CN109698821A - Transregional vulnerability database is shared and cooperative disposal system and method - Google Patents

Transregional vulnerability database is shared and cooperative disposal system and method Download PDF

Info

Publication number
CN109698821A
CN109698821A CN201811408976.7A CN201811408976A CN109698821A CN 109698821 A CN109698821 A CN 109698821A CN 201811408976 A CN201811408976 A CN 201811408976A CN 109698821 A CN109698821 A CN 109698821A
Authority
CN
China
Prior art keywords
loophole
great
vulnerability database
management information
quickly
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811408976.7A
Other languages
Chinese (zh)
Other versions
CN109698821B (en
Inventor
沈桂泉
龙震岳
刘晔
沈伍强
陈守明
余志文
艾解清
肖建毅
陈晓江
李波
吉威炎
杨少滨
李虹
谭近军
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Information Center of Guangdong Power Grid Co Ltd
Original Assignee
Information Center of Guangdong Power Grid Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Information Center of Guangdong Power Grid Co Ltd filed Critical Information Center of Guangdong Power Grid Co Ltd
Priority to CN201811408976.7A priority Critical patent/CN109698821B/en
Publication of CN109698821A publication Critical patent/CN109698821A/en
Application granted granted Critical
Publication of CN109698821B publication Critical patent/CN109698821B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/55Push-based network services

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Stored Programmes (AREA)

Abstract

A kind of transregional vulnerability database is shared with cooperative disposal system and method, including production control great Qu and management information great Qu, production control great Qu does not have internet connection, and there are private network of electric power system network safety insulating devices between management information great Qu, and vulnerability database information sharing is carried out between the area Liang Ge great by transregional vulnerability database synchronization mechanism;The vulnerability database of management information great Qu obtains data by internet, and manufacturer's vulnerability database obtains data from preset loophole Radar interface;Management information great Qu updates its vulnerability database information by internet, and by the data transmission mechanism of private network of electric power system network safety insulating device, the loophole for pushing to production control great Qu quickly administers control platform;The loophole of production control great Qu quickly administers control platform and updates its vulnerability database information by interface, and the loophole for pushing to management information great Qu quickly administers control platform;Under policy control, periodic synchronization exchanges vulnerability database information, and updates respective vulnerability database by management information and production control great Qu.

