CN107483410A - Network safety managing method and device - Google Patents

Network safety managing method and device Download PDF

Info

Publication number
CN107483410A
CN107483410A CN201710600774.1A CN201710600774A CN107483410A CN 107483410 A CN107483410 A CN 107483410A CN 201710600774 A CN201710600774 A CN 201710600774A CN 107483410 A CN107483410 A CN 107483410A
Authority
CN
China
Prior art keywords
information
technoloy equipment
user
facility information
facility
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710600774.1A
Other languages
Chinese (zh)
Inventor
张志强
何巍
陈琪
张彬
沙泉
霍君帅
刘津
陈永革
左爽
陈涛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China United Network Communications Group Co Ltd
Original Assignee
China United Network Communications Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China United Network Communications Group Co Ltd filed Critical China United Network Communications Group Co Ltd
Priority to CN201710600774.1A priority Critical patent/CN107483410A/en
Publication of CN107483410A publication Critical patent/CN107483410A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis

Abstract

The present invention, which provides a kind of network safety managing method and device, method, to be included:The facility information of information technoloy equipment is obtained, the facility information includes operation system information, database information or middleware information;Pacify from net and cyberspace vulnerability corresponding to the facility information of the information technoloy equipment is searched in knowledge base, cyberspace vulnerability corresponding to each facility information is stored with the net peace knowledge base;According to cyberspace vulnerability corresponding to the facility information of the information technoloy equipment, network security management is carried out to the information technoloy equipment.So as to more targetedly carry out cyberspace vulnerability scanning and analysis to information technoloy equipment, and then overall network security management system is formed, be greatly improved business application system network safety prevention ability.

