CN110162978A - A kind of terminal security risk assessment management method, apparatus and system - Google Patents
A kind of terminal security risk assessment management method, apparatus and system Download PDFInfo
- Publication number
- CN110162978A CN110162978A CN201910410088.7A CN201910410088A CN110162978A CN 110162978 A CN110162978 A CN 110162978A CN 201910410088 A CN201910410088 A CN 201910410088A CN 110162978 A CN110162978 A CN 110162978A
- Authority
- CN
- China
- Prior art keywords
- information terminal
- detecting
- server
- client
- file
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000007726 management method Methods 0.000 title claims abstract description 58
- 238000012502 risk assessment Methods 0.000 title claims abstract description 49
- 238000001514 detection method Methods 0.000 claims abstract description 145
- 238000000034 method Methods 0.000 claims abstract description 43
- 230000008569 process Effects 0.000 claims abstract description 23
- 238000012986 modification Methods 0.000 claims abstract description 21
- 230000004048 modification Effects 0.000 claims abstract description 21
- 230000008439 repair process Effects 0.000 claims description 55
- 238000010586 diagram Methods 0.000 description 8
- 230000005540 biological transmission Effects 0.000 description 5
- 230000006870 function Effects 0.000 description 5
- 241000700605 Viruses Species 0.000 description 4
- 238000012423 maintenance Methods 0.000 description 4
- 238000009434 installation Methods 0.000 description 3
- 238000002955 isolation Methods 0.000 description 3
- 238000012544 monitoring process Methods 0.000 description 3
- 230000002155 anti-virotic effect Effects 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 230000000007 visual effect Effects 0.000 description 2
- 206010033799 Paralysis Diseases 0.000 description 1
- 208000003443 Unconsciousness Diseases 0.000 description 1
- 230000002159 abnormal effect Effects 0.000 description 1
- 238000012550 audit Methods 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 208000037265 diseases, disorders, signs and symptoms Diseases 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 description 1
- 230000001788 irregular Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000004088 simulation Methods 0.000 description 1
- 238000012800 visualization Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/034—Test or assess a computer or a system
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of terminal security risk assessment management method, apparatus and system, method includes: the push instruction for receiving server-side and sending, and client software is mounted on each information terminal;Safety detection is carried out to information terminal using client, detection project includes: login account detection, the software detection that must be installed, weak passwurd detection, Port detecting, the detection of unnecessary service processes, network configuration detection, the detection of key configuration file, the access of key configuration file record and one of modification note detection record, software vulnerability detection or combination;Safety detection result is sent to server-side using client, so that server-side is judged according to safety detection result;The reparation file that server end is sent is received, and according to the reparation for repairing file progress risk item.Using the embodiment of the present invention, the security risk of information management can be reduced.
Description
Technical Field
The invention relates to a security assessment management system, in particular to a terminal security risk assessment management method, device and system.
Background
With the rapid development of power informatization, the network scale of a power information network is continuously increased, and the threat of information security is increased. In order to ensure the safety of the information network, the power information network management department continuously raises the requirement of information safety, and issues various information safety regulations and rules successively, relating to various aspects including terminal systems, safety strategies and the like. Aiming at the situation, the terminal safety risk assessment auditing tool is developed to realize automatic and accurate automatic detection and monitoring of terminal equipment so as to improve the safety and reliability of the terminal and ensure the safety of the terminal, thereby ensuring the safety of the whole information network. At present, a safety system of the power information network is initially established, the power information network and a power operation real-time control network are isolated, and a firewall, network antivirus software and data backup equipment are arranged between the networks.
In enterprise information security, terminal security is the most important, but the information terminal has the phenomena of multiple system accounts, weak passwords, random port opening and service opening and the like due to wide application range, complex application environment, large number of related users, difficult operation and maintenance and the like, so that a series of security risks are brought to the information security of an enterprise due to the low security of the information terminal.
Disclosure of Invention
The invention aims to provide a terminal security risk assessment management method, device and system, and aims to solve the problem of information security risk in the prior art.
The invention solves the technical problems through the following technical scheme:
the embodiment of the invention provides a terminal security risk assessment management method, which is applied to an information terminal and comprises the following steps:
receiving a push instruction sent by a server to install client software on each information terminal, wherein the information terminal comprises: a Windows xp operating system information terminal, a Windows7 operating system information terminal, a Windows10 operating system information terminal;
the client is utilized to carry out safety detection on the information terminal, and detection items comprise: detecting a login account, detecting software which needs to be installed, detecting a weak password, detecting a port, detecting an unnecessary service process, detecting network configuration, detecting a key configuration file, detecting an access record and a modification record of the key configuration file, and detecting software bugs;
sending a safety detection result to a server by using a client so that the server judges according to the safety detection result;
and receiving a repair file sent by a server side, and repairing the risk item according to the repair file.
Optionally, the login account detection includes:
detecting whether the number of account numbers in the information terminal exceeds a set value or not;
or,
detecting whether a forbidden account exists in the account logged in the information terminal;
optionally, the port detection includes:
and acquiring a list of hardware ports and open ports in software ports in the information terminal.
Optionally, the network configuration detection includes: and acquiring the number of network cards in the information terminal.
Optionally, the unnecessary service process detection includes:
and scanning registry information of the information terminal to obtain a list of unnecessary service processes opened by the information terminal.
