CN109639631A - A kind of network security cruising inspection system and method for inspecting - Google Patents
A kind of network security cruising inspection system and method for inspecting Download PDFInfo
- Publication number
- CN109639631A CN109639631A CN201811279480.4A CN201811279480A CN109639631A CN 109639631 A CN109639631 A CN 109639631A CN 201811279480 A CN201811279480 A CN 201811279480A CN 109639631 A CN109639631 A CN 109639631A
- Authority
- CN
- China
- Prior art keywords
- information
- port
- equipment
- loophole
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0631—Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0245—Filtering by information in the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present invention provides a kind of network security cruising inspection system and method for inspecting, and the system comprises account information banks to establish module, Network Security Device detection information obtains module, equipment judgment module, scan module, port detecting module, administrative staff's determining module, inspection information sending module;The information for the safety equipment monitoring that the present invention has been disposed by integration complements one another with the information from main scanning, the security risk and external attack information of comprehensive monitoring Network and information system.Meanwhile carrying out hidden danger loophole and attacking the secondary filter of information, effective security alarm information and vulnerability information can be quickly positioned, unnecessary interference is rejected.The present invention uses timed task inspection, exports result automatically.The information such as high-risk port information, existing loophole port are periodically formed into statistical report form automatically, automation is sent to administrative staff by short message, wechat or lettergram mode.
Description
Technical field
The present invention relates to software technology field more particularly to a kind of network security cruising inspection systems and method for inspecting.
Background technique
With the increase of information network assets, the hidden danger and loophole of Network and information system and the attack faced are increasingly
More, many enterprises all deploy a large amount of Network Security Device and system carries out the detection of hidden danger loophole and the prison of external attack
Control.Net peace personnel face the problems such as safety equipment is more, monitoring personnel is few, equipment rate of false alarm is high, hidden danger loophole investigation low efficiency.
Summary of the invention
The present invention provides a kind of, network security cruising inspection system, the system comprises:
Account information bank establishes module, for establishing account information bank;
Network Security Device detection information obtains module, for periodically obtaining what each Network Security Device detected from network
Internal hidden danger vulnerability information and external attack information;
Equipment judgment module is used for according to internal hidden danger vulnerability information and external attack information, from preset device-fingerprint
Determine that there is the first equipment of internal hidden danger loophole and the second equipment by external attack information attack in table;
Scan module, for periodically pass through each server of network sweep, terminal and the network equipment port, obtain with it is described
The port information of server ip, terminal IP and the associated first port for having opened service of network appliance IP;
Port detecting module, for detecting the first loophole port from the port information of the first port;
Administrative staff's determining module, for finding out first equipment, the second equipment and described according to account information bank
The corresponding administrative staff in first loophole port;
Inspection information sending module, for determining the contact method of the administrative staff according to preset user's table, and
Inspection information is sent to administrative staff by the contact method;The inspection information includes the hidden danger loophole of first equipment
The vulnerability information of information, the external attack information of the second equipment and the first loophole port.
Optionally, the account information bank establishes module and includes:
Initial account information bank setting up submodule, for establishing initial account information bank according to artificial account information;
Account information bank updates submodule, the information and network security equipment for regular utilization network sweep tool scans
The information update account information bank of detection.
Optionally, the system also includes:
Secondary filter module, equipment vulnerability information and external attack information for being detected to each Network Security Device into
Row filtering.
Optionally, the system also includes:
Secure processing module, for according to the inspection information, administrative staff are to the first equipment, the second equipment and described the
One loophole port carries out safe handling.
Optionally, the port detecting module includes:
Hole Detection submodule, for determining the port information of first port with the presence or absence of loophole using Hole Detection script
Information;
Loophole port determines submodule, for determining that there are the loophole port of vulnerability information be the first loophole port.
The present invention also provides a kind of network security method for inspecting, which comprises
Establish account information bank;
Periodically the inside hidden danger vulnerability information and external attack information that each Network Security Device detects are obtained from network;
According to internal hidden danger vulnerability information and external attack information, determine that there is inside from preset device-fingerprint table
First equipment of hidden danger loophole loophole and the second equipment by external attack information attack;
The port of each server of network sweep, terminal and the network equipment obtains and the server ip, terminal IP and network
The port information of the associated first port for having opened service of device IP;
The port that springs a leak is detected from the port information of the first port;
The first equipment, the second equipment and the corresponding administrative staff in the loophole port are found out according to account information bank;
According to preset user's table, the contact method of the administrative staff is determined, and pass through the contact method to pipe
Reason personnel send inspection information;The inspection information includes the external attack of the vulnerability information of first equipment, the second equipment
The vulnerability information of information and loophole port.
Optionally, the account information bank of establishing includes:
Initial account information bank is established according to artificial account information;
The information update account information bank of the information and network security equipment detection of regular utilization network sweep tool scans.
Optionally, described periodically to obtain the equipment vulnerability information and external attack that each Network Security Device detects from network
After information further include:
The equipment vulnerability information and external attack information detect to each Network Security Device carries out secondary filter.
Optionally, described that the contact method of the administrative staff is determined according to preset user's table, and by described
It is after mode sends inspection information to administrative staff further include:
According to the inspection information, administrative staff pacify the first equipment, the second equipment and first loophole port
Full processing.
Optionally, the port that springs a leak of detecting from the port information of the first port includes:
Determine the port information of first port with the presence or absence of vulnerability information using Hole Detection script;
Determine that there are the loophole port of vulnerability information be the first loophole port.The invention has the following advantages:
The information for the safety equipment monitoring that the embodiment of the present invention has been disposed by integration is mended each other with the information from main scanning
It fills, the security risk and external attack information of comprehensive monitoring Network and information system.Meanwhile carrying out hidden danger loophole and attack information
Secondary filter, can quickly position effective security alarm information and vulnerability information, reject unnecessary interference.
The embodiment of the present invention uses timed task inspection, exports result automatically.Periodically automatically by high-risk port information, exist
The information such as loophole port form statistical report form, automation is sent to administrative staff by short message, wechat or lettergram mode.
The source code of the embodiment of the present invention has opening, can flexibly be transplanted to other enterprise, can also customized phase
The plug-in unit of pass.
The above description is only an overview of the technical scheme of the present invention, in order to better understand the technical means of the present invention,
And it can be implemented in accordance with the contents of the specification, and in order to allow above and other objects of the present invention, feature and advantage can
It is clearer and more comprehensible, the followings are specific embodiments of the present invention.
Detailed description of the invention
In order to illustrate the technical solution of the embodiments of the present invention more clearly, below by institute in the description to the embodiment of the present invention
Attached drawing to be used is needed to be briefly described, it should be apparent that, the accompanying drawings in the following description is only some implementations of the invention
Example, for those of ordinary skill in the art, without any creative labor, can also be according to these attached drawings
Obtain other attached drawings.