Description

Transregional vulnerability database is shared and cooperative disposal system and method
Technical field
The present invention relates to a kind of transregional vulnerability databases to share and cooperative disposal system and method.
Background technique
Information systems internetting space is made of countless nodes, each node be one access network IT assets (or Claim information assets), information assets include host operating system, the network equipment, safety equipment, database, middleware, using group Part.Information assets is most basic most important carrier in information security management.With going from strength to strength for intra-enterprise business, business Information-based high speed development, various businesses support platform and management system become increasingly complex, and information assets such as server, storage are set The standby, network equipment, safety equipment quantity are cumulative, and type is also more and more abundant, bring the Assets Management of administrator More difficult.Over time, a large amount of dereliction assets, corpse assets are produced, these assets long-time unmanned maintenances cause to deposit In more known bugs and configuration violation.More seriously these assets are difficult to be included within the scope of administrator's daily maintenance, Very big hidden danger is brought for enterprise security, becomes the weakness of enterprise information security.
By taking power grid enterprises as an example, common power information equipment, as server, interchanger, router, power communication are whole End, intelligent transformer equipment etc. will affect the normal confession of the normal acquisition and electrical power services of power information once safety problem occurs It answers, not only brings inconvenience to the daily production and living of people, will also result in great economic loss.
Loophole be in defect present on hardware, software, the specific implementation of agreement or System Security Policy, so as to so that Attacker can access or destroy system in the case where unauthorized, be restricted computer, component, application program or other The unprotected entrance that online dictionary leaves unintentionally.Since being concerned from the nineties in last century, information security loophole Quantity, type are evolving always, and the type of security breaches reporting platform is also being enriched constantly, especially into " internet + " after, other than traditional platform as CNVD based on the mature software and hardware system loophole of notification, have also appeared as " mending It " such safety to be notified to based on enterprises and institutions' information system security loophole, so-called linking " white-hat " and enterprise Loophole platform.For enterprise, the source of loophole is more various, and type is more abundant, is virtually increasing Vulnerability Management The difficulty of work, it is desirable that enterprise necessarily is formed specification, the security breaches management process of closed loop, should obtain including vulnerability information in process Take, the discovery of local system loophole, loophole hazard evaluation, loophole processing (including can repair loophole rectification and rectification result verification, The disposition of unrepairable loophole), loophole harm the links such as reexamines.
For power grid, it there are management information great Qu and production control great Qu, how breaks existing information point peace safely The whole district manages alone, protection mode alone, reaches the ability of transregional information security loophole composite defense, disposition, is existing skill Art urgent problem to be solved.
Summary of the invention
It is shared and cooperate with place it is a primary object of the present invention in view of the deficiencies of the prior art, provide a kind of transregional vulnerability database Set system and method.
To achieve the above object, the invention adopts the following technical scheme:
A kind of transregional vulnerability database is shared with cooperative disposal system, the life including quickly administering control platform with respective loophole Control great Qu and management information great Qu is produced, the production control great Qu does not have internet connection, and the production controls great Qu There are private network of electric power system network safety insulating devices between the management information great Qu, by transregional vulnerability database synchronization mechanism two The vulnerability database information for quickly administering control platform between the area Ge great to loophole is shared;
Wherein loophole quickly administers the open source vulnerability database and production control that the vulnerability database of control platform includes management information great Qu Manufacturer's vulnerability database in the area Zhi great, the open source vulnerability database obtain data by internet, and manufacturer's vulnerability database is from preset leakage Hole Radar interface obtains data;
The management information great Qu updates its vulnerability database information by internet, passes through private network of electric power system network safety insulating device Data transmission mechanism, push to it is described production control great Qu loophole quickly administer control platform;
The loophole of the production control great Qu quickly administers control platform and updates its vulnerability database information by the interface, and The loophole for pushing to management information great Qu quickly administers control platform;
Under policy control, periodic synchronization exchanges respective loophole by the management information great Qu and production control great Qu Library information, and update respective vulnerability database.
It further, further include workform management system,
When the loophole of production control great Qu quickly administers control platform discovery loophole, push loophole threatens big to management information The loophole in area quickly administers control platform;
The loophole of management information great Qu quickly administers control platform and is receiving loophole threat information, creates work order and is pushed away Give the workform management system;
The workform management system confirms the loophole work order received and carries out loophole disposal process;
