CN109948331A - A kind of weak passwurd detection system and method - Google Patents
A kind of weak passwurd detection system and method Download PDFInfo
- Publication number
- CN109948331A CN109948331A CN201910233396.7A CN201910233396A CN109948331A CN 109948331 A CN109948331 A CN 109948331A CN 201910233396 A CN201910233396 A CN 201910233396A CN 109948331 A CN109948331 A CN 109948331A
- Authority
- CN
- China
- Prior art keywords
- resource
- weak passwurd
- information
- module
- acquisition
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Abstract
A kind of weak passwurd detection system and method, belong to weak passwurd detection field.Aiming at the problem that in order to solve the problems, such as can only to carry out the detection of single type existing for existing weak passwurd detection system or equipment and cannot be detected for middleware progress weak passwurd.The present invention includes the task control module for carrying out task schedule control, instruction path is provided and configures the acquisition configuration module of acquisition environmental data, the acquisition engine module of data acquisition is carried out to acquisition target parallel, the resource weak passwurd memory module of storage acquisition data, resource complexity strategy dictionary is called to carry out the resource complexity strategy detection module that resource complexity strategy detects according to the corresponding resource complexity policy information of resource, carry out the result memory module of computing engines module corresponding with storage account resource the resource complexity policy information and weak passwurd information of collision detection to the weak passwurd information in resource weak passwurd memory module parallel according to weak passwurd library.The present invention is detected suitable for weak passwurd.
Description
Technical field
The invention belongs to weak passwurd detection field, it is related to a kind of weak passwurd detection system and method.
Background technique
Weak passwurd refers to the password for being easy to be cracked, such as password only comprising simple digital and letter etc..If password
It is easy to be cracked by others, it will the computer etc. for making user faces serious risk, including database, operating system, network are set
Standby and middleware etc. may make enterprise face serious loss, be directed to if these equipment or system are cracked
Concerning security matters unit, concerning security matters department etc. then can by huge economic loss, even influence enterprise safety;Even if being directed to conventional unit
Perhaps department's equipment or system, which are once cracked, can also face the danger of leakage customer resources or business secret, it will make
Enterprise is by huge economic loss.
So general enterprise may require that the setting password such as the internal system used or software, and require it that there is foot
Enough safeties.But employee or user are often based upon and facilitate easy to remember Deng a variety of causes, often set weak mouth for password
It enables.So enterprise is in order to guarantee the safety of enterprises or due to the requirement of safety, enterprise can publicize employee
And inspection, or even checked.But current weak passwurd detection is substantially what the collision detection based on single type was realized,
And general enterprise be all just in opening computer password carry out weak passwurd detection, not to other equipment or or
Database is detected, but the password of such equipment, system or database still made under open state etc. is cracked, still
There are great security risks.Meanwhile existing detection device or system are substantially based on single type, it can not be real
Now comprehensive detection, when needing comprehensively to be detected, then requires a great deal of time, during existing technology can not be realized
Between the weak passwurd of part detected.
Summary of the invention
The present invention is in order to solve the inspection that can only carry out single type existing for existing weak passwurd detection system or equipment
The problem of survey and cannot for middleware progress weak passwurd detected aiming at the problem that.
A kind of weak passwurd detection system, comprising: account resource table, task control module, resource complexity strategy detect mould
Block, acquisition configuration module, acquisition engine module, resource weak passwurd memory module, computing engines module and result memory module;With
And resource complexity strategy dictionary, weak passwurd library;
The account resource table is stored with collected account resource ID;It is provided according to task to be detected partially or complete
The collected account resource ID in portion;The account resource includes four seed types: database, middleware, operating system and network
Equipment;
The weak passwurd library, for storing the weak passwurd of collision detection;
The task control module detects needs according to weak passwurd, to some or all of type in account resource
It carries out weak passwurd detection and carries out task schedule control;
The acquisition configuration module targetedly provides instruction according to the acquisition control information of task control module
Channel simultaneously configures the corresponding acquisition environmental data of acquisition target, and then provides instruction path and environment for acquisition engine module;
The acquisition engine module, including several acquisition nodes, according to the acquisition control information of task control module,
All acquisition nodes carry out data acquisition to acquisition target parallel, and the storage of the data of acquisition is stored mould to resource weak passwurd
Block;
The resource weak passwurd memory module stores the collected data of acquisition engine module, including in each resource
The resource complexity policy information and weak passwurd information of configuration;
The resource complexity strategy detection module, is stored with the corresponding resource complexity plan of account resource ID, resource
The slightly Configuration Values of dictionary ID and specific resource complexity strategy;Money is associated with outside the corresponding resource complexity strategy dictionary ID of resource
Source complexity strategy dictionary;According to the corresponding resource complexity policy information of each resource in resource weak passwurd memory module,
The resource complexity strategy dictionary is called to carry out the detection of resource complexity strategy to each resource;
The resource complexity strategy dictionary is stored with the resource complexity policing type that can be configured, including money
Source complexity strategy names and resource complexity strategy coding;According to the corresponding resource of resource in resource complexity strategy detection module
Complexity strategy dictionary ID provides the corresponding resource complexity strategy names of resource complexity policing type and money that can be configured
Source complexity strategy coding;
The computing engines module, including several calculate nodes, all calculate nodes are right parallel according to weak passwurd library
Weak passwurd information in resource weak passwurd memory module carries out collision detection;
The result memory module, for storing the corresponding resource complexity policy information of account resource and weak passwurd letter
Breath.