Fig. 1 is a kind of structural block diagram of network security cruising inspection system of the embodiment of the present invention one;
Fig. 2 is a kind of specific block diagram of network security cruising inspection system of the embodiment of the present invention two;
Fig. 3 is a kind of structure chart of network security cruising inspection system of the embodiment of the present invention three;
Fig. 4 is a kind of specific steps flow chart of network security method for inspecting of the embodiment of the present invention four.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are some of the embodiments of the present invention, instead of all the embodiments.Based on this hair
Embodiment in bright, every other implementation obtained by those of ordinary skill in the art without making creative efforts
Example, shall fall within the protection scope of the present invention.
[system embodiment one]
Referring to Fig.1, the structural block diagram of one of embodiment of the present invention network security cruising inspection system 100 is shown.It is described
System 100 includes that account establishes module 110, Network Security Device monitoring information obtains module 120, equipment judgment module 130, sweeps
Retouch module 140, port detecting module 150, administrative staff's determining module 160 and inspection information sending module 170;
In concrete application, the embodiment of the present invention be can be applied in the network security management of enterprises and institutions, can also be answered
In the network system for needing to carry out network security management for other, the embodiment of the present invention to concrete application without limitation.
Account information bank establishes module 110, for establishing account information bank.
In embodiments of the present invention, the account information bank includes device IP account and device port account;The equipment
IP account includes: IP address of equipment, device name, region, device IP belonging to address field, device IP belonging to IP address of equipment
The physical location of deployment, the administrative staff of equipment, equipment operating system, equipment be that virtual machine or physical machine, equipment belong to
The inside and outside still information outer net etc. of information.The device port account includes: the corresponding equipment in port, the service of port operation, end
Agreement, the corresponding database in port, the corresponding middleware in port etc. of mouth.
In embodiments of the present invention, establishing account information bank can be realized effective management of equipment and device port, convenient
The attack information that later period is subjected to the vulnerability information of port and/or the inside hidden danger loophole and/or equipment of equipment is handled.
Network Security Device detection information obtains module 120, for periodically obtaining each Network Security Device detection from network
The inside hidden danger vulnerability information and external attack information arrived.
In the embodiment of the present invention, a preset period, such as one day or 12 hours periodically can be, periodically
Inside hidden danger vulnerability information and the external attack information that each Network Security Device detects are obtained from network to guarantee comprehensively
Acquisition equipment security information, prevent from omitting the portion of security information that detects of safety equipment.It is appreciated that art technology
The time interval that personnel can also obtain according to actual application scenarios, the embodiment of the present invention are without limitation.
In concrete application, the present invention carries out inspection to each Network Security Device, specifically: primary net was logged in every ten minutes
Network safety equipment, if being unable to logging in network safety equipment, it is determined that there are problems for the Network Security Device, ask for described
Topic is alarmed.If the safety equipment can be logged in, the security related information that the safety equipment detects is obtained.Institute
Stating security related information includes: internal hidden danger vulnerability information and external attack information.The internal hidden danger vulnerability information includes: to be
System loophole data, host and the high-risk open-ended situation of the network equipment, host configuration compliance, host virus base feature database update
Timeliness, the unlawful practice etc. of user;External attack information includes network and the information etc. that system is attacked.
Equipment judgment module 130, for referring to from preset equipment according to internal hidden danger vulnerability information and external attack information
Determine that there is the first equipment of internal hidden danger loophole and the second equipment by external attack information attack in line table.
It in embodiments of the present invention, include using device IP as keyword record equipment in the preset device-fingerprint table
Information specifically includes: region belonging to IP address of equipment, device name, address field, device IP belonging to IP address of equipment is set
Operating system, equipment for the physical location of IP deployment, the administrative staff of equipment, the contact method of administrative staff, equipment are empty
Quasi- machine or physical machine, equipment belong to the inside and outside still information outer net of information.
It in embodiments of the present invention, include using the first equipment as keyword in the inside hidden danger vulnerability information of the equipment
Partial information, such as equipment title or equipment IP address, can be found out and be deposited in device-fingerprint table using the information
In the first equipment of the hidden danger vulnerability information.Likewise, also including under fire the second equipment in the external attack information
Information, can be, the operating system of equipment is able to confirm that out in device-fingerprint table using the information and is believed by external attack
Cease the second equipment of attack.
Scan module 140, for periodically pass through each server of network sweep, terminal and the network equipment port, obtain with
The port information of the server ip, terminal IP and the associated first port for having opened loophole service of network appliance IP.
In embodiments of the present invention, a preset period, such as one day or 12 hours periodically be can be, it is fixed
Phase can guarantee the port by service has been opened all by the port information of each server of network sweep, terminal and the network equipment
It scans, to prevent from omitting open high-risk port and loophole port.It is appreciated that those skilled in the art can also be according to reality
The time interval of the application scenarios setting scanning port on border, the embodiment of the present invention are without limitation.
In embodiments of the present invention, the port information includes the opening status of port and the attribute of port.Periodically pass through
Network acquisition obtains the port with the associated first port for having opened service of the server ip, terminal IP and network appliance IP
Information, can all ports for having opened loophole service or high-risk service of overall monitor the case where.
Port detecting module 150, for detecting the first loophole port from the port information of the first port.
In embodiments of the present invention, the first port includes having opened the end with loophole service or high-risk service
Mouthful, on this basis, first port is detected using the Hole Detection script of establishment, detect comprising it is leaky service or
First loophole port of the high-risk service of person.
Administrative staff's determining module 160, for finding out first equipment, the second equipment and institute according to account information bank
State the corresponding administrative staff in the first loophole port.
In embodiments of the present invention, it is found out in account information bank according to the relevant information of the first equipment and the second equipment
Corresponding administrative staff's information exists according to the IP address or service type of the corresponding server in the first loophole port or terminal
Corresponding administrative staff's information is found out in account information bank.
In concrete application, the first equipment is Hewlett-Packard's printer, and model HP color LaserJet2840 then leads to
The device model for crossing the first equipment finds out the corresponding information for having recorded the equipment account in account information bank, from the information
In find out corresponding administrative staff's information.
Inspection information sending module 170, for determining the correspondent party of the administrative staff according to preset user's table
Formula, and inspection information is sent to administrative staff by the contact method;The inspection information includes the interior of first equipment
The vulnerability information of portion's hidden danger vulnerability information, the external attack information of the second equipment and loophole port.
In embodiments of the present invention, the contact method and their corresponding responsibility of administrative staff are stored in user's table
Distribution.The administrative staff include: network security technology personnel, various network security management personnel, network device management maintenance
Personnel, terminal user of service, maintenance personnel, server maintenance personnel, management owner.
