CN107689954A - Power information system monitoring method and device - Google Patents

Power information system monitoring method and device Download PDF

Info

Publication number
CN107689954A
CN107689954A CN201710721249.5A CN201710721249A CN107689954A CN 107689954 A CN107689954 A CN 107689954A CN 201710721249 A CN201710721249 A CN 201710721249A CN 107689954 A CN107689954 A CN 107689954A
Authority
CN
China
Prior art keywords
security
configuration information
security configuration
information
information system
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710721249.5A
Other languages
Chinese (zh)
Inventor
杨林慧
孙少华
李海龙
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Corp of China SGCC
State Grid Qinghai Electric Power Co Ltd
Information and Telecommunication Branch of State Grid Qinghai Electric Power Co Ltd
Original Assignee
State Grid Corp of China SGCC
State Grid Qinghai Electric Power Co Ltd
Information and Telecommunication Branch of State Grid Qinghai Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Corp of China SGCC, State Grid Qinghai Electric Power Co Ltd, Information and Telecommunication Branch of State Grid Qinghai Electric Power Co Ltd filed Critical State Grid Corp of China SGCC
Priority to CN201710721249.5A priority Critical patent/CN107689954A/en
Publication of CN107689954A publication Critical patent/CN107689954A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • H04L63/205Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention discloses a kind of power information system monitoring method and device.Wherein, this method includes:Obtain the security baseline requirement of target information system;The security configuration information of target information system is gathered, wherein, security configuration information includes at least one following:First security configuration information of the network equipment, the second security configuration information of safety means, the 3rd security configuration information of main frame, the 4th security configuration information of database, the 5th security configuration information of middleware, the 6th security configuration information of application system;According to security baseline requirement and security configuration information, the SAR of target information system is generated.The present invention solves and causes the not high technical problem of security without the platform being monitored for power information system in the prior art.