Description

Network safety managing method and device
Technical field
The present invention relates to network safety filed, more particularly to a kind of network safety managing method and device.
Background technology
With the continuous innovation of IT technologies, even more important is become to the network security management of information technoloy equipment.Existing network peace In full management method, device network secure context lacks the standard criterion that can be for reference of shaping.For operating system, centre These important steps for being subject to network attack of part, database, network configuration parameters dispose corresponding security protection without whole Means.Safety inspection for network and equipment is all to assist to complete by the third company of risky assessment qualification, and for Maintenance system outside examination scope still suffers from undiscovered Network Security Vulnerabilities.
On the other hand, existing information technoloy equipment Asset Tag can only show a small amount of information, and the information content as space is limited, Read and lack security.The Asset Tag pattern and label that different assets ownership units use show content and lack uniformity and rule Plasticity.
The content of the invention
The present invention provides a kind of network safety managing method and device, not complete enough for solving network security management system It is kind, the problem of business application system network safety prevention ability is weaker.
The first aspect of the invention is to provide a kind of network safety managing method, including:Obtain the equipment letter of information technoloy equipment Breath, the facility information include operation system information, database information or middleware information;Pacify from net in knowledge base and search institute Cyberspace vulnerability corresponding to the facility information of information technoloy equipment is stated, net corresponding to each facility information is stored with the net peace knowledge base Network security breaches;According to cyberspace vulnerability corresponding to the facility information of the information technoloy equipment, network peace is carried out to the information technoloy equipment Full management.
Another aspect of the present invention is to provide a kind of network security management device, including:Acquisition module, for obtaining IT The facility information of equipment, the facility information include operation system information, database information or middleware information;Search mould Block, cyberspace vulnerability corresponding to the facility information of the information technoloy equipment is searched in knowledge base for pacifying from net, the net peace knowledge Cyberspace vulnerability corresponding to each facility information is stored with storehouse;Management module, for the facility information according to the information technoloy equipment Corresponding cyberspace vulnerability, network security management is carried out to the information technoloy equipment.
Network safety managing method and device provided by the invention, by by the facility information of information technoloy equipment, for example, operation system System information, database information or middleware information, pacify the cyberspace vulnerability in knowledge base with net and be associated, so as to obtain The cyberspace vulnerability of information technoloy equipment simultaneously carries out network security management to information technoloy equipment.So as to more targetedly be carried out to information technoloy equipment Cyberspace vulnerability scans and analysis, and then forms overall network security management system, is greatly improved service application system System network safety prevention ability.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing There is the required accompanying drawing used in technology description to be briefly described, it should be apparent that, drawings in the following description are the present invention Some embodiments, for those of ordinary skill in the art, on the premise of not paying creative work, can also basis These accompanying drawings obtain other accompanying drawings.
Fig. 1 is the schematic flow sheet for the network safety managing method that the embodiment of the present invention one provides;
Fig. 2 is the schematic flow sheet for the network safety managing method that the embodiment of the present invention two provides;
Fig. 3 is the schematic flow sheet for the network safety managing method that the embodiment of the present invention three provides;
Fig. 4 is the schematic flow sheet for the network safety managing method that the embodiment of the present invention four provides;
Fig. 5 is the schematic flow sheet for the network safety managing method that the embodiment of the present invention five provides;
Fig. 6 is the structural representation for the network security management device that the embodiment of the present invention six provides;
Fig. 7 is the structural representation for the network security management device that the embodiment of the present invention seven provides;
Fig. 8 is the structural representation for the network security management device that the embodiment of the present invention eight provides;
Fig. 9 is the structural representation for the network security management device that the embodiment of the present invention nine provides;
Figure 10 is the structural representation for the network security management device that the embodiment of the present invention ten provides;
Figure 11 is the schematic flow sheet for the network safety managing method that the embodiment of the present invention one provides;
Figure 12 is the schematic flow sheet for the network safety managing method that the embodiment of the present invention two provides.
Embodiment
To make the purpose, technical scheme and advantage of the embodiment of the present invention clearer, below in conjunction with the embodiment of the present invention In accompanying drawing, the technical scheme in the embodiment of the present invention is clearly and completely described, it is clear that described embodiment is Part of the embodiment of the present invention, rather than whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art The every other embodiment obtained under the premise of creative work is not made, belongs to the scope of protection of the invention.
Fig. 1 is the schematic flow sheet for the network safety managing method that the embodiment of the present invention one provides, as shown in figure 1, the party Method includes:
101st, obtain information technoloy equipment facility information, the facility information include operation system information, database information or Middleware information.
In practical application, the information technoloy equipment for being usually directed to network security is directed primarily to operation system information, such as commonly use Windows, Linux, Solaris, Unix, AIX, Android etc., database information, such as conventional Oracle, Sybase, Mysql, Sql Server, DB2, Informix etc., middleware information, for example, commonly used Apache, Tomcat, Resin, Several aspects such as Nigix, WebSphere, WebLogic, Jboss, therefore when being managed to network security, it should obtain first The facility information of information technoloy equipment, the facility information include but is not limited to operation system information, database information and middleware information The facility information of information technoloy equipment.
102nd, pacify from net and cyberspace vulnerability corresponding to the facility information of the information technoloy equipment is searched in knowledge base, the net peace Cyberspace vulnerability corresponding to each facility information is stored with knowledge base.
In the present embodiment, the IT including operation system information, database information or middleware information is got to set After standby facility information, can pacify from net in knowledge base search corresponding with the facility information of information technoloy equipment cyberspace vulnerability and Device-dependent security breaches problem list, wherein, it is to net the vulnerability information of peace website offer simultaneously based on authority to net peace knowledge base The local personalized net peace knowledge base for being related to leak type and scope with reference to existing information technoloy equipment and generating, nets and is stored in peace knowledge base There are overall network security breaches corresponding to the facility information of each information technoloy equipment.
103rd, the cyberspace vulnerability according to corresponding to the facility information of the information technoloy equipment, network peace is carried out to the information technoloy equipment Full management.
In the present embodiment, after cyberspace vulnerability corresponding to the facility information of information technoloy equipment is got, to getting Information technoloy equipment facility information corresponding to cyberspace vulnerability analyzed, according to Type division, and statistical correlation data, example Such as:Main frame class risk class distribution situation (abnormally dangerous/than relatively hazardous/comparison is safe/very safe), leak risk distribution feelings (system service leak/application leak/is for condition (high-risk leak/middle danger leak/low danger leak), leak kind of risk situation Unite itself leak/leak discovery time etc.), weak passwurd distribution situation statistics.To net corresponding to the facility information of above-mentioned information technoloy equipment Network security breaches are summarized, and according to its associated services system importance and priority in a manner of SMS or mail handle The high-risk vulnerability information of equipment sends to specific attendant, attendant and carries out network security management to information technoloy equipment in time.
