifying unit 92 can be determined that the user as authorized user, and the details of information technoloy equipment are shown to the user.If than
When the information for not including the user in the identity information of authorized user is shown to result, then judge that the user uses for unauthorized
Family, then refuse to show the details of information technoloy equipment to the user.
The network security management device that the present embodiment provides, inquiry IT is set by the identity information according to authorized user
The information of standby user is verified, to protect the network security of information technoloy equipment to be made that guarantee.
Figure 10 is the structural representation for the network security management device that the embodiment of the present invention ten provides, as shown in Figure 10,
On the basis of embodiment six to any one of embodiment nine, the acquisition module, including:
Scanning element 11, for the Quick Response Code by scanning the information technoloy equipment, obtain the device identification of the information technoloy equipment;
Second searching unit 12, for finding out the facility information of the information technoloy equipment, the equipment in slave unit information bank
Information bank is stored with facility information corresponding to each device identification, and the facility information of the information technoloy equipment is the equipment mark of the information technoloy equipment
Facility information corresponding to knowledge.
In the present embodiment, existing facility information, length limitation is typically due to, a small amount of information can only be showed, and believe
Cease content and read and lack security, and the Asset Tag pattern of different assets ownership unit use and label show content shortage
Uniformity and normalization.Therefore can be encoded using QR Code, generation includes the two-dimension code label of information technoloy equipment information.When with
When family need to be inquired about the information of a certain information technoloy equipment, the two dimension for including information technoloy equipment information can be scanned by scanning element 11
Code, obtains the device identification of the information technoloy equipment.After the device identification of information technoloy equipment is got, the second searching unit 12 can be engaged in
That first establishes is stored with the facility information that the information technoloy equipment is found out in the facility information storehouse of facility information corresponding to each device identification,
The facility information of the information technoloy equipment is facility information corresponding to the device identification of information technoloy equipment.
The network security management device that the present embodiment provides, is encoded by using QR Code, and generation includes information technoloy equipment
The two-dimension code label of information, assets information data are become perfect and effective.
It is apparent to those skilled in the art that for convenience and simplicity of description, the device of foregoing description
Specific work process, may be referred to the corresponding process in preceding method embodiment, will not be repeated here.
One of ordinary skill in the art will appreciate that:Realizing all or part of step of above-mentioned each method embodiment can lead to
The related hardware of programmed instruction is crossed to complete.Foregoing program can be stored in a computer read/write memory medium.The journey
Sequence upon execution, execution the step of including above-mentioned each method embodiment;And foregoing storage medium includes:ROM, RAM, magnetic disc or
Person's CD etc. is various can be with the medium of store program codes.
Finally it should be noted that:Various embodiments above is merely illustrative of the technical solution of the present invention, rather than its limitations;To the greatest extent
The present invention is described in detail with reference to foregoing embodiments for pipe, it will be understood by those within the art that:Its according to
The technical scheme described in foregoing embodiments can so be modified, either which part or all technical characteristic are entered
Row equivalent substitution;And these modifications or replacement, the essence of appropriate technical solution is departed from various embodiments of the present invention technology
The scope of scheme.
Claims (10)
- A kind of 1. network safety managing method, it is characterised in that including:The facility information of information technoloy equipment is obtained, the facility information includes operation system information, database information or middleware letter Breath;Pacify from net and cyberspace vulnerability corresponding to the facility information of the information technoloy equipment is searched in knowledge base, in the net peace knowledge base It is stored with cyberspace vulnerability corresponding to each facility information;According to cyberspace vulnerability corresponding to the facility information of the information technoloy equipment, network security management is carried out to the information technoloy equipment.
- 2. network safety managing method according to claim 1, it is characterised in that described pacify from net in knowledge base searches institute Cyberspace vulnerability corresponding to the facility information of information technoloy equipment is stated, including:Determine in each facility information, first facility information consistent with the facility information of the information technoloy equipment;Pacify from net in knowledge base and search cyberspace vulnerability corresponding to first facility information, the equipment as the information technoloy equipment Cyberspace vulnerability corresponding to information.
- 3. network safety managing method according to claim 1, it is characterised in that methods described also includes:The information inquiring request of user is received, described information inquiry request includes the mark of information technoloy equipment to be checked;Verify whether the user is authorized user, leaked if so, then obtaining network security corresponding to the information technoloy equipment to be checked Hole is simultaneously returned to the user, otherwise, refusal inquiry response is returned to the user.