When the workform management system completion disposition needs to check loophole, it is big to management information to issue review instruction The loophole in area quickly administers control platform;
The loophole of the management information great Qu quickly administers control platform and receives review instruction, is pushed to production control The loophole of great Qu quickly administers control platform, quickly administers control platform by the loophole of production control great Qu and carries out review verifying;
The loophole of production control great Qu quickly administers control platform and completes review task, and scanning result is pushed to management letter The loophole in the area Xi great quickly administers control platform;
The loophole of management information great Qu quickly administers control platform and the scanning result received is pushed to workform management system, Confirm that completing loophole disposes task by workform management system.
Further, further include loophole quickly administer in control platform loophole disposition knowledge base, the research achievement of loophole, Reparation experience is repaired the relevant information of patch and can be uploaded in the loophole disposition knowledge base, and in production control great Qu and It is shared between the platform of management information great Qu,
The patch information and repair suggestion that wherein production control great Qu is added by the knowledge base of formation or manually, can synchronize It is updated to management information great Qu, vice versa, to realize the mutually shared loophole patch in major area and knowledge base;System as a result, After operation maintenance personnel receives new loophole disposition task, query-related information in the loophole disposition knowledge base can be arrived first, and directly It is operated according to the posterior infromation in loophole disposition knowledge base.
A kind of transregional vulnerability database is shared with cooperative disposal method, shared with cooperative disposal system using the transregional vulnerability database System, wherein production control great Qu does not have internet connection, and the production control great Qu and management information great Qu Between there are private network of electric power system network safety insulating device, the method includes by transregional vulnerability database synchronization mechanism in the area Liang Ge great Between quickly administer the vulnerability database information of control platform to loophole and share;
Wherein loophole quickly administers the open source vulnerability database and production control that the vulnerability database of control platform includes management information great Qu Manufacturer's vulnerability database in the area Zhi great, the open source vulnerability database obtain data by internet, and manufacturer's vulnerability database is from preset leakage Hole Radar interface obtains data;
The management information great Qu updates its vulnerability database information by internet, passes through private network of electric power system network safety insulating device Data transmission mechanism, push to it is described production control great Qu loophole quickly administer control platform;
The loophole of the production control great Qu quickly administers control platform and updates its vulnerability database information by the interface, and The loophole for pushing to management information great Qu quickly administers control platform;
Under policy control, periodic synchronization exchanges respective loophole by the management information great Qu and production control great Qu Library, and update respective vulnerability database.
Further, the transregional vulnerability database is shared and cooperative disposal system further includes workform management system, the method Further include:
When the loophole of production control great Qu quickly administers control platform discovery loophole, push loophole threatens big to management information The loophole in area quickly administers control platform;
The loophole of management information great Qu quickly administers control platform and is receiving loophole threat information, creates work order and is pushed away Give the workform management system;
The workform management system confirms the loophole work order received and carries out loophole disposal process;
When the workform management system completion disposition needs to check loophole, it is big to management information to issue review instruction The loophole in area quickly administers control platform;
The loophole of the management information great Qu quickly administers control platform and receives review instruction, is pushed to production control The loophole of great Qu quickly administers control platform, quickly administers control platform by the loophole of production control great Qu and carries out review verifying;
The loophole of production control great Qu quickly administers control platform and completes review task, and scanning result is pushed to management letter The loophole in the area Xi great quickly administers control platform;
The loophole of management information great Qu quickly administers control platform and the scanning result received is pushed to workform management system, Confirm that completing loophole disposes task by workform management system.
Further, the transregional vulnerability database is shared and cooperative disposal system further includes that loophole is quickly administered in control platform Loophole dispose knowledge base, the method also includes the research achievement of: loophole, repair experience, repair in the relevant information of patch It passes in the loophole disposition knowledge base, and shared between production control great Qu and the platform of management information great Qu,
The patch information and repair suggestion that wherein production control great Qu is added by the knowledge base of formation or manually, can synchronize It is updated to management information great Qu, vice versa, to realize the mutually shared loophole patch in major area and knowledge base;System as a result, After operation maintenance personnel receives new loophole disposition task, query-related information in the loophole disposition knowledge base can be arrived first, and directly It is operated according to the posterior infromation in loophole disposition knowledge base.