As a kind of enforceable mode, as shown in figure 11, on the basis of embodiment one, methods described can also wrap Include:
111st, the all-network security breaches generation cyberspace vulnerability list got;
112nd, periodically the cyberspace vulnerability of information technoloy equipment is scanned, generates the cyberspace vulnerability row of different times Table;
113rd, the cyberspace vulnerability list to different times is compared, to determine whether information technoloy equipment has new network to pacify Full leak.
In the present embodiment, can be certainly after cyberspace vulnerability corresponding to the facility information of information technoloy equipment is got The all-network security breaches generation cyberspace vulnerability list that dynamic basis is got.Because net peace knowledge base is to be based on authoritative net The vulnerability information of network security website offer is simultaneously related to leak type and scope with reference to existing information technoloy equipment and generated and be local personalized Net peace knowledge base, so, the cyberspace vulnerability stored in net peace knowledge base is also with all information technoloy equipments updated with current official website Device network security breaches carry out real-time update corresponding to respectively.Therefore periodically the cyberspace vulnerability of information technoloy equipment can be swept Retouch, generate the cyberspace vulnerability list of different times, and be compared, to determine whether information technoloy equipment has new network to pacify Full leak.
Further, as shown in figure 12, on the basis of embodiment one, methods described can also include:
121st, net safety construction and the assessment to information technoloy equipment are realized by the net safety construction equipment of third party's specialty, According to scanning and assessment result automatic generating network security evaluation report;
122nd, it is compared and rectifies and improves data for network security assessment report of the different time points to same device object Analysis;
123rd, by the network security assessment of the network security modification report of the information technoloy equipment after rectification and information technoloy equipment report into Row contrast, summarize, to understand the progress and effect that attendant rectifies and improves to the cyberspace vulnerability of the information technoloy equipment;
124th, according to the contrast of overall leak, summary situation, the report analysis of correlation is generated, related data is analyzed.
Specifically, the net safety construction to information technoloy equipment can be realized by the net safety construction equipment of third party's specialty And assessment, according to scanning and assessment result automatic generating network security evaluation report and it can report progress certainly network security assessment Dynamic filing, meanwhile, network security assessment report of the different time points to same device object can be directed to and be compared and rectify and improve Data analysis, wherein, rectification data analysis specifically includes rectification schedule, does not rectify and improve leak quantity and other dependency numbers Analyze according to statistics.Audited specifically, can be reported according to the network security assessment of the information technoloy equipment automatically generated, successively to IT The cyberspace vulnerability of equipment is rectified and improved, specifically, the technological means rectified and improved to cyberspace vulnerability of generally use It is the service of closing or port, upgrade-system version, upgrades software patch, change configuration parameter, change network security policy, be The bug code of hidden danger is optimized and revised, rectifies and improves weak passwurd and had to system account operation authority.For the high-risk network of remote operation class Potential safety hazard takes the long-range execute instruction of limitation, prevents remote information leakage, prevents long-range refusal service, limitation teledata from repairing The workaround such as change.Accordingly, judge whether leak problem has solved, whether generally use checking hidden danger service or port close Close, system or whether Software Edition updates, whether system strategy and authority set and rationally effectively refuse useless account, application Code avoids the occurrence of the hidden danger situation such as SQL injection and cross site scripting execution, system and meets cryptosecurity rule using login password Then, corresponding verification tool may be selected as needed to test.If do not solved, need to indicate the unresolved leak Concrete reason and rectification during the abnormal conditions that find comb in order to historical analysis of the later stage for the problem;If inspection The cyberspace vulnerability is tested to solve by technical approach, then mark problem has solved in network security assessment report, And indicate solution method, confirm people, person approving, the data analysis for solving time and correlation, and according to rectification result generation net The safe modification report of network.The network security assessment of the network security modification report of information technoloy equipment after rectification and information technoloy equipment is reported Contrasted, summarized, to understand the progress and effect that attendant rectifies and improves to the cyberspace vulnerability of the information technoloy equipment, so as to realize Cyberspace vulnerability rectification problem corresponding to the facility information of information technoloy equipment is effectively tracked.Attendant can also be according to overall leakage Hole contrast, situation is summarized, generate the report analysis of correlation, related data is analyzed, realize solve leak to this trimming Amount, remaining unresolved leak amount, rectification progress percentage, unresolved leak grade/leak system classification/leak service class/ The Poisson distribution situation of situations such as leak application level carries out dynamic analysis.
The network safety managing method that the present embodiment provides, by obtaining the facility information of information technoloy equipment, knows from network security Know and cyberspace vulnerability corresponding to the facility information of information technoloy equipment is searched in storehouse, and network security management is carried out to information technoloy equipment, according to Cyberspace vulnerability generation network security report, and the contrast reported according to network security, the process of leak reparation is monitored in real time, Network security can also be reported and carry out automatic archiving.So as to more targetedly carry out cyberspace vulnerability scanning to information technoloy equipment And analysis, and then overall network security management system is formed, it is greatly improved business application system network safety prevention energy Power, additionally it is possible to improve the application degree of information technoloy equipment IT application in management.
Fig. 2 is the schematic flow sheet for the network safety managing method that the embodiment of the present invention two provides, as shown in Fig. 2 in reality On the basis of applying example one, described pacify from net in knowledge base searches cyberspace vulnerability corresponding to the facility information of the information technoloy equipment, Including:
201st, determine in each facility information, first facility information consistent with the facility information of the information technoloy equipment.
In the present embodiment, cyberspace vulnerability corresponding to the facility information of information technoloy equipment is searched in knowledge base is pacified from net When, it should find first facility information consistent with the facility information of information technoloy equipment to be checked in net peace knowledge base first.
202nd, pacify cyberspace vulnerability corresponding to searching first facility information in knowledge base from net, set as the IT Cyberspace vulnerability corresponding to standby facility information.
In actual applications, if operating system, database, the type and version of middleware that information technoloy equipment to be checked is installed When this is with the operating system in certain facility information in net peace knowledge base, database, the type of middleware and consistent version, by net Cyberspace vulnerability corresponding to the facility information is defined as network peace corresponding to the facility information of the device object in peace knowledge base Full leak.Therefore from net peace knowledge base find first facility information consistent with the facility information of information technoloy equipment to be checked it Afterwards, you can pacify from net in knowledge base and search cyberspace vulnerability corresponding to the first facility information, and the first equipment that will be found Cyberspace vulnerability corresponding to information is as cyberspace vulnerability corresponding to the facility information of information technoloy equipment to be checked, so as to be formed Overall network security management system.