Optionally, the weak password detection includes:
and detecting the strength of each password in the information terminal by using a preset dictionary library, and acquiring a strength list of each password.
Optionally, the receiving a repair file sent by a server, and repairing a risk item according to the repair file includes:
and receiving a repair script sent by a server, and executing the script to close a port corresponding to the script and a service process.
Optionally, the receiving a repair file sent by a server, and repairing a risk item according to the repair file includes:
and receiving a patch file sent by a server and installing the patch.
Optionally, the receiving a repair file sent by a server, and repairing a risk item according to the repair file includes:
and receiving the weak password modification list file, and informing a user to modify the corresponding weak password within the appointed time according to the weak password modification list file.
Optionally, the sending, by the client, the security detection result to the server, so that the server performs the determination according to the security detection result, includes:
and receiving a forbidden account list sent by the server, and forbidding a corresponding account according to the forbidden account list.
The embodiment of the invention provides a terminal security risk assessment management method, which is applied to a server side and comprises the following steps:
generating a push instruction, and sending the push instruction to an information terminal so that the information terminal installs client software according to the push instruction;
receiving a safety detection result, and judging whether the information terminal has a risk item according to the safety detection result;
and if so, generating a risk item repair file, and sending the risk item repair file to the client so that the information terminal carries out risk repair according to the risk item repair file.
Optionally, after receiving the security detection result, before determining whether the information terminal has the risk item according to the security detection result, the method further includes: judging whether the risk items corresponding to the safety detection results can be repaired or not;
and if not, isolating the client corresponding to the safety detection result.
The embodiment of the invention also provides a terminal security risk assessment management method, which comprises the following steps:
generating a push instruction, and sending the push instruction to an information terminal so that the information terminal installs client software according to the push instruction;
receiving a push instruction sent by a server to install client software on each information terminal, wherein the information terminal comprises: a Windows xp operating system information terminal, a Windows7 operating system information terminal, a Windows10 operating system information terminal;
the client is utilized to carry out safety detection on the information terminal, and detection items comprise: detecting a login account, detecting software which needs to be installed, detecting a weak password, detecting a port, detecting an unnecessary service process, detecting network configuration, detecting a key configuration file, detecting an access record and a modification record of the key configuration file, and detecting software bugs;
sending a safety detection result to a server by using a client so that the server judges according to the safety detection result;
receiving a safety detection result, and judging whether the information terminal has a risk item according to the safety detection result; if so, generating a risk item repair file, and sending the risk item repair file to a client so that the information terminal carries out risk repair according to the risk item repair file;
and receiving a repair file sent by a server side, and repairing the risk item according to the repair file.
The embodiment of the invention also provides a terminal security risk assessment management device, which is applied to an information terminal and comprises the following components:
the first receiving module is used for receiving a push instruction sent by a server to install client software on each information terminal, wherein the information terminal comprises: a Windows xp operating system information terminal, a Windows7 operating system information terminal, a Windows10 operating system information terminal;
the detection module is used for utilizing the client to carry out safety detection on the information terminal, and detection items comprise: detecting a login account, detecting software which needs to be installed, detecting a weak password, detecting a port, detecting an unnecessary service process, detecting network configuration, detecting a key configuration file, detecting an access record and a modification record of the key configuration file, and detecting software bugs;
the sending module is used for sending the safety detection result to the server by using the client so that the server can judge according to the safety detection result;
and the second receiving module is used for receiving the repair file sent by the server side and repairing the risk item according to the repair file.
Optionally, the detection module is configured to:
detecting whether the number of account numbers in the information terminal exceeds a set value or not;
or,
detecting whether a forbidden account exists in the account logged in the information terminal;
optionally, the detection module is configured to:
and acquiring a list of hardware ports and open ports in software ports in the information terminal.
Optionally, the detection module is configured to: and acquiring the number of network cards in the information terminal.
Optionally, the detection module is configured to:
and scanning registry information of the information terminal to obtain a list of unnecessary service processes opened by the information terminal.
Optionally, the detection module is configured to:
and detecting the strength of each password in the information terminal by using a preset dictionary library, and acquiring a strength list of each password.
Optionally, the second receiving module is configured to:
and receiving a repair script sent by a server, and executing the script to close a port corresponding to the script and a service process.
Optionally, the second receiving module is configured to:
and receiving a patch file sent by a server and installing the patch.
Optionally, the second receiving module is configured to:
and receiving the weak password modification list file, and informing a user to modify the corresponding weak password within the appointed time according to the weak password modification list file.
Optionally, the second receiving module is configured to:
and receiving a forbidden account list sent by the server, and forbidding a corresponding account according to the forbidden account list.
The embodiment of the invention provides a terminal security risk assessment management device, which is applied to a server side, and the method comprises the following steps:
the generation module is used for generating a push instruction and sending the push instruction to the information terminal so that the information terminal can install the client software according to the push instruction;
the third receiving module is used for receiving a safety detection result and judging whether the information terminal has a risk item according to the safety detection result;
and the repairing module is used for generating a risk item repairing file and sending the risk item repairing file to the client under the condition that the judgment result of the third receiving module is yes, so that the information terminal carries out risk repairing according to the risk item repairing file.