Further, the disposition includes the reparation of loophole.
The beneficial effects of the present invention are as follows:
It is shared with cooperative disposal method and system that the present invention provides a kind of transregional vulnerability database, by means of the invention it is possible to be formed Management information great Qu and production control great Qu loophole risk cooperative disposal mechanism, not only contribute to comprehensively, accurately and timely realize The risk assessment of system vulnerability, moreover, using the private network of electric power system network safety insulating device, the shared, loophole by vulnerability database Disposition knowledge base is shared and transregional loophole disposes task, eliminates existing information and manages alone safely, protects mould alone in point safety zone Formula there are the problem of, reach the ability of transregional information security loophole composite defense, disposition.Meanwhile the present invention improves production control The area Zhi great is able to ascend the effect of loophole disposition, improves loophole reparation to the ability and efficiency of the risk assessment disposition of loophole Efficiency.
Detailed description of the invention
Fig. 1 is that the transregional vulnerability database of an embodiment of the present invention is shared and cooperative disposal system structure diagram;
Fig. 2 is that the transregional loophole of an embodiment of the present invention disposes schematic diagram;
Fig. 3 is that the loophole of an embodiment of the present invention disposes the shared schematic diagram of knowledge base.
Specific embodiment
It elaborates below to embodiments of the present invention.It is emphasized that following the description is only exemplary, The range and its application being not intended to be limiting of the invention.
Refering to fig. 1, in one embodiment, a kind of transregional vulnerability database is shared with cooperative disposal system, including has respective Production the control great Qu and management information great Qu, the production control great Qu that loophole quickly administers control platform do not have internet company It connects, and there are private network of electric power system network safety insulating devices between the production control great Qu and management information great Qu, lead to It crosses transregional vulnerability database synchronization mechanism and quickly administers the vulnerability database information of control platform to loophole between the area Liang Ge great and share;
Wherein loophole quickly administers the open source vulnerability database and production control that the vulnerability database of control platform includes management information great Qu Manufacturer's vulnerability database in the area Zhi great, the open source vulnerability database obtain data by internet, and manufacturer's vulnerability database is from preset leakage Hole Radar interface obtains data;
The management information great Qu updates its vulnerability database information by internet, passes through private network of electric power system network safety insulating device Data transmission mechanism, push to it is described production control great Qu loophole quickly administer control platform;
The loophole of the production control great Qu quickly administers control platform and updates its vulnerability database information by the interface, and The loophole for pushing to management information great Qu quickly administers control platform;
Under policy control, periodic synchronization exchanges respective loophole by the management information great Qu and production control great Qu Library information, and update respective vulnerability database.
The management information great Qu and the production control great Qu by the private network of electric power system network safety insulating device into Row data exchange, it is synchronous with transregional vulnerability database to provide safeguard protection.For example, private network of electric power system network safety insulating device can be passed through There is provided aggregation of data filtering function, wherein data packet can be checked so which to be determined according to the preset rule of system manager Data allow to pass through, which data cannot pass through, and can protect internal security network in this way and are not attacked by outside, to provide safety It ensures.Preferably, preset comprehensive filtering rule provides the foundation for allowing or refusing IP packet, isolation for network safety isolator Device checks each data packet received, and required information is extracted from their packet header, such as source MAC Location, target MAC (Media Access Control) address, source IP address, purpose IP address, source port number, destination slogan, protocol type etc., then with have been established Rule be compared one by one, and execute the strategy of institute's matching rule, or execute default policy.
Network safety isolator can be used hardware intelligence UsbKey to the file of transmission and complete the operation such as digital signature.Such as Fruit transmission is E language file, network safety isolator using the schema file of E language come the E language file to transmission into Row checks that the schema file of E language is provided by user, and specific format can be found in " electric power system data markup language-E language Specification (enterprise's mark version) " part.For being transferred to the E language file with signature of network safety isolator, network security isolation Device is responsible for sign test, E language inspection, the operation such as encoded translated, digital signature of plain text.
Embedded Linux kernel of the software systems of network safety isolator based on cutting is realized between the area Liang Ge The data exchange of the safety of non-network mode;Cancel all-network function, takes the transparent listening mode of no IP address, carry out net Network address conversion, message synthetic filter cut off the TCP connection of penetrability;Carry out one way data communication control, unidirectional connection control System;It is transmitted using the E language with signature, the file for only allowing transmission that E language format is taken to write, to transmission in device E language file is checked, so just can be obstructed virus document, non-document file and non-E language file, be ensured to greatest extent Safety, in the upper secret type and integrality for guaranteeing data transmission of deeper time.