The network safety managing method that the present embodiment provides, if the operating system installed by information technoloy equipment to be checked, Database, the type of middleware and version and operating system, database, the type of middleware and the version phase one of net peace knowledge base During cause, all relevant operation system cyberspace vulnerabilities are associated with the device object, overall network security pipe can be formed Reason system, the maintenance system effectively checked outside scope whether there is undiscovered Network Security Vulnerabilities.
Fig. 3 is the schematic flow sheet for the network safety managing method that the embodiment of the present invention three provides, as shown in figure 3, in reality On the basis of applying example one, this method also includes:
301st, the information inquiring request of user is received, described information inquiry request includes the mark of information technoloy equipment to be checked.
In actual applications, user can be inquired about the information of information technoloy equipment, when detect user need inquire about be During the essential information of information technoloy equipment, i.e., information inquiring request is identified to obtain including information technoloy equipment to be checked according to what is received, by user Need to inquire about is that the essential information of information technoloy equipment is presented to user, wherein, the form for showing essential information can be by User Defined.
302nd, verify whether the user is authorized user, if so, then obtaining net corresponding to the information technoloy equipment to be checked Network security breaches are simultaneously returned to the user, otherwise, refusal inquiry response are returned to the user.
In actual applications, if detect user need inquire about be the details of information technoloy equipment when, for example, user inquire about During the cyberspace vulnerability of certain information technoloy equipment, then need to verify the identity of user, if authenticating to the user to have authorized use Family, i.e., the details of information technoloy equipment to be checked are showed into user, if it is unauthorized user to authenticate to the user, refusal is originally Secondary request.Wherein, the details of information technoloy equipment include cyberspace vulnerability corresponding to information technoloy equipment to be checked, information technoloy equipment to be checked The maintenance information etc. of assets information, information technoloy equipment to be checked.
The network safety managing method that the present embodiment provides, by receiving the information inquiring request of user, detection user needs The levels of information of information technoloy equipment is inquired about, and after being verified to user identity, the various information of information technoloy equipment is shown to user, will Information technoloy equipment is connected with network security association, so as to more targetedly carry out cyberspace vulnerability scanning to information technoloy equipment and divide Analysis, and then overall network security management system is formed, it is greatly improved business application system network safety prevention ability.
Fig. 4 is the schematic flow sheet for the network safety managing method that the embodiment of the present invention four provides, as shown in figure 4, in reality On the basis of applying example three, described information inquiry request also includes the identity information of the user;Whether the checking user For authorized user, including:
401st, the identity information of the user and the identity information of authorized user are contrasted.
In actual applications, when detect user need inquire about be the details of information technoloy equipment when, then need to user's Identity verified, the identity information of authorized user is summarized, and the identity information of the user and use will have been authorized The identity information at family is contrasted.
If the 402, the identity information of the user is consistent with the identity information of any authorized user, the user is judged For authorized user, otherwise, it is determined that the user is unauthorized user.
In actual applications, after the identity information of the identity information of the user and authorized user is contrasted, if than Show that the identity information of user is consistent with a large amount of one of the identity informations of authorized user summarized to result, then can be determined that this User is authorized user, and the details of information technoloy equipment are shown to the user.If comparison result shows the body of authorized user When not including the information of the user in part information, then the user is judged for unauthorized user, then refuse to show that IT is set to the user Standby details.
The network safety managing method that the present embodiment provides, inquiry IT is set by the identity information according to authorized user The information of standby user is verified, to protect the network security of information technoloy equipment to be made that guarantee.
Fig. 5 is the schematic flow sheet for the network safety managing method that the embodiment of the present invention five provides, as shown in figure 5, in reality On the basis of applying example one to any one of example IV, the facility information for obtaining information technoloy equipment, including:
501st, by scanning the Quick Response Code of the information technoloy equipment, the device identification of the information technoloy equipment is obtained.
In the present embodiment, existing facility information, length limitation is typically due to, a small amount of information can only be showed, and believe Cease content and read and lack security, and the Asset Tag pattern of different assets ownership unit use and label show content shortage Uniformity and normalization.Therefore can be encoded using QR Code, generation includes the two-dimension code label of information technoloy equipment information.When with When family need to be inquired about the information of a certain information technoloy equipment, the Quick Response Code of information technoloy equipment information can be included by scanning, described in acquisition The device identification of information technoloy equipment.
502nd, the facility information of the information technoloy equipment is found out in slave unit information bank, the facility information stock, which contains, respectively to be set Facility information corresponding to standby mark, the facility information of the information technoloy equipment is equipment letter corresponding to the device identification of the information technoloy equipment Breath.
In the present embodiment, after the device identification of information technoloy equipment is got, can respectively be set from being stored with of establishing in advance The facility information of the information technoloy equipment, the facility information of the information technoloy equipment are found out in the facility information storehouse of facility information corresponding to standby mark For facility information corresponding to the device identification of information technoloy equipment.
The network safety managing method that the present embodiment provides, is encoded by using QR Code, and generation includes information technoloy equipment The two-dimension code label of information, assets information data are become perfect and effective.
Fig. 6 is the structural representation for the network security management device that the embodiment of the present invention six provides, as shown in fig. 6, the dress Put including:
Acquisition module 61, for obtaining the facility information of information technoloy equipment, the facility information includes operation system information, data Storehouse information or middleware information;
Searching modul 62, network security leakage corresponding to the facility information of the information technoloy equipment is searched in knowledge base for pacifying from net Hole, the net, which is pacified in knowledge base, is stored with cyberspace vulnerability corresponding to each facility information;
Management module 63, for cyberspace vulnerability corresponding to the facility information according to the information technoloy equipment, the IT is set It is standby to carry out network security management.
In practical application, the information technoloy equipment for being usually directed to network security is directed primarily to operation system information, such as commonly use Windows, Linux, Solaris, Unix, AIX, Android etc., database information, such as conventional Oracle, Sybase, Mysql, Sql Server, DB2, Informix etc., middleware information, for example, commonly used Apache, Tomcat, Resin, Several aspects such as Nigix, WebSphere, WebLogic, Jboss, therefore when being managed to network security, it should obtain first The facility information of information technoloy equipment, the facility information include but is not limited to operation system information, database information and middleware information The facility information of information technoloy equipment.Acquisition module 61 is got including operation system information, database information or middleware information After the facility information of information technoloy equipment, searching modul 62 can pacify from net searches net corresponding with the facility information of information technoloy equipment in knowledge base Network security breaches and device-dependent security breaches problem list, wherein, net peace knowledge base is to be based on authority network safety net The vulnerability information provided is provided and the local personalized net that is related to leak type and scope withs reference to existing information technoloy equipment and generates pacifies knowledge Storehouse, net, which is pacified in knowledge base, is stored with overall network security breaches corresponding to the facility information of current information technoloy equipment.Set when getting IT After cyberspace vulnerability corresponding to standby facility information, management module 63 is to net corresponding to the facility information of the information technoloy equipment got Network security breaches are analyzed, according to Type division, and statistical correlation data, such as:Main frame class risk class distribution situation is (non- It is often dangerous/than relatively hazardous/relatively safety/very safe), leak risk distribution situation (high-risk leak/middle danger leak/low danger leakage Hole), leak kind of risk situation (system service leak/application leak/system itself leak/leak discovery time etc.), Weak passwurd distribution situation counts.Cyberspace vulnerability corresponding to the facility information of above-mentioned information technoloy equipment is summarized, and according to it Associated services system importance and priority in time send the high-risk vulnerability information of equipment extremely in a manner of SMS or mail Specific attendant, attendant carry out network security management to information technoloy equipment.