Optionally, the apparatus further comprises: the judging module is used for judging whether the risk items corresponding to the safety detection results can be repaired or not;
and if not, isolating the client corresponding to the safety detection result.
The embodiment of the invention provides a terminal security risk assessment management system, which comprises:
a terminal security risk assessment management device as described in any of the above, and,
the other terminal security risk assessment management device is described above.
Compared with the prior art, the invention has the following advantages:
by applying the embodiment of the invention, the client is installed on the operating system terminals of each version, the information terminal is subjected to security detection by using the client, and the risk items of the information terminal are repaired, so that the security of the information terminal can be improved, and the security risk of information management is further reduced.
Drawings
Fig. 1 is a schematic flowchart of a first terminal security risk assessment management method according to an embodiment of the present invention;
fig. 2 is a schematic flowchart of a second terminal security risk assessment management method according to an embodiment of the present invention;
fig. 3 is a schematic flowchart of a third method for managing terminal security risk assessment according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of a first terminal security risk assessment management apparatus according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of a second terminal security risk assessment management apparatus according to an embodiment of the present invention;
fig. 6 is a schematic structural diagram of a terminal security risk assessment management system according to an embodiment of the present invention;
fig. 7 is a schematic structural diagram of another terminal security risk assessment management system according to an embodiment of the present invention.
Detailed Description
The following examples are given for the detailed implementation and specific operation of the present invention, but the scope of the present invention is not limited to the following examples.
The embodiment of the invention provides a method, a device and a system for managing terminal security risk assessment, and firstly introduces the method for managing terminal security risk assessment provided by the embodiment of the invention.
In a first aspect, fig. 1 is a schematic flowchart of a first terminal security risk assessment management method according to an embodiment of the present invention; as shown in fig. 1, the method is applied to an information terminal, and comprises the following steps:
s101: receiving a push instruction sent by a server to install client software on each information terminal, wherein the information terminal comprises: a Windows xp operating system information terminal, a Windows7 operating system information terminal, and a Windows10 operating system information terminal.
In general, a large number of information terminals are included in an information system, and for historical reasons, there may be differences in operating system versions of different information terminals, for example, there may be a Windows xp operating system information terminal, a Windows7 operating system information terminal, and a Windows10 operating system information terminal. Therefore, in order to be compatible with the operating systems, the client in the embodiment of the present invention includes a push module of each operating system, or includes a push module and a push information conversion module, and converts information sent by the push module into information that can be received by a corresponding operating system, so as to be compatible with the operating systems.
The client can be one of Windows service and visual client program, and the information terminal is installed through a uniform push program.
S102: the client is utilized to carry out safety detection on the information terminal, and detection items comprise: the method comprises the following steps of one or a combination of login account detection, software detection which must be installed, weak password detection, port detection, unnecessary service process detection, network configuration detection, key configuration file detection, access record and modification record detection of key configuration files and software vulnerability detection.
In practical application, the login account detection includes: detecting whether the number of account numbers in the information terminal exceeds a set value or not; or detecting whether a forbidden account exists in the account logged in the information terminal.
Specifically, whether the system is used by multiple accounts can be judged through the number of users of the local user and the group in computer management, whether the users are forbidden or not, and the like.
The port detection includes: and acquiring a list of hardware ports and open ports in software ports in the information terminal. The detection of the open condition of a TCP (transmission control Protocol) port and a UDP (User Datagram Protocol) port can be achieved by using telnet (remote terminal Protocol) and SOCKET (port) technologies.
The network configuration detection comprises: and acquiring the number of network cards in the information terminal. The number of network cards can be directly obtained by detecting the number of 'network adapters' in the device manager.
The unnecessary service process detection comprises the following steps: and scanning registry information of the information terminal to obtain a list of unnecessary service processes opened by the information terminal. And scanning the terminal registry information through the client to detect the opening condition of unnecessary services.
The weak password detection includes: and detecting the strength of each password in the information terminal by using a preset dictionary library, and acquiring a strength list of each password. And (4) violence detection is carried out in a dictionary library mode, and the current system password and the password in the preset dictionary library are used for realizing the simulation of logging in the terminal equipment so as to realize the detection of the password.
In practical application, a user can expand the detection items in a customized manner, for example, an administrator can add new detection items in a detection item maintenance interface as needed to form a security detection library.
S103: and sending the safety detection result to the server by using the client so that the server judges according to the safety detection result.
And the client sends the detection result obtained in the step S102 to the server, and the server performs judgment respectively according to the detection result of each client.
In practical application, taking the judgment of the weak password as an example, the system login can be considered to be realized before the first preset number is simulated, and the password can be considered as the weak password;
or the ratio of the number of the simulated passwords to the number in the preset dictionary database is lower than a second preset number, the password can be considered as a weak password.
Taking unnecessary services as an example, when unnecessary services exist, the information terminal is considered to have a security risk.
S104: and receiving a repair file sent by a server side, and repairing the risk item according to the repair file.
