CN110808848A - Power data network security test method - Google Patents
Power data network security test method Download PDFInfo
- Publication number
- CN110808848A CN110808848A CN201910916487.0A CN201910916487A CN110808848A CN 110808848 A CN110808848 A CN 110808848A CN 201910916487 A CN201910916487 A CN 201910916487A CN 110808848 A CN110808848 A CN 110808848A
- Authority
- CN
- China
- Prior art keywords
- test
- security
- network
- safety
- risk
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/28—Restricting access to network management systems or functions, e.g. using authorisation function to access network configuration
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/06—Generation of reports
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Environmental & Geological Engineering (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention relates to a power data network security testing method, which comprises the following steps: constructing a test system; establishing a security file, and recording the existing risks and solving measures; carrying out risk identification on the item to be tested; comparing the risk identification result with the record of the security file; performing risk analysis and determining a solution; the risk is resolved and the resolution process is recorded in a secure file. The invention can comprehensively test the safety of the power data network and improve the safety protection capability of the power wireless private network.
Description
Technical Field
The invention relates to the field of power communication, in particular to a power data network safety testing method.
Background
Data network security research is continuously perfected along with the development of data networks, and different network security measures are provided for different network requirements. With the continuous expansion of the data service requirements of the power system, security research aiming at the power data network is more and more, and the security of the structure and the function of the network is deeply concerned.
The existing power system may face ill-intentioned malicious attacks, and may have certain defects, and for these potential safety hazards, the existing technology is difficult to perform efficient and useful defense and resistance, and has little effect in prevention.
An effective solution to the problems in the related art has not been proposed yet.
Disclosure of Invention
Aiming at the technical problems in the related art, the invention provides a power data network safety testing method which can comprehensively test the safety of a power data network and improve the safety protection capability of a power wireless private network.
In order to achieve the technical purpose, the technical scheme of the invention is realized as follows:
a power data network safety test method comprises the following steps:
s1, constructing a test system;
s2, establishing a security file, and recording the existing risks and the existing solutions;
s3, carrying out risk identification on the project to be tested;
s4, comparing the risk identification result with the record of the security file;
s5, carrying out risk analysis and determining a solution;
and S6, solving the risks and recording the solving process in a safety file.
Further, the test system comprises a terminal, a base station, a switch, a safety encryption gateway, a main core network, a safety access platform, a server and a client, wherein the terminal sends data to the base station connected with the terminal, the base station uploads the data to the safety encryption gateway through the switch, the safety encryption gateway sends the data to the main core network, the main core network sends the data to the safety access platform, and the server and the client are connected with the switch.
Further, the items to be tested include: interface data transmission safety protection test, server denial of service attack test, core network safety controllability test and wireless private network management system safety test.
Further, the interface data transmission safety protection test specifically includes: and testing whether the interface starts the encryption mechanism protection.
Further, the server denial of service attack test specifically includes: and the terminal continuously sends a connection request to the server to test the load and memory change of the server.
Further, the core network safety controllability test specifically includes: and checking whether the core network port, the flow control and the checking mechanism are normal.
Further, the security test of the wireless private network management system specifically comprises: and checking whether the identity authentication, authorization function and operation authority of the wireless private network management system are normal.
Further, the risk identification includes asset identification, threat identification, and vulnerability identification.
Further, the risk analysis comprises risk calculation, acceptance or non-acceptance of risk results, formulation and implementation of a risk processing plan, and evaluation of residual risk and acceptance or non-acceptance of residual risk.
Furthermore, a network security test report is issued after the risk is solved.
The invention has the beneficial effects that: the safety of the electric power data network can be comprehensively tested, the safety protection capability of the electric power wireless private network is improved, existing risks and solving measures are recorded by establishing the safety file, and the effect of updating risk prevention and risk solving schemes in real time can be achieved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings needed in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings without creative efforts.
Fig. 1 is a flowchart of a method for testing the safety of a power data network according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments that can be derived by one of ordinary skill in the art from the embodiments given herein are intended to be within the scope of the present invention.
As shown in fig. 1, a method for testing safety of a power data network according to an embodiment of the present invention includes the following steps: s1, constructing a test system; s2, establishing a security file, and recording the existing risks and the existing solutions; s3, carrying out risk identification on the project to be tested; s4, comparing the risk identification result with the record of the security file; s5, carrying out risk analysis and determining a solution; and S6, solving the risks and recording the solving process in a safety file.