As a kind of enforceable mode, on the basis of embodiment six, described device can also include network security and leak Hole detection module, the all-network security breaches for that will get generate cyberspace vulnerability list;Periodically to information technoloy equipment Cyberspace vulnerability is scanned, and generates the cyberspace vulnerability list of different times;To the cyberspace vulnerability of different times List is compared, to determine whether information technoloy equipment has new cyberspace vulnerability.
In the present embodiment, can be certainly after cyberspace vulnerability corresponding to the facility information of information technoloy equipment is got The all-network security breaches generation cyberspace vulnerability list that dynamic basis is got.Because net peace knowledge base is to be based on authoritative net The vulnerability information of network security website offer is simultaneously related to leak type and scope with reference to existing information technoloy equipment and generated and be local personalized Net peace knowledge base, so, the cyberspace vulnerability stored in net peace knowledge base is also with all information technoloy equipments updated with current official website Device network security breaches carry out real-time update corresponding to respectively.Therefore periodically the cyberspace vulnerability of information technoloy equipment can be swept Retouch, generate the cyberspace vulnerability list of different times, and be compared, to determine whether information technoloy equipment has new network to pacify Full leak.
Further, on the basis of embodiment six, described device can also include network security assessment module, for The net safety construction equipment of tripartite's specialty realizes net safety construction and the assessment to information technoloy equipment, according to scanning and assessment result Automatic generating network security evaluation report;Compare for network security assessment report of the different time points to same device object Pair and rectification data analysis;By the network security modification report of the information technoloy equipment after rectification and the network security assessment report of information technoloy equipment Announcement is contrasted, summarized, to understand the progress and effect that attendant rectifies and improves to the cyberspace vulnerability of the information technoloy equipment;According to whole The contrast of body drain hole, situation is summarized, generate the report analysis of correlation, related data is analyzed.
Specifically, the net safety construction to information technoloy equipment can be realized according to the net safety construction equipment of third party's specialty And assessment, according to scanning and assessment result automatic generating network security evaluation report and it can report progress certainly network security assessment Dynamic filing, meanwhile, network security assessment report of the different time points to same device object can be directed to and be compared and rectify and improve Data analysis, wherein, rectification data analysis specifically includes rectification schedule, does not rectify and improve leak quantity and other dependency numbers Analyze according to statistics.Audited specifically, can be reported according to the network security assessment of the information technoloy equipment automatically generated, successively to IT The cyberspace vulnerability of equipment is rectified and improved, specifically, the technological means rectified and improved to cyberspace vulnerability of generally use It is the service of closing or port, upgrade-system version, upgrades software patch, change configuration parameter, change network security policy, be The bug code of hidden danger is optimized and revised, rectifies and improves weak passwurd and had to system account operation authority.For the high-risk network of remote operation class Potential safety hazard takes the long-range execute instruction of limitation, prevents remote information leakage, prevents long-range refusal service, limitation teledata from repairing The workaround such as change.Accordingly, judge whether leak problem has solved, whether generally use checking hidden danger service or port close Close, system or whether Software Edition updates, whether system strategy and authority set and rationally effectively refuse useless account, application Code avoids the occurrence of the hidden danger situation such as SQL injection and cross site scripting execution, system and meets cryptosecurity rule using login password Then, corresponding verification tool may be selected as needed to test.If do not solved, need to indicate the unresolved leak Concrete reason and rectification during the abnormal conditions that find comb in order to historical analysis of the later stage for the problem;If inspection The cyberspace vulnerability is tested to solve by technical approach, then mark problem has solved in network security assessment report, And indicate solution method, confirm people, person approving, the data analysis for solving time and correlation, and according to rectification result generation net The safe modification report of network.The network security assessment of the network security modification report of information technoloy equipment after rectification and information technoloy equipment is reported Contrasted, summarized, to understand the progress and effect that attendant rectifies and improves to the cyberspace vulnerability of the information technoloy equipment, so as to realize Cyberspace vulnerability rectification problem corresponding to the facility information of information technoloy equipment is effectively tracked.Attendant can also be according to overall leakage Hole contrast, situation is summarized, generate the report analysis of correlation, related data is analyzed, realize solve leak to this trimming Amount, remaining unresolved leak amount, rectification progress percentage, unresolved leak grade/leak system classification/leak service class/ The Poisson distribution situation of situations such as leak application level carries out dynamic analysis.
The network security management device that the present embodiment provides, by obtaining the facility information of information technoloy equipment, pacify knowledge base from net Cyberspace vulnerability corresponding to the middle facility information for searching information technoloy equipment, and network security management is carried out to information technoloy equipment, according to network Security breaches generation network security report, and the contrast reported according to network security, monitor the process of leak reparation, may be used also in real time Network security is reported and carries out automatic archiving.So as to more targetedly carry out cyberspace vulnerability scanning to information technoloy equipment and divide Analysis, and then overall network security management system is formed, business application system network safety prevention ability is greatly improved, also The application degree of information technoloy equipment IT application in management can be improved.
Fig. 7 is the structural representation for the network security management device that the embodiment of the present invention seven provides, as shown in fig. 7, in reality On the basis of applying example six, the searching modul, including:
Determining unit 71, for determining in each facility information, consistent with the facility information of the information technoloy equipment first Facility information;
First searching unit 72, network security leakage corresponding to first facility information is searched in knowledge base for pacifying from net Hole, as cyberspace vulnerability corresponding to the facility information of the information technoloy equipment.