Description

Power information system monitoring method and device
Technical field
The present invention relates to software technology field, in particular to a kind of power information system monitoring method and device.
Background technology
Security baseline is that the minimum safe of an information system ensures, i.e., the safety that information system basic need meets will Ask.Information system security is generally required to pay in safety and is balanced between cost and the security risk that can be born, and is pacified Full baseline is the rational line of demarcation of this balance.
With the all-round popularization of informatization, electric power information O&M degree is improved constantly, and information system is pacified Full protection demand increasingly strengthens.It is bright meanwhile country has formulated the basic demand of information system hierarchical protection and relevant criterion and specification The information security strategy target in China is really defined, and hierarchical protection is confirmed as by national information peace by the form of official document Full primary institution and basic method, hierarchical protection are not only detection, assessment and deciding grade and level to safety information product or system, More importantly surround a basic work of security assurance information overall process.By by hierarchical method and security system side Method effectively combines, and designs a set of hierarchical Information Security System, forms the software production that security baseline closes rule management system Product, be suitable system solve a very effective method of large organization information security issue.
Cause security not high without for the platform that power information system is monitored in the prior art for above-mentioned Problem, effective solution is not yet proposed at present.
The content of the invention
The embodiments of the invention provide a kind of power information system monitoring method and device, at least to solve in the prior art The not high technical problem of security is not caused for the platform that power information system is monitored.
One side according to embodiments of the present invention, there is provided a kind of power information system monitoring method, including:Obtain mesh Mark the security baseline requirement of information system;The security configuration information of target information system is gathered, wherein, security configuration information includes It is at least one following:First security configuration information of the network equipment, the second security configuration information of safety means, the 3rd of main frame the Security configuration information, the 4th security configuration information of database, the 5th security configuration information of middleware, the 6th of application system the Security configuration information;According to security baseline requirement and security configuration information, the SAR of target information system is generated.
Another aspect according to embodiments of the present invention, a kind of power information system supervising device is additionally provided, including:Obtain Module, for obtaining the security baseline requirement of target information system;Acquisition module, the safety for gathering target information system are matched somebody with somebody Confidence ceases, wherein, security configuration information includes at least one following:First security configuration information of the network equipment, safety means The second security configuration information, the 3rd security configuration information of main frame, the 4th security configuration information of database, the of middleware Five security configuration informations, the 6th security configuration information of application system;Generation module, for according to security baseline requirement and safety Configuration information, generate the SAR of target information system.
In embodiments of the present invention, by obtaining the security baseline requirement of target information system;Gather target information system Security configuration information, wherein, security configuration information includes at least one following:First security configuration information of the network equipment, Second security configuration information of safety means, the 3rd security configuration information of main frame, the 4th security configuration information of database, in Between part the 5th security configuration information, the 6th security configuration information of application system;According to security baseline requirement and security configuration Information, the SAR of target information system is generated, reached automatic monitoring information system security configuration information and basis The purpose of the security configuration information generation SAR monitored, it is achieved thereby that improving power information system monitoring efficiency Technique effect, and then solve and cause security not without the platform being monitored for power information system in the prior art High technical problem.
Brief description of the drawings
Accompanying drawing described herein is used for providing a further understanding of the present invention, forms the part of the application, this hair Bright schematic description and description is used to explain the present invention, does not form inappropriate limitation of the present invention.In the accompanying drawings:
Fig. 1 is a kind of power information system monitoring method flow chart according to embodiments of the present invention;
Fig. 2 is a kind of optional power information system monitoring method flow chart according to embodiments of the present invention;
Fig. 3 is a kind of power information system monitoring system schematic diagram according to embodiments of the present invention;
Fig. 4 is that reason system schematic is regulated in a kind of security baseline conjunction according to embodiments of the present invention;And
Fig. 5 is a kind of power information system supervising device schematic diagram according to embodiments of the present invention.
Embodiment
In order that those skilled in the art more fully understand the present invention program, below in conjunction with the embodiment of the present invention Accompanying drawing, the technical scheme in the embodiment of the present invention is clearly and completely described, it is clear that described embodiment is only The embodiment of a part of the invention, rather than whole embodiments.Based on the embodiment in the present invention, ordinary skill people The every other embodiment that member is obtained under the premise of creative work is not made, it should all belong to the model that the present invention protects Enclose.
It should be noted that term " first " in description and claims of this specification and above-mentioned accompanying drawing, " Two " etc. be for distinguishing similar object, without for describing specific order or precedence.It should be appreciated that so use Data can exchange in the appropriate case, so as to embodiments of the invention described herein can with except illustrating herein or Order beyond those of description is implemented.In addition, term " comprising " and " having " and their any deformation, it is intended that cover Cover it is non-exclusive include, be not necessarily limited to for example, containing the process of series of steps or unit, method, system, product or equipment Those steps or unit clearly listed, but may include not list clearly or for these processes, method, product Or the intrinsic other steps of equipment or unit.
Embodiment 1
According to embodiments of the present invention, there is provided a kind of power information system monitoring method embodiment, it is necessary to explanation, The step of flow of accompanying drawing illustrates can perform in the computer system of such as one group computer executable instructions, also, , in some cases, can be with different from shown in order execution herein although showing logical order in flow charts The step of going out or describing.
Fig. 1 is a kind of power information system monitoring method flow chart according to embodiments of the present invention, as shown in figure 1, the party Method comprises the following steps:
Step S102, obtain the security baseline requirement of target information system.
As a kind of optional embodiment, above-mentioned target information system can be power information system, above-mentioned security baseline It is required that can be the minimum security requirement of information system security protection, namely the safety requirements must being fulfilled for.
Alternatively, when above-mentioned security baseline requirement can be required with presetting according to the current security protection of target information system Between established based on the security event data of the target information system in section.
Step S104, the security configuration information of target information system is gathered, wherein, security configuration information is included as follows at least One of:First security configuration information of the network equipment, the second security configuration information of safety means, the 3rd security configuration of main frame Information, the 4th security configuration information of database, the 5th security configuration information of middleware, the 6th security configuration of application system Information.