Referring to Fig.2, in a preferred embodiment, the transregional vulnerability database is shared and cooperative disposal system further includes workform management System,
When the loophole of production control great Qu quickly administers control platform discovery loophole, push loophole threatens big to management information The loophole in area quickly administers control platform;
The loophole of management information great Qu quickly administers control platform and is receiving loophole threat information, creates work order and is pushed away Give the workform management system;
The workform management system confirms the loophole work order received and carries out loophole disposal process;
When the workform management system completion disposition needs to check loophole, it is big to management information to issue review instruction The loophole in area quickly administers control platform;
The loophole of the management information great Qu quickly administers control platform and receives review instruction, is pushed to production control The loophole of great Qu quickly administers control platform, quickly administers control platform by the loophole of production control great Qu and carries out review verifying;
The loophole of production control great Qu quickly administers control platform and completes review task, and scanning result is pushed to management letter The loophole in the area Xi great quickly administers control platform;
The loophole of management information great Qu quickly administers control platform and the scanning result received is pushed to workform management system, Confirm that completing loophole disposes task by workform management system.
Refering to Fig. 3, in a preferred embodiment, it further includes that loophole is quick which, which shares with cooperative disposal system, The loophole administered in control platform disposes knowledge base, the research achievement of loophole, repair experience, repair the relevant information of patch can on It passes in the loophole disposition knowledge base, and shared between production control great Qu and the platform of management information great Qu,
The patch information and repair suggestion that wherein production control great Qu is added by the knowledge base of formation or manually, can synchronize It is updated to management information great Qu, vice versa, to realize the mutually shared loophole patch in major area and knowledge base;System as a result, After operation maintenance personnel receives new loophole disposition task, query-related information in the loophole disposition knowledge base can be arrived first, and directly It is operated according to the posterior infromation in loophole disposition knowledge base.
Refering to fig. 1, in another embodiment, a kind of transregional vulnerability database is shared with cooperative disposal method, using described Transregional vulnerability database is shared and cooperative disposal system, wherein production control great Qu does not have internet connection, and the production Control between the great Qu and management information great Qu there are private network of electric power system network safety insulating device, the method includes by across The vulnerability database information that area's vulnerability database synchronization mechanism quickly administers control platform between the area Liang Ge great to loophole is shared;
Wherein loophole quickly administers the open source vulnerability database and production control that the vulnerability database of control platform includes management information great Qu Manufacturer's vulnerability database in the area Zhi great, the open source vulnerability database obtain data by internet, and manufacturer's vulnerability database is from preset leakage Hole Radar interface obtains data;
The management information great Qu updates its vulnerability database information by internet, passes through private network of electric power system network safety insulating device Data transmission mechanism, push to it is described production control great Qu loophole quickly administer control platform;
The loophole of the production control great Qu quickly administers control platform and updates its vulnerability database information by the interface, and The loophole for pushing to management information great Qu quickly administers control platform;
Under policy control, periodic synchronization exchanges respective loophole by the management information great Qu and production control great Qu Library, and update respective vulnerability database.
Referring to Fig.2, in a preferred embodiment, the transregional vulnerability database is shared and cooperative disposal system further includes work order pipe Reason system, the method also includes:
When the loophole of production control great Qu quickly administers control platform discovery loophole, push loophole threatens big to management information The loophole in area quickly administers control platform;
The loophole of management information great Qu quickly administers control platform and is receiving loophole threat information, creates work order and is pushed away Give the workform management system;
The workform management system confirms the loophole work order received and carries out loophole disposal process;
When the workform management system completion disposition needs to check loophole, it is big to management information to issue review instruction The loophole in area quickly administers control platform;
The loophole of the management information great Qu quickly administers control platform and receives review instruction, is pushed to production control The loophole of great Qu quickly administers control platform, quickly administers control platform by the loophole of production control great Qu and carries out review verifying;
The loophole of production control great Qu quickly administers control platform and completes review task, and scanning result is pushed to management letter The loophole in the area Xi great quickly administers control platform;
The loophole of management information great Qu quickly administers control platform and the scanning result received is pushed to workform management system, Confirm that completing loophole disposes task by workform management system.
Refering to Fig. 3, in a preferred embodiment, it further includes that loophole is fast that the transregional vulnerability database, which is shared with cooperative disposal system, The loophole that speed is administered in control platform disposes knowledge base, the method also includes: research achievement, the reparation experience, reparation of loophole The relevant information of patch uploads in the loophole disposition knowledge base, and in the flat of production control great Qu and management information great Qu It is shared between platform,
The patch information and repair suggestion that wherein production control great Qu is added by the knowledge base of formation or manually, can synchronize It is updated to management information great Qu, vice versa, to realize the mutually shared loophole patch in major area and knowledge base;System as a result, After operation maintenance personnel receives new loophole disposition task, query-related information in the loophole disposition knowledge base can be arrived first, and directly It is operated according to the posterior infromation in loophole disposition knowledge base.
In a preferred embodiment, the disposition includes the reparation of loophole.
It is further described below in conjunction with Fig. 1-3 pairs of specific embodiments.
The present invention devises transregional vulnerability database synchronization mechanism, between the area Liang Ge great, shares to vulnerability database information.Such as Shown in Fig. 1:
1) the vulnerability database data that loophole quickly administers control platform are divided into open source vulnerability database and manufacturer's vulnerability database.Open source loophole Library is obtained by internet, and manufacturer's vulnerability database is obtained from validating vulnerability Radar interface.
2) management information great Qu loophole quickly administer control platform to internet update vulnerability database information, it is dedicated by electric power Network safety isolator data transmission mechanism, the loophole for pushing to production control great Qu quickly administer control platform;
3) production control great Qu loophole quickly administers control platform by Radar interface update vulnerability database information, and pushes to The loophole of management information great Qu quickly administers control platform;
4) under policy control, periodic synchronization exchanges respective vulnerability database by management information great Qu or production control great Qu, and Update respective vulnerability database.
Transregional loophole disposes task
Referring to Fig.2, being specially formulated to improve the ability and efficiency of risk assessment disposition of the production control great Qu to loophole Two area's synergistic mechanisms, specific as follows:
1. quickly administering control platform in the loophole of production control great Qu, it is found that loophole, platform push loophole are threatened to pipe The loophole of reason information great Qu quickly administers control platform;
2. the loophole of management information great Qu quickly administers control platform and is receiving loophole threat information, create work order and by its It is pushed to workform management system;
3. workform management system confirms the loophole work order received and carries out loophole disposal process;
4. workform management system completion disposition needs to check loophole, issues review instruction and give management information great Qu Loophole quickly administer control platform;
5. the loophole of management information great Qu quickly administers control platform and receives review instruction, it is big to be pushed to production control The loophole in area quickly administers control platform, quickly administers control platform by the loophole of production control great Qu and carries out review verifying;
6. the loophole of production control great Qu quickly administers control platform and completes review task, scanning result is pushed to management The loophole of information great Qu quickly administers control platform;
7. the loophole of management information great Qu, which quickly administers control platform, is pushed to workform management system for the scanning result received System is confirmed that completing loophole disposes task by workform management system.
It is shared that loophole disposes knowledge base
In the case where previous, each system operation maintenance personnel is after receiving loophole disposition task, and will voluntarily surf the Internet download flaw Patch is repaired, and studies the application method of loophole patch, is then disposed.Under this mode, system operation maintenance personnel is a large amount of The duplication of labour, working experience can not effectively be shared, and working efficiency is low.In this regard, the present invention quickly administers control platform in loophole Middle one loophole of design disposes knowledge base, and system manager can upload the information such as research achievement, reparation experience, reparation patch It is shared into knowledge base, and between production control great Qu and the platform of management information great Qu, as shown in Figure 3.
The patch information and repair suggestion that production control great Qu is added by the knowledge base of formation or manually, synchronized update is extremely Management information great Qu, vice versa, to realize the mutually shared loophole patch in major area and knowledge base.In this way, system O&M people After member receives new loophole disposition task, query-related information in disposition knowledge base can be arrived first, and directly according to other O&Ms The experiential operating of personnel, can be improved the efficiency of loophole reparation, also be able to ascend the effect of loophole disposition.
The above content is combine it is specific/further detailed description of the invention for preferred embodiment, cannot recognize Fixed specific implementation of the invention is only limited to these instructions.For those of ordinary skill in the art to which the present invention belongs, Without departing from the inventive concept of the premise, some replacements or modifications can also be made to the embodiment that these have been described, And these substitutions or variant all shall be regarded as belonging to protection scope of the present invention.

