CN110808848A - Power data network security test method - Google Patents

Power data network security test method Download PDF

Info

Publication number
CN110808848A
CN110808848A CN201910916487.0A CN201910916487A CN110808848A CN 110808848 A CN110808848 A CN 110808848A CN 201910916487 A CN201910916487 A CN 201910916487A CN 110808848 A CN110808848 A CN 110808848A
Authority
CN
China
Prior art keywords
test
security
network
safety
risk
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910916487.0A
Other languages
Chinese (zh)
Inventor
高阳春
邵德强
董威
张楠
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Network Technology (beijing) Co Ltd
State Grid Siji Testing Technology Beijing Co Ltd
State Grid Information and Telecommunication Co Ltd
Original Assignee
State Grid Network Technology (beijing) Co Ltd
State Grid Siji Testing Technology Beijing Co Ltd
State Grid Information and Telecommunication Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Network Technology (beijing) Co Ltd, State Grid Siji Testing Technology Beijing Co Ltd, State Grid Information and Telecommunication Co Ltd filed Critical State Grid Network Technology (beijing) Co Ltd
Priority to CN201910916487.0A priority Critical patent/CN110808848A/en
Publication of CN110808848A publication Critical patent/CN110808848A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/28Restricting access to network management systems or functions, e.g. using authorisation function to access network configuration
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/06Generation of reports
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1458Denial of Service
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Environmental & Geological Engineering (AREA)
  • Small-Scale Networks (AREA)

Abstract

The invention relates to a power data network security testing method, which comprises the following steps: constructing a test system; establishing a security file, and recording the existing risks and solving measures; carrying out risk identification on the item to be tested; comparing the risk identification result with the record of the security file; performing risk analysis and determining a solution; the risk is resolved and the resolution process is recorded in a secure file. The invention can comprehensively test the safety of the power data network and improve the safety protection capability of the power wireless private network.