In embodiments of the present invention, the contact method of the administrative staff includes: including phone number and/or wechat account
Family and/or email account.Inspection information is sent to relevant administrative staff using short message, wechat or mail, it is related
Administrative staff artificial treatment carried out to the problem of inspection information, and processing result is sent to network peace by mail
Full personnel, network security personnel are manually entered processing information to account information bank.
The information for the safety equipment monitoring that the embodiment of the present invention has been disposed by integration is mended each other with the information from main scanning
It fills, the security risk and external attack information of comprehensive monitoring Network and information system.Meanwhile carrying out hidden danger loophole and attack information
Secondary filter, can quickly position effective security alarm information and vulnerability information, reject unnecessary interference.
The embodiment of the present invention uses timed task inspection, exports result automatically.Periodically automatically by high-risk port information, exist
The information such as loophole port form statistical report form, automation is sent to administrative staff by short message, wechat or lettergram mode.
The source code of the embodiment of the present invention has opening, can flexibly be transplanted to other enterprise, can also customized phase
The plug-in unit of pass.
[system embodiment two]
Referring to Fig. 2, the structural block diagram of one of embodiment of the present invention network security cruising inspection system 200 is shown.It is described
System 200 includes that account establishes module 210, Network Security Device monitoring information obtains module 220, secondary filter module 230, sets
Standby judgment module 240, scan module 250, port detecting module 260, administrative staff's determining module 270, inspection information send mould
Block 170 and secure processing module 290;
Account information bank establishes module 210, for establishing account information bank;
In embodiments of the present invention, the account information bank includes device IP account, device port account;The device IP
Account includes: IP address of equipment, device name, region, device IP portion belonging to address field, device IP belonging to IP address of equipment
The physical location of administration, the administrative staff of equipment, equipment operating system, equipment be that virtual machine or physical machine, equipment belong to letter
The inside and outside still information outer net etc. of breath.The device port account includes: the opening status of port, the corresponding equipment in port, port
The service of operation, the agreement of port, the corresponding database in port, the corresponding middleware in port etc..
Further, it includes: initial account library setting up submodule 2101 and account library that the account information bank, which establishes module 210,
Update submodule 2102;
Initial account library setting up submodule 2101, for establishing initial account information bank according to artificial account information.
In embodiments of the present invention, to the account that artificial early period arranges, the arrangement foot worked out in the embodiment of the present invention is utilized
This, according to database table format, the nonstandard form collator of the account that artificial early period is arranged is the format of specification, and then is established
Initial account information bank.The initial account information that the embodiment of the present invention can arrange artificial account as the format with specification
Library facilitates management of the later period to each equipment, each port and each server.
In embodiments of the present invention, the account that the artificial early period arranges includes: the device IP account of manual sorting, port
Account.The device IP account of manual sorting includes partial information/all information of equipment component.The port account of manual sorting
It include partial information/all information of section ports.Facility information includes: IP address of equipment, device name, IP address of equipment
Region belonging to affiliated address field, device IP, the physical location of device IP deployment, equipment administrative staff, equipment operation
System, equipment are virtual machines or physical machine, equipment belong to inside and outside information or the IP address of equipment, implementor name such as information outer net
Claim, the administrator of address field belonging to IP address of equipment, the physical location that region, device IP belonging to device IP are disposed, equipment
Member, the operating system of equipment, equipment are virtual machine or physical machine, equipment belong to that information is inside and outside or information outer net etc..Port
Information includes: the opening status of port and the attribute of port, and the attribute of port includes: that the corresponding equipment in port, port are run
Service, the agreement of port, the corresponding database in port, the corresponding middleware in port etc..
Account library updates submodule 2102, the information and network security equipment for regular utilization network sweep tool scans
The information update account information bank of detection.
In embodiments of the present invention, since the account information of manual sorting early period is imperfect, it has not been convenient to which the later period is to equipment, end
Mouth is managed.In order to improve account information bank, each equipment and/or each port that each Network Security Device is monitored and/or each
The equipment account information and/or port account information that server obtains imported into account by the automatic processing script of establishment
It is had recorded in information bank at the equipment and/or port and/or the position of each server info.
In the present invention is implemented, account information bank is updated daily by scanning tools.Specifically: it is scanned by masscan
Tool works out corresponding scan script, is scanned to the port of specified address area, designated port range, specified protocol, and
The banners information for scanning each port compares preset port fingerprint according to the port banners information that scan script returns
Table carries out the fingerprint recognition of keyword, identifies corresponding ports, and utilize the corresponding ports recorded in the fingerprint table of port
Port information is updated the content in account information bank.Specifically: if account information bank does not have the corresponding ports
Port information then establishes the port information of the corresponding ports using the content in the fingerprint base of port in account information bank;Such as
The port information that the corresponding ports are recorded in fruit account information bank does not have the port information recorded in the fingerprint table of port comprehensive, then
The port of the corresponding ports recorded in account information bank is updated using the port information of the record corresponding ports in the fingerprint table of port
Information.
The preset port fingerprint table include: the opening status of port, the corresponding equipment in port, port operation clothes
Business, the agreement of port, the corresponding database in port, the corresponding middleware in port etc..
The banners information of the port includes the attribute information of port, such as: the corresponding equipment in port, port are corresponding
Type, the corresponding device model in port of equipment etc..
In specific application, the port that each terminal is scanned using scanning tools, obtained return information keyword are as follows: favour
General, printer, HP color LaserJet 2840.Identify that the port is HP in fingerprint table by keyword match
The corresponding port of Hewlett-Packard's printer of 2840 model of color LaserJet, further, based on corresponding processing script, benefit
With the information about Hewlett-Packard's printer recorded in the fingerprint table of port, to the letter for recording Hewlett-Packard's printer in account information bank
Breath carries out perfect;It is right using the information about Hewlett-Packard's printer recorded in fingerprint table or based on corresponding processing script
The information of Hewlett-Packard's printer in account information bank is established, and realizes the update to account information bank.
Network Security Device monitoring information obtains module 220, for periodically obtaining each Network Security Device detection from network
The inside hidden danger vulnerability information and external attack information arrived.
In embodiments of the present invention, a preset period, such as one day or 12 hours periodically be can be, it is fixed
Phase obtains inside hidden danger vulnerability information and the external attack information that each Network Security Device detects from network to guarantee entirely
The security information of the acquisition equipment in face prevents from omitting the portion of security information that safety equipment detects.It is appreciated that this field skill
The time interval that art personnel can also obtain according to actual application scenarios, the embodiment of the present invention are without limitation.
