CN110516441A - A kind of intelligence safety protection detection for adopting terminal - Google Patents
A kind of intelligence safety protection detection for adopting terminal Download PDFInfo
- Publication number
- CN110516441A CN110516441A CN201910759191.2A CN201910759191A CN110516441A CN 110516441 A CN110516441 A CN 110516441A CN 201910759191 A CN201910759191 A CN 201910759191A CN 110516441 A CN110516441 A CN 110516441A
- Authority
- CN
- China
- Prior art keywords
- terminal
- intelligence
- detection
- adopting
- port
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 107
- 238000012360 testing method Methods 0.000 claims description 38
- 238000012544 monitoring process Methods 0.000 claims description 17
- 238000013475 authorization Methods 0.000 claims description 15
- 238000013100 final test Methods 0.000 claims description 4
- 239000004973 liquid crystal related substance Substances 0.000 claims description 3
- 238000012423 maintenance Methods 0.000 claims description 3
- 238000000034 method Methods 0.000 description 20
- 238000012797 qualification Methods 0.000 description 7
- 238000013461 design Methods 0.000 description 4
- 238000004891 communication Methods 0.000 description 3
- RTZKZFJDLAIYFH-UHFFFAOYSA-N Diethyl ether Chemical compound CCOCC RTZKZFJDLAIYFH-UHFFFAOYSA-N 0.000 description 2
- 230000004075 alteration Effects 0.000 description 2
- 238000007689 inspection Methods 0.000 description 2
- 238000007726 management method Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 1
- 238000011835 investigation Methods 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a kind of intelligence safety protection detections for adopting terminal characterized by comprising Scanning Detction module for being scanned detection with terminal is adopted to intelligence according to scanning rule, and judges scanning result;Port detecting module, for being detected to intelligence with the data and message for adopting terminal prot;Operational safety detection module, for analog service operate, judge intelligence with adopt the practical reported event of terminal and business operation expection trigger event it is whether consistent;Console detection module simulates various safety accidents and attack by the detection scheme stored in detection system for detecting connection and exiting whether consing is correct, and then whether detect intelligence effectively reliable with the function of safety protection for adopting terminal.
Description
Technical field
The present invention relates to intelligence to protect field with terminal security is adopted, and in particular to a kind of intelligence security protection for adopting terminal
Detection system.
Background technique
State's net centralized bidding mode is implemented for many years, has entered the crucial O&M phase with product is adopted, State Grid Metering Center is passed through
Investigation extensively, there are security risk, the especially network ports and local communications port to lack with terminal filed operation is adopted for discovery intelligence
Safety prevention measure is lost, there is the security risk for being subject to rogue attacks.In this context, how to prevent and prevent above-mentioned safety
Hidden danger guarantees more stable, the safe operation of smart grid, guarantees the information security of each level user of smart grid, become whole
The serious problem that a smart grid industry faces.
Summary of the invention
The present invention provides a kind of intelligence safety protection detection for adopting terminal, for solving the intelligence peace for adopting terminal
Full protection problem.
The present invention provides a kind of intelligence safety protection detection for adopting terminal characterized by comprising
Scanning Detction module, for being scanned detection with terminal is adopted to intelligence according to scanning rule, and to scanning result
Judged;
Port detecting module, for being detected to intelligence with the data and message for adopting terminal prot;
Operational safety detection module is operated for analog service, judges intelligence with adopting the practical reported event of terminal and business
Whether consistent operate expected trigger event;
Console detection module, for detecting connection and whether exit consing correct.
Preferably, the Scanning Detction module, detection content include: intelligence with adopt terminal vulnerability scanning, weak passwurd inspection
It surveys, the detection of Ethernet remote service opening imformation.
Preferably, the Scanning Detction module, for being scanned detection with terminal is adopted to intelligence according to scanning rule, and
Scanning result is judged, comprising:
Start corresponding scan service, the corresponding scanning rule of a scan service according to Scanning Detction use-case;
Detection is scanned with terminal is adopted to intelligence according to scanning rule, and scanning result is judged;
Final testing result is judged according to sub- testing result.
Preferably, the port detecting module, detection content include: that intelligently with adopting, 232 port of terminal is monitored, intelligence is used
Adopting the monitoring of 485 port of terminal maintenance, intelligence, with adopting, terminal infrared port is monitored, intelligence is used with the monitoring of the port terminal SSH, intelligence is adopted
Adopt terminal USB secure accessing.
Preferably, the port detecting module is wrapped for being detected to intelligence with the data and message for adopting terminal prot
It includes:
Carry out the detection of port unauthorized invalid data;
Carry out the valid data detection of the non-security certification of port unauthorized and authorization;
Carry out port unauthorized safety certification packet check;
Carry out port authorization valid data detection;
It carries out port authorization and detection is automatically closed.