Description

Power data network security test method
Technical Field
The invention relates to the field of power communication, in particular to a power data network safety testing method.
Background
Data network security research is continuously perfected along with the development of data networks, and different network security measures are provided for different network requirements. With the continuous expansion of the data service requirements of the power system, security research aiming at the power data network is more and more, and the security of the structure and the function of the network is deeply concerned.
The existing power system may face ill-intentioned malicious attacks, and may have certain defects, and for these potential safety hazards, the existing technology is difficult to perform efficient and useful defense and resistance, and has little effect in prevention.
An effective solution to the problems in the related art has not been proposed yet.
Disclosure of Invention
Aiming at the technical problems in the related art, the invention provides a power data network safety testing method which can comprehensively test the safety of a power data network and improve the safety protection capability of a power wireless private network.
In order to achieve the technical purpose, the technical scheme of the invention is realized as follows:
a power data network safety test method comprises the following steps:
s1, constructing a test system;
s2, establishing a security file, and recording the existing risks and the existing solutions;
s3, carrying out risk identification on the project to be tested;
s4, comparing the risk identification result with the record of the security file;
s5, carrying out risk analysis and determining a solution;
and S6, solving the risks and recording the solving process in a safety file.
Further, the test system comprises a terminal, a base station, a switch, a safety encryption gateway, a main core network, a safety access platform, a server and a client, wherein the terminal sends data to the base station connected with the terminal, the base station uploads the data to the safety encryption gateway through the switch, the safety encryption gateway sends the data to the main core network, the main core network sends the data to the safety access platform, and the server and the client are connected with the switch.
Further, the items to be tested include: interface data transmission safety protection test, server denial of service attack test, core network safety controllability test and wireless private network management system safety test.
Further, the interface data transmission safety protection test specifically includes: and testing whether the interface starts the encryption mechanism protection.
Further, the server denial of service attack test specifically includes: and the terminal continuously sends a connection request to the server to test the load and memory change of the server.
Further, the core network safety controllability test specifically includes: and checking whether the core network port, the flow control and the checking mechanism are normal.
Further, the security test of the wireless private network management system specifically comprises: and checking whether the identity authentication, authorization function and operation authority of the wireless private network management system are normal.
Further, the risk identification includes asset identification, threat identification, and vulnerability identification.
Further, the risk analysis comprises risk calculation, acceptance or non-acceptance of risk results, formulation and implementation of a risk processing plan, and evaluation of residual risk and acceptance or non-acceptance of residual risk.
Furthermore, a network security test report is issued after the risk is solved.
The invention has the beneficial effects that: the safety of the electric power data network can be comprehensively tested, the safety protection capability of the electric power wireless private network is improved, existing risks and solving measures are recorded by establishing the safety file, and the effect of updating risk prevention and risk solving schemes in real time can be achieved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings needed in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings without creative efforts.
Fig. 1 is a flowchart of a method for testing the safety of a power data network according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments that can be derived by one of ordinary skill in the art from the embodiments given herein are intended to be within the scope of the present invention.
As shown in fig. 1, a method for testing safety of a power data network according to an embodiment of the present invention includes the following steps: s1, constructing a test system; s2, establishing a security file, and recording the existing risks and the existing solutions; s3, carrying out risk identification on the project to be tested; s4, comparing the risk identification result with the record of the security file; s5, carrying out risk analysis and determining a solution; and S6, solving the risks and recording the solving process in a safety file.
In this preferred embodiment, the test system includes terminal, base station, switch, safe encryption gateway, main core network, safe access platform, server, customer end, the terminal sends data to the base station that links to each other with it, the base station uploads data to safe encryption gateway through the switch, safe encryption gateway sends data to main core network, main core network sends data to safe access platform, server, customer end are connected with the switch.
In the preferred embodiment, the items to be tested include: interface data transmission safety protection test, server denial of service attack test, core network safety controllability test and wireless private network management system safety test.
In this preferred embodiment, the interface data transmission safety protection test specifically includes: and testing whether the interface starts the encryption mechanism protection. The test relates to a network management server, a network management client, a core network, a base station, a security encryption gateway and a terminal. In the testing process, only one base station is needed, it is not necessary that more base stations exist in the testing environment, but the testing environment is more suitable for the situation of an actual field, and generally, a single core network is connected with a plurality of base stations. In addition, a USIM card 1 and a network device registration information account are prepared, and the USIM card is configured in the terminal, and the specific operation is as follows:
a. and the login private network management system checks whether an AS and NAS encryption mechanism is started or not, intercepts a GTP data packet of an S1 interface, and checks whether the AS and NAS transmission data are encrypted or not aiming at different communication interaction scenes of the terminal and the base station. The GTP data packet is a data packet processed by the GPRS through a tunneling protocol.
b. Opening a network management client, inputting a user name/password and logging in; and selecting 'network element batch configuration'.
c. And (3) checking the main core network under the root node, and inputting in a command input field: LST S1USRSECPARA, query S1 mode user security configuration. By executing the step, if the core network is secure, it can be seen that the core network has activated the AES algorithm for NAS ciphering and integrity protection through S1 mode user security configuration.
d. The base station of "eNodeB" is selected under "root node", and the following information is input in "command input field": d1 and LSTENODECBCIPHERCAP, for inquiring eNodeB encryption algorithm priority configuration, verifying whether eNB supports AES, SNOW 3G, ZUZUZUC and other encryption algorithms; d2 and LST ENODEBINTEGRITYCAP for inquiring the priority of the eNodeB integrity protection algorithm and verifying whether the eNB supports the integrity protection algorithms such as AES, SNOW 3G, ZUZUZUK, etc. If the core network is safe, it can be seen that the base station has activated the AES algorithm for NAS ciphering and integrity protection.
