CN108062470A - A kind of computer information safe reinforcement means - Google Patents
A kind of computer information safe reinforcement means Download PDFInfo
- Publication number
- CN108062470A CN108062470A CN201711331001.4A CN201711331001A CN108062470A CN 108062470 A CN108062470 A CN 108062470A CN 201711331001 A CN201711331001 A CN 201711331001A CN 108062470 A CN108062470 A CN 108062470A
- Authority
- CN
- China
- Prior art keywords
- security configuration
- computer
- standard value
- configuration item
- item
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Physics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of computer information safe reinforcement means, the security configuration item on object-computer is obtained in the present invention first, and the default security configuration standard value according to corresponding to the security configuration item got obtains security configuration item, by the way that original security configuration value in security configuration item is compared with corresponding default security configuration standard value, if the two is inconsistent, original security configuration value is then revised as default security configuration standard value automatically, realize the reinforcing of computer security configuration, since entire method is automatically performed by computer program, without manually being operated, it is time saving and energy saving, it improves computer security and reinforces efficiency.
Description
Technical field
The present invention relates to computer security technique field more particularly to a kind of computer information safe reinforcement means.
Background technology
Host Security reinforces important measures as power system information security protection, is that strick precaution hacker attacks, virus enter
The effective means invaded.And important component of the host configuration safety as Host Security, largely determine host
Safe coefficient.
Traditional host configuration safety encryption is manually to be checked verification one by one to configuration item, and right manually
Incongruent configuration item is modified to appropriate safety value.This kind of safety encryption, which operates, needs substantial amounts of manpower object
Power, it is time-consuming and laborious, it is required of high cost.
The content of the invention
The present invention provides a kind of computer information safe reinforcement means, solve traditional host configuration security hardening side
Method needs manually to check configuration item one by one verification and carries out manual modification, and the time-consuming and laborious technology that operates is asked
Topic.
A kind of computer information safe reinforcement means provided by the invention, including:
The security configuration information of object-computer is obtained, the security configuration information includes multiple security configuration items;
The corresponding default security configuration standard value of each security configuration item is obtained according to the multiple security configuration item, and will
Original security configuration value is compared with corresponding default security configuration standard value in the multiple security configuration item, if described
Original security configuration value and the default security configuration standard value are inconsistent, then are revised as original security configuration value
Corresponding default security configuration standard value.
Preferably, it is described original security configuration value is revised as corresponding default security configuration standard value specifically to wrap
It includes:
Original security configuration value is revised as by corresponding preset by order line or window application interface
Security configuration standard value.
Preferably, it is described that the corresponding default security configuration of each security configuration item is obtained according to the multiple security configuration item
Standard value specifically includes:
Corresponding secure configuration file is obtained according to the attribute of the multiple security configuration item, and in security configuration text
Default security configuration standard value corresponding with each security configuration item is searched in part.
Preferably, the secure configuration file is pre-saved in the object-computer.
Preferably, the security configuration information for obtaining object-computer specifically includes:
By the way that inquiry, window application interface or WMI inquiries is ordered to obtain the security configuration information in precalculated position.
Preferably, it is described to be revised as original security configuration value before corresponding default security configuration standard value also
Including:
The security configuration information of the object-computer got is preserved, obtains raw security configuration information
Save file;
Unique sequence numbers are generated with the system features of the object-computer, and using the unique sequence numbers as the guarantor
Deposit the name of file;
The system features include operating system version, object-computer ID and CPU information.
Computer information safe reinforcement means provided by the invention, further includes:Read the save file, and by the mesh
The security configuration information of mark computer is revised as the raw security configuration information preserved in the save file.
Computer information safe reinforcement means provided by the invention, further includes:
Classification is carried out according to group to show, and sorted security configuration item is subjected to sieve to the multiple security configuration item
Row display;
The group includes Password Policy, account locking strategy, audit policy, user right allocation strategy, secure option
Strategy, firewall policy.