In the present embodiment, cyberspace vulnerability corresponding to the facility information of information technoloy equipment is searched in knowledge base is pacified from net When, it should find consistent with the facility information of information technoloy equipment to be checked the in net peace knowledge base by determining unit 71 first One facility information.If the type and version and net peace of the operating system that information technoloy equipment to be checked is installed, database, middleware are known , will be in net peace knowledge base when knowing operating system in storehouse in certain facility information, database, the type of middleware and consistent version Cyberspace vulnerability corresponding to the facility information is defined as cyberspace vulnerability corresponding to the facility information of the device object.Therefore After net peace knowledge base finds first facility information consistent with the facility information of information technoloy equipment to be checked, you can pacify from net Search cyberspace vulnerability corresponding to the first facility information in knowledge base, and by network corresponding to the first facility information found Security breaches are as cyberspace vulnerability corresponding to the facility information of information technoloy equipment to be checked, so as to form overall network security Management system.
The network security management device that the present embodiment provides, if the operating system installed by information technoloy equipment to be checked, Database, the type of middleware and version and operating system, database, the type of middleware and the version phase one of net peace knowledge base During cause, all relevant operation system cyberspace vulnerabilities are associated with the device object, overall network security pipe can be formed Reason system, the maintenance system effectively checked outside scope whether there is undiscovered Network Security Vulnerabilities.
Fig. 8 is the structural representation for the network security management device that the embodiment of the present invention eight provides, as shown in figure 8, in reality On the basis of applying example six, the device also includes:
Receiving module 81, for receiving the information inquiring request of user, described information inquiry request is set including IT to be checked Standby mark;
Authentication module 82, for verifying whether the user is authorized user, set if so, then obtaining the IT to be checked Standby corresponding cyberspace vulnerability is simultaneously returned to the user, otherwise, refusal inquiry response is returned to the user.
In actual applications, user can be inquired about the information of information technoloy equipment, when detect user need inquire about be During the essential information of information technoloy equipment, i.e., information inquiring request is identified to obtain including information technoloy equipment to be checked according to what is received, by user Need to inquire about is that the essential information of information technoloy equipment is presented to user, wherein, the form for showing essential information can be by User Defined. If detect user need inquire about be the details of information technoloy equipment when, for example, user inquire about certain information technoloy equipment network security leakage During hole, then need to verify the identity of user, if authenticating to the user as authorized user, i.e., by information technoloy equipment to be checked Details show user, if it is unauthorized user to authenticate to the user, refuse this request.Wherein, information technoloy equipment Details are set including cyberspace vulnerability, the assets information of information technoloy equipment to be checked, IT to be checked corresponding to information technoloy equipment to be checked Standby maintenance information etc..
The network security management device that the present embodiment provides, by receiving the information inquiring request of user, detection user needs The levels of information of information technoloy equipment is inquired about, and after being verified to user identity, the various information of information technoloy equipment is shown to user, will Information technoloy equipment is connected with network security association, so as to more targetedly carry out cyberspace vulnerability scanning to information technoloy equipment and divide Analysis, and then overall network security management system is formed, it is greatly improved business application system network safety prevention ability.
Fig. 9 is the structural representation for the network security management device that the embodiment of the present invention nine provides, as shown in figure 9, in reality On the basis of applying example nine, described information inquiry request also includes the identity information of the user;The authentication module, including:
Comparison unit 91, for the identity information of the user and the identity information of authorized user to be contrasted;
Identifying unit 92, if the identity information for the user is consistent with the identity information of any authorized user, The user is judged for authorized user, otherwise, it is determined that the user is unauthorized user.
In actual applications, when detect user need inquire about be the details of information technoloy equipment when, then need to user's Identity verified, the identity information of authorized user is summarized, and by comparison unit 91 by the identity of the user Information and the identity information of authorized user are contrasted.The identity information of the user and the identity information of authorized user are entered After row contrast, if comparison result show the identity information of user and a large amount of identity informations of authorized user summarized one by one Cause, then identifying unit 92 can be determined that the user as authorized user, and the details of information technoloy equipment are shown to the user.If than When the information for not including the user in the identity information of authorized user is shown to result, then judge that the user uses for unauthorized Family, then refuse to show the details of information technoloy equipment to the user.
The network security management device that the present embodiment provides, inquiry IT is set by the identity information according to authorized user The information of standby user is verified, to protect the network security of information technoloy equipment to be made that guarantee.
Figure 10 is the structural representation for the network security management device that the embodiment of the present invention ten provides, as shown in Figure 10, On the basis of embodiment six to any one of embodiment nine, the acquisition module, including:
Scanning element 11, for the Quick Response Code by scanning the information technoloy equipment, obtain the device identification of the information technoloy equipment;
Second searching unit 12, for finding out the facility information of the information technoloy equipment, the equipment in slave unit information bank Information bank is stored with facility information corresponding to each device identification, and the facility information of the information technoloy equipment is the equipment mark of the information technoloy equipment Facility information corresponding to knowledge.
In the present embodiment, existing facility information, length limitation is typically due to, a small amount of information can only be showed, and believe Cease content and read and lack security, and the Asset Tag pattern of different assets ownership unit use and label show content shortage Uniformity and normalization.Therefore can be encoded using QR Code, generation includes the two-dimension code label of information technoloy equipment information.When with When family need to be inquired about the information of a certain information technoloy equipment, the two dimension for including information technoloy equipment information can be scanned by scanning element 11 Code, obtains the device identification of the information technoloy equipment.After the device identification of information technoloy equipment is got, the second searching unit 12 can be engaged in That first establishes is stored with the facility information that the information technoloy equipment is found out in the facility information storehouse of facility information corresponding to each device identification, The facility information of the information technoloy equipment is facility information corresponding to the device identification of information technoloy equipment.
The network security management device that the present embodiment provides, is encoded by using QR Code, and generation includes information technoloy equipment The two-dimension code label of information, assets information data are become perfect and effective.
It is apparent to those skilled in the art that for convenience and simplicity of description, the device of foregoing description Specific work process, may be referred to the corresponding process in preceding method embodiment, will not be repeated here.
One of ordinary skill in the art will appreciate that:Realizing all or part of step of above-mentioned each method embodiment can lead to The related hardware of programmed instruction is crossed to complete.Foregoing program can be stored in a computer read/write memory medium.The journey Sequence upon execution, execution the step of including above-mentioned each method embodiment;And foregoing storage medium includes:ROM, RAM, magnetic disc or Person's CD etc. is various can be with the medium of store program codes.
Finally it should be noted that:Various embodiments above is merely illustrative of the technical solution of the present invention, rather than its limitations;To the greatest extent The present invention is described in detail with reference to foregoing embodiments for pipe, it will be understood by those within the art that:Its according to The technical scheme described in foregoing embodiments can so be modified, either which part or all technical characteristic are entered Row equivalent substitution;And these modifications or replacement, the essence of appropriate technical solution is departed from various embodiments of the present invention technology The scope of scheme.