Specifically, in above-mentioned steps, in real time or timing detects the network equipment, safety means, main frame, database, centre The security configuration of six big class object of part and application system, analyzed by online acquisition and automatic chemical combination rule, realize security configuration On-line monitoring, the basic data provided for Information Security Construction.Basic data is the non-traffic data needed for system-based function, Mainly include rights management data, systematic parameter configuration data etc..Wherein, rights management data can include user profile, account Number information, agency information, authority information etc., what systematic parameter configuration data can include system operational parameters match somebody with somebody confidence Breath, system log message, system Self management information etc., they are stored with database or file mode.
It should be noted that the dynamic data source of rule management system is closed in base-line data collection as security baseline, quilt is completed Concentration, active collection and the pretreatment of supervised entities' layer data;Acquisition target includes host computer system, Database Systems, network and set Standby, safety means, middleware, application system etc., gathered data type include status information, performance information and configuration information.And The security factor data interacted with external systems such as IMS, Anti-Virus, hole scanners.
Step S106, according to security baseline requirement and security configuration information, generate the safety analysis report of target information system Accuse.
Specifically, in above-mentioned steps, after the security configuration information of collection target information system, with the target information system The security baseline of system requires contrast, and according to comparing result, generates the SAR of the target information system.
As a kind of optional embodiment, while the security configuration information of target information system is gathered, can combine The information such as the computer room of the target information system, management system, according to security baseline requirement and security configuration information, generation target letter The SAR of breath system.
As an alternative embodiment, according to security baseline requirement and security configuration information, target information is generated Before the SAR of system, the above method also includes:Show the security configuration letter of the target information system collected Breath.It is alternatively possible to the security configuration information of the target information system collected is shown from business system perspective.
It should be noted that business datum includes resources-type data, baseline management class data, security management and control class data, peace Full monitoring class data, safety close rule class data, the major class of statistical analysis class data six.
Wherein, resources-type data are the bases that security baseline closes rule each service implementation of management system, including from automatic hair Existing data, pass through the data of manual maintenance, the data obtained by external system.Resources-type data are according to resource object types It is divided into host resource, database resource, network equipment resource, safety means resource, middleware resource, application system resource, thing Manage machine room resource, security system resource, Security Officer's resource etc..
Safety standard class data are that security baseline closes the guidance data for advising each service implementation of management system, including baseline library Data, security knowledge base data.Baseline library data refer to security baseline standard and baseline index collection technical tactic, the safety of landing Close rule decision technology strategy and corresponding safety recommendation;Security knowledge base data refer to the country such as hierarchical protection, risk assessment and public affairs Take charge of every security system, the codes and standards issued.
Security management and control class data are that security baseline closes the business datum for advising management system security management and control class business, including safety Issue management data, risk management data, safety examination data and advertisement data, to every trouble free service flow carry out record and Safeguard.
Safety monitoring class data are that security baseline closes the business datum for advising management system safety monitoring class business, including safety Alarm data, security event data, safety supervise and examine data, security breaches data, penetration testing data etc., reflect each business in real time The safe condition of system, also provide safety monitoring basic data for upper strata statistical analysis.
It is that security baseline closes the business datum that rule management system closes safely rule class business, including grade that safety, which closes rule class data, Data, risk assessment data, baseline assessment data etc. are protected, reflects the result that safety evaluation is carried out according to every safety standard, Safety, which is provided, for upper strata statistical analysis closes rule basic data.
Statistical data analysis closes the statistical data analysis of rule class data based on security management and control, safety monitoring, safety, is safety Baseline closes rule management system visual key data source, including association analysis data, report data, etc. guarantor close rule number of views According to, risk assessment viewdata, alarm view data, track problems viewdata, push achievement data etc..
From the foregoing, it will be observed that in the above embodiments of the present application, by obtaining target information system (for example, power information system) Security baseline requirement, and the security configuration information obtained with the real-time or periodic monitor target information system running is carried out Contrast, the SAR of the target information system is generated, reached automatic monitoring information system security configuration information and root According to the purpose of the security configuration information generation SAR monitored, it is achieved thereby that improving power information system monitoring effect The technique effect of rate, and then solve and cause security without the platform being monitored for power information system in the prior art Not high technical problem.
In a kind of optional embodiment, above-mentioned security baseline requires to include at least one following:Security configuration requirement, peace Total state requirement, security breaches requirement, wherein, security configuration includes:Operating system configuration, application system configuration, the network equipment Configuration and safety means configuration, safe condition require to include:Port status, process status, server state, network topology shape State, vital document change state, security breaches include:Loopholes of OS, database leak, application system leak and network are set Standby leak.
Specifically, in the above-described embodiments, security configuration can be the safety defect as caused by artificial carelessness, main bag Account number, password, mandate, daily record, IP communications etc. are included, reflects the fragility of system configuration;Safe condition can be by system O&M The safety defect of the improper initiation of personal management, mainly including system running state, network port state, process, audit etc., reflection System is presently in the safe condition of environment;Security breaches can be the safety defect triggered by the problem of system itself, main To include login leak, refusal service leak, buffer overflow, worm back door, fortuitous event disposal mistake etc., reflection system is certainly The Security Vulnerability of body.
In a kind of optional embodiment, as shown in Fig. 2 after the security configuration information of collection target information system, The above method can also include:
Step S202, the security configuration information of real-time monitoring objective information system;
Step S204, in the case where exception occurs for security configuration information, target letter is repaired by third party software instrument The security configuration information of breath system.
Specifically, in the above-described embodiments, (network equipment, safety means, master are included but is not limited to for different objects Machine, database, middleware and application system) security configuration information, can use different third party software instrument inspection or Repair its security configuration information.
Can be Electricity Information Network according to above-mentioned any one optional or preferred embodiment, above-mentioned target information system System.