Further, a kind of weak passwurd detection system further includes the application service module of application-oriented service;
The application service module, the task control information that will test system user are supplied to task control module;
Information update account resource table is manually entered according to detection system user;Obtain task control module, resource complexity plan
Slightly detection module, acquisition configuration module, acquisition engine module, resource weak passwurd memory module, computing engines module and result are deposited
The status monitoring information and task management state of module are stored up, and status monitoring information and task management state are showed into detection system
Unite user;Show the information in result memory module.
A kind of weak passwurd detection method, comprising the following steps:
Task control module receives the task control information of detection system user, and according to detection system user's
Task control information determines the account resource for needing to carry out weak passwurd detection in account resource table;It will need to carry out weak passwurd detection
Account resource and corresponding resource type information be sent to acquisition configuration module and acquisition engine module;
Acquisition configuration module is directed to the account resource for needing to carry out weak passwurd detection and corresponding resource type provides instruction
Channel simultaneously configures the corresponding acquisition environmental data of acquisition target, sends out after having configured instruction path and environment to acquisition engine module
It send and completes information;
Acquisition engine module is directed to the account resource for needing to carry out weak passwurd detection and the distribution acquisition of corresponding resource type
Node, each acquisition node are carried out according to corresponding resource type based on the corresponding acquisition channel of resource type and environment
Data acquisition, all acquisition nodes carry out data acquisition to acquisition target parallel, and by the resource complexity policy information of acquisition
Data and resource weak passwurd information data storing are sent completely letter to task control module later to resource weak passwurd memory module
Breath;
When task control module receives the completion information that the corresponding all information collection nodes of some resource type are sent
The corresponding detection of resource complexity strategy and weak passwurd collision detection for starting the resource type afterwards, and resource is sent information to respectively
Complexity strategy detection module and computing engines module;
After resource complexity strategy detection module is connected to information, obtain in each resource in resource weak passwurd memory module
The resource complexity policy information of configuration, then resource complexity strategy word corresponding with the account resource ID of storage, resource
The Configuration Values of allusion quotation ID and specific resource complexity strategy are matched, and according to account resource ID and resource corresponding to resource
Corresponding resource complexity strategy dictionary ID transfers corresponding outer correlated resources complexity strategy dictionary and provides to each resource
The detection of source complexity strategy;If detecting account resource distribution resource complexity strategy and corresponding resource complexity strategy
Meet testing requirements and then determine qualification, result storage otherwise is recorded in account resource and corresponding resource complexity policy information
Module is simultaneously sent to operation maintenance system progress operation and maintenance;
After computing engines module is connected to information, the resource configured in each resource in resource weak passwurd memory module is obtained
Weak passwurd information, and resource weak passwurd information is distributed to calculate node is directed to the corresponding weak mouth of resource of different account resources
Information is enabled, carries out collision detection by different calculate nodes, multiple calculate nodes carry out collision detection parallel;Whenever an account
Account resource and corresponding weak passwurd collision detection result are just stored in result memory module by resource after completing collision detection.
Further, described to be directed to the corresponding resource weak passwurd information of different account resources, pass through different calculate nodes
Collision detection is carried out, the process that multiple calculate nodes carry out collision detection parallel is as follows:
After computing engines module is connected to information, the resource configured in each resource in resource weak passwurd memory module is obtained
Weak passwurd information, and each of resource weak passwurd information weak passwurd information is distributed into a calculate node, a calculating
Node carries out collision detection to a weak passwurd information according to weak passwurd library, i.e., each account resource is by a calculate node
Collision detection is carried out, is directed to for the corresponding resource weak passwurd deposit of faith of different account resources, multiple calculate nodes are simultaneously
Row carries out collision detection.
Alternatively, described be directed to the corresponding resource weak passwurd information of different account resources, carried out by different calculate nodes
Collision detection, the process that multiple calculate nodes carry out collision detection parallel are as follows:
After computing engines module is connected to information, the resource configured in each resource in resource weak passwurd memory module is obtained
Weak passwurd information;And each of resource weak passwurd information weak passwurd information is distributed into multiple calculate nodes, according to collision
Control logic, if weak passwurd library is divided into stem portion, each calculate node point neck a part carries out collision detection detection, Duo Geji
Operator node carries out collision detection to a weak passwurd information according to weak passwurd library;Each account resource is by multiple calculate nodes
Collision detection is carried out, being directed to the corresponding resource weak passwurd information of different account resources is also parallel to carry out collision detection.
The invention has the following advantages:
The present invention provides a kind of systems of weak passwurd detection, can not only set for database, operating system and network
It is standby to carry out weak passwurd detection, it is directed to middleware and is also able to carry out weak passwurd detection;More importantly the present invention can be with
It for all or part of of database, middleware, operating system and the network equipment while realizing detection, does not have to replacement side not only
Method or tool, it is easy to operate, and also the time spent is short, and it is a current types of resources detection method that detection efficiency is high
Time-consuming one thousandth or even shorter.
Detailed description of the invention
Fig. 1 is a kind of weak passwurd detection system structure;
Fig. 2 is that oracle11G data base ciphertext stores information screenshot;
Fig. 3 is that oracle12C data base ciphertext stores information screenshot;
Fig. 4 is that Mysql data base ciphertext stores information screenshot;
Fig. 5 is that SQLserver data base ciphertext stores information screenshot;
Fig. 6 is that postgresql data base ciphertext stores information screenshot;
Fig. 7 is tomcat password storage information screenshot;
Fig. 8 is weblogic password storage information screenshot;
Fig. 9 is unix class password storage information screenshot;
Figure 10 is that windows system password stores information screenshot.