In this preferred embodiment, the test system includes terminal, base station, switch, safe encryption gateway, main core network, safe access platform, server, customer end, the terminal sends data to the base station that links to each other with it, the base station uploads data to safe encryption gateway through the switch, safe encryption gateway sends data to main core network, main core network sends data to safe access platform, server, customer end are connected with the switch.
In the preferred embodiment, the items to be tested include: interface data transmission safety protection test, server denial of service attack test, core network safety controllability test and wireless private network management system safety test.
In this preferred embodiment, the interface data transmission safety protection test specifically includes: and testing whether the interface starts the encryption mechanism protection. The test relates to a network management server, a network management client, a core network, a base station, a security encryption gateway and a terminal. In the testing process, only one base station is needed, it is not necessary that more base stations exist in the testing environment, but the testing environment is more suitable for the situation of an actual field, and generally, a single core network is connected with a plurality of base stations. In addition, a USIM card 1 and a network device registration information account are prepared, and the USIM card is configured in the terminal, and the specific operation is as follows:
a. and the login private network management system checks whether an AS and NAS encryption mechanism is started or not, intercepts a GTP data packet of an S1 interface, and checks whether the AS and NAS transmission data are encrypted or not aiming at different communication interaction scenes of the terminal and the base station. The GTP data packet is a data packet processed by the GPRS through a tunneling protocol.
b. Opening a network management client, inputting a user name/password and logging in; and selecting 'network element batch configuration'.
c. And (3) checking the main core network under the root node, and inputting in a command input field: LST S1USRSECPARA, query S1 mode user security configuration. By executing the step, if the core network is secure, it can be seen that the core network has activated the AES algorithm for NAS ciphering and integrity protection through S1 mode user security configuration.
d. The base station of "eNodeB" is selected under "root node", and the following information is input in "command input field": d1 and LSTENODECBCIPHERCAP, for inquiring eNodeB encryption algorithm priority configuration, verifying whether eNB supports AES, SNOW 3G, ZUZUZUC and other encryption algorithms; d2 and LST ENODEBINTEGRITYCAP for inquiring the priority of the eNodeB integrity protection algorithm and verifying whether the eNB supports the integrity protection algorithms such as AES, SNOW 3G, ZUZUZUK, etc. If the core network is safe, it can be seen that the base station has activated the AES algorithm for NAS ciphering and integrity protection.
e. Connecting the test notebook computer between a security gateway and a BBU (Base band Unit), intercepting the S1 interface data packet through Wireshark, analyzing the data packet frame structure, executing the step, if the core network is safe, and viewing the data packet, it can be seen that the intercepted S1 interface GTP data packet is encrypted.
In this preferred embodiment, the server denial of service attack test specifically includes: and the terminal continuously sends a connection request to the server to test the load and memory change of the server. The specific operation is as follows:
1100 CPE is connected to HSS of EPC through base station, log in network management client;
b. executing the following commands every 10 seconds, respectively checking the occupancy rates of the CPU and the memory of the EPC,
DSP CPUUSAGE: CN=0, SRN=0, SN=3;
DSP MEMUSAGE: CN=0, SRN=0, SN=3。
the evaluation is performed, if the core network is secure, then it can be seen through the CPU and memory occupancy rate variation graph of the HSS: the CPU occupancy rate and the memory occupancy rate of the HSS are stable in change.
In this preferred embodiment, the core network security controllability test specifically includes: checking whether the core network port, flow control and check mechanism are normal, wherein the check mechanism comprises whether the port provides service, whether the core network realizes flow control and whether various parameters are normal. The method comprises the following specific steps:
b1, the notebook is directly connected with the core network through the network cable, and the port information of the core network is scanned by using an Nmap tool. By looking at the scanning result, it can be seen that the core network device only opens the port providing the service, and closes all other ports which are not needed.
b2, configuring network element batch at network management client end to root node, checking main core network, executing LSTACLRLE, and inquiring ACL rule configured by core network. By checking, it can be seen that the core network has implemented content audit filtering and flow control on the received message, and performed validity check on the received message.
b3, opening a topology view at the network management client, and viewing the device information deployed in the network. By checking, it can be seen that, when the network device management system is deployed, the device information in the network is consistent with the record information of the network device, and no unregistered service is accessed to the core network.