As a kind of preferred embodiment, implemented based on the optional power information system monitoring method of above-mentioned any one Example, Fig. 3 is a kind of power information system monitoring system schematic diagram according to embodiments of the present invention, as shown in figure 3, the system bag Include:Security baseline closes scale block, the network equipment, safety means, main frame, database, middleware and application system.
Alternatively, above-mentioned power information system monitoring system can include following three kinds of users:System user, management user With security audit user, wherein, system user is responsible for the normal operation of platform, according to system security protection Life cycle safeguard The safety of various information system, the problem of each information system is present is found in time and is handled.With reference to platform operation information, peace is submitted Full construction plan, perform Security Construction work;It is the keeper that security baseline closes scale block to manage user, to system related information Be managed and configure, system mode is safeguarded, including user management, user role distribution, data backup restoration, Data import and export, and the maintenance of basic data, security baseline storehouse and criterion rule base;Security audit user is to system user Operation behavior, data access behavior carry out security audit.
It should be noted that it is software systems that security baseline, which closes scale block, carrier is server, and security baseline closes scale block Include application and database.
Following technique effect can be reached by above-described embodiment:
(1) security protection detection automation.
The automation collection of safety index is realized, strong technological means is provided for Risk of Information System management.From longitudinal direction Two aspects of (between each information system) and laterally (between constituent parts) carry out exhibition directly perceived in real time to information system security protective capacities It is existing, provide administration base for Information System Security Construction, problem rectification, work supervision, realize inter-system data interact close friendization, Information security work progress is changed online, safety supervision management automates, system O&M situation is intuitively changed.
(2) test and evaluation report is precisely and improving suggestions are specialized.
Based on unified security baseline storehouse and criterion is judged, realizes evaluating information system risk, hierarchical protection test and appraisal, baseline The accurate and objectivity of compliance report, with reference to evaluating result and safety prevention measure, there is provided specialized improving suggestions.
(3) it is horizontal to improve O&M.
Scale block is closed by security baseline, strengthens the specialized management of information security, lifts the intelligence of information system security state Energy analysis level, improves the control ability to information system security risk and potential safety hazard;Specification information system security O&M work Make flow, improve maintenance work efficiency;Information security events judgement and disposal ability are improved, reduces business interruption time, is improved Service quality.
(4) data sharing and accurate.
The effective mechanism and Technical Architecture of data sharing are established, realizes the longitudinally through and horizontal integrating of data, solves letter Cease the uniformity and integrity issue of data in system administration and operational management, constantly authority data quality management and control flow, lifting The accuracy of data.
(5) protecting information safety system is built.
Design information system overall safety protectiving scheme;Improve safety protection technique means;The safety management system of establishing and improve Degree, simultaneously perfect information security management processes and rules and regulations are designed, form protecting information safety system.According to the actual safety in three ground Demand and information security protective overall scheme, complete the buying and deployment of the hardware such as security infrastructure.Pass through information security wind Danger is assessed and hierarchical protection assessment approach, finds and rectifies and improves Information Security Risk, improves the robustness of information system.
Based on above-described embodiment, as a preferred embodiment, Fig. 4 is one kind safety according to embodiments of the present invention Baseline closes and regulates reason system schematic, as shown in figure 4, the security baseline, which closes rule management system, is divided into eight big functional modules, including Security postures view, security management and control, safety monitoring, safety close rule, asset management, baseline management, system administration and baseline acquisition. Security baseline closes the secure data collection that rule management system is completed safety monitoring object by baseline acquisition;Asset management, baseline pipe Reason and system administration complete the maintenance of system-based data;Security management and control, safety monitoring, safety close rule and complete safe operation state Monitoring and trouble free service flow management and control;Security postures view completes each side security postures data statistic analysis and displaying.
Security baseline close rule management system baseline acquisition to the network equipment, safety means, main frame, database, in Between on the basis of part, application system acquisition function, add third party's instrument acquisition interface, including IMS, Anti-Virus, leak are swept Retouch instrument, penetration testing instrument etc..The interaction of security baseline data or trouble free service state of progress is realized, is provided for upper layer application Comprehensive data are supported.
Safety monitoring is based on the function such as third party's instrument gathered data, addition vulnerability scanning, penetration testing, safety supervise and examine, Realize to system vulnerability, using the monitoring of leak, and the association analysis of monitoring result is provided, to find potential safety problem. Security management and control carries out safety problem disposition tracking by workflow management, so as to provide to safety problem management and control.Security postures View is newly-increased to provide service security view and track problems view, and the angle different from two carries out visualization exhibition to security postures It is existing.
Security baseline closes rule management system and mainly realized to IT Asset Allocations, leak, the collection of risk and automatic chemical combination rule, Potential safety hazard and risk existing for IT assets objects are found in time, there is provided improving suggestions.With reference to《Information system hierarchical protection is defined the level Guide》, system deciding grade and level is level two.Protecting information safety demand is as follows:
(1) interacted using https, it is ensured that the confidentiality of data transmission procedure, using user name+password+dynamically test The mode of card code prevents password violence from guessing solution;Automatic checking user password complexity, force user first log into must system repair Change initial challenge, prevent the presence of default password and weak passwurd;
(2) limiting uploading executable file, program, picture, code equivalent risk data, to ";、/、、‘、<、>" etc. it is special Character is filtered or changed, and prevents the malicious attacks such as SQL injection, cross site scripting.
(3) according to business demand and minimum right principle, different roles and authority are set, prevents secrecy or restricted data Unauthorized access.
(4) in sensitive data (such as password, key service system data) storing process, it is encrypted using encryption technology, Ensure data storage security.
(5) the security audit function of covering each user is provided, the user's login, user to application system are exited, operated Audited Deng safety significant incident, configure independent audit progress, ensure that audit can not be deleted, change or covered to record of the audit Record, safeguard the integrality of audit activities.
(6) the automatic schedule backup data of system, and storage is encrypted using encryption technology.
(7) security baseline compliance system is equipped with independent acquisition engine, only reads assets object configuration information, does not install and appoints What program and do not produce Stub File.
(8) to avoid influenceing other operation system normal operations, system provides scan period and threshold values setting function, user Can be according to own net bandwidth and operation system busy extent custom scan cycle and threshold values.
(9) source code test, performance test and safety test are carried out before online implementing, it is ensured that system safety and stability is reached the standard grade.