In concrete application, using python programming language, information collection script software is worked out, spiders side is utilized
Method crawls hidden danger vulnerability information and external attack information, the spiders side inside the equipment that each Network Security Device detects
Method using in python language the library requests and selenium library realize.The internal hidden danger vulnerability information includes: to be
System loophole data, configuration compliance, update timeliness, unlawful practice at high-risk open-ended.The external attack information includes net
The information that network and system are attacked.
Secondary filter module 230, for for being detected to each Network Security Device equipment vulnerability information and outside attack
Information is hit to be filtered.
In embodiments of the present invention, the inside hidden danger vulnerability information and outside detected due to some Network Security Devices is attacked
Information is hit with very high rate of false alarm, it is difficult to the letter of internal hidden danger vulnerability information and external attack is quickly detected from the network equipment
Really internal hidden danger vulnerability information and external attack information are found in breath.It is hidden to each inside in the embodiment of the present invention based on this
Suffer from vulnerability information and external attack use of information secondary filter model carries out secondary filter, can quickly position effective equipment leakage
Hole information and external attack information reject unnecessary interference, the threat that efficient process really occurs.The secondary filter model
In be integrated with setting white list, deep-packet detection analysis, enterprise network security personnel's long-term accumulation knowledge experience algorithm.Its
In, the setting white list includes: some internal hidden danger vulnerability informations for arriving the frequent erroneous detection of Network Security Device and/or outside
Attack information is added in white list, for when Network Security Device detect again these internal hidden danger vulnerability informations and/or
When external attack information, judge them for non-internal hidden danger vulnerability information and/or external attack information.The deep-packet detection point
Analysis is a kind of new technology for relatively common message analysis, in four layers of common packet check only analyzing IP packet are below
Hold, including source address, destination address, source port, destination port and protocol type, and deep-packet detection analysis is then basic herein
On, the analysis to application layer is increased, may recognize that various applications and its content.It is capable of detecting when using deep-packet detection analysis
The content layer of internal hidden danger vulnerability information and/or external attack information, thus be made whether as internal hidden danger vulnerability information and/or
The judgement of external attack information.The knowledge experience algorithm of the enterprise network security personnel long-term accumulation is including the use of enterprise network
The knowledge experience of administrative staff's long-term accumulation is filtered internal hidden danger vulnerability information and/or external attack information, filters out
The erroneous detection information that often occurs before some Network Security Device or to multiple Network Security Devices while the outside that detects
Information is attacked without filtering.
Equipment judgment module 240, for referring to from preset equipment according to internal hidden danger vulnerability information and external attack information
Determine that there is the first equipment of internal hidden danger loophole and the second equipment by external attack information attack in line table.
In embodiments of the present invention, the internal hidden danger vulnerability information includes: system vulnerability data, host and the network equipment
The timeliness that high-risk open-ended situation, host configuration compliance, host virus base feature database update, the unlawful practice of user
Deng;External attack information includes network and the information etc. that system is attacked.Include in the preset device-fingerprint table with
Device IP is keyword record facility information, is specifically included: IP address of equipment, device name, address belonging to IP address of equipment
Section, region belonging to device IP, the physical location of device IP deployment, the administrative staff of equipment, administrative staff contact method, set
Standby operating system, equipment are virtual machine or physical machine, equipment belong to that information is inside and outside or information outer net.
In embodiments of the present invention, include in the inside hidden danger vulnerability information detected using Network Security Device
Using the first equipment as the partial information of keyword, for example, equipment title or equipment IP address, can be using the information
Find out that there are the first equipment of the hidden danger vulnerability information in device-fingerprint table.Likewise, described examined using Network Security Device
It include that can be, the behaviour of equipment using under fire the second equipment as the partial information of keyword in the external attack information measured
Make system, is able to confirm that out the second equipment by external attack information attack in device-fingerprint table using the information.
In concrete application, if including that there is internal hidden danger loophole in the equipment inside hidden danger vulnerability information detected
Device name and model are then searched in device-fingerprint table with the title of equipment and model keyword, are found corresponding
First equipment, and then the account information of first equipment is searched in account information bank, to carry out subsequent corresponding operating.Such as
The device external attack information that fruit detects includes the operating system of the second equipment, then using the operating system of equipment as keyword
It is searched in fingerprint table, finds corresponding second equipment, and then search second equipment in account information bank in turn
Account information, to carry out subsequent corresponding operating.
Scan module 250, for periodically pass through each server of network sweep, terminal and the network equipment port, obtain with
The port information of the server ip, terminal IP and the associated first port for having opened service of network appliance IP.
In embodiments of the present invention, in embodiments of the present invention, it periodically can be a preset period, such as
One day or 12 hours, periodically by the port information of each server of network sweep, terminal and the network equipment can guarantee by
The port for having opened service, which is all scanned, to be arrived, to prevent from omitting open high-risk port and loophole port.It is appreciated that this field skill
Art personnel can also set the time interval of scanning port according to actual application scenarios, and the embodiment of the present invention does not limit this
System.
In embodiments of the present invention, it can be utilization using the port of each server of network sweep, terminal and the network equipment
The network sweep that the scanning tools of installation on a virtual machine carry out.For the network sweep of the scanning tools, the server,
Terminal and the network equipment return to the first port information for the service of having opened to scanning tools.The first port information includes first
The opening status of port and the attribute of first port.
In a concrete application scene of the invention, shell script is write in server end, according to IP to be scanned
Section carries out scan round to described IP sections associated terminal prot using the masscan scanning tools of installation on the server, and
The port information is stored as xml document by the port information for acquiring the first port -- > python script is write, and will
Each single xml document merges as an xml document and carries out xml document parsing.
Port detecting module 260, for judging the first loophole port from the port information of the first port.
In the bright embodiment of we, the port information of the first port for the service of having been opened is scanned by aforementioned network,
For network security, write Hole Detection script and Hole Detection carried out to the first port for the service that opened, determine include
First loophole port of loophole service or high-risk service.
Further, the port detecting module 260 includes that Hole Detection submodule 2601 and loophole port determine submodule
Block 2602;
Hole Detection submodule 2601 determines the port information of first port with the presence or absence of loophole using Hole Detection script
Information.
In our embodiment, aforementioned scan is detected using the Hole Detection script write and obtains the port letter of first port
Whether breath is leaky, and Hole Detection is based on network security and checks oneself Hole Detection specification.The Hole Detection script refers to according to port
The port information of first port in line table works out corresponding Hole Detection script, realizes the automatic detection of loophole.The network
Safety checks oneself the detailed technical requirements that Hole Detection specification defines every kind of Hole Detection, the formulation standardized by this, it is ensured that
In the normal operation for carrying out will not influence operation system when Hole Detection work.Such as: for weak passwurd Hole Detection, network peace
The number for defining the weak passwurd write in Hole Detection specification is checked oneself entirely and sends the time interval of weak passwurd.