Preferably, operational safety detection module, detection content include: intelligence with adopt terminal liquid crystal password be arranged, ether
Net remote port opens detection, intelligence with adopting terminal external connection information, intelligence with adopting terminal password alteration detection, critical file catalogue
Change, intelligence are with adopting terminal risky operation information.
Preferably, the operational safety detection module is operated for analog service, judges that terminal is practical to be reported intelligence with adopting
Whether event and the expected trigger event of business operation are consistent, comprising:
Intelligence is carried out with adopting terminal console authorization, and logs in console;
According to detection subitem analog service operation inside console;
Judge intelligence with adopt the practical reported event of terminal and business operation expection trigger event it is whether consistent.
The present invention provides a kind of intelligence safety protection detection for adopting terminal, by detection system and detects stage body
Cooperation simulates various safety accidents and attack by the detection scheme that stores in detection system, and then detects intelligence with adopting terminal
Function of safety protection it is whether effectively reliable.
Detailed description of the invention
Fig. 1 is a kind of function structure of intelligence safety protection detection for adopting terminal provided in an embodiment of the present invention
Figure;
Fig. 2 be the present embodiments relate to intelligence with adopting end message database table structure;
Fig. 3 be the present embodiments relate to stage body station database table structure;
Fig. 4 be the present embodiments relate to common detection parameter database table structure;
Fig. 5 be the present embodiments relate to testing scheme database table structure;
Fig. 6 be the present embodiments relate to intelligence with adopt terminal security protect detection scheme configuration diagram.
Specific embodiment
Many details are explained in the following description in order to fully understand the application.But the present invention can be with
Much it is different from other way described herein to implement, those skilled in the art can be without prejudice to intension of the present invention the case where
Under do similar popularization, therefore the present invention is not limited to the specific embodiments disclosed below.
Fig. 1 is a kind of functional frame composition of intelligence safety protection detection for adopting terminal provided by the invention, from figure
In as can be seen that intelligence with the safety protection detection for adopting terminal include: Scanning Detction, Port detecting, operational safety detection,
Console detection.
Scanning Detction module, for being scanned detection with terminal is adopted to intelligence according to scanning rule, and to scanning result
Judged;
Port detecting module, for being detected to intelligence with the data and message for adopting terminal prot;
Operational safety detection module is operated for analog service, judges intelligence with adopting the practical reported event of terminal and business
Whether consistent operate expected trigger event;
Console detection module, for detecting connection and whether exit consing correct.
Scanning Detction module, detection content include: intelligence with adopt terminal vulnerability scanning, weak passwurd detect, Ethernet it is remote
Journey services opening imformation detection.Scanning Detction module, for being scanned detection with terminal is adopted to intelligence according to scanning rule, and
Scanning result is judged, comprising: start corresponding scan service, a scan service corresponding one according to Scanning Detction use-case
A scanning rule;Detection is scanned with terminal is adopted to intelligence according to scanning rule, and scanning result is judged;According to son
Testing result judges final testing result.
Port detecting module, detection content include: intelligence with adopting the monitoring of 232 port of terminal, intelligence with adopting terminal maintenance
The monitoring of 485 ports, intelligence are with adopting the monitoring of the port terminal SSH, intelligence with adopting the monitoring of terminal infrared port, intelligence with adopting terminal USB
Secure accessing.Port detecting module, for being detected to intelligence with the data and message for adopting terminal prot, comprising: held
Mouth unauthorized invalid data detection;Carry out the valid data detection of the non-security certification of port unauthorized and authorization;Carry out port not
The detection of authorizing secure message identifying;Carry out port authorization valid data detection;It carries out port authorization and detection is automatically closed.
Operational safety detection module, detection content include: intelligence with adopt terminal liquid crystal password be arranged, Ethernet remote port
Mouthful open detection, intelligence with adopt terminal external connection information, intelligence with adopt terminal password alteration detection, critical file catalogue change, intelligence
It can be with adopting terminal risky operation information.Operational safety detection module is operated for analog service, judges that intelligence is practical with terminal is adopted
Whether the expected trigger event of reported event and business operation is consistent, comprising: carries out intelligence with adopting terminal console authorization, and logs in
Console;According to detection subitem analog service operation inside console;Judgement intelligence is with adopting the practical reported event of terminal and industry
Whether business operates expected trigger event consistent.