It should be noted that existing test technique automatic is confined to the methods of script command, log truncation, acquisition Information is not comprehensive, and specific aim is not strong, it is necessary to substantial amounts of later stage parsing work.Novel automatic detection technique, such as main frame need to be developed Based on operating system APT bottom calling technologies etc. in detection.And the above-mentioned each embodiment of the application, based on security baseline thought, With reference to《The security setup control message standards of ISO/IEC 27001》, research safety construction overall process, realize that power information system is pacified Full protection design, construction, O&M, assessment, emergency event disposal, the management and control of supervision overall process, build up the information peace for meeting PDCA Closed-loop management system, solves the workflow management of information security work shortage closed loop, safety problem has no data available, showed without what track can chase after Shape, realize the management and control of power information system security protection overall process, it is ensured that every safety management system is entered by way of technology Row management and control, while corresponding safety management standard is formulated for security baseline, realize information security closed loop from technology and management Management.
Embodiment 2
According to embodiments of the present invention, additionally provide a kind of for realizing power information system monitoring side in above-described embodiment 1 The device embodiment of method, Fig. 5 is a kind of power information system supervising device schematic diagram according to embodiments of the present invention, such as Fig. 5 institutes Show, the device includes:Acquisition module 501, acquisition module 503 and generation module 505.
Wherein, acquisition module 501, for obtaining the security baseline requirement of target information system;
Acquisition module 503, for gathering the security configuration information of target information system, wherein, security configuration information includes It is at least one following:First security configuration information of the network equipment, the second security configuration information of safety means, the 3rd of main frame the Security configuration information, the 4th security configuration information of database, the 5th security configuration information of middleware, the 6th of application system the Security configuration information;
Generation module 505, for according to security baseline requirement and security configuration information, generating the safety of target information system Analysis report.
Herein it should be noted that above-mentioned acquisition module 501, acquisition module 503 and generation module 505 correspond to embodiment Step S102 to S106 in 1, above-mentioned module is identical with example and application scenarios that corresponding step is realized, but is not limited to State the disclosure of that of embodiment 1.It should be noted that above-mentioned module can be in such as one group of calculating as a part of of device Performed in the computer system of machine executable instruction.
From the foregoing, it will be observed that in the above embodiments of the present application, target information system is obtained (for example, electricity by acquisition module 501 Force information system) security baseline requirement, and by acquisition module 503 in real time or the periodic monitor target information system was run The security configuration information that journey obtains, security baseline requirement and the security configuration information collected are carried out by generation module 505 Contrast, the SAR of the target information system is generated, reached automatic monitoring information system security configuration information and root According to the purpose of the security configuration information generation SAR monitored, it is achieved thereby that improving power information system monitoring effect The technique effect of rate, and then solve and cause security without the platform being monitored for power information system in the prior art Not high technical problem.
In a kind of optional embodiment, above-mentioned security baseline requires to include at least one following:Security configuration requirement, peace Total state requirement, security breaches requirement, wherein, security configuration includes:Operating system configuration, application system configuration, the network equipment Configuration and safety means configuration, safe condition require to include:Port status, process status, server state, network topology shape State, vital document change state, security breaches include:Loopholes of OS, database leak, application system leak and network are set Standby leak.
In a kind of optional embodiment, said apparatus also includes:Monitoring module, for real-time monitoring objective information system Security configuration information;Repair module, in the case of exception occurs in security configuration information, by third party software instrument Repair the security configuration information of target information system.
Herein it should be noted that step S202 that above-mentioned monitoring module and repair module correspond in embodiment 1 and S204, above-mentioned module is identical with example and application scenarios that corresponding step is realized, but is not limited to disclosed in above-described embodiment 1 Content.It should be noted that above-mentioned module can be in such as one group of computer executable instructions as a part of of device Performed in computer system.
In a kind of optional embodiment, above-mentioned target information system is Electricity Information Network system.
Embodiment 3
According to embodiments of the present invention, a kind of storage medium is additionally provided, storage medium includes the program of storage, wherein, journey Sequence performs the optional power information system monitoring method of any one in embodiment 1.
Embodiment 4
According to embodiments of the present invention, a kind of processor is additionally provided, it is characterised in that processor is used for operation program, its In, the optional power information system monitoring method of any one in embodiment 1 is performed when program is run.
The embodiments of the present invention are for illustration only, do not represent the quality of embodiment.
In the above embodiment of the present invention, the description to each embodiment all emphasizes particularly on different fields, and does not have in some embodiment The part of detailed description, it may refer to the associated description of other embodiment.
In several embodiments provided herein, it should be understood that disclosed technology contents, others can be passed through Mode is realized.Wherein, device embodiment described above is only schematical, such as the division of the unit, Ke Yiwei A kind of division of logic function, can there is an other dividing mode when actually realizing, for example, multiple units or component can combine or Person is desirably integrated into another system, or some features can be ignored, or does not perform.Another, shown or discussed is mutual Between coupling or direct-coupling or communication connection can be INDIRECT COUPLING or communication link by some interfaces, unit or module Connect, can be electrical or other forms.
The unit illustrated as separating component can be or may not be physically separate, show as unit The part shown can be or may not be physical location, you can with positioned at a place, or can also be distributed to multiple On unit.Some or all of unit therein can be selected to realize the purpose of this embodiment scheme according to the actual needs.
In addition, each functional unit in each embodiment of the present invention can be integrated in a processing unit, can also That unit is individually physically present, can also two or more units it is integrated in a unit.Above-mentioned integrated list Member can both be realized in the form of hardware, can also be realized in the form of SFU software functional unit.
If the integrated unit is realized in the form of SFU software functional unit and is used as independent production marketing or use When, it can be stored in a computer read/write memory medium.Based on such understanding, technical scheme is substantially The part to be contributed in other words to prior art or all or part of the technical scheme can be in the form of software products Embody, the computer software product is stored in a storage medium, including some instructions are causing a computer Equipment (can be personal computer, server or network equipment etc.) perform each embodiment methods described of the present invention whole or Part steps.And foregoing storage medium includes:USB flash disk, read-only storage (ROM, Read-Only Memory), arbitrary access are deposited Reservoir (RAM, Random Access Memory), mobile hard disk, magnetic disc or CD etc. are various can be with store program codes Medium.
Described above is only the preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art For member, under the premise without departing from the principles of the invention, some improvements and modifications can also be made, these improvements and modifications also should It is considered as protection scope of the present invention.