e. Connecting the test notebook computer between a security gateway and a BBU (Base band Unit), intercepting the S1 interface data packet through Wireshark, analyzing the data packet frame structure, executing the step, if the core network is safe, and viewing the data packet, it can be seen that the intercepted S1 interface GTP data packet is encrypted.
In this preferred embodiment, the server denial of service attack test specifically includes: and the terminal continuously sends a connection request to the server to test the load and memory change of the server. The specific operation is as follows:
1100 CPE is connected to HSS of EPC through base station, log in network management client;
b. executing the following commands every 10 seconds, respectively checking the occupancy rates of the CPU and the memory of the EPC,
DSP CPUUSAGE: CN=0, SRN=0, SN=3;
DSP MEMUSAGE: CN=0, SRN=0, SN=3。
the evaluation is performed, if the core network is secure, then it can be seen through the CPU and memory occupancy rate variation graph of the HSS: the CPU occupancy rate and the memory occupancy rate of the HSS are stable in change.
In this preferred embodiment, the core network security controllability test specifically includes: checking whether the core network port, flow control and check mechanism are normal, wherein the check mechanism comprises whether the port provides service, whether the core network realizes flow control and whether various parameters are normal. The method comprises the following specific steps:
b1, the notebook is directly connected with the core network through the network cable, and the port information of the core network is scanned by using an Nmap tool. By looking at the scanning result, it can be seen that the core network device only opens the port providing the service, and closes all other ports which are not needed.
b2, configuring network element batch at network management client end to root node, checking main core network, executing LSTACLRLE, and inquiring ACL rule configured by core network. By checking, it can be seen that the core network has implemented content audit filtering and flow control on the received message, and performed validity check on the received message.
b3, opening a topology view at the network management client, and viewing the device information deployed in the network. By checking, it can be seen that, when the network device management system is deployed, the device information in the network is consistent with the record information of the network device, and no unregistered service is accessed to the core network.
In this preferred embodiment, the security test of the wireless private network management system specifically includes: and checking whether the identity authentication, authorization function and operation authority of the wireless private network management system are normal. The method specifically comprises the steps of checking user identity authentication measures, checking whether a user realizes an authorization function, and checking whether various operation authorities of the user are normal. The specific operation steps are as follows:
a. and double-clicking the 'network management client', opening a special network management system, inputting a wrong password, and popping up a prompt box when login is impossible. If the core network is safe, the user logs in the dialog box to see that the user identity authentication measure is started.
b. And selecting a system from a network management client, user information from a user, and basic. This is done and if the core network is secure, it can be seen through the dialog box that there are already users and user role configuration management functions. And selecting a system, user information and authority from a network management client. Performing this operation, if the core network is secure, through this dialog box it can be seen that the user configuration management authorization function has been implemented-in the preferred embodiment, the risk identification includes asset identification, threat identification and vulnerability identification.
c. Open the control panel of the eOMC and click "security management" - "user group". If the core network is safe, the dialog box shows that different operation authorities are set based on users, roles and operation commands.
d. And scanning the open port information of the network manager by using the Nmap, and checking the HTTPS port. If the core network is safe, the network management system supports access through the HTTPS by checking the record of accessing the network management system through the HTTPS.
e. And opening an operation panel of the eOMC, clicking security management to system setting to security, and checking the password policy. If the core network is safe, the password strategy such as the password length and the password updating period requirement is configured through the password parameter configuration interface.
f. And connecting the Putty tool with the background of the network management in an ssh mode, entering a mysql database, inquiring a user table and checking a password storage mode. If the core network is safe, the background password of the network management is stored in a ciphertext form by checking the user table.
g. And selecting a system-a system log and an operation log at the network management client. If the core network is safe, the gateway log records, so that the operation logs, the system operation and maintenance logs, the system safety logs, the IP, the operation content, the operation time, the corresponding result and other information of all users are recorded.
In the preferred embodiment, the risk analysis includes risk calculation, acceptance of risk results, formulation and implementation of a risk treatment plan, and evaluation of residual risk, acceptance of residual risk, and the like. The method specifically comprises the following steps:
on the basis of identification, carrying out arrangement and asset analysis, threat analysis, vulnerability analysis, safety measure analysis and comprehensive risk analysis, and giving a conclusion to the safety risk level of the power grid data network; analyzing the defects of the data network, finding out the security defects hidden in the system, if a certain subsystem is found to have the security defects, defining which other potential safety hazards can be brought to other subsystems in the data network by the threat, and correcting in time; the method comprises the steps of forming a configurable regular expression from prior experience by using a rule base-based principle, establishing a knowledge base, and realizing online or offline safety compliance check of the whole network based on the knowledge base, so as to prevent potential safety hazards caused by potential risks.
According to the result of the risk analysis, combining with relevant laws, regulations and industry requirements of the state and special requirements and risks of a power grid network system, summarizing the current safety requirement; and according to the severity and urgency of safety requirements and relevant standards, making a proper safety planning scheme to provide reference for the safety construction of the power grid data network.
In the preferred embodiment, after the risk is solved, a network security test report is issued, and the solving process is recorded in a security file.
The invention can comprehensively test the safety of the electric power data network, improve the safety protection capability of the electric power wireless private network, record the existing risks and solving measures by establishing the safety file, and achieve the effect of updating the risk prevention and risk solving schemes in real time.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.