In this preferred embodiment, the security test of the wireless private network management system specifically includes: and checking whether the identity authentication, authorization function and operation authority of the wireless private network management system are normal. The method specifically comprises the steps of checking user identity authentication measures, checking whether a user realizes an authorization function, and checking whether various operation authorities of the user are normal. The specific operation steps are as follows:
a. and double-clicking the 'network management client', opening a special network management system, inputting a wrong password, and popping up a prompt box when login is impossible. If the core network is safe, the user logs in the dialog box to see that the user identity authentication measure is started.
b. And selecting a system from a network management client, user information from a user, and basic. This is done and if the core network is secure, it can be seen through the dialog box that there are already users and user role configuration management functions. And selecting a system, user information and authority from a network management client. Performing this operation, if the core network is secure, through this dialog box it can be seen that the user configuration management authorization function has been implemented-in the preferred embodiment, the risk identification includes asset identification, threat identification and vulnerability identification.
c. Open the control panel of the eOMC and click "security management" - "user group". If the core network is safe, the dialog box shows that different operation authorities are set based on users, roles and operation commands.
d. And scanning the open port information of the network manager by using the Nmap, and checking the HTTPS port. If the core network is safe, the network management system supports access through the HTTPS by checking the record of accessing the network management system through the HTTPS.
e. And opening an operation panel of the eOMC, clicking security management to system setting to security, and checking the password policy. If the core network is safe, the password strategy such as the password length and the password updating period requirement is configured through the password parameter configuration interface.
f. And connecting the Putty tool with the background of the network management in an ssh mode, entering a mysql database, inquiring a user table and checking a password storage mode. If the core network is safe, the background password of the network management is stored in a ciphertext form by checking the user table.
g. And selecting a system-a system log and an operation log at the network management client. If the core network is safe, the gateway log records, so that the operation logs, the system operation and maintenance logs, the system safety logs, the IP, the operation content, the operation time, the corresponding result and other information of all users are recorded.
In the preferred embodiment, the risk analysis includes risk calculation, acceptance of risk results, formulation and implementation of a risk treatment plan, and evaluation of residual risk, acceptance of residual risk, and the like. The method specifically comprises the following steps:
on the basis of identification, carrying out arrangement and asset analysis, threat analysis, vulnerability analysis, safety measure analysis and comprehensive risk analysis, and giving a conclusion to the safety risk level of the power grid data network; analyzing the defects of the data network, finding out the security defects hidden in the system, if a certain subsystem is found to have the security defects, defining which other potential safety hazards can be brought to other subsystems in the data network by the threat, and correcting in time; the method comprises the steps of forming a configurable regular expression from prior experience by using a rule base-based principle, establishing a knowledge base, and realizing online or offline safety compliance check of the whole network based on the knowledge base, so as to prevent potential safety hazards caused by potential risks.
According to the result of the risk analysis, combining with relevant laws, regulations and industry requirements of the state and special requirements and risks of a power grid network system, summarizing the current safety requirement; and according to the severity and urgency of safety requirements and relevant standards, making a proper safety planning scheme to provide reference for the safety construction of the power grid data network.
In the preferred embodiment, after the risk is solved, a network security test report is issued, and the solving process is recorded in a security file.
The invention can comprehensively test the safety of the electric power data network, improve the safety protection capability of the electric power wireless private network, record the existing risks and solving measures by establishing the safety file, and achieve the effect of updating the risk prevention and risk solving schemes in real time.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.
Claims (10)
1. A power data network safety test method is characterized by comprising the following steps:
s1, constructing a test system;
s2, establishing a security file, and recording the existing risks and the existing solutions;
s3, carrying out risk identification on the project to be tested;
s4, comparing the risk identification result with the record of the security file;
s5, carrying out risk analysis and determining a solution;
and S6, solving the risks and recording the solving process in a safety file.
2. The electric power data network security test method according to claim 1, wherein the test system comprises a terminal, a base station, a switch, a security encryption gateway, a main core network, a security access platform, a server and a client, the terminal sends data to the base station connected with the terminal, the base station uploads the data to the security encryption gateway through the switch, the security encryption gateway sends the data to the main core network, the main core network sends the data to the security access platform, and the server and the client are connected with the switch.
3. The method for testing the safety of the power data network as claimed in claim 2, wherein the items to be tested comprise: interface data transmission safety protection test, server denial of service attack test, core network safety controllability test and wireless private network management system safety test.
4. The method according to claim 3, wherein the interface data transmission safety protection test specifically comprises: and testing whether the interface starts the encryption mechanism protection.