Preferably, the security configuration item in the Password Policy includes Password Length minimum value and the most short validity period of password
Limit;
Security configuration item in the account locking strategy includes account locking time and account lock threshold;
Security configuration item in the audit policy includes audit policy change, examination & verification log-in events and examination & verification object and visits
It asks;
Security configuration item in the user right allocation strategy includes backup file, the catalogue of backup file and establishment symbol
Number link;
Security configuration item in the secure option strategy includes administrator's account status.
Preferably, the corresponding default peace of the security configuration item is shown at the edge for the security configuration item for enumerate display
Full configuration standard value, in order to which user modifies.
As can be seen from the above technical solutions, the present invention has the following advantages:
The security configuration item on object-computer is obtained in the present invention first, and is obtained according to the security configuration item got
Take the default security configuration standard value corresponding to security configuration item, by by original security configuration value in security configuration item with it is right
The default security configuration standard value answered is compared, if the two is inconsistent, is automatically revised as original security configuration value pre-
If security configuration standard value, the reinforcing of computer security configuration, since entire method is automatically performed by computer program, nothing are realized
It need to manually be operated, it is time saving and energy saving, it improves computer security and reinforces efficiency.
Description of the drawings
It in order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing
There is attached drawing needed in technology description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
Some embodiments of invention, for those of ordinary skill in the art, without having to pay creative labor, may be used also
To obtain other attached drawings according to these attached drawings.
Fig. 1 is a kind of flow diagram of computer information safe reinforcement means provided in an embodiment of the present invention.
Specific embodiment
An embodiment of the present invention provides a kind of computer information safe reinforcement means, and peace is configured for solving traditional host
Full reinforcement means needs manually to check configuration item one by one verification and carries out manual modification, operates time-consuming and laborious
The technical issues of.
Goal of the invention, feature, advantage to enable the present invention is more apparent and understandable, below in conjunction with the present invention
Attached drawing in embodiment is clearly and completely described the technical solution in the embodiment of the present invention, it is clear that disclosed below
Embodiment be only part of the embodiment of the present invention, and not all embodiment.Based on the embodiments of the present invention, this field
All other embodiment that those of ordinary skill is obtained without making creative work, belongs to protection of the present invention
Scope.
Referring to Fig. 1, the flow that Fig. 1 is a kind of computer information safe reinforcement means provided in an embodiment of the present invention is illustrated
Figure.
A kind of computer information safe reinforcement means provided by the invention, including:
S101, the security configuration information for obtaining object-computer, security configuration information include multiple security configuration items.
Object-computer refers to the host of pending security hardening, is specifically as follows and runs on electric system or other works
Host computer in industry system.
It is understood that the security configuration information for obtaining object-computer can be by ordering inquiry, Windows to be applied
Routine interface or a kind of WMI (Windows Management Instrumentation, system plugin) inquiries obtain pre-determined bit
The security configuration information put.It, can when i.e. user needs to obtain the security configuration information of a certain position of object-computer
By edit commands, to directly acquire all security configuration informations of the position.As ordered " secedit/configure/db%
Windir% security policy.sdb/cfg d:\policy.cfg/areas SECURITYPOLICY”.
Parameter declaration is as follows:
Policy.sdb files are the intrinsic file of operating system;
Policy.cfg is the configuration file for including final Configuration Values, such as:PasswordComplexity=0;
MinimumPasswordLength=0;
SECURITYPOLICY is order preset parameter.
S102, the corresponding default security configuration standard value of each security configuration item is obtained according to multiple security configuration items, and
Original security configuration value in multiple security configuration items is compared with corresponding default security configuration standard value, if original
Security configuration value and default security configuration standard value are inconsistent, then original security configuration value are revised as corresponding default safety
Configuration standard value.
Match somebody with somebody it is understood that the security configuration item in object-computer can be previously provided with corresponding default safety
Put standard value.Default security configuration standard value can be the safety recommendation value in field of computer information security.For the ease of pipe
It manages, the default security configuration standard value corresponding to security configuration item in object-computer can be according to the difference of security configuration item
Attribute carries out classification and is stored in default secure configuration file, and secure configuration file is pre-saved in object-computer
In.Therefore, obtaining the corresponding default security configuration standard value of each security configuration item according to multiple security configuration items specifically can be with
To obtain corresponding secure configuration file according to the attribute of multiple security configuration items, and search in secure configuration file with it is each
The corresponding default security configuration standard value of security configuration item.