- 4. network safety managing method according to claim 3, it is characterised in that described information inquiry request also includes institute State the identity information of user;Whether the checking user is authorized user, including:The identity information of the user and the identity information of authorized user are contrasted;If the identity information of the user is consistent with the identity information of any authorized user, the user is judged to have authorized User, otherwise, it is determined that the user is unauthorized user.
- 5. according to the network safety managing method any one of claim 1-4, it is characterised in that the acquisition information technoloy equipment Facility information, including:By scanning the Quick Response Code of the information technoloy equipment, the device identification of the information technoloy equipment is obtained;The facility information of the information technoloy equipment is found out in slave unit information bank, the facility information stock contains each device identification pair The facility information answered, the facility information of the information technoloy equipment is facility information corresponding to the device identification of the information technoloy equipment.
- A kind of 6. network security management device, it is characterised in that including:Acquisition module, for obtaining the facility information of information technoloy equipment, the facility information includes operation system information, database information Or middleware information;Searching modul, cyberspace vulnerability corresponding to the facility information of the information technoloy equipment, institute are searched for pacifying from net in knowledge base State in net peace knowledge base and be stored with cyberspace vulnerability corresponding to each facility information;Management module, for cyberspace vulnerability corresponding to the facility information according to the information technoloy equipment, the information technoloy equipment is carried out Network security management.
- 7. network security management device according to claim 6, it is characterised in that the searching modul, including:Determining unit, for determining in each facility information, first equipment consistent with the facility information of information technoloy equipment letter Breath;First searching unit, cyberspace vulnerability corresponding to first facility information is searched for pacifying from net in knowledge base, is made For cyberspace vulnerability corresponding to the facility information of the information technoloy equipment.
- 8. network security management device according to claim 6, it is characterised in that described device also includes:Receiving module, for receiving the information inquiring request of user, described information inquiry request includes the mark of information technoloy equipment to be checked Know;Authentication module, for verifying whether the user is authorized user, if so, it is corresponding then to obtain the information technoloy equipment to be checked Cyberspace vulnerability and be returned to the user, otherwise, to the user return refusal inquiry response.
- 9. network security management device according to claim 8, it is characterised in that described information inquiry request also includes institute State the identity information of user;The authentication module, including:Comparison unit, for the identity information of the user and the identity information of authorized user to be contrasted;Determination module, if the identity information for the user is consistent with the identity information of any authorized user, judge institute User is stated as authorized user, otherwise, it is determined that the user is unauthorized user.
- 10. the network security management device according to any one of claim 6-9, it is characterised in that the acquisition module, Including:Scanning element, for the Quick Response Code by scanning the information technoloy equipment, obtain the device identification of the information technoloy equipment;Second searching unit, for finding out the facility information of the information technoloy equipment, the facility information storehouse in slave unit information bank Facility information corresponding to each device identification is stored with, the facility information of the information technoloy equipment is corresponding for the device identification of the information technoloy equipment Facility information.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710600774.1A CN107483410A (en) | 2017-07-21 | 2017-07-21 | Network safety managing method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710600774.1A CN107483410A (en) | 2017-07-21 | 2017-07-21 | Network safety managing method and device |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107483410A true CN107483410A (en) | 2017-12-15 |
Family
ID=60596222
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710600774.1A Pending CN107483410A (en) | 2017-07-21 | 2017-07-21 | Network safety managing method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107483410A (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110535859A (en) * | 2019-08-29 | 2019-12-03 | 北京知道创宇信息技术股份有限公司 | Network security emergency capability determines method, apparatus and electronic equipment |