Specific embodiment
Specific embodiment 1: embodiment is described with reference to Fig. 1,
A kind of weak passwurd detection system, comprising: account resource table, task control module, resource complexity strategy detect mould
Block, acquisition configuration module, acquisition engine module, resource weak passwurd memory module, computing engines module and result memory module;With
And resource complexity strategy dictionary, weak passwurd library;
The account resource table is stored with collected account resource ID, can manually or automatically update;According to be checked
Survey task provides partly or completely collected account resource ID;The account resource include four seed types: database, in
Between part, operating system and the network equipment, it is specific as shown in table 1:
Table 1
The weak passwurd library, for storing the weak passwurd of collision detection;It, can be with if the weak passwurd library that certain company uses
It is voluntarily established according to company's situation or perfect;
The task control module detects needs according to weak passwurd, to some or all of type in account resource
It carries out weak passwurd detection and carries out task schedule control;
The acquisition configuration module targetedly provides instruction according to the acquisition control information of task control module
Channel simultaneously configures the corresponding acquisition environmental data of acquisition target, and then provides instruction path and environment for acquisition engine module;
The acquisition engine module, including several acquisition nodes, according to the acquisition control information of task control module,
All acquisition nodes carry out data acquisition to acquisition target parallel, and the storage of the data of acquisition is stored mould to resource weak passwurd
Block;
It is as follows: for different operating system, the object of software collection and content
2 acquisition target of table and content
Ciphertext storage file (table) title of all kinds of resources is described in table, and whether can extract password modification day
Phase situation.
Database: database covers the Sybases such as oracle, mysql, sql server and postgresql;
Oracle11G data base ciphertext storage format is as shown in Fig. 2, Fig. 2 is that oracle11G data base ciphertext stores information
Local screenshot, just for the sake of indicate oracle11G data base ciphertext store information, so part screenshot is imperfect can't
Influence its understanding to scheme;
Oracle12C database account, ciphertext storage format are as shown in figure 3, Fig. 3 is that oracle12C data base ciphertext is deposited
Information part screenshot is stored up, local screenshot is imperfect to will not influence its understanding to scheme;
Oracle account, password are stored in sys.users table, and oracle12C user's name is combined using C##+ user
Format, the cipher mode of ciphertext uses Oracle T:Type (Oracle 12+) algorithm, different compared with 11G.
Oracle11G uses Oracle S:Type (Oracle 11+) algorithm, and oracle7G~oracle10G version uses Oracle
H:Type (Oracle 7+) algorithm.
Mysql data base ciphertext storage format is as shown in figure 4, Fig. 4 is that Mysql data base ciphertext stores information part section
Figure, local screenshot is imperfect to will not influence its understanding to scheme.Mysql database account, ciphertext are stored in USER table
User, ciphertext and last modification time information can be extracted.Ciphertext encryption uses MySQL4.1/MySQL5, MySQL CRAM
(SHA1) and MySQL323 scheduling algorithm.
SQLserver data base ciphertext storage format is as shown in figure 5, Fig. 5 is that SQLserver data base ciphertext stores information
Local screenshot, local screenshot is imperfect to will not influence its understanding to scheme.SQLserver database account, ciphertext storage
User, ciphertext and last modification time information can be extracted in sys.sql_llogins table.Ciphertext encryption uses MSSQL
(2000) MSSQL (2000), MSSQL (2005) and MSSQL (2012,2014) scheduling algorithm.
Postgresql data base ciphertext storage format is as shown in fig. 6, Fig. 6 is postgresql data base ciphertext storage letter
Local screenshot is ceased, local screenshot is imperfect to will not influence its understanding to scheme.Postgresql database account, ciphertext are deposited
Being placed in pg_shadow table only has user and ciphertext to have no modification time field.Using PostgreSQL CRAM (MD5) algorithm.
Middleware: middleware covers tomcat and two kinds of weblogic at present;
Tocmat middleware password storage format is as shown in Figure 7: Fig. 7 is tomcat password storage information part screenshot, office
Portion's screenshot is imperfect to will not influence its understanding to scheme.Tomcat middleware user, password are stored in tomcat-
In users.xml file, password exists with plaintext version.Any Encryption Algorithm is not used.
Weblogic ciphertext storage format is as shown in Figure 8: Fig. 8 is weblogic password storage information part screenshot, part
Screenshot is imperfect to will not influence its understanding to scheme.Weblogic middleware user, password are stored in boot file, account
Family and password are all stored in an encrypted form.Using weblogic 8.1, weblogic 9.2, weblogic 10.3 and
Weblogic 11g scheduling algorithm.While acquiring boot file, SerializedSystemIni.dat file need to be extracted simultaneously
It is decrypted.
Operating system: operating system is broadly divided into unix and windows two major classes, unix include Red Hat, Centos,
SUSEJ and aix;
Unix type operating system ciphertext storage format as shown in figure 9, Fig. 9 be unix class password storage information part screenshot,
Local screenshot is imperfect to will not influence its understanding to scheme.Unix operating system user, password are stored in shadow file
In, it can extract account, ciphertext and the last modification time of password.