5. The method for testing the security of the power data network as claimed in claim 4, wherein the server denial of service attack test specifically comprises: and the terminal continuously sends a connection request to the server to test the load and memory change of the server.
6. The method according to claim 5, wherein the core network security controllability test specifically comprises: and checking whether the core network port, the flow control and the checking mechanism are normal.
7. The method for testing the safety of the power data network according to claim 6, wherein the safety test of the network management system of the wireless private network specifically comprises: and checking whether the identity authentication, authorization function and operation authority of the wireless private network management system are normal.
8. The electrical data network security testing method of claim 7, wherein the risk identification comprises asset identification, threat identification, and vulnerability identification.
9. The method according to claim 8, wherein the risk analysis includes risk calculation, acceptance of risk results, formulation and implementation of a risk processing plan, and evaluation and acceptance of residual risk.
10. The method as claimed in claim 9, wherein the risk is resolved and a network security test report is issued.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910916487.0A CN110808848A (en) | 2019-09-26 | 2019-09-26 | Power data network security test method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910916487.0A CN110808848A (en) | 2019-09-26 | 2019-09-26 | Power data network security test method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN110808848A true CN110808848A (en) | 2020-02-18 |
Family
ID=69487728
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910916487.0A Pending CN110808848A (en) | 2019-09-26 | 2019-09-26 | Power data network security test method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110808848A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112087466A (en) * | 2020-09-18 | 2020-12-15 | 国家电网有限公司华东分部 | Power network security system based on identity recognition and protection method thereof |
CN112150306A (en) * | 2020-09-15 | 2020-12-29 | 深圳供电局有限公司 | Power data network security test method and device |
-
2019
- 2019-09-26 CN CN201910916487.0A patent/CN110808848A/en active Pending
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112150306A (en) * | 2020-09-15 | 2020-12-29 | 深圳供电局有限公司 | Power data network security test method and device |
CN112150306B (en) * | 2020-09-15 | 2023-12-05 | 深圳供电局有限公司 | Power data network security test method and equipment |
CN112087466A (en) * | 2020-09-18 | 2020-12-15 | 国家电网有限公司华东分部 | Power network security system based on identity recognition and protection method thereof |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7373524B2 (en) | Methods, systems and computer program products for monitoring user behavior for a server application | |
US8522344B2 (en) | Theft of service architectural integrity validation tools for session initiation protocol (SIP)-based systems | |
CN101360015B (en) | Method, system and apparatus for test network appliance | |
EP4236206B1 (en) | Actively monitoring encrypted traffic by inspecting logs | |
US20050188222A1 (en) | Methods, systems and computer program products for monitoring user login activity for a server application | |
US20050188080A1 (en) | Methods, systems and computer program products for monitoring user access for a server application | |
US20050187934A1 (en) | Methods, systems and computer program products for geography and time monitoring of a server application user | |
US20050188079A1 (en) | Methods, systems and computer program products for monitoring usage of a server application | |
US20050198099A1 (en) | Methods, systems and computer program products for monitoring protocol responses for a server application | |
US20050188221A1 (en) | Methods, systems and computer program products for monitoring a server application | |
CN114598540B (en) | Access control system, method, device and storage medium | |
CN107438074A (en) | The means of defence and device of a kind of ddos attack | |
CN111314381A (en) | Safety isolation gateway | |
CN109547402B (en) | Data protection method and device, electronic equipment and readable storage medium | |
CN110808848A (en) | Power data network security test method | |
Lieskovan et al. | Smart grid security: Survey and challenges | |
CN111526150A (en) | Zero-trust automation rule releasing platform and releasing method for single-cluster or multi-cluster cloud computer remote operation and maintenance port | |
KR100758796B1 (en) | Realtime service management system for enterprise and a method thereof | |
Baumgart et al. | Who controls your energy? on the (in) security of residential battery energy storage systems | |
CN101938428B (en) | Message transmission method and equipment | |
CN116633725A (en) | All-channel access gateway | |
JP4039361B2 (en) | Analysis system using network | |
Weerathunga et al. | Securing IEDs against cyber threats in critical substation automation and industrial control systems | |
RU2747368C1 (en) | Method for monitoring and managing information security of mobile communication network | |
Nguyen et al. | Security Testing of a Smart Home Management System using Formal Method and Gray-box Testing |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
WD01 | Invention patent application deemed withdrawn after publication | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20200218 |