In a concrete application scene of the invention, Hole Detection script is worked out using python programming language, is realized
The automatic detection of loophole.Leak detection method is sent out using the vulnerability scanning function of calling nmap and using the library socket of python
Relevant vulnerability is sent to detect payload.
In a concrete application scene of the invention, the open information on services of first port is obtained using aforementioned scanning,
It is authenticated using fingerprint table, determines that the open service of the first port is FTP service, the system then calls FTP automatically
Weak passwurd Hole Detection script detects the first port with the presence or absence of weak passwurd loophole.Specific detection process are as follows: utilize FTP
Weak passwurd Hole Detection script sends weak passwurd to the first port for having opened FTP service, if obtaining returned data,
Then there are weak passwurd loopholes for the first port, if there is no returned data, weak passwurd is not present in the first port
Loophole.
Loophole port determines submodule 2602, for determining that there are the loophole port of vulnerability information be the first loophole port.
In embodiments of the present invention, if there are vulnerability informations in the port information of the first port, it is determined that described
Loophole port is the first loophole port.
In a concrete application scene of the invention, if fruit detects that some first port with FTP service exists
Weak passwurd loophole, it is determined that the first port with weak passwurd risk is the first loophole port.
Administrative staff's determining module 270, for finding out first equipment, the second equipment and institute according to account information bank
State the corresponding administrative staff in the first loophole port.
In embodiments of the present invention, the pipe of device name, the IP address of equipment, equipment is described in the account information bank
The information such as reason personnel.Go out the first equipment, the second equipment by writing the content search that lookup script is recorded in account information bank
Corresponding administrative staff further set internal hidden danger loophole and second existing for first equipment by the administrative staff
Standby existing external attack information is handled.It is found out in the account information bank by searching for script and has recorded the first leakage
The corresponding Port Management personnel in hole port, and then by the administrative staff to vulnerability information existing for first loophole port
It is handled.
Inspection information sending module 280, for determining the correspondent party of the administrative staff according to preset user's table
Formula, and inspection information is sent to administrative staff by the contact method;The inspection information includes the hidden of first equipment
Suffer from the vulnerability information of vulnerability information, the external attack information of the second equipment and the first loophole port.
In embodiments of the present invention, stored in preset user's table administrative staff list and corresponding correspondent party
Formula, the administrative staff include: network security technology personnel, various network security management personnel, network device management maintenance people
The list and contact method of member, terminal user of service, maintenance personnel, server maintenance personnel, management owner.It is looked into according to aforementioned
The first equipment, the second equipment and the corresponding administrative staff in first loophole port found, using lookup script preset
The contact method that corresponding administrative staff are found out in user's table sends inspection letter to administrative staff by the contact method
Breath.The contact method includes phone number and/or wechat account and/or email account.
The network security technology personnel are used to carry out artificial treatment to particular problem present in inspection information report.Institute
Network security management personnel at different levels are stated for knowing particular problem present in inspection information report, and to inspection information report into
Row management.The network device management maintenance personnel is the personnel that maintenance is managed for specific equipment.Terminal user
Member be the terminal user of service, maintenance personnel be the maintenance personnel of the terminal, server maintenance personnel is the service
The maintenance personnel of device, management responsibility artificially manage the person liable of the server.
In embodiments of the present invention, the statistical data of the inspection information is sent to the pipe using SMS transmission module
Reason personnel.Being achieved in that for SMS transmission module can be with if unit does not have Short Message Service Gateway using the Short Message Service Gateway realization of company
Using modules such as SMS modules such as Siemens T35, short message is write using python language and sends script, to different user class
Different statistical data is sent, realizes that classification is sent.
In embodiments of the present invention, and/or using the wechat webpage version that is mounted on the cruising inspection system by inspection information
Statistical data be sent to corresponding administrative staff.
In an embodiment of the present invention, and/or using mail by more detailed inspection information in attachment with excel shape
Formula is sent to corresponding administrative staff.Content in Email attachment includes first equipment, the second equipment, the first loophole port
Ip, ip section affiliated, unit, department, user, safeguards that people, user safeguard the phone of people, device name, equipment shape at department
State, deployed with devices physical location, there are the problem of etc. information.
Secure processing module 290, for according to the inspection information, administrative staff to relevant device or related port into
Row safe handling.
In embodiments of the present invention, administrative staff carry out inspection information after receiving short message or/and wechat or/and mail
Confirmation and disposition send feedback information, network security personnel to network security personnel and after being disposed to inspection information
Upon reception of the feedback information, feedback information is subjected to typing, realizes closing for internal hidden danger vulnerability information and external attack information
Endless tube reason and efficiently disposition.
The information for the safety equipment monitoring that the embodiment of the present invention has been disposed by integration is mended each other with the information from main scanning
It fills, the security risk and external attack information of comprehensive monitoring Network and information system.Meanwhile carrying out hidden danger loophole and attack information
Secondary filter, can quickly position effective security alarm information and vulnerability information, reject unnecessary interference.
The embodiment of the present invention uses timed task inspection, exports result automatically.Periodically automatically by high-risk port information, exist
The information such as loophole port form statistical report form, automation is sent to administrative staff by short message, wechat or lettergram mode.
The source code of the embodiment of the present invention has opening, can flexibly be transplanted to other enterprise, can also customized phase
The plug-in unit of pass.
[system embodiment three]
Referring to Fig. 3, one of embodiment of the present invention network security cruising inspection system structure chart is shown.The system is first
The foundation in initial account library is carried out in the database: the arrangement script worked out using the embodiment of the present invention, according to database table
In in format, the equipment account that artificial early period is arranged and port account nonstandard form collator at specification format.Secondly,
The update and supplement in initial account library are carried out using data acquisition modes, the data acquisition includes acquiring each Network Security Device
The equipment or/and port information that detect and setting using the collected server of network sweep tool, terminal and the network equipment
Standby information or/and port information.Specifically: using collected facility information or/and port information as keyword, equipment or/
With the fingerprint recognition for carrying out equipment or/and port in the fingerprint base of port, and the facility information not having in the account library recognized
Or/and port information is entered into account library.
In embodiments of the present invention, using network sweep tool to the port for scanning each server, terminal and the network equipment,
The port information for having opened serve port is obtained, network is based on using Hole Detection script and carries out Hole Detection, specifically: it is directed to
The port of different service types is based on inspection criterion using different Hole Detection scripts and detects by network described to have opened clothes
The vulnerability information is then sent to corresponding administrative staff, is located by the port of business with the presence or absence of loophole if there is loophole
It sets.