Specifically, a repair script sent by a server may be received, and the script is executed to close a port and a service process corresponding to the script. For example, by issuing a bat (Batch file) script, one-key automatic closing of a controlled port and unnecessary services is realized;
specifically, the patch file sent by the server may also be received, and the patch may be installed. For example, the server-side associates with a security patch server according to the bug fixing condition of a terminal detection item to realize the automatic issuing function of a security patch to fix the security bug of the terminal, and the specific mode mainly comprises the steps of uploading a patch installation package to be installed on the server-side, and acquiring the patch to be installed from the server-side by a client-side through an HTTP interface to realize patch issuing and installation;
specifically, a weak password modification list file can be received, and a user is informed to modify the corresponding weak password within the specified time according to the weak password modification list file. The weak password is repaired by setting and limiting a password policy in a local security policy;
in practical application, the server can also modify the forced weak password, and after the password of the information terminal is modified by the server, the modified password is notified to the user in a safe manner.
Specifically, a forbidden account list sent by the server can be received, and the corresponding account is forbidden according to the forbidden account list. And forbidding the use permission of redundant users according to the acquired user information of the local users and the groups in the computer management.
By applying the embodiment of the invention shown in fig. 1, the client is installed on the operating system terminals of each version, the information terminal is subjected to security detection by using the client, and the risk items of the information terminal are repaired, so that the security of the information terminal can be improved, and the security risk of information management is further reduced.
In a second aspect, the embodiment of the present invention further provides a second terminal security risk assessment management method.
Fig. 2 is a schematic flowchart of a second method for managing terminal security risk assessment according to an embodiment of the present invention, and as shown in fig. 2, the method is applied to a server, and the method includes:
s201: and generating a push instruction, and sending the push instruction to the information terminal so that the information terminal installs the client software according to the push instruction.
The push command generated by the server is suitable for a Windows xp operating system information terminal, a Windows7 operating system information terminal and a Windows10 operating system information terminal. And pushing out the client terminals suitable for the Windows xp operating system information terminal, the Windows7 operating system information terminal and the Windows10 operating system information terminal.
Normally, the information is pushed to all information terminals.
S202: receiving a safety detection result, and judging whether the information terminal has a risk item according to the safety detection result; if yes, go to step S203; if not, the security detection result is continuously received.
Taking the judgment of the weak password as an example, the system login can be considered to be realized before the first preset number is simulated, and the password can be considered as the weak password;
or the ratio of the number of the simulated passwords to the number in the preset dictionary database is lower than a second preset number, the password can be considered as a weak password.
Taking unnecessary services as an example, when unnecessary services exist, the information terminal is considered to have a security risk.
S203: and generating a risk item restoration file, and sending the risk item restoration file to a client so that the information terminal carries out risk restoration according to the risk item restoration file.
By applying the embodiment of the invention shown in fig. 2, the client is installed on the operating system terminals of each version, the information terminal is subjected to security detection by using the client, and the risk items of the information terminal are repaired, so that the security of the information terminal can be improved, and the security risk of information management is further reduced.
In a specific implementation manner of the embodiment of the present invention, after receiving a security detection result, before determining whether a risk item occurs in an information terminal according to the security detection result, the method further includes: judging whether the risk items corresponding to the safety detection results can be repaired or not;
and if not, isolating the client corresponding to the safety detection result.
And for the terminal which cannot be repaired, the client-side carries out isolation processing on the terminal. The specific method is that the access authority of the terminal is realized through the setting of an IP security policy in a local security policy, so that the effect of network disconnection is achieved.
For example, if the existing repair means of the server cannot repair the client, and the client has a security risk item, in order to prevent the client from affecting other devices in the network, the server may send an instruction to close a port connected to the client to the other devices connected to the client, and after receiving the instruction, the other devices connected to the client close the port connected to the client, thereby implementing isolation of the client.
By applying the embodiment of the invention, the isolation operation of the client with the risk item can be realized.
In a third aspect, an embodiment of the present invention further provides a third method for managing security risk assessment of a terminal.
Fig. 3 is a schematic flowchart of a third method for managing terminal security risk assessment according to an embodiment of the present invention, where as shown in fig. 3, the method includes:
s301: and generating a push instruction, and sending the push instruction to the information terminal so that the information terminal installs the client software according to the push instruction.
This step corresponds to step S201 of the second aspect, and is not described herein again in the embodiments of the present invention.
S302: receiving a push instruction sent by a server to install client software on each information terminal, wherein the information terminal comprises: a Windows xp operating system information terminal, a Windows7 operating system information terminal, and a Windows10 operating system information terminal.
This step corresponds to step S101 of the first aspect, and is not described herein again in the embodiments of the present invention.
S303: the client is utilized to carry out safety detection on the information terminal, and detection items comprise: the method comprises the following steps of one or a combination of login account detection, software detection which must be installed, weak password detection, port detection, unnecessary service process detection, network configuration detection, key configuration file detection, access record and modification record detection of key configuration files and software vulnerability detection.
This step corresponds to step S102 of the first aspect, and is not described herein again in the embodiments of the present invention.
S304: and sending the safety detection result to the server by using the client so that the server judges according to the safety detection result.
This step corresponds to step S103 of the first aspect, and is not described herein again in this embodiment of the present invention.
S305: receiving a safety detection result, and judging whether the information terminal has a risk item according to the safety detection result; if so, generating a risk item repair file, and sending the risk item repair file to a client so that the information terminal carries out risk repair according to the risk item repair file;
this step corresponds to steps S202 and S203 of the second aspect, and the embodiment of the present invention is not described herein again.