CN112491874A (en) * | 2020-11-26 | 2021-03-12 | 杭州安恒信息技术股份有限公司 | Network asset management method and device and related equipment |
CN112511520A (en) * | 2020-11-23 | 2021-03-16 | 国网山东省电力公司电力科学研究院 | Network security management system and method for power industry |
CN113114647A (en) * | 2021-04-01 | 2021-07-13 | 海尔数字科技(青岛)有限公司 | Network security risk detection method and device, electronic equipment and storage medium |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102156827A (en) * | 2011-01-14 | 2011-08-17 | 无锡市同威科技有限公司 | Remote bug high-speed scanning host computer and method based on field programmable gate array (FPGA) |
CN104077531A (en) * | 2014-06-05 | 2014-10-01 | 中标软件有限公司 | Open vulnerability assessment language based system vulnerability assessment method, device and system |
CN104125197A (en) * | 2013-04-24 | 2014-10-29 | 阿里巴巴集团控股有限公司 | Security baseline system and method thereof for implementing security checks |
CN105142150A (en) * | 2015-08-28 | 2015-12-09 | 广东电网有限责任公司信息中心 | Wireless device loophole scanning method and system based on BS mode |
CN105681303A (en) * | 2016-01-15 | 2016-06-15 | 中国科学院计算机网络信息中心 | Big data driven network security situation monitoring and visualization method |
-
2017
- 2017-07-21 CN CN201710600774.1A patent/CN107483410A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102156827A (en) * | 2011-01-14 | 2011-08-17 | 无锡市同威科技有限公司 | Remote bug high-speed scanning host computer and method based on field programmable gate array (FPGA) |
CN104125197A (en) * | 2013-04-24 | 2014-10-29 | 阿里巴巴集团控股有限公司 | Security baseline system and method thereof for implementing security checks |
CN104077531A (en) * | 2014-06-05 | 2014-10-01 | 中标软件有限公司 | Open vulnerability assessment language based system vulnerability assessment method, device and system |
CN105142150A (en) * | 2015-08-28 | 2015-12-09 | 广东电网有限责任公司信息中心 | Wireless device loophole scanning method and system based on BS mode |
CN105681303A (en) * | 2016-01-15 | 2016-06-15 | 中国科学院计算机网络信息中心 | Big data driven network security situation monitoring and visualization method |
Non-Patent Citations (1)
Title |
---|
孙力行: ""网络安全漏洞分析知识库系统的设计与实现"", 《中国知网》 * |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110535859A (en) * | 2019-08-29 | 2019-12-03 | 北京知道创宇信息技术股份有限公司 | Network security emergency capability determines method, apparatus and electronic equipment |
CN110535859B (en) * | 2019-08-29 | 2021-12-14 | 北京知道创宇信息技术股份有限公司 | Network security emergency capacity determining method and device and electronic equipment |
CN112511520A (en) * | 2020-11-23 | 2021-03-16 | 国网山东省电力公司电力科学研究院 | Network security management system and method for power industry |
CN112491874A (en) * | 2020-11-26 | 2021-03-12 | 杭州安恒信息技术股份有限公司 | Network asset management method and device and related equipment |
CN113114647A (en) * | 2021-04-01 | 2021-07-13 | 海尔数字科技(青岛)有限公司 | Network security risk detection method and device, electronic equipment and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN112766517B (en) | Monitoring and early warning method for electric power operation and maintenance network security | |
CN107483410A (en) | Network safety managing method and device | |
CN112632575A (en) | Authority management method and device of business system, computer equipment and storage medium | |
CN110011848B (en) | Mobile operation and maintenance auditing system | |
EP2816760B1 (en) | A method, a server and a client providing secured communication in a power distribution communication network | |
CN107154919B (en) | Safe login method and device | |
CN105635066A (en) | Management method and device of client application program | |
CN109684863B (en) | Data leakage prevention method, device, equipment and storage medium | |
CN110740140A (en) | network information security supervision system based on cloud platform | |
CN104573493A (en) | Software protection method and system | |
CN113872959B (en) | Method, device and equipment for judging risk asset level and dynamically degrading risk asset level | |
CN115982681A (en) | Computer network identity verification system | |
CN110445790A (en) | A kind of account method for detecting abnormality logging in behavior based on user | |
CN106997435A (en) | A kind of method of operating system security prevention and control, apparatus and system | |
CN116915515B (en) | Access security control method and system for industrial control network | |
CN109933974B (en) | Password initialization method, device, computer equipment and storage medium | |
CN112422527A (en) | Safety protection system, method and device of transformer substation electric power monitoring system | |
CN115913756A (en) | Network equipment vulnerability verification method based on known vulnerability entries | |
CN111949363A (en) | Service access management method, computer equipment, storage medium and system | |
CN102780686A (en) | Credible resource based method and device for protecting bank user information | |
JP2004015495A5 (en) | ||
CN117978548B (en) | Network security access method for electronic information storage system | |
CN117592109B (en) | Enterprise financial information safety management method and system based on deep learning | |
CN116910149B (en) | File management system based on distributed database | |
Rowland et al. | MANAGING CYBERSECURITY SUPPLY CHAIN RISKS FOR THE SECURITY OF RADIOACTIVE SOURCES. |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20171215 |