In embodiments of the present invention, the inside hidden danger loophole or external attack information benefit each Network Security Device detected
Secondary filter is carried out with secondary filter model algorithm, quickly positions effective equipment vulnerability information and external attack information, is rejected
Unnecessary interference, the threat that efficient process really occurs.The secondary filter model algorithm be integrated with setting white list algorithm,
Deep-packet detection parser, accurate canonical matching algorithm, the knowledge experience algorithm of enterprise network security personnel's long-term accumulation.
In embodiments of the present invention, the inside hidden danger loophole detected each Network Security Device using report output script
And/or the vulnerability information that scans of external attack information and/or network tool is written as inspection information report and is exported.And lead to
It crosses short message and/or wechat and/or mail and the inspection information report is sent to related management personnel.The related management people
Member includes: network security technology personnel, network security management personnel at different levels, network device management maintenance personnel, terminal user
Member, maintenance personnel, server maintenance personnel, management owner.The network security technology personnel in inspection information report to depositing
Particular problem carry out artificial treatment.The network security management personnel at different levels are known specific present in inspection information report
Problem, and inspection information report is managed.The network device management maintenance personnel is managed for specific equipment
The personnel of maintenance.Terminal user of service is the user of service of the terminal, maintenance personnel is the terminal maintenance personnel, service
Device maintenance personnel artificially manages the person liable of the server for the maintenance personnel of the server, management responsibility.
The information for the safety equipment monitoring that the embodiment of the present invention has been disposed by integration is mended each other with the information from main scanning
It fills, the security risk and external attack information of comprehensive monitoring Network and information system.Meanwhile carrying out hidden danger loophole and attack information
Secondary filter, can quickly position effective security alarm information and vulnerability information, reject unnecessary interference.
The embodiment of the present invention uses timed task inspection, exports result automatically.Periodically automatically by high-risk port information, exist
The information such as loophole port form statistical report form, automation is sent to administrative staff by short message, wechat or lettergram mode.
The source code of the embodiment of the present invention has opening, can flexibly be transplanted to other enterprise, can also customized phase
The plug-in unit of pass.
[system embodiment four]
Referring to Fig. 4, the step flow chart of one of embodiment of the present invention network security method for inspecting is shown.
Step 410 establishes account information bank;
In embodiments of the present invention, establishing account information bank includes following sub-step:
Initial account information bank is established according to artificial account information;
The information update account information bank of the information and network security equipment detection of regular utilization network sweep tool scans.
Step 420 periodically obtains inside hidden danger vulnerability information that each Network Security Device detects from network and outside is attacked
Hit information,;
Step 430, the equipment vulnerability information detected to each Network Security Device and external attack information carry out secondary mistake
Filter;
Step 440, according to internal hidden danger vulnerability information and external attack information, determined from preset device-fingerprint table
The first equipment with internal hidden danger loophole loophole and the second equipment by external attack information attack;
Step 450, each server of network sweep, terminal and the network equipment port, obtain with the server ip, terminal
The port information of IP and the associated first port for having opened service of network appliance IP;
Step 460 detects the port that springs a leak from the port information of the first port;
In embodiments of the present invention, the step 460 includes following sub-step:
Determine the port information of first port with the presence or absence of vulnerability information using Hole Detection script;
Determine that there are the loophole port of vulnerability information be the first loophole port.
Step 470 finds out the first equipment, the corresponding management of the second equipment and the loophole port according to account information bank
Personnel;
Step 480, according to preset user's table, determine the contact method of the administrative staff, and pass through the connection
Mode sends inspection information to administrative staff;
In the embodiment of the present invention, the inspection information includes the outside of the vulnerability information of first equipment, the second equipment
Attack the vulnerability information of information and loophole port.
Step 490, according to the inspection information, administrative staff carry out safe handling to relevant device or related port.
The information for the safety equipment monitoring that the embodiment of the present invention has been disposed by integration is mended each other with the information from main scanning
It fills, the security risk and external attack information of comprehensive monitoring Network and information system.Meanwhile carrying out hidden danger loophole and attack information
Secondary filter, can quickly position effective security alarm information and vulnerability information, reject unnecessary interference.
The embodiment of the present invention uses timed task inspection, exports result automatically.Periodically automatically by high-risk port information, exist
The information such as loophole port form statistical report form administrative staff are sent to by short message, wechat or lettergram mode.
The source code of the embodiment of the present invention has opening, can flexibly be transplanted to other enterprise, can also customized phase
The plug-in unit of pass.
For embodiment of the method, since it is substantially similar to system embodiment, so be described relatively simple, it is related
Place illustrates referring to the part of system embodiment.
All the embodiments in this specification are described in a progressive manner, the highlights of each of the examples are with
The difference of other embodiments, the same or similar parts between the embodiments can be referred to each other.
It should be understood by those skilled in the art that, the embodiments of the present application may be provided as method, apparatus or calculating
Machine program product.Therefore, the embodiment of the present application can be used complete hardware embodiment, complete software embodiment or combine software and
The form of the embodiment of hardware aspect.Moreover, the embodiment of the present application can be used one or more wherein include computer can
With in the computer-usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) of program code
The form of the computer program product of implementation.
In a typical configuration, the computer equipment includes one or more processors (CPU), input/output
Interface, network interface and memory.Memory may include the non-volatile memory in computer-readable medium, random access memory
The forms such as device (RAM) and/or Nonvolatile memory, such as read-only memory (ROM) or flash memory (flash RAM).Memory is to calculate
The example of machine readable medium.Computer-readable medium includes that permanent and non-permanent, removable and non-removable media can be with
Realize that information is stored by any method or technique.Information can be computer readable instructions, data structure, the module of program or
Other data.The example of the storage medium of computer includes, but are not limited to phase change memory (PRAM), static random access memory
(SRAM), dynamic random access memory (DRAM), other kinds of random access memory (RAM), read-only memory
(ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory techniques, CD-ROM are read-only
Memory (CD-ROM), digital versatile disc (DVD) or other optical storage, magnetic cassettes, tape magnetic disk storage or
Other magnetic storage devices or any other non-transmission medium, can be used for storage can be accessed by a computing device information.According to
Herein defines, and computer-readable medium does not include non-persistent computer readable media (transitory media), such as
The data-signal and carrier wave of modulation.
The embodiment of the present application is referring to according to the method for the embodiment of the present application, terminal device (system) and computer program
The flowchart and/or the block diagram of product describes.It should be understood that flowchart and/or the block diagram can be realized by computer program instructions
In each flow and/or block and flowchart and/or the block diagram in process and/or box combination.It can provide these
Computer program instructions are set to general purpose computer, special purpose computer, Embedded Processor or other programmable data processing terminals
Standby processor is to generate a machine, so that being held by the processor of computer or other programmable data processing terminal devices
Capable instruction generates for realizing in one or more flows of the flowchart and/or one or more blocks of the block diagram
The device of specified function.
These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing terminal devices
In computer-readable memory operate in a specific manner, so that instruction stored in the computer readable memory generates packet
The manufacture of command device is included, which realizes in one side of one or more flows of the flowchart and/or block diagram
The function of being specified in frame or multiple boxes.
These computer program instructions can also be loaded into computer or other programmable data processing terminal devices, so that
Series of operation steps are executed on computer or other programmable terminal equipments to generate computer implemented processing, thus
The instruction executed on computer or other programmable terminal equipments is provided for realizing in one or more flows of the flowchart
And/or in one or more blocks of the block diagram specify function the step of.
Although preferred embodiments of the embodiments of the present application have been described, once a person skilled in the art knows bases
This creative concept, then additional changes and modifications can be made to these embodiments.So the following claims are intended to be interpreted as
Including preferred embodiment and all change and modification within the scope of the embodiments of the present application.
Finally, it is to be noted that, herein, relational terms such as first and second and the like be used merely to by
One entity or operation are distinguished with another entity or operation, without necessarily requiring or implying these entities or operation
Between there are any actual relationship or orders.Moreover, the terms "include", "comprise" or its any other variant meaning
Covering non-exclusive inclusion, so that process, method, article or terminal device including a series of elements not only wrap
Those elements are included, but also including other elements that are not explicitly listed, or further includes for this process, method, article
Or the element that terminal device is intrinsic.In the absence of more restrictions, being wanted by what sentence "including a ..." limited
Element, it is not excluded that there is also other identical elements in process, method, article or the terminal device for including the element.
Above to a kind of network security cruising inspection system provided herein, a kind of network security method for inspecting, carry out
It is discussed in detail, specific examples are used herein to illustrate the principle and implementation manner of the present application, above embodiments
Illustrate to be merely used to help understand the present processes and its core concept;At the same time, for those skilled in the art, according to
According to the thought of the application, there will be changes in the specific implementation manner and application range, in conclusion the content of the present specification
It should not be construed as the limitation to the application.
Claims (10)
1. a kind of network security cruising inspection system, which is characterized in that the system comprises:
Account information bank establishes module, for establishing account information bank;
Network Security Device detection information obtains module, for periodically obtaining the inside that each Network Security Device detects from network
Hidden danger vulnerability information and external attack information;
Equipment judgment module is used for according to internal hidden danger vulnerability information and external attack information, from preset device-fingerprint table
Determine that there is the first equipment of internal hidden danger loophole and the second equipment by external attack information attack;
Scan module obtains and the service for periodically passing through the port of each server of network sweep, terminal and the network equipment
The port information of device IP, terminal IP and the associated first port for having opened service of network appliance IP;
Port detecting module, for detecting the first loophole port from the port information of the first port;
Administrative staff's determining module, for finding out first equipment, the second equipment and described first according to account information bank
The corresponding administrative staff in loophole port;
Inspection information sending module, for determining the contact method of the administrative staff, and pass through according to preset user's table
The contact method sends inspection information to administrative staff;The inspection information includes the hidden danger loophole letter of first equipment
The vulnerability information of breath, the external attack information of the second equipment and the first loophole port.
2. system according to claim 1, which is characterized in that the account information bank establishes module and includes:
Initial account information bank setting up submodule, for establishing initial account information bank according to artificial account information;
Account information bank updates submodule, and the information and network security equipment for regular utilization network sweep tool scans detects
Information update account information bank.
3. system according to claim 1, which is characterized in that the system also includes:
Secondary filter module, equipment vulnerability information and external attack information for detecting to each Network Security Device carried out
Filter.
4. system according to claim 1, it is characterised in that: the system also includes:
Secure processing module, for according to the inspection information, administrative staff to be to the first equipment, the second equipment and first leakage
Hole port carries out safe handling.
5. system according to claim 1, which is characterized in that the port detecting module includes:
Hole Detection submodule, for determining that the port information of first port is believed with the presence or absence of loophole using Hole Detection script
Breath;
Loophole port determines submodule, for determining that there are the loophole port of vulnerability information be the first loophole port.
6. a kind of network security method for inspecting, which is characterized in that the described method includes:
Establish account information bank;
Periodically the inside hidden danger vulnerability information and external attack information that each Network Security Device detects are obtained from network;
According to internal hidden danger vulnerability information and external attack information, determine that there is internal hidden danger from preset device-fingerprint table
First equipment of loophole loophole and the second equipment by external attack information attack;
The port of each server of network sweep, terminal and the network equipment obtains and the server ip, terminal IP and the network equipment
The port information of the associated first port for having opened service of IP;
The port that springs a leak is detected from the port information of the first port;
The first equipment, the second equipment and the corresponding administrative staff in the loophole port are found out according to account information bank;
According to preset user's table, the contact method of the administrative staff is determined, and pass through the contact method to administrator
Member sends inspection information;The inspection information includes the external attack information of the vulnerability information of first equipment, the second equipment
With the vulnerability information of loophole port.
7. according to the method described in claim 6, it is characterized in that, the account information bank of establishing includes:
Initial account information bank is established according to artificial account information;
The information update account information bank of the information and network security equipment detection of regular utilization network sweep tool scans.
8. according to the method described in claim 6, it is characterized in that, described periodically obtain each Network Security Device detection from network
After the equipment vulnerability information and external attack information that arrive further include:
The equipment vulnerability information and external attack information detect to each Network Security Device carries out secondary filter.
9. according to the method described in claim 6, determining the management it is characterized in that, described according to preset user's table
The contact method of personnel, and by the contact method to administrative staff send inspection information after further include:
According to the inspection information, administrative staff carry out safe place to the first equipment, the second equipment and first loophole port
Reason.