S306: and receiving a repair file sent by a server side, and repairing the risk item according to the repair file.
This step corresponds to step S104 of the first aspect, and is not described herein again in the embodiments of the present invention.
At present, a safety system of the power information network is initially established, the power information network and a power operation real-time control network are isolated, and a firewall, network antivirus software and data backup equipment are arranged between the networks. However, the safety of the power information network is unbalanced, and there are many potential safety hazards in the network, mainly including: the system itself has security holes (which can be used by attackers), irregular operation of internal personnel, viruses from the external Internet, malicious attacks, security management holes, and the like. The damage of network virus to mail server and host system, network slowing caused by network virus, system failure to respond normally, etc. have been found in power information network. Because the network scale of the power information network is large, the number of network users is large, the safety systems of all units are uneven, and a uniform and effective control means is lacked. Table 1 lists the major risks faced in the power information grid.
TABLE 1
| Risks | Description of the invention |
| Illegal use | Using computer or network resources by unauthorized users |
| Spoofing | IP address spoofing attacks |
| Camouflage | The intruder pretends to be legal identity and logs in the power information system |
| Denial of service | Sending large amount of avalanche data to communication gateway to cause network or monitoring system to be paralyzed |
| Interruption of a memory | Interrupting communication inside or outside information system |
| Terminal security hole | Network security out of control |
| Malicious program | Computer worm, trojan, logic bomb and other internet security |
As shown in table 1, part of employees in the company currently have unconscious behaviors and insufficient security consciousness in using their own terminal devices, and bring certain security risks to the access of the information network, which mainly appear in the following aspects:
(1) the safety maintenance of the daily terminal is not in place: some employees are sparsely arranged in setting a strong password, updating the password regularly or installing the latest patch, and do not deal with infected viruses, and the terminal is in a sub-health state for operation.
(2) Weak safety consciousness: disorder of use of the internal and external networks: due to the condition limitation of company units, most employees cannot realize dual-network dual-computer, and due to weak security consciousness, in order to access the internet, the intranet terminal is connected and interconnected privately through electronic equipment such as a 4G wireless network card and a smart phone, so that an illegal external connection information security event is caused.
(3) Software was installed at will: and related software is randomly installed by part of staff, and the software automatically opens related services and ports, so that an intrusion gate is opened for an intruder.
Aiming at the situation, the embodiment of the invention realizes unified automatic and accurate automatic detection and monitoring of the information terminals of different systems by developing a terminal security risk assessment auditing tool so as to improve the security and reliability of the terminal and ensure the security of the terminal, thereby ensuring the security of the whole information network.
By applying the embodiment of the invention shown in fig. 3, the client is installed on the operating system terminals of each version, the information terminal is subjected to security detection by using the client, and the risk items of the information terminal are repaired, so that the security of the information terminal can be improved, and the security risk of information management is further reduced.
In a fourth aspect, corresponding to the first aspect of the present invention, an embodiment of the present invention provides a terminal security risk assessment management apparatus.
Fig. 4 is a schematic structural diagram of a first terminal security risk assessment management device according to an embodiment of the present invention, as shown in fig. 4, applied to an information terminal, where the device includes:
a first receiving module 401, configured to receive a push instruction sent by a server, so as to install client software on each information terminal, where the information terminal includes: a Windows xp operating system information terminal, a Windows7 operating system information terminal, a Windows10 operating system information terminal;
a detection module 402, configured to perform security detection on the information terminal by using the client, where the detection items include: detecting a login account, detecting software which needs to be installed, detecting a weak password, detecting a port, detecting an unnecessary service process, detecting network configuration, detecting a key configuration file, detecting an access record and a modification record of the key configuration file, and detecting software bugs;
a sending module 403, configured to send the security detection result to the server by using the client, so that the server performs a determination according to the security detection result;
a second receiving module 404, configured to receive the repair file sent by the server, and repair the risk item according to the repair file.
By applying the embodiment shown in fig. 4 of the invention, the client is installed on the operating system terminals of each version, the information terminal is subjected to security detection by using the client, and the risk items of the information terminal are repaired, so that the security of the information terminal can be improved, and the security risk of information management is further reduced.
In a specific implementation manner of the embodiment of the present invention, the detecting module 402 is configured to:
detecting whether the number of account numbers in the information terminal exceeds a set value or not;
or,
detecting whether a forbidden account exists in the account logged in the information terminal;
in a specific implementation manner of the embodiment of the present invention, the detecting module 402 is configured to:
and acquiring a list of hardware ports and open ports in software ports in the information terminal.
In a specific implementation manner of the embodiment of the present invention, the detecting module 402 is configured to: and acquiring the number of network cards in the information terminal.
In a specific implementation manner of the embodiment of the present invention, the detecting module 402 is configured to:
and scanning registry information of the information terminal to obtain a list of unnecessary service processes opened by the information terminal.
In a specific implementation manner of the embodiment of the present invention, the detecting module 402 is configured to:
and detecting the strength of each password in the information terminal by using a preset dictionary library, and acquiring a strength list of each password.
In a specific implementation manner of the embodiment of the present invention, the second receiving module 404 is configured to:
and receiving a repair script sent by a server, and executing the script to close a port corresponding to the script and a service process.