Using the system to intelligence with adopting before terminal carries out security protection detection, firstly, need to be to intelligently with adopting terminal
Security protection detection process planned and designed, the process specifically may include: intelligence with adopt terminal security protect
The planning that the test of function prepares is used with building, intelligence the test execution process design for adopting terminal security safeguard function, intelligence
Adopt the testing result planning and design of terminal security safeguard function.Below by the intelligence safety protection detection knot for adopting terminal
It closes the process and further illustrates the intelligence detailed process for the security protection detection for adopting terminal.
The planning and building that S101, intelligence are prepared with the test for adopting terminal security safeguard function.
Intelligence is referred mainly to before testing with building to test product, inspection with the planning that the test of terminal security safeguard function prepares is adopted
Scaffold tower body, testing scheme common parameter filing and configure.Including building intelligence with adopting terminal file information and its intelligence with adopting
Terminal management library, building intelligence are with adopting terminal detection stage body station information, building intelligence with adopting terminal common detection parameter and structure
Build multi-level modular testing scheme and testing scheme library.It is illustrated for adopting terminal by a certain intelligence below:
(1) building intelligence with adopt terminal file information and its intelligence with adopt end message management library.Intelligence is with adopting terminal shelves
Case information refers mainly to tested intelligence and is needed in terminal detection process using the parameter information arrived, including communication, agreement, side with adopting
The information such as case.Particular content is as shown in Figure 2.
(2) building intelligence detects stage body station information with terminal is adopted.Stage body station information refers mainly to cooperation terminal test
Test the station parameter information of stage body.Particular content is as shown in Figure 3.
(3) building intelligence is with adopting terminal common detection parameter.Common parameter refers mainly to detection system and stage body, terminal three
Communications parameter before.Particular content is as shown in Figure 4.
(4) multi-level modular testing scheme and testing scheme library are constructed.Particular content is as shown in Figure 5.
S102, the intelligence test execution process design for adopting terminal security safeguard function.
In conjunction in S101 database table structure and 6 sub-module of attached drawing intelligence is further described with adopting terminal security safeguard function
Testing process step:
(1) by taking " terminal vulnerability scanning " as an example, the detecting step of Scanning Detction module is further illustrated;
1.1) start corresponding scan service, the corresponding scanning rule of a Scanning Detction use-case according to Scanning Detction use-case
Then:
Referring to the testing scheme database table structure of Fig. 5, the use-case of " terminal vulnerability scanning " is numbered in read test scheme base, i.e.,
Second level module number, and with this number information, scan service correspond in startup program, the intelligence safety adopted in terminal is scanned and leaks
Hole.
1.2) detection is scanned with terminal is adopted to intelligence according to scanning rule, and scanning result is judged;
1.2.1) security breaches are divided into advanced, intermediate, rudimentary three levels.
1.2.2) if intelligence scans high-risk loophole with adopting in terminal, judge that intelligent subscriber adopts the terminal Function detection not
It is qualified.
1.3) final testing result is judged according to sub- testing result.
(2) by taking " monitoring of 232 port of terminal " as an example, the process step of Port detecting is further described:
2.1) referring to the testing scheme database table structure of Fig. 5, the use-case of " monitoring of 232 port of terminal " in read test scheme base
Number, i.e. second level module are numbered, and with this number information, and 232 port of terminal monitors testing process in startup program;
2.2) in 232 port of terminal monitoring testing process, to intelligence with terminal unauthorized is adopted, pass through detection
System sends invalid data with terminal is adopted to intelligence;If terminal generates " 232 unauthorized event ", subitem qualification is determined, otherwise
Determine unqualified;
2.3) in 232 port of terminal monitoring testing process, to intelligence with terminal unauthorized is adopted, pass through detection
System is sentenced with the valid data that terminal sends non-security certification and authorizes is adopted if terminal generates " 232 unauthorized event " to intelligence
The fixed subitem is qualified, otherwise determines unqualified;
2.4) in 232 port of terminal monitoring testing process, to intelligence with terminal unauthorized is adopted, pass through detection
System sends safety certification packet check with terminal is adopted to intelligence;If terminal normal response and not generating " 232 unauthorized event ",
It is determined as qualification, otherwise determines unqualified;
2.5) in 232 port of terminal monitoring testing process, to intelligence with authorization terminal is adopted, pass through detection system
It unites and sends valid data detection with terminal is adopted to intelligence;If terminal normal response and not generating " 232 unauthorized event ", it is determined as
Otherwise qualification determines unqualified;
2.6) in 232 port of terminal monitoring testing process, to intelligence with adopting under terminal carries out 5 minutes authorization conditions,
After waiting 6 minutes, any lawful order is sent, if terminal generates " 232 unauthorized event ", is determined as qualification, otherwise determines not
It is qualified.