Such as: 1 $ abcdefg $ Qp6zr7K0tHxV79N9cCLSc1:16866:0:99999:7:: of root:$: each ': '
The meaning of the field references separated is as follows:
(1): account name: root
(2): password: being encrypted here: 1 $ abcdefg $ Qp6zr7K0tHxV79N9cCLSc1 of $
(3): the date of last change password: 16866
(4): the number of days that password can not be changed: 0
(5): password needs the number of days changed again: 99999 indicate not needing to change
(6): password change premise a few days ago alerts: 7
(7): the account number Expiration Date: nothing
(8): account number cancels the date: nothing
(9): reservation entry, it is useless at present
Windows type operating system ciphertext storage format is as shown in Figure 10, and Figure 10 is that windows system password stores information
Local screenshot, local screenshot is imperfect to will not influence its understanding to scheme.Windows operating system user, password storage
In SAM file, account and ciphertext can extract.
Note: SAM file, that is, account number cipher database file.When login system, system can automatically and Config
In SAM automatic Proofreading, when such as finding that this password and user name meet with the encryption data in SAM file entirely, you will be suitable
Benefit logs in;It can not be logged in if mistake.SAM can not be opened, and need special tool(s) that can just extract account number cipher-text information.
The network equipment: the network equipment needs genuine to provide Profile Path and ciphertext Encryption Algorithm;
CISCO network switch ciphertext storage format is as follows:
YZ-34KH03-6509E-OAHX#sho run
Building configuration...
Current configuration:41222bytes
!
!Last configuration change at15:54:59BJ Tue Sep6 2016by admin
!8 2016 by admin of NVRAM config last updated at 11:17:12 BJ Wed Jun
!
version 12.2
service timestamps debug datetime localtime
service timestamps log datetime msec localtime
no service password-encryption
service counters max age5
!
hostname YZ-34KH03-6509E-OAHX
!
boot-start-marker
Boot system flash bootflash:s72033-adventerprisek9_wan-mz.122-
33.SXJ3.bin
boot-end-marker
!
security passwords min-length1
logging buffered 81920
logging console warnings
enable secret 5 S1S9e.cS.L8z8mkP/nuS.zToHv.MU.
!
username admin secret 5 S1S27iQSQ5tYdV4NvgmKPp0GE4x4f.
username view privilege 0 secret 5 S1SIQwJSo3gtiwqNquuy8RS0a1Pjo/
no aaa new-model
Acquisition engine module mould includes both of which:
A kind of acquisition primarily directed to can not direct-connected device or ciphertext storage file can not be by instructing derived resource set
Standby system, such as the equipment in ad hoc network domain, the SAM file in windows system.
Another kind acquisition mainly comprising by O&M safety auditing system instruction path agent agency execute file content
It grabs secret order and acquires file content.
The resource weak passwurd memory module stores the collected data of acquisition engine module, including in each resource
The resource complexity policy information and weak passwurd information of configuration;
The resource complexity strategy detection module, is stored with the corresponding resource complexity plan of account resource ID, resource
The slightly Configuration Values of dictionary ID and specific resource complexity strategy;Money is associated with outside the corresponding resource complexity strategy dictionary ID of resource
Source complexity strategy dictionary;According to the corresponding resource complexity policy information of each resource in resource weak passwurd memory module,
The resource complexity strategy dictionary is called to carry out the detection of resource complexity strategy to each resource;
Resource complexity strategy includes carrying out the inspection of password complexity according to resource account number and password data during detecting
The process of survey is classified for resource object types, is specifically included:
(1) it is directed to the password complexity detection of database, process is as follows:
By JDBC protocol access database, query SQL sentence is executed, obtains the information of account right strategy;The SQL
Sentence is for checking: (a) whether database configures Password Policy, code dictionary verification (b) whether is configured in Password Policy, (c)
Whether code dictionary is arranged common password;
Specific SQL are as follows:
Return the result actually should be one > 0 value, since the above SQL statement mainly checks three contents:
(a) whether database configures Password Policy;
(b) code dictionary verification whether is configured in Password Policy;
(c) whether code dictionary is arranged common password;
So inspection returns the result, if returning the result > 0 is judged as normal, the password complexity satisfaction of database is wanted
It asks;It is not configured or configure but configure imperfect if returning the result=0 and being judged as, the password complexity of database is unsatisfactory for
It is required that.