Claims (10)

1. A power data network safety test method is characterized by comprising the following steps:
s1, constructing a test system;
s2, establishing a security file, and recording the existing risks and the existing solutions;
s3, carrying out risk identification on the project to be tested;
s4, comparing the risk identification result with the record of the security file;
s5, carrying out risk analysis and determining a solution;
and S6, solving the risks and recording the solving process in a safety file.
2. The electric power data network security test method according to claim 1, wherein the test system comprises a terminal, a base station, a switch, a security encryption gateway, a main core network, a security access platform, a server and a client, the terminal sends data to the base station connected with the terminal, the base station uploads the data to the security encryption gateway through the switch, the security encryption gateway sends the data to the main core network, the main core network sends the data to the security access platform, and the server and the client are connected with the switch.
3. The method for testing the safety of the power data network as claimed in claim 2, wherein the items to be tested comprise: interface data transmission safety protection test, server denial of service attack test, core network safety controllability test and wireless private network management system safety test.
4. The method according to claim 3, wherein the interface data transmission safety protection test specifically comprises: and testing whether the interface starts the encryption mechanism protection.
5. The method for testing the security of the power data network as claimed in claim 4, wherein the server denial of service attack test specifically comprises: and the terminal continuously sends a connection request to the server to test the load and memory change of the server.
6. The method according to claim 5, wherein the core network security controllability test specifically comprises: and checking whether the core network port, the flow control and the checking mechanism are normal.
7. The method for testing the safety of the power data network according to claim 6, wherein the safety test of the network management system of the wireless private network specifically comprises: and checking whether the identity authentication, authorization function and operation authority of the wireless private network management system are normal.
8. The electrical data network security testing method of claim 7, wherein the risk identification comprises asset identification, threat identification, and vulnerability identification.
9. The method according to claim 8, wherein the risk analysis includes risk calculation, acceptance of risk results, formulation and implementation of a risk processing plan, and evaluation and acceptance of residual risk.
10. The method as claimed in claim 9, wherein the risk is resolved and a network security test report is issued.
CN201910916487.0A 2019-09-26 2019-09-26 Power data network security test method Pending CN110808848A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910916487.0A CN110808848A (en) 2019-09-26 2019-09-26 Power data network security test method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910916487.0A CN110808848A (en) 2019-09-26 2019-09-26 Power data network security test method

Publications (1)

Publication Number Publication Date
CN110808848A true CN110808848A (en) 2020-02-18

Family

ID=69487728

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910916487.0A Pending CN110808848A (en) 2019-09-26 2019-09-26 Power data network security test method

Country Status (1)

Country Link
CN (1) CN110808848A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112087466A (en) * 2020-09-18 2020-12-15 国家电网有限公司华东分部 Power network security system based on identity recognition and protection method thereof
CN112150306A (en) * 2020-09-15 2020-12-29 深圳供电局有限公司 Power data network security test method and device

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112150306A (en) * 2020-09-15 2020-12-29 深圳供电局有限公司 Power data network security test method and device
CN112150306B (en) * 2020-09-15 2023-12-05 深圳供电局有限公司 Power data network security test method and equipment
CN112087466A (en) * 2020-09-18 2020-12-15 国家电网有限公司华东分部 Power network security system based on identity recognition and protection method thereof

Similar Documents

Publication Publication Date Title
US7373524B2 (en) Methods, systems and computer program products for monitoring user behavior for a server application
US8522344B2 (en) Theft of service architectural integrity validation tools for session initiation protocol (SIP)-based systems
CN101360015B (en) Method, system and apparatus for test network appliance
EP4236206B1 (en) Actively monitoring encrypted traffic by inspecting logs
US20050188222A1 (en) Methods, systems and computer program products for monitoring user login activity for a server application
US20050188080A1 (en) Methods, systems and computer program products for monitoring user access for a server application
US20050187934A1 (en) Methods, systems and computer program products for geography and time monitoring of a server application user
US20050188079A1 (en) Methods, systems and computer program products for monitoring usage of a server application
US20050198099A1 (en) Methods, systems and computer program products for monitoring protocol responses for a server application
US20050188221A1 (en) Methods, systems and computer program products for monitoring a server application
CN114598540B (en) Access control system, method, device and storage medium
CN107438074A (en) The means of defence and device of a kind of ddos attack
CN111314381A (en) Safety isolation gateway
CN109547402B (en) Data protection method and device, electronic equipment and readable storage medium
CN110808848A (en) Power data network security test method
Lieskovan et al. Smart grid security: Survey and challenges
CN111526150A (en) Zero-trust automation rule releasing platform and releasing method for single-cluster or multi-cluster cloud computer remote operation and maintenance port
KR100758796B1 (en) Realtime service management system for enterprise and a method thereof
Baumgart et al. Who controls your energy? on the (in) security of residential battery energy storage systems
CN101938428B (en) Message transmission method and equipment
CN116633725A (en) All-channel access gateway
JP4039361B2 (en) Analysis system using network
Weerathunga et al. Securing IEDs against cyber threats in critical substation automation and industrial control systems
RU2747368C1 (en) Method for monitoring and managing information security of mobile communication network
Nguyen et al. Security Testing of a Smart Home Management System using Formal Method and Gray-box Testing

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
WD01 Invention patent application deemed withdrawn after publication
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20200218