Claims (10)

  1. A kind of 1. power information system monitoring method, it is characterised in that including:
    Obtain the security baseline requirement of target information system;
    The security configuration information of the target information system is gathered, wherein, the security configuration information includes at least one following: First security configuration information of the network equipment, the second security configuration information of safety means, the 3rd security configuration information of main frame, The 4th security configuration information, the 5th security configuration information of middleware, the 6th security configuration information of application system of database;
    According to security baseline requirement and the security configuration information, the safety analysis report of the target information system is generated Accuse.
  2. 2. according to the method for claim 1, it is characterised in that the security baseline requires to include at least one following:Peace Full configuration requirement, safe condition requirement, security breaches requirement, wherein, the security configuration includes:Operating system configuration, application System configuration, network equipments configuration and safety means configuration, the safe condition require to include:Port status, process status, clothes Business device state, network topology state, vital document change state, the security breaches include:Loopholes of OS, database leakage Hole, application system leak and network equipment leak.
  3. 3. according to the method for claim 1, it is characterised in that gathering the security configuration information of the target information system Afterwards, methods described also includes:
    The security configuration information of the target information system is monitored in real time;
    In the case where exception occurs for the security configuration information, the target information system is repaired by third party software instrument Security configuration information.
  4. 4. method as claimed in any of claims 1 to 3, it is characterised in that the target information system is electric power Information network system.
  5. A kind of 5. power information system supervising device, it is characterised in that including:
    Acquisition module, for obtaining the security baseline requirement of target information system;
    Acquisition module, for gathering the security configuration information of the target information system, wherein, the security configuration information includes It is at least one following:First security configuration information of the network equipment, the second security configuration information of safety means, the 3rd of main frame the Security configuration information, the 4th security configuration information of database, the 5th security configuration information of middleware, the 6th of application system the Security configuration information;
    Generation module, for according to security baseline requirement and the security configuration information, generating the target information system SAR.
  6. 6. device according to claim 5, it is characterised in that the security baseline requires to include at least one following:Peace Full configuration requirement, safe condition requirement, security breaches requirement, wherein, the security configuration includes:Operating system configuration, application System configuration, network equipments configuration and safety means configuration, the safe condition require to include:Port status, process status, clothes Business device state, network topology state, vital document change state, the security breaches include:Loopholes of OS, database leakage Hole, application system leak and network equipment leak.
  7. 7. device according to claim 5, it is characterised in that described device also includes:
    Monitoring module, for monitoring the security configuration information of the target information system in real time;
    Repair module, in the case of exception occurs in the security configuration information, institute is repaired by third party software instrument State the security configuration information of target information system.
  8. 8. the device according to any one in claim 5 to 7, it is characterised in that the target information system is electric power Information network system.
  9. A kind of 9. storage medium, it is characterised in that the storage medium includes the program of storage, wherein, described program right of execution Profit requires the power information system monitoring method described in any one in 1 to 4.
  10. A kind of 10. processor, it is characterised in that the processor is used for operation program, wherein, right of execution when described program is run Profit requires the power information system monitoring method described in any one in 1 to 4.
CN201710721249.5A 2017-08-21 2017-08-21 Power information system monitoring method and device Pending CN107689954A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710721249.5A CN107689954A (en) 2017-08-21 2017-08-21 Power information system monitoring method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710721249.5A CN107689954A (en) 2017-08-21 2017-08-21 Power information system monitoring method and device