In a specific implementation manner of the embodiment of the present invention, the second receiving module 404 is configured to:
and receiving a patch file sent by a server and installing the patch.
In a specific implementation manner of the embodiment of the present invention, the second receiving module 404 is configured to:
and receiving the weak password modification list file, and informing a user to modify the corresponding weak password within the appointed time according to the weak password modification list file.
In a specific implementation manner of the embodiment of the present invention, the second receiving module 404 is configured to:
and receiving a forbidden account list sent by the server, and forbidding a corresponding account according to the forbidden account list.
In a fifth aspect, corresponding to the second aspect of the present invention, an embodiment of the present invention provides another terminal security risk assessment management apparatus.
Fig. 5 is a schematic structural diagram of a second terminal security risk assessment management device according to an embodiment of the present invention, as shown in fig. 5, applied to a server, where the method includes:
the generating module 501 is configured to generate a push instruction, and send the push instruction to an information terminal, so that the information terminal installs client software according to the push instruction;
a third receiving module 502, configured to receive a security detection result, and determine whether a risk item occurs in the information terminal according to the security detection result;
and a repairing module 503, configured to generate a risk item repairing file if the determination result of the third receiving module is yes, and send the risk item repairing file to the client, so that the information terminal performs risk repairing according to the risk item repairing file.
By applying the embodiment of the invention shown in fig. 5, the client is installed on the operating system terminals of each version, the information terminal is subjected to security detection by using the client, and the risk items of the information terminal are repaired, so that the security of the information terminal can be improved, and the security risk of information management is further reduced.
In a specific implementation manner of the embodiment of the present invention, the apparatus further includes: the judging module is used for judging whether the risk items corresponding to the safety detection results can be repaired or not;
and if not, isolating the client corresponding to the safety detection result.
Fig. 6 is a schematic structural diagram of a terminal security risk assessment management system according to an embodiment of the present invention, and as shown in fig. 6, the system includes:
a terminal security risk assessment management device 601 according to the fourth aspect above, and,
another terminal security risk assessment management device 602 according to the fifth aspect is described above.
By applying the embodiment of the invention shown in fig. 6, the client is installed on the operating system terminals of each version, the information terminal is subjected to security detection by using the client, and the risk items of the information terminal are repaired, so that the security of the information terminal can be improved, and the security risk of information management is further reduced.
Fig. 7 is a schematic structural diagram of another terminal security risk assessment management system according to an embodiment of the present invention, and as shown in fig. 7, the embodiment of the present invention may be divided into an object layer, a scheduling layer, an implementation layer, and an application layer on a specific deployment, where,
1. the object layer is divided into three network elements of Windows7, Windows XP and Windows10, and because of the difference of terminal operating systems, client programs (such as Windows service and visual client programs) with uniform versions are developed to install the terminal equipment.
2. The scheduling layer is mainly a data transmission interface, the interface transmits data in an HTTP interface mode, and the HTTP interface is mainly divided into two aspects:
data transmission of the tool (information transmission of the equipment, patch downloading transmission);
and the abnormal terminal information is transmitted and linked with the firewall and the core switch to realize the network disconnection function.
3. The implementation layer transmits data to the firewall and the core switch through the WebService interface, and realizes the function of 'network disconnection' by adding a security strategy.
4. The application layer provides a service management function facing management personnel by adopting a B/S framework mode, and mainly provides management functions of terminal equipment visualization display, security audit item maintenance, patch management, patch installation records and the like.
By applying the embodiment shown in fig. 7 of the present invention, the client is installed on the operating system terminal of each version, the information terminal is subjected to security detection by using the client, and the risk item of the information terminal is repaired, so that the security of the information terminal can be improved, and the security risk of information management can be further reduced.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents and improvements made within the spirit and principle of the present invention are intended to be included within the scope of the present invention.
Claims (10)
1. A terminal security risk assessment management method is applied to an information terminal, and comprises the following steps:
receiving a push instruction sent by a server to install client software on each information terminal, wherein the information terminal comprises: a Windows xp operating system information terminal, a Windows7 operating system information terminal, a Windows10 operating system information terminal;
the client is utilized to carry out safety detection on the information terminal, and detection items comprise: detecting a login account, detecting software which needs to be installed, detecting a weak password, detecting a port, detecting an unnecessary service process, detecting network configuration, detecting a key configuration file, detecting an access record and a modification record of the key configuration file, and detecting software bugs;
sending a safety detection result to a server by using a client so that the server judges according to the safety detection result;
and receiving a repair file sent by a server side, and repairing the risk item according to the repair file.
2. The terminal security risk assessment management method according to claim 1, wherein the login account detection includes: detecting whether the number of account numbers in the information terminal exceeds a set value or not; or detecting whether a forbidden account exists in the account logged in the information terminal;
the port detection includes: acquiring a list of hardware ports and open ports in software ports in an information terminal;
the network configuration detection comprises: acquiring the number of network cards in the information terminal;
the unnecessary service process detection comprises the following steps: scanning registry information of the information terminal, and acquiring a list of unnecessary service processes opened by the information terminal;
the weak password detection includes: and detecting the strength of each password in the information terminal by using a preset dictionary library, and acquiring a strength list of each password.