Claims (10)

  1. A kind of 1. network safety managing method, it is characterised in that including:
    The facility information of information technoloy equipment is obtained, the facility information includes operation system information, database information or middleware letter Breath;
    Pacify from net and cyberspace vulnerability corresponding to the facility information of the information technoloy equipment is searched in knowledge base, in the net peace knowledge base It is stored with cyberspace vulnerability corresponding to each facility information;
    According to cyberspace vulnerability corresponding to the facility information of the information technoloy equipment, network security management is carried out to the information technoloy equipment.
  2. 2. network safety managing method according to claim 1, it is characterised in that described pacify from net in knowledge base searches institute Cyberspace vulnerability corresponding to the facility information of information technoloy equipment is stated, including:
    Determine in each facility information, first facility information consistent with the facility information of the information technoloy equipment;
    Pacify from net in knowledge base and search cyberspace vulnerability corresponding to first facility information, the equipment as the information technoloy equipment Cyberspace vulnerability corresponding to information.
  3. 3. network safety managing method according to claim 1, it is characterised in that methods described also includes:
    The information inquiring request of user is received, described information inquiry request includes the mark of information technoloy equipment to be checked;
    Verify whether the user is authorized user, leaked if so, then obtaining network security corresponding to the information technoloy equipment to be checked Hole is simultaneously returned to the user, otherwise, refusal inquiry response is returned to the user.
  4. 4. network safety managing method according to claim 3, it is characterised in that described information inquiry request also includes institute State the identity information of user;Whether the checking user is authorized user, including:
    The identity information of the user and the identity information of authorized user are contrasted;
    If the identity information of the user is consistent with the identity information of any authorized user, the user is judged to have authorized User, otherwise, it is determined that the user is unauthorized user.
  5. 5. according to the network safety managing method any one of claim 1-4, it is characterised in that the acquisition information technoloy equipment Facility information, including:
    By scanning the Quick Response Code of the information technoloy equipment, the device identification of the information technoloy equipment is obtained;
    The facility information of the information technoloy equipment is found out in slave unit information bank, the facility information stock contains each device identification pair The facility information answered, the facility information of the information technoloy equipment is facility information corresponding to the device identification of the information technoloy equipment.
  6. A kind of 6. network security management device, it is characterised in that including:
    Acquisition module, for obtaining the facility information of information technoloy equipment, the facility information includes operation system information, database information Or middleware information;
    Searching modul, cyberspace vulnerability corresponding to the facility information of the information technoloy equipment, institute are searched for pacifying from net in knowledge base State in net peace knowledge base and be stored with cyberspace vulnerability corresponding to each facility information;
    Management module, for cyberspace vulnerability corresponding to the facility information according to the information technoloy equipment, the information technoloy equipment is carried out Network security management.
  7. 7. network security management device according to claim 6, it is characterised in that the searching modul, including:
    Determining unit, for determining in each facility information, first equipment consistent with the facility information of information technoloy equipment letter Breath;
    First searching unit, cyberspace vulnerability corresponding to first facility information is searched for pacifying from net in knowledge base, is made For cyberspace vulnerability corresponding to the facility information of the information technoloy equipment.
  8. 8. network security management device according to claim 6, it is characterised in that described device also includes:
    Receiving module, for receiving the information inquiring request of user, described information inquiry request includes the mark of information technoloy equipment to be checked Know;
    Authentication module, for verifying whether the user is authorized user, if so, it is corresponding then to obtain the information technoloy equipment to be checked Cyberspace vulnerability and be returned to the user, otherwise, to the user return refusal inquiry response.
  9. 9. network security management device according to claim 8, it is characterised in that described information inquiry request also includes institute State the identity information of user;The authentication module, including:
    Comparison unit, for the identity information of the user and the identity information of authorized user to be contrasted;
    Determination module, if the identity information for the user is consistent with the identity information of any authorized user, judge institute User is stated as authorized user, otherwise, it is determined that the user is unauthorized user.
  10. 10. the network security management device according to any one of claim 6-9, it is characterised in that the acquisition module, Including:
    Scanning element, for the Quick Response Code by scanning the information technoloy equipment, obtain the device identification of the information technoloy equipment;
    Second searching unit, for finding out the facility information of the information technoloy equipment, the facility information storehouse in slave unit information bank Facility information corresponding to each device identification is stored with, the facility information of the information technoloy equipment is corresponding for the device identification of the information technoloy equipment Facility information.
CN201710600774.1A 2017-07-21 2017-07-21 Network safety managing method and device Pending CN107483410A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710600774.1A CN107483410A (en) 2017-07-21 2017-07-21 Network safety managing method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710600774.1A CN107483410A (en) 2017-07-21 2017-07-21 Network safety managing method and device