Claims (7)

1. a kind of transregional vulnerability database is shared and cooperative disposal system, which is characterized in that including quickly administering pipe with respective loophole Production the control great Qu and management information great Qu, the production control great Qu for controlling platform do not have internet connection, and the life It produces between the control great Qu and management information great Qu there are private network of electric power system network safety insulating device, it is same by transregional vulnerability database The vulnerability database information that step mechanism quickly administers control platform between the area Liang Ge great to loophole is shared;
Wherein loophole quickly administers the open source vulnerability database and produce control greatly that the vulnerability database of control platform includes management information great Qu Manufacturer's vulnerability database in area, the open source vulnerability database obtain data by internet, and manufacturer's vulnerability database is from preset loophole thunder Data are obtained up to interface;
The management information great Qu updates its vulnerability database information by internet, passes through the number of private network of electric power system network safety insulating device According to transmission mechanism, the loophole for pushing to the production control great Qu quickly administers control platform;
The loophole of the production control great Qu quickly administers control platform and updates its vulnerability database information by the interface, and pushes Loophole to management information great Qu quickly administers control platform;
Under policy control, periodic synchronization exchanges respective vulnerability database letter by the management information great Qu and production control great Qu Breath, and update respective vulnerability database.
2. transregional vulnerability database as described in claim 1 is shared and cooperative disposal system, which is characterized in that further include workform management System,
When the loophole of production control great Qu quickly administers control platform discovery loophole, push loophole is threatened to management information great Qu's Loophole quickly administers control platform;
The loophole of management information great Qu quickly administers control platform and is receiving loophole threat information, creates work order and is pushed to The workform management system;
The workform management system confirms the loophole work order received and carries out loophole disposal process;
When the workform management system completion disposition needs to check loophole, review instruction is issued to management information great Qu's Loophole quickly administers control platform;
The loophole of the management information great Qu quickly administers control platform and receives review instruction, is pushed to production control great Qu Loophole quickly administer control platform, quickly administered control platform by the loophole of production control great Qu and carried out review verifying;
The loophole of production control great Qu quickly administers control platform and completes review task, and it is big that scanning result is pushed to management information The loophole in area quickly administers control platform;
The loophole of management information great Qu quickly administers control platform and the scanning result received is pushed to workform management system, by work The confirmation of menu manager system completes loophole and disposes task.
3. transregional vulnerability database as claimed in claim 1 or 2 is shared and cooperative disposal system, which is characterized in that further include loophole The loophole quickly administered in control platform disposes knowledge base, and the research achievement of loophole repairs experience, repairs the relevant information of patch It can upload in the loophole disposition knowledge base, and be total between production control great Qu and the platform of management information great Qu It enjoys,
The patch information and repair suggestion that wherein production control great Qu is added by the knowledge base of formation or manually, can synchronized update To management information great Qu, vice versa, to realize the mutually shared loophole patch in major area and knowledge base;System O&M as a result, After personnel receive new loophole disposition task, query-related information in loophole disposition knowledge base can be arrived first, and directly according to Posterior infromation in the loophole disposition knowledge base is operated.
4. a kind of transregional vulnerability database is shared and cooperative disposal method, which is characterized in that use transregional leakage as described in claim 1 Cave depot is shared and cooperative disposal system, wherein production control great Qu does not have internet connection, and production control is big There are private network of electric power system network safety insulating devices between area and the management information great Qu, and the method includes passing through transregional loophole The vulnerability database information that library synchronization mechanism quickly administers control platform between the area Liang Ge great to loophole is shared;
Wherein loophole quickly administers the open source vulnerability database and produce control greatly that the vulnerability database of control platform includes management information great Qu Manufacturer's vulnerability database in area, the open source vulnerability database obtain data by internet, and manufacturer's vulnerability database is from preset loophole thunder Data are obtained up to interface;
The management information great Qu updates its vulnerability database information by internet, passes through the number of private network of electric power system network safety insulating device According to transmission mechanism, the loophole for pushing to the production control great Qu quickly administers control platform;
The loophole of the production control great Qu quickly administers control platform and updates its vulnerability database information by the interface, passes through electricity The data transmission mechanism of power dedicated network safety insulating device, the loophole for pushing to management information great Qu are quickly administered control and are put down Platform;
The management information great Qu and the production control great Qu under policy control, periodically by private network of electric power system network safety every The respective vulnerability database of data transmission mechanism synchronous exchange from device, and update respective vulnerability database.
5. transregional vulnerability database as claimed in claim 4 is shared and cooperative disposal method, which is characterized in that the transregional vulnerability database Shared and cooperative disposal system further includes workform management system, the method also includes:
When the loophole of production control great Qu quickly administers control platform discovery loophole, push loophole is threatened to management information great Qu's Loophole quickly administers control platform;
The loophole of management information great Qu quickly administers control platform and is receiving loophole threat information, creates work order and is pushed to The workform management system;
The workform management system confirms the loophole work order received and carries out loophole disposal process;
When the workform management system completion disposition needs to check loophole, review instruction is issued to management information great Qu's Loophole quickly administers control platform;
The loophole of the management information great Qu quickly administers control platform and receives review instruction, is pushed to production control great Qu Loophole quickly administer control platform, quickly administered control platform by the loophole of production control great Qu and carried out review verifying;
The loophole of production control great Qu quickly administers control platform and completes review task, and it is big that scanning result is pushed to management information The loophole in area quickly administers control platform;
The loophole of management information great Qu quickly administers control platform and the scanning result received is pushed to workform management system, by work The confirmation of menu manager system completes loophole and disposes task.
6. transregional vulnerability database as described in claim 4 or 5 is shared and cooperative disposal method, which is characterized in that the transregional leakage Cave depot is shared and cooperative disposal system further includes the loophole disposition knowledge base that loophole is quickly administered in control platform, and the method is also Include: the research achievement of loophole, reparation experience, repair the relevant information of patch and upload in the loophole disposition knowledge base, and And shared between production control great Qu and the platform of management information great Qu,
The patch information and repair suggestion that wherein production control great Qu is added by the knowledge base of formation or manually, can synchronized update To management information great Qu, vice versa, to realize the mutually shared loophole patch in major area and knowledge base;System O&M as a result, After personnel receive new loophole disposition task, query-related information in loophole disposition knowledge base can be arrived first, and directly according to Posterior infromation in the loophole disposition knowledge base is operated.
7. as the described in any item transregional vulnerability databases of claim 4 to 6 are shared and cooperative disposal method, which is characterized in that described Disposition includes the reparation of loophole.
CN201811408976.7A 2018-11-23 2018-11-23 Cross-region leakage library sharing and cooperative disposal system and method Active CN109698821B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811408976.7A CN109698821B (en) 2018-11-23 2018-11-23 Cross-region leakage library sharing and cooperative disposal system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811408976.7A CN109698821B (en) 2018-11-23 2018-11-23 Cross-region leakage library sharing and cooperative disposal system and method