(3) by taking " password change detection " as an example, the process step of operational safety detection is further described:
3.1) referring to the testing scheme database table structure of Fig. 5, the use-case of " password change detection " is compiled in read test scheme base
Number, i.e., second level module is numbered, and with this number information, password change testing process in startup program;
3.2) console authorization is carried out with adopting terminal to intelligence by detection system, and log on to the control intelligently used and adopt terminal
Platform processed;
3.3) password change operation is carried out according to detection subitem inside console;
If 3.4) generate " password change " event, it is determined as qualification, is otherwise determined as unqualified.
(4) by taking " terminal logs in console success [network interface] " as an example, the process step of console detection is further described:
4.1) referring to the testing scheme database table structure of Fig. 5, " terminal logs in console success [net in read test scheme base
Mouthful] " use-case number, i.e. second level module is numbered, and with this number information, terminal logs in console success [net in startup program
Mouthful] testing process.
4.2) consing is attached with terminal is adopted to intelligence by detection system, if generate " console log at
Function " event, is determined as qualification, is otherwise determined as unqualified;
4.3) consing is exited by detection system execution, if " console the exits success " event of generation, is determined as
Otherwise qualification is determined as unqualified.
S103, the intelligence testing result planning and design for adopting terminal security safeguard function.
The present invention provides a kind of intelligence safety protection detection for adopting terminal, by detection system and detects stage body
Cooperation simulates various safety accidents and attack by the detection scheme that stores in detection system, and then detects intelligence with adopting terminal
Function of safety protection it is whether effectively reliable.
Claims (7)
1. a kind of intelligence safety protection detection for adopting terminal characterized by comprising
Scanning Detction module for being scanned detection with terminal is adopted to intelligence according to scanning rule, and carries out scanning result
Judgement;
Port detecting module, for being detected to intelligence with the data and message for adopting terminal prot;
Operational safety detection module is operated for analog service, judges intelligence with adopting the practical reported event of terminal and business operation
It is expected that whether trigger event is consistent;
Console detection module, for detecting connection and whether exit consing correct.
2. system according to claim 1, which is characterized in that the Scanning Detction module, detection content include: intelligence
With adopt terminal vulnerability scanning, weak passwurd detection, Ethernet remote service opening imformation detection.
3. system according to claim 1, which is characterized in that the Scanning Detction module, for according to scanning rule pair
Intelligence is scanned detection with adopting terminal, and judges scanning result, comprising:
Start corresponding scan service, the corresponding scanning rule of a scan service according to Scanning Detction use-case;
Detection is scanned with terminal is adopted to intelligence according to scanning rule, and scanning result is judged;
Final testing result is judged according to sub- testing result.
4. system according to claim 1, which is characterized in that the port detecting module, detection content include: intelligence
With adopting the monitoring of 232 port of terminal, intelligence with adopting the monitoring of 485 port of terminal maintenance, intelligence with adopting the port terminal SSH monitoring, intelligent
With adopting the monitoring of terminal infrared port, intelligence with adopting terminal USB secure accessing.
5. system according to claim 1, which is characterized in that the port detecting module, for intelligence with adopting terminal
The data and message of port are detected, comprising:
Carry out the detection of port unauthorized invalid data;
Carry out the valid data detection of the non-security certification of port unauthorized and authorization;
Carry out port unauthorized safety certification packet check;
Carry out port authorization valid data detection;
It carries out port authorization and detection is automatically closed.
6. system according to claim 1, which is characterized in that operational safety detection module, detection content include: intelligence
With adopt the setting of terminal liquid crystal password, Ethernet remote port opens detection, intelligence is with adopting terminal external connection information, intelligence with adopting terminal
Password change detection, the change of critical file catalogue, intelligence are with adopting terminal risky operation information.