Publications (1)

Publication Number Publication Date
CN107689954A true CN107689954A (en) 2018-02-13

Family

ID=61153586

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710721249.5A Pending CN107689954A (en) 2017-08-21 2017-08-21 Power information system monitoring method and device

Country Status (1)

Country Link
CN (1) CN107689954A (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109361650A (en) * 2018-09-06 2019-02-19 国网山东省电力公司菏泽供电公司 A kind of power information system monitoring method
CN110222525A (en) * 2019-05-14 2019-09-10 新华三大数据技术有限公司 Database manipulation auditing method, device, electronic equipment and storage medium
CN110381090A (en) * 2019-08-23 2019-10-25 新华三信息安全技术有限公司 Terminal abnormal detection method, device, detection device and machine readable storage medium
CN110414266A (en) * 2019-07-17 2019-11-05 中科恒运股份有限公司 A kind of application method about establishment officer's information management
CN111818027A (en) * 2020-06-28 2020-10-23 云南电网有限责任公司电力科学研究院 Method for quickly checking and configuring network security baseline of power monitoring host operating system
CN112733147A (en) * 2021-01-07 2021-04-30 中国工商银行股份有限公司 Equipment safety management method and system
CN113656122A (en) * 2021-07-28 2021-11-16 上海纽盾科技股份有限公司 Information screening method, device and system for equal protection evaluation
CN113672479A (en) * 2021-04-27 2021-11-19 全球能源互联网研究院有限公司 Data sharing method and device and computer equipment

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102238038A (en) * 2011-07-26 2011-11-09 北京神州绿盟信息安全科技股份有限公司 Network equipment security evaluation method and device
CN102546296A (en) * 2011-12-31 2012-07-04 广东电网公司信息中心 Automatic detecting method and device for electric power industry information system networking safety evaluation
US20150358218A1 (en) * 2014-06-04 2015-12-10 Verizon Patent And Licensing Inc. Statistical monitoring of customer devices

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102238038A (en) * 2011-07-26 2011-11-09 北京神州绿盟信息安全科技股份有限公司 Network equipment security evaluation method and device
CN102546296A (en) * 2011-12-31 2012-07-04 广东电网公司信息中心 Automatic detecting method and device for electric power industry information system networking safety evaluation
US20150358218A1 (en) * 2014-06-04 2015-12-10 Verizon Patent And Licensing Inc. Statistical monitoring of customer devices

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109361650A (en) * 2018-09-06 2019-02-19 国网山东省电力公司菏泽供电公司 A kind of power information system monitoring method
CN110222525A (en) * 2019-05-14 2019-09-10 新华三大数据技术有限公司 Database manipulation auditing method, device, electronic equipment and storage medium
CN110222525B (en) * 2019-05-14 2021-08-06 新华三大数据技术有限公司 Database operation auditing method and device, electronic equipment and storage medium
CN110414266A (en) * 2019-07-17 2019-11-05 中科恒运股份有限公司 A kind of application method about establishment officer's information management
CN110381090A (en) * 2019-08-23 2019-10-25 新华三信息安全技术有限公司 Terminal abnormal detection method, device, detection device and machine readable storage medium
CN111818027A (en) * 2020-06-28 2020-10-23 云南电网有限责任公司电力科学研究院 Method for quickly checking and configuring network security baseline of power monitoring host operating system
CN112733147A (en) * 2021-01-07 2021-04-30 中国工商银行股份有限公司 Equipment safety management method and system
CN112733147B (en) * 2021-01-07 2024-05-17 中国工商银行股份有限公司 Equipment security management method and system
CN113672479A (en) * 2021-04-27 2021-11-19 全球能源互联网研究院有限公司 Data sharing method and device and computer equipment
CN113656122A (en) * 2021-07-28 2021-11-16 上海纽盾科技股份有限公司 Information screening method, device and system for equal protection evaluation
CN113656122B (en) * 2021-07-28 2023-05-16 上海纽盾科技股份有限公司 Information screening method, device and system for equal-protection assessment

Similar Documents

Publication Publication Date Title
CN107689954A (en) Power information system monitoring method and device
Gunes et al. Cyber security risk assessment for seaports: A case study of a container port
Rajan et al. Developing a modified total interpretive structural model (M-TISM) for organizational strategic cybersecurity management
CN104283889B (en) APT attack detectings and early warning system inside electric system based on the network architecture
CN106411578A (en) Website monitoring system and method applicable to power industry
Bugeja et al. IoTSM: an end-to-end security model for IoT ecosystems
CN107835982A (en) Method and apparatus for management security in a computer network
Kure et al. Assets focus risk management framework for critical infrastructure cybersecurity risk management
CN107015895A (en) Data-centered monitoring to the conjunction rule of Distributed Application
CN106383768A (en) Mobile device operation behavior-based supervision analysis system and method
CN109583711A (en) A kind of security risk assessment whole process management system
Park et al. Analysis of information security management systems at 5 domestic hospitals with more than 500 beds
CN113114647A (en) Network security risk detection method and device, electronic equipment and storage medium
Baig et al. Cyber-security risk assessment framework for critical infrastructures
CN110033174A (en) A kind of industrial information efficient public security system building method
CN116050840B (en) Information security risk discovery method and discovery system
Ahammed Modern-Day Asset Security and Management Methodology
CN107644165A (en) Security protection platform and safety protecting method and device
You et al. Advanced approach to information security management system utilizing maturity models in critical infrastructure
Akbarzadeh Dependency based risk analysis in Cyber-Physical Systems
CN110516441A (en) A kind of intelligence safety protection detection for adopting terminal
CN115600189A (en) Commercial password application security evaluation system
Kizza Security Assessment, Analysis, and Assurance
Chehida et al. Risk assessment in iot case study: Collaborative robots system
Yan et al. Research on key technologies of industrial internet data security

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20180213