Publications (2)

Publication Number Publication Date
CN109698821A true CN109698821A (en) 2019-04-30
CN109698821B CN109698821B (en) 2021-02-12

Family

ID=66230160

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811408976.7A Active CN109698821B (en) 2018-11-23 2018-11-23 Cross-region leakage library sharing and cooperative disposal system and method

Country Status (1)

Country Link
CN (1) CN109698821B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110753047A (en) * 2019-10-16 2020-02-04 杭州安恒信息技术股份有限公司 Method for reducing false alarm of vulnerability scanning
CN110830488A (en) * 2019-11-13 2020-02-21 云南电网有限责任公司电力科学研究院 Network security risk analysis and restoration method for electric power monitoring system
CN111416810A (en) * 2020-03-16 2020-07-14 北京计算机技术及应用研究所 Multi-security-component cooperative response method based on group intelligence
CN112153031A (en) * 2020-09-15 2020-12-29 深圳供电局有限公司 Network security risk monitoring system and method of power monitoring system

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103546488A (en) * 2013-11-05 2014-01-29 上海电机学院 Active security defense system and method of power secondary system
CN105306460A (en) * 2015-10-13 2016-02-03 国家电网公司 Unified vulnerability patch management system
CN105763562A (en) * 2016-04-15 2016-07-13 全球能源互联网研究院 Electric power information network vulnerability threat evaluation model establishment method faced to electric power CPS risk evaluation and evaluation system based on the model
WO2017180611A1 (en) * 2016-04-12 2017-10-19 Servicenow, Inc. Method and apparatus for reducing security risk in a networked computer system architecture
CN107766730A (en) * 2017-09-18 2018-03-06 北京知道未来信息技术有限公司 A kind of method that leak early warning is carried out for extensive target
CN108712396A (en) * 2018-04-27 2018-10-26 广东省信息安全测评中心 Networked asset management and loophole governing system

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103546488A (en) * 2013-11-05 2014-01-29 上海电机学院 Active security defense system and method of power secondary system
CN105306460A (en) * 2015-10-13 2016-02-03 国家电网公司 Unified vulnerability patch management system
WO2017180611A1 (en) * 2016-04-12 2017-10-19 Servicenow, Inc. Method and apparatus for reducing security risk in a networked computer system architecture
CN105763562A (en) * 2016-04-15 2016-07-13 全球能源互联网研究院 Electric power information network vulnerability threat evaluation model establishment method faced to electric power CPS risk evaluation and evaluation system based on the model
CN107766730A (en) * 2017-09-18 2018-03-06 北京知道未来信息技术有限公司 A kind of method that leak early warning is carried out for extensive target
CN108712396A (en) * 2018-04-27 2018-10-26 广东省信息安全测评中心 Networked asset management and loophole governing system

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110753047A (en) * 2019-10-16 2020-02-04 杭州安恒信息技术股份有限公司 Method for reducing false alarm of vulnerability scanning
CN110753047B (en) * 2019-10-16 2022-02-11 杭州安恒信息技术股份有限公司 Method for reducing false alarm of vulnerability scanning
CN110830488A (en) * 2019-11-13 2020-02-21 云南电网有限责任公司电力科学研究院 Network security risk analysis and restoration method for electric power monitoring system
CN111416810A (en) * 2020-03-16 2020-07-14 北京计算机技术及应用研究所 Multi-security-component cooperative response method based on group intelligence
CN112153031A (en) * 2020-09-15 2020-12-29 深圳供电局有限公司 Network security risk monitoring system and method of power monitoring system

Also Published As

Publication number Publication date
CN109698821B (en) 2021-02-12

Similar Documents

Publication Publication Date Title
CN109698821A (en) Transregional vulnerability database is shared and cooperative disposal system and method
Zhang Distributed network security framework of energy internet based on internet of things
CN103944763B (en) A kind of power system network aided management system and management method
CN103118036A (en) Cloud end based intelligent security protection system and method
CN107798489A (en) A kind of electric network operation site safety management method based on wechat platform
CN108011894A (en) Botnet detecting system and method under a kind of software defined network
Vozikis et al. On the importance of cyber-security training for multi-vector energy distribution system operators
CN107942724A (en) A kind of industry critical infrastructures protecting information safety simulation and verification platform
CN107171858A (en) A kind of terminal intelligent O&M method and system based on cloud service platform
CN115361273B (en) Power operation and maintenance safety supervision and emergency management and control system and method based on block chain
Hu et al. Research on Cybersecurity Strategy and Key Technology of the Wind Farms’ Industrial Control System
Yin et al. Application of key technologies of distributed storage based on the internet of things in urban fire protection
Gao Research on cloud security control mechanism based on big data
CN105245530B (en) A kind of safe information transmission agency plant
Cao et al. Design of network security situation awareness analysis module for electric power dispatching and control system
Lin et al. Security issues in commercial application of artificial intelligence
CN110233855A (en) A kind of region anti-violence crack method based on block chain
Li et al. Study and Analysis of Collaborative Management System of Network Security in Universities (CMSNSU) Under the Background of 2.0 Criteria of Classified Protection of Network Security
Wang et al. Difficulties and Solutions for Public Health Data Governance Under the Normalization of Epidemic Prevention and Control
CN204349587U (en) Case becomes remote comprehensive control system
Sun Research on the Path of Enterprise Human Resources Informatization
Li The Dilemma and Countermeasures of Public Crisis Management in the Risk Society of Contemporary china—A Case of the Inspiration of British Public Crisis Management Mechanism
Liu et al. Research on the architecture of community policing platform based on blockchain technology
Zhang Research on the Application of Computer Big Data Technology in Information Security Management
Özçelik et al. Testbed Infrastructure Proposal (Center Energy) for Electricity Power Grid and Defence in Depth Practice on The Proposal

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant