CN111082970A - Network-based terminal checking and analyzing system - Google Patents
Network-based terminal checking and analyzing system Download PDFInfo
- Publication number
- CN111082970A CN111082970A CN201911151864.2A CN201911151864A CN111082970A CN 111082970 A CN111082970 A CN 111082970A CN 201911151864 A CN201911151864 A CN 201911151864A CN 111082970 A CN111082970 A CN 111082970A
- Authority
- CN
- China
- Prior art keywords
- inspection
- data
- module
- maintenance
- security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Environmental & Geological Engineering (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Debugging And Monitoring (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention relates to a network-based terminal inspection and analysis system, which comprises an inspection service execution module, a data packaging module, a data transmission module, a data analysis module, data storage and interaction, network topology management, a strategy configuration module and data visualization display and evaluation analysis. The product is widely suitable for various security bureaus to carry out security technology inspection work, and provides a powerful technical means for carrying out daily security inspection on the security management departments and computer information systems of confidential enterprises and public institutions such as governments, war industry and enterprises.
Description
Technical Field
The invention relates to the field of security and confidentiality of a host, in particular to a terminal checking and analyzing system based on a network.
Background
In a confidential unit with a large number of confidential hosts, management work is complex and tedious, management personnel need to perform confidential inspection on a large number of confidential hosts, collect and arrange results, and meanwhile, daily management such as maintenance of versions and operation log records among different hosts has a large number of repeated operations and generates a lot of data which are difficult to maintain. In addition, due to the particularity of a computer information system, the work efficiency of security and privacy inspectors is low when the security and privacy inspectors adopt the traditional means to inspect, the inspection contents cannot be comprehensive and consistent, and comprehensive analysis of background data is difficult to realize.
Disclosure of Invention
A terminal checking and analyzing system based on network is characterized in that: the system mainly comprises an inspection service execution module (1), a data encapsulation module (2), a data transmission module (3), a data analysis module (4), data storage and interaction (5), network topology management (6), a strategy configuration module (7) and a data visualization display and evaluation analysis module (8). The inspection service execution module (1) is connected with the data encapsulation module (2), the data encapsulation module (2) is connected with the data transmission module (3), the data transmission module (3) is connected with the data analysis module (4), the data analysis module (4) is connected with the data storage and interaction module (5), and the data storage and interaction module (5) is connected with the network topology management module (6), the strategy configuration module (7) and the data visualization display and evaluation analysis module (8). The system can accurately check the internet access records, hidden partitions, protection software installation, account security, secret-related files and the like of the secret-related computer; according to the requirement of the latest inspection standard of inspection equipment, a remote inspection system based on a network is integrated, the strategy customization of a client on a confidential host through a server is realized, the confidential inspection is carried out on the host in batches, the result collection and the visual statistical analysis are carried out, the alarm display is carried out on the sensitive collection, and meanwhile, the system has the advantages of humanized inspection strategy customization, centralized version maintenance, convenient B/S structure management, convenience for the inspection work of managers, intuitive understanding of the omnibearing confidential condition of a unit, rapid positioning of the confidential host with sensitive information and reduction of a large number of repeated operations. The problems that the traditional inspection mode is large in labor consumption, long in time consumption, incapable of realizing full coverage of inspection, incapable of forming normalization and the like are solved.
Drawings
FIG. 1 is a system flow diagram of the terminal inspection and analysis system of the present invention.
Detailed Description
With reference to fig. 1, the present invention is a network-based terminal inspection and analysis system, and the working principle thereof is as follows: the inspection service execution module (1) realizes data acquisition, total 40 inspection items are analyzed and classified, the received security inspection strategy instruction is processed by the processing module to establish a security inspection mode, and the security inspection mode can be scanned once, analyzed in parallel and inspected at the same time; the data encapsulation module (2) packs the checking result according to the strategy mode to generate a json data format for sending, establishes a temporary storage retransmission mechanism and ensures that data is not lost; the data transmission module (3) starts a service program and is used for receiving commands of the server and analyzing the commands sent by the server, wherein the commands comprise heartbeat packages, backlogs, version upgrading and server migration, the heartbeat packages are polled to send heartbeat maintenance systems at regular time and communicate with the server side, the data transmission of the inspection result adopts multiple encryption, and the data are compressed and transmitted; and the security check result information received by the data analysis module (4) is put into the data analysis module, and the TomCat server is used for realizing data uploading and issuing with a plurality of clients. In the specific communication process, heartbeat connection needs to be kept, and the last heartbeat time is updated regularly; checking whether the client has the event and returning the check item and a plurality of checked configuration information; checking whether the upgrade is needed and returning the upgraded information; decrypting and storing the result of the check; data storage and interaction (5) data are classified, analyzed and processed and stored into a MySQL database; the three modules, namely a network topology management module (6), a strategy configuration module (7) and a data visualization display and evaluation analysis module (8), perform data interaction with a database through a user operation interface, maintain the terminal network topology, add, delete and modify clients and adjust groups and operation logs where the clients are located; maintenance of inspection items, configuration of general inspection items, conventional inspection of files and conventional inspection of mails, deep inspection of files, Internet access records and USB deep inspection configuration, task setting, plan setting and timer setting; maintaining groups, adding, deleting and modifying groups and operation logs of the client; role maintenance, user maintenance (including three-person), menu maintenance, authority maintenance, and the like.