Further, in a kind of preferred embodiment provided in an embodiment of the present invention, by original security configuration value
Being revised as corresponding default security configuration standard value can specifically include:It will by order line or window application interface
Original security configuration value is revised as corresponding default security configuration standard value.Due to obtaining target meter in embodiments of the present invention
The security configuration item of calculation machine and modify to security configuration item can by programming order by object-computer from
It is dynamic to carry out, without manually being checked modification one by one, manpower and materials are greatly saved, and improve computer security reinforcing
Efficiency.
Further, for the ease of to computer carry out security hardening operation after, by the security configuration value of computer
Recover to the original configuration before security hardening, by original security configuration value be revised as corresponding default security configuration standard value it
Before further include:The security configuration information of the object-computer got is preserved, obtains the guarantor of raw security configuration information
Deposit file.It should be noted that in order to ensure uniquely not repeated, convenient for the management of the save file of raw security configuration information
And subsequent search is read, and can be generated unique sequence numbers with the system features of object-computer, and be made with unique sequence numbers
For the name of save file;Wherein, system features include operating system version, object-computer ID and CPU information.Therefore, exist
When needing to carry out the recovery of security configuration, reading and saving files, and the security configuration information of object-computer is revised as preserving
The raw security configuration information preserved in file.
In a kind of preferred embodiment provided in an embodiment of the present invention, for the ease of operation maintenance personnel to the peace of computer
Full configuration information is browsed, and can also be included:
Classification is carried out according to group to show, and sorted security configuration item enumerate aobvious to multiple security configuration items
Show;Wherein, group include Password Policy, account locking strategy, audit policy, user right allocation strategy, secure option strategy,
Firewall policy.It is understood that in the case where classification group is more, first group of display is defaulted as on interface
All security configuration items when user carries out clicking on corresponding group, show the corresponding security configuration item of the group.
Specifically, the security configuration item in Password Policy includes Password Length minimum value and password most short life;Account
Security configuration item in the locking strategy of family includes account locking time and account lock threshold;Security configuration item in audit policy
Including audit policy change, examination & verification log-in events and examination & verification object accesses;Security configuration item bag in user right allocation strategy
Include backup file, the catalogue of backup file and establishment Symbolic Links;Security configuration item in secure option strategy includes administrator
Account status.Further, security configuration can also be shown at the edge (near or) for enumerate the security configuration item of display
The corresponding default security configuration standard value of item, in order to which user modifies.
By original cumbersome computer reinforcing process by manually carrying out in the embodiment of the present invention, by preset program technic
It is realized, it is time saving and energy saving, the reinforcing efficiency of computer is improved, and ensured the accuracy for reinforcing operation, alleviate biography
The problem of system artificial reinforced is complicated for operation, maloperation situation occurs frequently.
The above, the above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;Although with reference to before
Embodiment is stated the present invention is described in detail, it will be understood by those of ordinary skill in the art that:It still can be to preceding
The technical solution recorded in each embodiment is stated to modify or carry out equivalent substitution to which part technical characteristic;And these
Modification is replaced, and the essence of appropriate technical solution is not made to depart from the spirit and scope of various embodiments of the present invention technical solution.
Claims (10)
1. a kind of computer information safe reinforcement means, which is characterized in that including:
The security configuration information of object-computer is obtained, the security configuration information includes multiple security configuration items;
The corresponding default security configuration standard value of each security configuration item is obtained according to the multiple security configuration item, and by described in
Original security configuration value is compared with corresponding default security configuration standard value in multiple security configuration items, if described original
Security configuration value and the default security configuration standard value it is inconsistent, then original security configuration value is revised as corresponding to
Default security configuration standard value.
2. computer information safe reinforcement means according to claim 1, which is characterized in that described by original peace
Full Configuration Values are revised as corresponding default security configuration standard value and specifically include:
Original security configuration value is revised as by corresponding default safety by order line or window application interface
Configuration standard value.
3. computer information safe reinforcement means according to claim 1, which is characterized in that described according to the multiple peace
Full configuration item obtains the corresponding default security configuration standard value of each security configuration item and specifically includes:
Corresponding secure configuration file is obtained according to the attribute of the multiple security configuration item, and in the secure configuration file
Search default security configuration standard value corresponding with each security configuration item.
4. computer information safe reinforcement means according to claim 3, which is characterized in that the secure configuration file is pre-
It is first stored in the object-computer.
5. computer information safe reinforcement means according to claim 1, which is characterized in that the acquisition object-computer
Security configuration information specifically include:
By the way that inquiry, window application interface or WMI inquiries is ordered to obtain the security configuration information in precalculated position.
6. computer information safe reinforcement means according to claim 1, which is characterized in that described by original peace
Full Configuration Values are revised as further including before corresponding default security configuration standard value:
The security configuration information of the object-computer got is preserved, obtains the preservation of raw security configuration information
File;
Unique sequence numbers are generated with the system features of the object-computer, and text is preserved using the unique sequence numbers as described
The name of part;
The system features include operating system version, object-computer ID and CPU information.
7. computer information safe reinforcement means according to claim 6, which is characterized in that further include:Read the guarantor
File is deposited, and the raw security that the security configuration information of the object-computer is revised as being preserved in the save file is matched somebody with somebody
Confidence ceases.
8. computer information safe reinforcement means according to claim 1, which is characterized in that further include:
Classification is carried out according to group to show, and sorted security configuration item enumerate aobvious to the multiple security configuration item
Show;
The group include Password Policy, account locking strategy, audit policy, user right allocation strategy, secure option strategy,
Firewall policy.
9. computer information safe reinforcement means according to claim 8, which is characterized in that the peace in the Password Policy
Full configuration item includes Password Length minimum value and password most short life;
Security configuration item in the account locking strategy includes account locking time and account lock threshold;
Security configuration item in the audit policy includes audit policy change, examination & verification log-in events and examination & verification object accesses;
Security configuration item in the user right allocation strategy includes backup file, the catalogue of backup file and establishment symbolic link
It connects;
Security configuration item in the secure option strategy includes administrator's account status.
10. computer information safe reinforcement means according to claim 8, which is characterized in that carrying out enumerating display
The edge of security configuration item shows the corresponding default security configuration standard value of the security configuration item, in order to which user is repaiied
Change.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711331001.4A CN108062470A (en) | 2017-12-13 | 2017-12-13 | A kind of computer information safe reinforcement means |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711331001.4A CN108062470A (en) | 2017-12-13 | 2017-12-13 | A kind of computer information safe reinforcement means |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108062470A true CN108062470A (en) | 2018-05-22 |
Family
ID=62138503
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711331001.4A Pending CN108062470A (en) | 2017-12-13 | 2017-12-13 | A kind of computer information safe reinforcement means |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108062470A (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109165513A (en) * | 2018-09-13 | 2019-01-08 | 新华三技术有限公司 | Method for inspecting, device and the server of system configuration information |
CN109583213A (en) * | 2018-11-26 | 2019-04-05 | 郑州云海信息技术有限公司 | A kind of management method and system of cloud platform Initiative Defense rule base |
CN109688026A (en) * | 2018-12-24 | 2019-04-26 | 北京新能源汽车股份有限公司 | A kind of the Internet protocol data detection method and device |
CN110008711A (en) * | 2019-04-15 | 2019-07-12 | 苏州浪潮智能科技有限公司 | A kind of security baseline detection method, device, equipment and readable storage medium storing program for executing |