Publications (1)

Publication Number Publication Date
CN107483410A true CN107483410A (en) 2017-12-15

Family

ID=60596222

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710600774.1A Pending CN107483410A (en) 2017-07-21 2017-07-21 Network safety managing method and device

Country Status (1)

Country Link
CN (1) CN107483410A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110535859A (en) * 2019-08-29 2019-12-03 北京知道创宇信息技术股份有限公司 Network security emergency capability determines method, apparatus and electronic equipment
CN112491874A (en) * 2020-11-26 2021-03-12 杭州安恒信息技术股份有限公司 Network asset management method and device and related equipment
CN112511520A (en) * 2020-11-23 2021-03-16 国网山东省电力公司电力科学研究院 Network security management system and method for power industry
CN113114647A (en) * 2021-04-01 2021-07-13 海尔数字科技(青岛)有限公司 Network security risk detection method and device, electronic equipment and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102156827A (en) * 2011-01-14 2011-08-17 无锡市同威科技有限公司 Remote bug high-speed scanning host computer and method based on field programmable gate array (FPGA)
CN104077531A (en) * 2014-06-05 2014-10-01 中标软件有限公司 Open vulnerability assessment language based system vulnerability assessment method, device and system
CN104125197A (en) * 2013-04-24 2014-10-29 阿里巴巴集团控股有限公司 Security baseline system and method thereof for implementing security checks
CN105142150A (en) * 2015-08-28 2015-12-09 广东电网有限责任公司信息中心 Wireless device loophole scanning method and system based on BS mode
CN105681303A (en) * 2016-01-15 2016-06-15 中国科学院计算机网络信息中心 Big data driven network security situation monitoring and visualization method

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102156827A (en) * 2011-01-14 2011-08-17 无锡市同威科技有限公司 Remote bug high-speed scanning host computer and method based on field programmable gate array (FPGA)
CN104125197A (en) * 2013-04-24 2014-10-29 阿里巴巴集团控股有限公司 Security baseline system and method thereof for implementing security checks
CN104077531A (en) * 2014-06-05 2014-10-01 中标软件有限公司 Open vulnerability assessment language based system vulnerability assessment method, device and system
CN105142150A (en) * 2015-08-28 2015-12-09 广东电网有限责任公司信息中心 Wireless device loophole scanning method and system based on BS mode
CN105681303A (en) * 2016-01-15 2016-06-15 中国科学院计算机网络信息中心 Big data driven network security situation monitoring and visualization method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
孙力行: ""网络安全漏洞分析知识库系统的设计与实现"", 《中国知网》 *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110535859A (en) * 2019-08-29 2019-12-03 北京知道创宇信息技术股份有限公司 Network security emergency capability determines method, apparatus and electronic equipment
CN110535859B (en) * 2019-08-29 2021-12-14 北京知道创宇信息技术股份有限公司 Network security emergency capacity determining method and device and electronic equipment
CN112511520A (en) * 2020-11-23 2021-03-16 国网山东省电力公司电力科学研究院 Network security management system and method for power industry
CN112491874A (en) * 2020-11-26 2021-03-12 杭州安恒信息技术股份有限公司 Network asset management method and device and related equipment
CN113114647A (en) * 2021-04-01 2021-07-13 海尔数字科技(青岛)有限公司 Network security risk detection method and device, electronic equipment and storage medium

Similar Documents

Publication Publication Date Title
CN107483410A (en) Network safety managing method and device
CN112632575A (en) Authority management method and device of business system, computer equipment and storage medium
CN112766517B (en) Monitoring and early warning method for electric power operation and maintenance network security
CN104811428A (en) Method, device and system for verifying client identity by social relation data
CN108989150A (en) A kind of login method for detecting abnormality and device
CN110011848B (en) Mobile operation and maintenance auditing system
EP2816760B1 (en) A method, a server and a client providing secured communication in a power distribution communication network
CN107154919B (en) Safe login method and device
Markov et al. Evolution of a radio telecommunication hardware-software certification paradigm in accordance with information security requirements
CN102663503A (en) Information security assessment method
CN110061987A (en) A kind of access control method and device of based role and trusted end-user
CN109684863B (en) Data leakage prevention method, device, equipment and storage medium
CN110740140A (en) network information security supervision system based on cloud platform
CN104573493A (en) Software protection method and system
CN106997435A (en) A kind of method of operating system security prevention and control, apparatus and system
CN116915515B (en) Access security control method and system for industrial control network
CN112422527A (en) Safety protection system, method and device of transformer substation electric power monitoring system
CN112163009A (en) User side data acquisition method and device, electronic equipment and storage medium
CN110445790A (en) A kind of account method for detecting abnormality logging in behavior based on user
CN113872959B (en) Method, device and equipment for judging risk asset level and dynamically degrading risk asset level
CN115982681A (en) Computer network identity verification system
CN115913756A (en) Network equipment vulnerability verification method based on known vulnerability entries
Guo et al. Enhance Enterprise Security through Implementing ISO/IEC 27001 Standard
JP2004015495A5 (en)
CN116910149B (en) File management system based on distributed database

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20171215