Claims (1)
1. A network-based terminal inspection and analysis system, the system comprising the steps of:
step 1: data acquisition is realized, 40 inspection items are totally acquired, the inspection instructions are analyzed and classified, the received security inspection strategy instructions pass through the processing module to formulate a security inspection mode, and the security inspection mode can be scanned once, analyzed in parallel and inspected at the same time;
step 2: data encapsulation, wherein the checking result is packed according to a strategy mode to generate a json data format for sending, and a temporary storage retransmission mechanism is established to ensure that data is not lost;
and step 3: the data transmission module starts a service program and is used for receiving commands of the server and analyzing the commands sent by the server, wherein the commands comprise heartbeat packages, backlog, version upgrading and server migration, the heartbeat packages are polled to send heartbeat maintenance systems at regular time and communicate with the server side, and the data transmission of the inspection result adopts multiple encryption and compression transmission;
step 4, the data analysis module is used for putting the received security check result information into the data analysis module and realizing data uploading and issuing with a plurality of clients by using the TomCat server;
in the specific communication process, heartbeat connection needs to be kept, and the last heartbeat time is updated regularly; checking whether the client has the event and returning the check item and a plurality of checked configuration information; checking whether the upgrade is needed and returning the upgraded information; decrypting and storing the result of the check; data storage and interaction
And 5: performing classification analysis processing, and storing the processed data into a MySQL database; the three modules, namely a network topology management module (6), a strategy configuration module (7) and a data visualization display and evaluation analysis module (8), are all used for carrying out data interaction with a database through a user operation interface, so that the maintenance of the terminal network topology is realized, the addition and deletion of clients are changed, and the grouping and operation logs where the clients are located are adjusted; maintenance of inspection items, configuration of general inspection items, conventional inspection of files and conventional inspection of mails, deep inspection of files, Internet access records and USB deep inspection configuration, task setting, plan setting and timer setting; maintaining groups, adding, deleting and modifying groups and operation logs of the client; role maintenance, user maintenance (including three-member), menu maintenance, and authority maintenance.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911151864.2A CN111082970A (en) | 2019-11-22 | 2019-11-22 | Network-based terminal checking and analyzing system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911151864.2A CN111082970A (en) | 2019-11-22 | 2019-11-22 | Network-based terminal checking and analyzing system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN111082970A true CN111082970A (en) | 2020-04-28 |
Family
ID=70311596
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201911151864.2A Withdrawn CN111082970A (en) | 2019-11-22 | 2019-11-22 | Network-based terminal checking and analyzing system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111082970A (en) |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105488100A (en) * | 2015-11-18 | 2016-04-13 | 国信司南(北京)地理信息技术有限公司 | Efficient detection and discovery system for secret-associated geographic data in non secret-associated environment |
US20160171793A1 (en) * | 2014-12-11 | 2016-06-16 | Hyundai Motor Company | Apparatus for processing a plurality of logging policies and method thereof |
CN106411650A (en) * | 2016-10-19 | 2017-02-15 | 北京交通大学 | Distributed security and confidentiality checking method |
-
2019
- 2019-11-22 CN CN201911151864.2A patent/CN111082970A/en not_active Withdrawn
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20160171793A1 (en) * | 2014-12-11 | 2016-06-16 | Hyundai Motor Company | Apparatus for processing a plurality of logging policies and method thereof |
CN105488100A (en) * | 2015-11-18 | 2016-04-13 | 国信司南(北京)地理信息技术有限公司 | Efficient detection and discovery system for secret-associated geographic data in non secret-associated environment |
CN106411650A (en) * | 2016-10-19 | 2017-02-15 | 北京交通大学 | Distributed security and confidentiality checking method |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN112651126B (en) | BIM-based construction engineering construction optimization system, method, terminal and storage medium | |
CN109039749B (en) | Remote log acquisition and encryption transmission system and method | |
CN107094158B (en) | Automatic change intranet security fragile analytic system | |
CN103853585B (en) | A kind of implementation method for managing version concentratedly by high in the clouds | |
WO2017131774A1 (en) | Log event summarization for distributed server system | |
CN103124293A (en) | Cloud data safe auditing method based on multi-Agent | |
CN105335271A (en) | State monitoring apparatus and comprehensive monitoring system and method | |
CN111125042A (en) | Method and device for determining risk operation event | |
CN111198778A (en) | Self-service terminal fault reporting method and device | |
CN211905008U (en) | Online automatic monitoring system platform for catering oil fume | |
CN103903077A (en) | Danger source supervision system and method | |
CN103226768A (en) | System and method for automatically generating original lab record list in real time | |
CN109639791A (en) | Cloud workflow schedule method and system under a kind of container environment | |
CN112287067A (en) | Sensitive event visualization application implementation method, system and terminal based on semantic analysis | |
CN105868056A (en) | Method, device and safety virtual machine for acquiring deleted files in Windows virtual machines | |
CN203982448U (en) | A kind of visualized system of logistic article | |
US10365925B2 (en) | Merging applications | |
KR20150136369A (en) | Integration control system using log security and big-data | |
CN113836237A (en) | Method and device for auditing data operation of database | |
CN111082970A (en) | Network-based terminal checking and analyzing system | |
CN112801623A (en) | Patent process management system and method | |
JP7412938B2 (en) | Information analysis device, information analysis method, information analysis system and program | |
US11921602B2 (en) | Edge-based data collection system for an observability pipeline system | |
CN112579406A (en) | Log call chain generation method and device | |
CN116431430A (en) | System and method for monitoring and analyzing Zookeeper cluster |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WW01 | Invention patent application withdrawn after publication | ||
WW01 | Invention patent application withdrawn after publication |
Application publication date: 20200428 |