3. The method for managing terminal security risk assessment according to claim 1, wherein the receiving of the repair file sent by the server and the repair of the risk item according to the repair file comprises: receiving a repair script sent by a server, and executing the script to close a port corresponding to the script and a service process;
or receiving a patch file sent by a server and installing the patch;
or receiving the weak password modification list file, and informing the user to modify the corresponding weak password within the appointed time according to the weak password modification list file.
4. The terminal security risk assessment management method according to claim 1, wherein sending a security detection result to a server by using a client, so that the server performs judgment according to the security detection result, comprises:
and receiving a forbidden account list sent by the server, and forbidding a corresponding account according to the forbidden account list.
5. A terminal security risk assessment management method is applied to a server side, and comprises the following steps:
generating a push instruction, and sending the push instruction to an information terminal so that the information terminal installs client software according to the push instruction;
receiving a safety detection result, and judging whether the information terminal has a risk item according to the safety detection result;
and if so, generating a risk item repair file, and sending the risk item repair file to the client so that the information terminal carries out risk repair according to the risk item repair file.
6. The terminal security risk assessment management method according to claim 5, wherein after receiving the security detection result, before determining whether the information terminal has the risk item according to the security detection result, the method further comprises: judging whether the risk items corresponding to the safety detection results can be repaired or not;
and if not, isolating the client corresponding to the safety detection result.
7. A terminal security risk assessment management method is characterized by comprising the following steps:
generating a push instruction, and sending the push instruction to an information terminal so that the information terminal installs client software according to the push instruction;
receiving a push instruction sent by a server to install client software on each information terminal, wherein the information terminal comprises: a Windows xp operating system information terminal, a Windows7 operating system information terminal, a Windows10 operating system information terminal;
the client is utilized to carry out safety detection on the information terminal, and detection items comprise: detecting a login account, detecting software which needs to be installed, detecting a weak password, detecting a port, detecting an unnecessary service process, detecting network configuration, detecting a key configuration file, detecting an access record and a modification record of the key configuration file, and detecting software bugs;
sending a safety detection result to a server by using a client so that the server judges according to the safety detection result;
receiving a safety detection result, and judging whether the information terminal has a risk item according to the safety detection result; if so, generating a risk item repair file, and sending the risk item repair file to a client so that the information terminal carries out risk repair according to the risk item repair file;
and receiving a repair file sent by a server side, and repairing the risk item according to the repair file.
8. A terminal security risk assessment management device is applied to an information terminal, and comprises the following components:
the first receiving module is used for receiving a push instruction sent by a server to install client software on each information terminal, wherein the information terminal comprises: a Windows xp operating system information terminal, a Windows7 operating system information terminal, a Windows10 operating system information terminal;
the detection module is used for utilizing the client to carry out safety detection on the information terminal, and detection items comprise: detecting a login account, detecting software which needs to be installed, detecting a weak password, detecting a port, detecting an unnecessary service process, detecting network configuration, detecting a key configuration file, detecting an access record and a modification record of the key configuration file, and detecting software bugs;
the sending module is used for sending the safety detection result to the server by using the client so that the server can judge according to the safety detection result;
and the second receiving module is used for receiving the repair file sent by the server side and repairing the risk item according to the repair file.
9. A terminal security risk assessment management device is applied to a server side, and the device comprises:
the generation module is used for generating a push instruction and sending the push instruction to the information terminal so that the information terminal can install the client software according to the push instruction;
the third receiving module is used for receiving a safety detection result and judging whether the information terminal has a risk item according to the safety detection result;
and the repairing module is used for generating a risk item repairing file and sending the risk item repairing file to the client under the condition that the judgment result of the third receiving module is yes, so that the information terminal carries out risk repairing according to the risk item repairing file.
10. A terminal security risk assessment management system, the system comprising:
a terminal security risk assessment management device according to claim 8, and,
another terminal security risk assessment management device according to claim 9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910410088.7A CN110162978A (en) | 2019-05-16 | 2019-05-16 | A kind of terminal security risk assessment management method, apparatus and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910410088.7A CN110162978A (en) | 2019-05-16 | 2019-05-16 | A kind of terminal security risk assessment management method, apparatus and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110162978A true CN110162978A (en) | 2019-08-23 |
Family
ID=67631197
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910410088.7A Pending CN110162978A (en) | 2019-05-16 | 2019-05-16 | A kind of terminal security risk assessment management method, apparatus and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110162978A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111478901A (en) * | 2020-04-07 | 2020-07-31 | 中国民航信息网络股份有限公司 | Account weak password detection method and device, server and storage medium |
| CN112073584A (en) * | 2019-08-27 | 2020-12-11 | 烟台中科网络技术研究所 | Risk assessment method for App to collect personal sensitive information of user |
| CN112367224A (en) * | 2020-11-11 | 2021-02-12 | 全球能源互联网研究院有限公司 | Terminal monitoring device, system and method |
| CN118133292A (en) * | 2024-03-20 | 2024-06-04 | 深圳市明源云链互联网科技有限公司 | System security detection method and device, electronic equipment and readable storage medium |
| CN118200044A (en) * | 2024-05-13 | 2024-06-14 | 中移(苏州)软件技术有限公司 | Security protection method and device, electronic equipment and storage medium |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1601974A (en) * | 2004-10-09 | 2005-03-30 | 中国工商银行 | Computer auxilary security method and system |
| CN101894230A (en) * | 2010-07-14 | 2010-11-24 | 国网电力科学研究院 | Static and dynamic analysis technology-based host system security evaluation method |
| CN103634786A (en) * | 2013-11-14 | 2014-03-12 | 北京奇虎科技有限公司 | Method and system for security detection and repair of wireless network |
| CN103699489A (en) * | 2014-01-03 | 2014-04-02 | 中国人民解放军装甲兵工程学院 | Software remote fault diagnosis and repair method based on knowledge base |
| CN104317665A (en) * | 2014-09-30 | 2015-01-28 | 珠海市君天电子科技有限公司 | System detection and repair method, client and server |
| CN107506259A (en) * | 2017-06-26 | 2017-12-22 | 努比亚技术有限公司 | System repair, terminal and management method, server and storage medium |
-
2019
- 2019-05-16 CN CN201910410088.7A patent/CN110162978A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1601974A (en) * | 2004-10-09 | 2005-03-30 | 中国工商银行 | Computer auxilary security method and system |
| CN101894230A (en) * | 2010-07-14 | 2010-11-24 | 国网电力科学研究院 | Static and dynamic analysis technology-based host system security evaluation method |
| CN103634786A (en) * | 2013-11-14 | 2014-03-12 | 北京奇虎科技有限公司 | Method and system for security detection and repair of wireless network |
| CN103699489A (en) * | 2014-01-03 | 2014-04-02 | 中国人民解放军装甲兵工程学院 | Software remote fault diagnosis and repair method based on knowledge base |
| CN104317665A (en) * | 2014-09-30 | 2015-01-28 | 珠海市君天电子科技有限公司 | System detection and repair method, client and server |
| CN107506259A (en) * | 2017-06-26 | 2017-12-22 | 努比亚技术有限公司 | System repair, terminal and management method, server and storage medium |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112073584A (en) * | 2019-08-27 | 2020-12-11 | 烟台中科网络技术研究所 | Risk assessment method for App to collect personal sensitive information of user |
| CN111478901A (en) * | 2020-04-07 | 2020-07-31 | 中国民航信息网络股份有限公司 | Account weak password detection method and device, server and storage medium |
| CN111478901B (en) * | 2020-04-07 | 2022-07-12 | 中国民航信息网络股份有限公司 | Account weak password detection method and device, server and storage medium |
| CN112367224A (en) * | 2020-11-11 | 2021-02-12 | 全球能源互联网研究院有限公司 | Terminal monitoring device, system and method |
| CN118133292A (en) * | 2024-03-20 | 2024-06-04 | 深圳市明源云链互联网科技有限公司 | System security detection method and device, electronic equipment and readable storage medium |
| CN118200044A (en) * | 2024-05-13 | 2024-06-14 | 中移(苏州)软件技术有限公司 | Security protection method and device, electronic equipment and storage medium |
| CN118200044B (en) * | 2024-05-13 | 2024-09-13 | 中移(苏州)软件技术有限公司 | Security protection method and device, electronic equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110162978A (en) | A kind of terminal security risk assessment management method, apparatus and system | |
| Case | Analysis of the cyber attack on the Ukrainian power grid | |
| CN110493195B (en) | Network access control method and system | |
| CN107395395B (en) | Processing method and device of safety protection system | |
| Abouzakhar | Critical infrastructure cybersecurity: A review of recent threats and violations | |
| Serhane et al. | Programmable logic controllers based systems (PLC-BS): Vulnerabilities and threats | |
| CN103378991A (en) | Online service abnormity monitoring method and monitoring system thereof | |
| Dondossola et al. | Effects of intentional threats to power substation control systems | |
| Manson et al. | Cybersecurity for protection and control systems: An overview of proven design solutions | |
| CN113132412B (en) | Computer network security test and inspection method | |
| Jiwen et al. | Cyber security vulnerability assessment for Smart substations | |
| CN114625074A (en) | Safety protection system and method for DCS (distributed control System) of thermal power generating unit | |
| CN114629677A (en) | Safety protection system and method for thermal power generating unit electric quantity charging system | |
| Zhang et al. | Investigating the impact of cyber attacks on power system reliability | |
| CN116962149A (en) | Network fault detection method and device, storage medium and electronic equipment | |
| CN110086812B (en) | Safe and controllable internal network safety patrol system and method | |
| Schneider et al. | Cyber security maintenance for SCADA systems | |
| Carr | Development of a tailored methodology and forensic toolkit for industrial control systems incident response | |
| Li et al. | Research on attack mechanism of network intrusion in industrial control system | |
| CN114329444A (en) | System safety improving method and device | |
| US11108800B1 (en) | Penetration test monitoring server and system | |
| Robinson et al. | A cyber-defensive industrial control system with redundancy and intrusion detection | |
| JP7150425B2 (en) | COMMUNICATION SYSTEM, CONTROL DEVICE, COMMUNICATION CONTROL METHOD, AND PROGRAM | |
| Antonov et al. | Method for risk evaluation of functional instability of hardware and software systems under external information technology interference | |
| Lekidis | Cyber-attack TTP analysis for EPES systems |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190823 |
|
| RJ01 | Rejection of invention patent application after publication |