10. system according to claim 6, which is characterized in that described to be detected from the port information of the first port
The port that springs a leak includes:
Determine the port information of first port with the presence or absence of vulnerability information using Hole Detection script;
Determine that there are the loophole port of vulnerability information be the first loophole port.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811279480.4A CN109639631A (en) | 2018-10-30 | 2018-10-30 | A kind of network security cruising inspection system and method for inspecting |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811279480.4A CN109639631A (en) | 2018-10-30 | 2018-10-30 | A kind of network security cruising inspection system and method for inspecting |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109639631A true CN109639631A (en) | 2019-04-16 |
Family
ID=66066898
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811279480.4A Pending CN109639631A (en) | 2018-10-30 | 2018-10-30 | A kind of network security cruising inspection system and method for inspecting |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109639631A (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111131239A (en) * | 2019-12-23 | 2020-05-08 | 杭州安恒信息技术股份有限公司 | Network security device, method, equipment and medium |
| CN111526196A (en) * | 2020-04-22 | 2020-08-11 | 中电福富信息科技有限公司 | Method and system for managing port account based on open source scanner |
| CN112152838A (en) * | 2020-08-14 | 2020-12-29 | 上海纽盾科技股份有限公司 | Intelligent supervision method, device and system for network security equipment |
| CN113676473A (en) * | 2021-08-19 | 2021-11-19 | 中国电信股份有限公司 | Network service safety protection device, method and storage medium |
| CN114221775A (en) * | 2020-09-18 | 2022-03-22 | 北京金山云网络技术有限公司 | Early warning method and device for dangerous port, cloud server and storage medium |
| CN114513329A (en) * | 2021-12-31 | 2022-05-17 | 徐工汉云技术股份有限公司 | Industrial Internet information security assessment method and device |
| CN114553526A (en) * | 2022-02-22 | 2022-05-27 | 国网河北省电力有限公司电力科学研究院 | Network security vulnerability position detection method and system |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030212779A1 (en) * | 2002-04-30 | 2003-11-13 | Boyter Brian A. | System and Method for Network Security Scanning |
| CN101610174A (en) * | 2009-07-24 | 2009-12-23 | 深圳市永达电子股份有限公司 | A kind of log correlation analysis system and method |
| CN103748999B (en) * | 2010-06-09 | 2012-02-08 | 北京理工大学 | A kind of network safety situation integrated estimation system |
| CN104125197A (en) * | 2013-04-24 | 2014-10-29 | 阿里巴巴集团控股有限公司 | Security baseline system and method thereof for implementing security checks |
| CN104901960A (en) * | 2015-05-26 | 2015-09-09 | 汉柏科技有限公司 | Device and method for network security management based on alarm strategy |
| CN108200029A (en) * | 2017-12-27 | 2018-06-22 | 北京知道创宇信息技术有限公司 | Loophole situation detection method, device, server and readable storage medium storing program for executing |
-
2018
- 2018-10-30 CN CN201811279480.4A patent/CN109639631A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030212779A1 (en) * | 2002-04-30 | 2003-11-13 | Boyter Brian A. | System and Method for Network Security Scanning |
| CN101610174A (en) * | 2009-07-24 | 2009-12-23 | 深圳市永达电子股份有限公司 | A kind of log correlation analysis system and method |
| CN103748999B (en) * | 2010-06-09 | 2012-02-08 | 北京理工大学 | A kind of network safety situation integrated estimation system |
| CN104125197A (en) * | 2013-04-24 | 2014-10-29 | 阿里巴巴集团控股有限公司 | Security baseline system and method thereof for implementing security checks |
| CN104901960A (en) * | 2015-05-26 | 2015-09-09 | 汉柏科技有限公司 | Device and method for network security management based on alarm strategy |
| CN108200029A (en) * | 2017-12-27 | 2018-06-22 | 北京知道创宇信息技术有限公司 | Loophole situation detection method, device, server and readable storage medium storing program for executing |
Non-Patent Citations (2)
| Title |
|---|
| 李克: "《计算机网络技术学习宝典》", 31 December 2010 * |
| 李浪: "《网络安全与密码技术导论》", 31 December 2015 * |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111131239A (en) * | 2019-12-23 | 2020-05-08 | 杭州安恒信息技术股份有限公司 | Network security device, method, equipment and medium |
| CN111131239B (en) * | 2019-12-23 | 2022-03-22 | 杭州安恒信息技术股份有限公司 | Network security device, method, equipment and medium |
| CN111526196A (en) * | 2020-04-22 | 2020-08-11 | 中电福富信息科技有限公司 | Method and system for managing port account based on open source scanner |
| CN111526196B (en) * | 2020-04-22 | 2023-04-07 | 中电福富信息科技有限公司 | Method and system for managing port ledger based on open source scanner |
| CN112152838A (en) * | 2020-08-14 | 2020-12-29 | 上海纽盾科技股份有限公司 | Intelligent supervision method, device and system for network security equipment |
| CN112152838B (en) * | 2020-08-14 | 2022-10-28 | 上海纽盾科技股份有限公司 | Intelligent supervision method, device and system of network security equipment |
| CN114221775A (en) * | 2020-09-18 | 2022-03-22 | 北京金山云网络技术有限公司 | Early warning method and device for dangerous port, cloud server and storage medium |
| CN113676473A (en) * | 2021-08-19 | 2021-11-19 | 中国电信股份有限公司 | Network service safety protection device, method and storage medium |
| CN113676473B (en) * | 2021-08-19 | 2023-05-02 | 中国电信股份有限公司 | Network service safety protection device, method and storage medium |
| CN114513329A (en) * | 2021-12-31 | 2022-05-17 | 徐工汉云技术股份有限公司 | Industrial Internet information security assessment method and device |
| CN114553526A (en) * | 2022-02-22 | 2022-05-27 | 国网河北省电力有限公司电力科学研究院 | Network security vulnerability position detection method and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109639631A (en) | A kind of network security cruising inspection system and method for inspecting | |
| US10795992B2 (en) | Self-adaptive application programming interface level security monitoring | |
| CN104125197B (en) | A kind of security baseline system and its method for realizing safety inspection | |
| CN110472414A (en) | Detection method, device, terminal device and the medium of system vulnerability | |
| US9516041B2 (en) | Cyber security analytics architecture | |
| US8091117B2 (en) | System and method for interfacing with heterogeneous network data gathering tools | |
| EP3763099B1 (en) | Attribute-based policies for integrity monitoring and network intrusion detection | |
| CN105684391A (en) | Automated generation of label-based access control rules | |
| CN104361035B (en) | The method and device of Test database tampering | |
| CN107251513A (en) | System and method for the accurate guarantee of Malicious Code Detection | |
| CN105678193B (en) | A kind of anti-tamper treating method and apparatus | |
| CN105812200B (en) | Anomaly detection method and device | |
| CN101438255A (en) | Network and application attack protection based on application layer message inspection | |
| CN109639630A (en) | A kind of terminal prot managing and control system and management-control method | |
| CN109922026A (en) | Monitoring method, device, system and the storage medium of one OT system | |
| CN110311927B (en) | Data processing method and device, electronic device and medium | |
| US20150254783A1 (en) | Systems and methods for estate account discovery | |
| CN108616544A (en) | For detecting newer method, system and medium to record of domain name system system | |
| Krauß et al. | Ontology-based detection of cyber-attacks to SCADA-systems in critical infrastructures | |
| CN111126729A (en) | Intelligent safety event closed-loop disposal system and method thereof | |
| CN110138731A (en) | A kind of network anti-attack method based on big data | |
| CN108574681B (en) | Intelligent server scanning method and device | |
| CN106470203A (en) | Information getting method and device | |
| CN113098758A (en) | Enterprise message pushing security gateway system based on enterprise WeChat | |
| CN110381090A (en) | Terminal abnormal detection method, device, detection device and machine readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190416 |