CN110851172A (en) * | 2019-11-13 | 2020-02-28 | 杭州安恒信息技术股份有限公司 | Method, device, equipment and medium for repairing security configuration of operating system |
CN111259405A (en) * | 2020-01-10 | 2020-06-09 | 江西理工大学 | Computer safety coefficient based on artificial intelligence |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103390133A (en) * | 2012-05-07 | 2013-11-13 | 恒安嘉新(北京)科技有限公司 | Automatic Windows system security configuration check method |
CN104346574A (en) * | 2014-10-23 | 2015-02-11 | 武汉大学 | Automatic host computer security configuration vulnerability restoration method and system based on configuration specification |
CN107194256A (en) * | 2017-03-21 | 2017-09-22 | 北京神州泰岳信息安全技术有限公司 | Riskless asset baseline reinforcement means and device |
CN107229977A (en) * | 2016-03-25 | 2017-10-03 | 中国移动通信集团内蒙古有限公司 | A kind of automatic reinforcement means of Host Security baseline and system |
-
2017
- 2017-12-13 CN CN201711331001.4A patent/CN108062470A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103390133A (en) * | 2012-05-07 | 2013-11-13 | 恒安嘉新(北京)科技有限公司 | Automatic Windows system security configuration check method |
CN104346574A (en) * | 2014-10-23 | 2015-02-11 | 武汉大学 | Automatic host computer security configuration vulnerability restoration method and system based on configuration specification |
CN107229977A (en) * | 2016-03-25 | 2017-10-03 | 中国移动通信集团内蒙古有限公司 | A kind of automatic reinforcement means of Host Security baseline and system |
CN107194256A (en) * | 2017-03-21 | 2017-09-22 | 北京神州泰岳信息安全技术有限公司 | Riskless asset baseline reinforcement means and device |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109165513A (en) * | 2018-09-13 | 2019-01-08 | 新华三技术有限公司 | Method for inspecting, device and the server of system configuration information |
CN109583213A (en) * | 2018-11-26 | 2019-04-05 | 郑州云海信息技术有限公司 | A kind of management method and system of cloud platform Initiative Defense rule base |
CN109688026A (en) * | 2018-12-24 | 2019-04-26 | 北京新能源汽车股份有限公司 | A kind of the Internet protocol data detection method and device |
CN110008711A (en) * | 2019-04-15 | 2019-07-12 | 苏州浪潮智能科技有限公司 | A kind of security baseline detection method, device, equipment and readable storage medium storing program for executing |
CN110851172A (en) * | 2019-11-13 | 2020-02-28 | 杭州安恒信息技术股份有限公司 | Method, device, equipment and medium for repairing security configuration of operating system |
CN111259405A (en) * | 2020-01-10 | 2020-06-09 | 江西理工大学 | Computer safety coefficient based on artificial intelligence |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108062470A (en) | A kind of computer information safe reinforcement means | |
US10919148B2 (en) | Event processing using robotic entities | |
US8621552B1 (en) | Method, a system, and a computer program product for managing access change assurance | |
EP2566130B1 (en) | Automatic analysis of security related incidents in computer networks | |
RU2677378C2 (en) | Systems and methods for network analysis and reporting | |
CA2946224C (en) | Method and apparatus for automating the building of threat models for the public cloud | |
US8726393B2 (en) | Cyber security analyzer | |
US20160205002A1 (en) | Systems and methods for network data flow aggregation | |
US20170149830A1 (en) | Apparatus and method for automatically generating detection rule | |
US20140380485A1 (en) | Methods and systems for use in analyzing cyber-security threats in an aviation platform | |
US20120259753A1 (en) | System and method for managing collaborative financial fraud detection logic | |
US20130086688A1 (en) | Web application exploit mitigation in an information technology environment | |
US20050038818A1 (en) | Systems and methods for creation and use of an adaptive reference model | |
WO2005017690A2 (en) | Systems and methods for creation and use of an adaptive reference model | |
US10192262B2 (en) | System for periodically updating backings for resource requests | |
KR101620601B1 (en) | Method for conducting security check, Computer program for the same, and Recording medium storing computer program for the same | |
KR20140035146A (en) | Apparatus and method for information security | |
CN105630797B (en) | Data processing method and system | |
CN104135483A (en) | Automatic configuration management system for network security | |
CN106060090A (en) | Website script attack prevention method and device | |
CN102316115A (en) | Security access control method oriented to transverse networking | |
US10013237B2 (en) | Automated approval | |
CN104580090B (en) | The method and device that security strategy O&M is assessed | |
Chaudhuri et al. | EON: Modeling and analyzing dynamic access control systems with logic programs | |
CN116226865A (en) | Security detection method, device, server, medium and product of cloud native application |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180522 |