(2) it is detected for the password complexity of middleware, process is as follows:
The configuration of Weblogic middleware account number password policy is stored in specific configuration file, such as
Config.xml, it is only necessary to check configuration file by configuring specific inspection script, realize the detection of password complexity;Inspection is matched
It whether sets in file comprising following content:
< sec:password-validator xmlns:pas=" http://xmlns.oracle.com/weblogic/
Security/providers/passwordvalidator " xsi:type=" pas:system-password-
validatorType">
<sec:name>SystemPasswordValidator</sec:name>
<pas:reject-equal-or-contain-username>true</pas:reject-equal-or-
contain-username>
<pas:reject-equal-or-contain-reverse-username>true</pas:reject-equal-
or-contain-reverse-username>
<pas:max-password-length>18</pas:max-password-length>
<pas:min-password-length>8</pas:min-password-length>
<pas:max-consecutive-characters>1</pas:max-consecutive-characters>
<pas:min-alphabetic-characters>2</pas:min-alphabetic-characters>
<pas:min-numeric-characters>3</pas:min-numeric-characters>
<pas:min-lowercase-characters>4</pas:min-lowercase-characters>
<pas:min-uppercase-characters>5</pas:min-uppercase-characters>
<pas:min-non-alphanumeric-characters>6</pas:min-non-alphanumeric-
characters>
<pas:min-numeric-or-special-characters>7</pas:min-numeric-or-special-
characters>
</sec:password-validator>
(3) as follows respectively for the password complexity detection of the not subscriber's main station of homologous ray:
Detection under Windows: by WMI Telnet host,
Execute order 1:secedit/export/cfg C: 1 > nul of passwd_policy.cfg, 2 > nul&&more
C: passwd_policy.cfg | findstr " ^PasswordComplexity ", obtain complexity whether enable information;
Execute order 2:secedit/export/cfg C: 1 > nul of passwd_policy.cfg, 2 > nul&&more
C: passwd_policy.cfg | findstr " ^MaximumPasswordAge ", obtain password default validity period information;
Execute order 3:secedit/export/cfg C: 1 > nul of passwd_policy.cfg, 2 > nul&&more
C: passwd_policy.cfg | findstr " ^MinimumPasswordLength ", obtain password minimum number of bits information;
Detection under Linux:
For RHEL/CentOS/OEL: by SSH Telnet host,
Execute order 1:cat/etc/pam.d/system-auth | grep-Ev^# | grep " pam_cracklib " is obtained
Password complexity information;
Execute order 2:cat/etc/login.defs | grep-Ev^# | it is close to obtain default by grep PASS_MAX_DAYS
Code validity period information;
For SUSE Linux: by SSH Telnet host,
Execute order 1:cat/etc/pam.d/passwd | grep-Ev^# | grep " pam_cracklib " obtains password
Complexity information;
Execute order 2:cat/etc/login.defs | grep-Ev^# | it is close to obtain default by grep PASS_MAX_DAYS
Code validity period information;
For HPUX: by SSH Telnet host,
Execute order: cat/etc/default/security | grep-Ev^# | grep-Ev^ $ obtains password complexity
Information and password default validity period information;
For AIX: by SSH Telnet host,
Execute order:
/usr/bin/lssec-f/etc/security/user-s default-a maxage
/usr/bin/lssec-f/etc/security/user-s default-a minlen
/usr/bin/lssec-f/etc/security/user-s default-a minalpha
/usr/bin/lssec-f/etc/security/user-s default-a minother
Obtain password complexity information and password default validity period information;
For Solaris: by SSH Telnet host,
Execute order: cat/etc/default/passwd | egrep-v^# | egrep-v^ $ obtains password complexity letter
Breath and password default validity period information;
(4) it is directed to the password complexity detection of the network equipment;Querying command is executed by SSH agreement, then parsing life
The return value of order obtains the password policy information of the network equipment;Detection including being directed to the following network equipment:
For Huawei's router or QuidWay switch, pass through querying command " display current-configuration
| include user-security-policy enable " password for inquiry complexity detects disabled information;Then by looking into
Inquiry order " display current-configuration | include user-password " detection of password for inquiry complexity
Opening imformation, password expired time information and Password Length information;
For H3C router or interchanger, pass through querying command " display password-control " password for inquiry
Complexity detects disabled information, password for inquiry complexity detection opening imformation, password expired time information and Password Length letter
Breath etc.;
For flames of war interchanger, pass through querying command " show user config " password for inquiry length, password complexity
Information;
The emerging interchanger in, by querying command " show running-config | include strong-
The detection of password complexity (including length, character types) information is opened in password " inquiry.
Shown in table specific as follows:
Table 3
The resource complexity strategy dictionary is stored with the resource complexity policing type that can be configured, including money
Source complexity strategy names and resource complexity strategy coding;According to the corresponding resource of resource in resource complexity strategy detection module
Complexity strategy dictionary ID provides the corresponding resource complexity strategy names of resource complexity policing type and money that can be configured
Source complexity strategy coding;
The computing engines module, including several calculate nodes, all calculate nodes are right parallel according to weak passwurd library
Weak passwurd information in resource weak passwurd memory module carries out collision detection;
The result memory module, for storing the corresponding resource complexity policy information of account resource and weak passwurd letter
Breath.
Specific embodiment 2:
A kind of weak passwurd detection system described in present embodiment, further includes the application service module of application-oriented service;
The application service module, the task control information that will test system user are supplied to task control module;
Information update account resource table is manually entered according to detection system user;Obtain task control module, resource complexity plan
Slightly detection module, acquisition configuration module, acquisition engine module, resource weak passwurd memory module, computing engines module and result are deposited
The status monitoring information and task management state of module are stored up, and status monitoring information and task management state are showed into detection system
Unite user;Show the information in result memory module.
Other modules are same as the specific embodiment one.
Specific embodiment 3:
A kind of weak passwurd detection method, comprising the following steps:
Task control module receives the task control information of detection system user, and according to detection system user's
Task control information determines the account resource for needing to carry out weak passwurd detection in account resource table (in collected account resource
It is all or part of);The account resource for needing to carry out weak passwurd detection and corresponding resource type information are sent to acquisition configuration
Module and acquisition engine module;
Acquisition configuration module is directed to the account resource for needing to carry out weak passwurd detection and corresponding resource type provides instruction
Channel simultaneously configures the corresponding acquisition environmental data of acquisition target, sends out after having configured instruction path and environment to acquisition engine module
It send and completes information;
Acquisition engine module is directed to the account resource for needing to carry out weak passwurd detection and the distribution acquisition of corresponding resource type
Node, each acquisition node are carried out according to corresponding resource type based on the corresponding acquisition channel of resource type and environment
Data acquisition, all acquisition nodes carry out data acquisition to acquisition target parallel, and by the resource complexity policy information of acquisition
Resource weak passwurd memory module is arrived in data and resource weak passwurd information data (plaintext version or ciphertext form) storage, gives later
Task control module is sent completely information;
When task control module receives the completion information that the corresponding all information collection nodes of some resource type are sent
The corresponding detection of resource complexity strategy and weak passwurd collision detection for starting the resource type afterwards, and resource is sent information to respectively
Complexity strategy detection module and computing engines module;
After resource complexity strategy detection module is connected to information, obtain in each resource in resource weak passwurd memory module
The resource complexity policy information of configuration, then resource complexity strategy word corresponding with the account resource ID of storage, resource
The Configuration Values of allusion quotation ID and specific resource complexity strategy are matched, and according to account resource ID and resource corresponding to resource
Corresponding resource complexity strategy dictionary ID transfers corresponding outer correlated resources complexity strategy dictionary and provides to each resource
The detection of source complexity strategy;If detecting account resource distribution resource complexity strategy and corresponding resource complexity strategy
Meet testing requirements and then determine qualification, result storage otherwise is recorded in account resource and corresponding resource complexity policy information
Module is simultaneously sent to operation maintenance system progress operation and maintenance;
After computing engines module is connected to information, the resource configured in each resource in resource weak passwurd memory module is obtained
Weak passwurd information, and resource weak passwurd information is distributed to calculate node is directed to the corresponding weak mouth of resource of different account resources
Information is enabled, carries out collision detection by different calculate nodes, multiple calculate nodes carry out collision detection parallel;Whenever an account
Account resource and corresponding weak passwurd collision detection result are just stored in result memory module by resource after completing collision detection.
Specific embodiment 4:
A kind of weak passwurd detection method described in present embodiment, it is described to be directed to the corresponding weak mouth of resource of different account resources
Information is enabled, carries out collision detection by different calculate nodes, the process that multiple calculate nodes carry out collision detection parallel is as follows:
After computing engines module is connected to information, the resource configured in each resource in resource weak passwurd memory module is obtained
Weak passwurd information, and each of resource weak passwurd information weak passwurd information is distributed into a calculate node, a calculating
Node carries out collision detection to a weak passwurd information according to weak passwurd library, i.e., each account resource is by a calculate node
Collision detection is carried out, is directed to for the corresponding resource weak passwurd deposit of faith of different account resources, multiple calculate nodes are simultaneously
Row carries out collision detection.It can make full use of the calculation processing unit of hardware in this way, it being capable of hundreds times of even tens of thousands of times of promotions
The efficiency of collision detection is detected, detection time is shortened.
Other steps are the same as the specific implementation mode 3.
Specific embodiment 5:
A kind of weak passwurd detection method described in present embodiment, it is described to be directed to the corresponding weak mouth of resource of different account resources
Information is enabled, carries out collision detection by different calculate nodes, the process that multiple calculate nodes carry out collision detection parallel is as follows:
After computing engines module is connected to information, the resource configured in each resource in resource weak passwurd memory module is obtained
Weak passwurd information;And each of resource weak passwurd information weak passwurd information is distributed into multiple calculate nodes, according to collision
Control logic, if weak passwurd library is divided into stem portion, each calculate node point neck a part carries out collision detection detection, Duo Geji
Operator node carries out collision detection to a weak passwurd information according to weak passwurd library;Each account resource is by multiple calculate nodes
Collision detection is carried out, being directed to the corresponding resource weak passwurd information of different account resources is also parallel to carry out collision detection.
Since present embodiment is that each weak passwurd information is distributed to multiple calculate nodes, each weak passwurd information
It is all that collision detection is carried out by parallel form, so present embodiment can be further on the basis of specific embodiment
Upper hundreds and thousands of times of ground promotes the efficiency of detection collision detection, shortens detection time.
Other steps are the same as the specific implementation mode 3.
Claims (5)
1. a kind of weak passwurd detection system characterized by comprising account resource table, task control module, resource complexity plan
Slightly detection module, acquisition configuration module, acquisition engine module, resource weak passwurd memory module, computing engines module and result are deposited
Store up module;And resource complexity strategy dictionary, weak passwurd library;
The account resource table is stored with collected account resource ID;It is provided partly or completely according to task to be detected
Collected account resource ID;The account resource includes four seed types: database, middleware, operating system and the network equipment;
The weak passwurd library, for storing the weak passwurd of collision detection;
The task control module detects needs according to weak passwurd, carries out to some or all of type in account resource
Weak passwurd detection carries out task schedule control;
The acquisition configuration module targetedly provides instruction path according to the acquisition control information of task control module
And the corresponding acquisition environmental data of acquisition target is configured, and then provide instruction path and environment for acquisition engine module;
The acquisition engine module, including several acquisition nodes own according to the acquisition control information of task control module
Acquisition node carries out data acquisition to acquisition target parallel, and the data of acquisition are stored to resource weak passwurd memory module;
The resource weak passwurd memory module stores the collected data of acquisition engine module, including configures in each resource
Resource complexity policy information and weak passwurd information;
The resource complexity strategy detection module is stored with the corresponding resource complexity strategy word of account resource ID, resource
The Configuration Values of allusion quotation ID and specific resource complexity strategy;The outer correlated resources of the corresponding resource complexity strategy dictionary ID of resource are multiple
The tactful dictionary of miscellaneous degree;According to the corresponding resource complexity policy information of each resource in resource weak passwurd memory module, call
The resource complexity strategy dictionary carries out the detection of resource complexity strategy to each resource;
The resource complexity strategy dictionary is stored with the resource complexity policing type that can be configured, including resource is answered
Miscellaneous degree strategy names and resource complexity strategy coding;It is complicated according to the corresponding resource of resource in resource complexity strategy detection module
Degree strategy dictionary ID provides the corresponding resource complexity strategy names of resource complexity policing type that can be configured and resource is multiple
Miscellaneous degree strategy coding;
The computing engines module, including several calculate nodes, all calculate nodes are according to weak passwurd library parallel to resource
Weak passwurd information in weak passwurd memory module carries out collision detection;
The result memory module, for storing the corresponding resource complexity policy information of account resource and weak passwurd information.
2. a kind of weak passwurd detection system according to claim 1, which is characterized in that further include the application of application-oriented service
Service module;
The application service module, the task control information that will test system user are supplied to task control module;According to
Detection system user's is manually entered information update account resource table;Obtain task control module, the inspection of resource complexity strategy
It surveys module, acquisition configuration module, acquisition engine module, resource weak passwurd memory module, computing engines module and result and stores mould
The status monitoring information and task management state of block, and show detection system to make status monitoring information and task management state
User;Show the information in result memory module.
3. a kind of weak passwurd detection method, which comprises the following steps:
Task control module receives the task control information of detection system user, and according to the task of detection system user
Control information determines the account resource for needing to carry out weak passwurd detection in account resource table;It will need to carry out the platform of weak passwurd detection
Account resource and corresponding resource type information are sent to acquisition configuration module and acquisition engine module;
Acquisition configuration module is directed to the account resource for needing to carry out weak passwurd detection and corresponding resource type provides instruction path
And the corresponding acquisition environmental data of acquisition target is configured, it has been sent after having configured instruction path and environment to acquisition engine module
At information;
Acquisition engine module is directed to the account resource for needing to carry out weak passwurd detection and corresponding resource type distribution acquisition node,
Each acquisition node carries out data based on the corresponding acquisition channel of resource type and environment and adopts according to corresponding resource type
Collection, all acquisition nodes carry out data acquisition to acquisition target parallel, and by the resource complexity policy information data of acquisition and
Resource weak passwurd information data storing is sent completely information to task control module later to resource weak passwurd memory module;
It is right after task control module receives the completion information of the corresponding all information collection nodes transmissions of some resource type
The detection of resource complexity strategy and weak passwurd collision detection of the resource type should be started, and send information to resource complexity respectively
Spend tactful detection module and computing engines module;
After resource complexity strategy detection module is connected to information, obtains and configured in each resource in resource weak passwurd memory module
Resource complexity policy information, then resource complexity strategy dictionary ID corresponding with the account resource ID of storage, resource
And the Configuration Values of specific resource complexity strategy are matched, and corresponding according to account resource ID corresponding to resource and resource
Resource complexity strategy dictionary ID transfer corresponding outer correlated resources complexity strategy dictionary to carry out resource to each resource multiple
Miscellaneous degree strategy detection;If detecting account resource distribution resource complexity strategy and corresponding resource complexity strategy meeting
Testing requirements then determine qualification, and result memory module otherwise is recorded in account resource and corresponding resource complexity policy information
And it is sent to operation maintenance system and carries out operation and maintenance;
After computing engines module is connected to information, the weak mouth of resource configured in each resource in resource weak passwurd memory module is obtained
Information is enabled, and resource weak passwurd information is distributed into calculate node, is directed to the corresponding resource weak passwurd letter of different account resources
Breath carries out collision detection by different calculate nodes, and multiple calculate nodes carry out collision detection parallel;Whenever an account resource
Just account resource and corresponding weak passwurd collision detection result are stored in result memory module after completing collision detection.
4. a kind of weak passwurd detection method according to claim 3, which is characterized in that described to be directed to different account resources pair
The resource weak passwurd information answered carries out collision detection by different calculate nodes, and multiple calculate nodes carry out collision detection parallel
Process it is as follows:
After computing engines module is connected to information, the weak mouth of resource configured in each resource in resource weak passwurd memory module is obtained
Information is enabled, and each of resource weak passwurd information weak passwurd information is distributed into a calculate node, a calculate node
Collision detection is carried out to a weak passwurd information according to weak passwurd library, i.e., each account resource is carried out by a calculate node
Collision detection, it is directed to for the corresponding resource weak passwurd deposit of faith of different account resources, multiple calculate nodes are simultaneously advanced
Row collision detection.
5. a kind of weak passwurd detection method according to claim 3, which is characterized in that described to be directed to different account resources pair
The resource weak passwurd information answered carries out collision detection by different calculate nodes, and multiple calculate nodes carry out collision detection parallel
Process it is as follows:
After computing engines module is connected to information, the weak mouth of resource configured in each resource in resource weak passwurd memory module is obtained
Enable information;And each of resource weak passwurd information weak passwurd information is distributed into multiple calculate nodes, it is controlled according to collision
Logic, if weak passwurd library is divided into stem portion, each calculate node point neck a part carries out collision detection detection, multiple calculating sections
Point carries out collision detection to a weak passwurd information according to weak passwurd library;Each account resource is carried out by multiple calculate nodes
Collision detection, being directed to the corresponding resource weak passwurd information of different account resources is also parallel to carry out collision detection.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910233396.7A CN109948331A (en) | 2019-03-26 | 2019-03-26 | A kind of weak passwurd detection system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910233396.7A CN109948331A (en) | 2019-03-26 | 2019-03-26 | A kind of weak passwurd detection system and method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109948331A true CN109948331A (en) | 2019-06-28 |
Family
ID=67010937
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910233396.7A Pending CN109948331A (en) | 2019-03-26 | 2019-03-26 | A kind of weak passwurd detection system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109948331A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110807190A (en) * | 2019-10-10 | 2020-02-18 | 连连银通电子支付有限公司 | Weak password detection method and device |
| CN110995794A (en) * | 2019-11-19 | 2020-04-10 | 许继集团有限公司 | Debugging workstation, network shutdown machine and remote power data acquisition method |
| CN112738104A (en) * | 2020-12-29 | 2021-04-30 | 杭州迪普科技股份有限公司 | Scanning method and device of weak password equipment |
| US11558367B2 (en) | 2020-03-25 | 2023-01-17 | International Business Machines Corporation | Network based password policy detection and enforcement |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100054997A1 (en) * | 2008-09-03 | 2010-03-04 | Kabushiki Kaisha Toshiba | Automatic analyzing apparatus |
| CN103701629A (en) * | 2013-11-27 | 2014-04-02 | 北京神州泰岳软件股份有限公司 | Weak password analysis method and system |
| CN107196899A (en) * | 2017-03-21 | 2017-09-22 | 北京神州泰岳软件股份有限公司 | Equipment weak passwurd management method and device |
| CN107347078A (en) * | 2017-08-30 | 2017-11-14 | 杭州安恒信息技术有限公司 | A kind of operating system weak passwurd safety detection method based on cloud service |
| CN109246111A (en) * | 2018-09-18 | 2019-01-18 | 郑州云海信息技术有限公司 | A kind of detection method and device of network equipment telnet weak passwurd |
| CN109409079A (en) * | 2018-10-29 | 2019-03-01 | 成都亚信网络安全产业技术研究院有限公司 | Weak passwurd check method and device |
-
2019
- 2019-03-26 CN CN201910233396.7A patent/CN109948331A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100054997A1 (en) * | 2008-09-03 | 2010-03-04 | Kabushiki Kaisha Toshiba | Automatic analyzing apparatus |
| CN103701629A (en) * | 2013-11-27 | 2014-04-02 | 北京神州泰岳软件股份有限公司 | Weak password analysis method and system |
| CN107196899A (en) * | 2017-03-21 | 2017-09-22 | 北京神州泰岳软件股份有限公司 | Equipment weak passwurd management method and device |
| CN107347078A (en) * | 2017-08-30 | 2017-11-14 | 杭州安恒信息技术有限公司 | A kind of operating system weak passwurd safety detection method based on cloud service |
| CN109246111A (en) * | 2018-09-18 | 2019-01-18 | 郑州云海信息技术有限公司 | A kind of detection method and device of network equipment telnet weak passwurd |
| CN109409079A (en) * | 2018-10-29 | 2019-03-01 | 成都亚信网络安全产业技术研究院有限公司 | Weak passwurd check method and device |
Non-Patent Citations (2)
| Title |
|---|
| 何金栋: "Web中间件弱口令检测系统的设计和实现", 《通信设计与应用》 * |
| 黎源: "集中弱口令检查系统的分析与设计", 《信息技术》 * |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110807190A (en) * | 2019-10-10 | 2020-02-18 | 连连银通电子支付有限公司 | Weak password detection method and device |
| CN110995794A (en) * | 2019-11-19 | 2020-04-10 | 许继集团有限公司 | Debugging workstation, network shutdown machine and remote power data acquisition method |
| CN110995794B (en) * | 2019-11-19 | 2022-07-15 | 许继集团有限公司 | Remote acquisition method of electric power data |
| US11558367B2 (en) | 2020-03-25 | 2023-01-17 | International Business Machines Corporation | Network based password policy detection and enforcement |
| CN112738104A (en) * | 2020-12-29 | 2021-04-30 | 杭州迪普科技股份有限公司 | Scanning method and device of weak password equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109948331A (en) | A kind of weak passwurd detection system and method | |
| US8256002B2 (en) | Tool, method and apparatus for assessing network security | |
| CN109034720A (en) | A kind of mobile oa platform and device suitable for power scheduling service management | |
| CN110957025A (en) | Medical health information safety management system | |
| CN106888106A (en) | The extensive detecting system of IT assets in intelligent grid | |
| CN108449320A (en) | The safe office system of intelligent automation and method | |
| CN107277049A (en) | The access method and device of a kind of application system | |
| CN110290138B (en) | Restricted login method and system suitable for test database | |
| CN111598574A (en) | Intelligent service transaction oriented supervision method and supervision interface | |
| CN104253810B (en) | Safe login method and system | |
| CN104486346A (en) | Stepping stone system | |
| CN113360862A (en) | Unified identity authentication system, method, electronic device and storage medium | |
| CN107798037A (en) | The acquisition methods and server of user characteristic data | |
| CN109858286A (en) | For the security policy manager system of credible calculating platform | |
| CN109905403A (en) | A kind of safety detecting method considering operation and maintenance | |
| KR20140035146A (en) | Apparatus and method for information security | |
| Jelacic et al. | Security risk assessment-based cloud migration methodology for smart grid OT services | |
| CN112910904A (en) | Login method and device of multi-service system | |
| CN108377244A (en) | A kind of Intranet uniform authentication method | |
| CN114757634A (en) | Portable high-integration mobile office platform as a service (PaaS) | |
| CN110474910A (en) | A kind of right management method | |
| CN115270182A (en) | Power grid project closed-loop control file management system | |
| CN110445804A (en) | A kind of safe handling protection system about outgoing document | |
| CN110086796A (en) | A kind of transmission method based on public private key encryption technology collection monitoring data | |
| CN108600229A (en) | A kind of radio communication sharing method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20190628 |