7. system according to claim 1, which is characterized in that the operational safety detection module is grasped for analog service
Make, judge intelligence with adopt the practical reported event of terminal and business operation expection trigger event it is whether consistent, comprising:
Intelligence is carried out with adopting terminal console authorization, and logs in console;
According to detection subitem analog service operation inside console;
Judge intelligence with adopt the practical reported event of terminal and business operation expection trigger event it is whether consistent.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910759191.2A CN110516441A (en) | 2019-08-16 | 2019-08-16 | A kind of intelligence safety protection detection for adopting terminal |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910759191.2A CN110516441A (en) | 2019-08-16 | 2019-08-16 | A kind of intelligence safety protection detection for adopting terminal |
Publications (1)
Publication Number | Publication Date |
---|---|
CN110516441A true CN110516441A (en) | 2019-11-29 |
Family
ID=68625545
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910759191.2A Pending CN110516441A (en) | 2019-08-16 | 2019-08-16 | A kind of intelligence safety protection detection for adopting terminal |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110516441A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112975956A (en) * | 2021-02-04 | 2021-06-18 | 内蒙古汇能集团长滩发电有限公司 | Inspection robot and testing method and testing device thereof |
CN117407872A (en) * | 2023-12-13 | 2024-01-16 | 深圳市科力锐科技有限公司 | Security protection detection method, device, equipment and storage medium |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2001084270A2 (en) * | 2000-04-28 | 2001-11-08 | Internet Security Systems, Inc. | Method and system for intrusion detection in a computer network |
CN104767757A (en) * | 2015-04-17 | 2015-07-08 | 国家电网公司 | Multiple-dimension security monitoring method and system based on WEB services |
CN108830084A (en) * | 2018-06-12 | 2018-11-16 | 国网江苏省电力有限公司无锡供电分公司 | Realize the handheld terminal and means of defence of computer information safe protection vulnerability scanning and protective reinforcing |
CN109600371A (en) * | 2018-12-08 | 2019-04-09 | 公安部第三研究所 | A kind of network layer leakage location and method |
-
2019
- 2019-08-16 CN CN201910759191.2A patent/CN110516441A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2001084270A2 (en) * | 2000-04-28 | 2001-11-08 | Internet Security Systems, Inc. | Method and system for intrusion detection in a computer network |
CN104767757A (en) * | 2015-04-17 | 2015-07-08 | 国家电网公司 | Multiple-dimension security monitoring method and system based on WEB services |
CN108830084A (en) * | 2018-06-12 | 2018-11-16 | 国网江苏省电力有限公司无锡供电分公司 | Realize the handheld terminal and means of defence of computer information safe protection vulnerability scanning and protective reinforcing |
CN109600371A (en) * | 2018-12-08 | 2019-04-09 | 公安部第三研究所 | A kind of network layer leakage location and method |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112975956A (en) * | 2021-02-04 | 2021-06-18 | 内蒙古汇能集团长滩发电有限公司 | Inspection robot and testing method and testing device thereof |
CN112975956B (en) * | 2021-02-04 | 2022-05-13 | 内蒙古汇能集团长滩发电有限公司 | Inspection robot and testing method and testing device thereof |
CN117407872A (en) * | 2023-12-13 | 2024-01-16 | 深圳市科力锐科技有限公司 | Security protection detection method, device, equipment and storage medium |
CN117407872B (en) * | 2023-12-13 | 2024-04-09 | 深圳市科力锐科技有限公司 | Security protection detection method, device, equipment and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Sridhar et al. | Data integrity attacks and their impacts on SCADA control system | |
CN104283889B (en) | APT attack detectings and early warning system inside electric system based on the network architecture | |
CN102082659B (en) | Vulnerability scanning system oriented to safety assessment and processing method thereof | |
CN108646722A (en) | A kind of industrial control system information security simulation model and terminal | |
CN106059087B (en) | A kind of intelligent substation vulnerability analysis assessment system | |
CN103577750B (en) | Privacy authority management method and device | |
CN109977661A (en) | A kind of network safety protection method and system based on big data platform | |
CN107689954A (en) | Power information system monitoring method and device | |
CN103581185B (en) | Resist the cloud checking and killing method of test free to kill, Apparatus and system | |
CN103117993B (en) | For the method, apparatus and product of the fire wall for providing Process Control System | |
CN101854340A (en) | Behavior based communication analysis method carried out based on access control information | |
CN110516441A (en) | A kind of intelligence safety protection detection for adopting terminal | |
CN109636971A (en) | A kind of intelligent Community safety entrance guard management method and system | |
CN110113325A (en) | Network Data Control method, apparatus and storage medium based on third party SDK | |
CN109587159A (en) | A kind of comprehensive industry control security evaluation System and method for | |
CN109165508A (en) | A kind of external device access safety control system and its control method | |
CN104361281A (en) | Method for solving phishing attack of Android platform | |
ES2384446T3 (en) | Procedure for the safe and selective suppression of alarms in a central monitoring and control | |
Jiwen et al. | Cyber security vulnerability assessment for Smart substations | |
CN108900328A (en) | A kind of electricity grid network data safety test macro and method | |
CN101854357B (en) | Method and system for monitoring network authentication | |
CN114124450A (en) | Network security system and method for remote storage battery capacity checking | |
Minkevics et al. | Managing Information System Security in Higher Education Organizations | |
CN105897711A (en) | System for isolating industrial control system and management network | |
CN109617918B (en) | Safe operation and maintenance gateway and operation and maintenance method thereof |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |