CN111082970A - Network-based terminal checking and analyzing system - Google Patents

Network-based terminal checking and analyzing system Download PDF

Info

Publication number
CN111082970A
CN111082970A CN201911151864.2A CN201911151864A CN111082970A CN 111082970 A CN111082970 A CN 111082970A CN 201911151864 A CN201911151864 A CN 201911151864A CN 111082970 A CN111082970 A CN 111082970A
Authority
CN
China
Prior art keywords
inspection
data
module
maintenance
security
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN201911151864.2A
Other languages
Chinese (zh)
Inventor
傅涛
郑轶
王力
王路路
邓楠
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Bozhi Safety Technology Co Ltd
Original Assignee
Bozhi Safety Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Bozhi Safety Technology Co Ltd filed Critical Bozhi Safety Technology Co Ltd
Priority to CN201911151864.2A priority Critical patent/CN111082970A/en
Publication of CN111082970A publication Critical patent/CN111082970A/en
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Environmental & Geological Engineering (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Debugging And Monitoring (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention relates to a network-based terminal inspection and analysis system, which comprises an inspection service execution module, a data packaging module, a data transmission module, a data analysis module, data storage and interaction, network topology management, a strategy configuration module and data visualization display and evaluation analysis. The product is widely suitable for various security bureaus to carry out security technology inspection work, and provides a powerful technical means for carrying out daily security inspection on the security management departments and computer information systems of confidential enterprises and public institutions such as governments, war industry and enterprises.

Description

Network-based terminal checking and analyzing system
Technical Field
The invention relates to the field of security and confidentiality of a host, in particular to a terminal checking and analyzing system based on a network.
Background
In a confidential unit with a large number of confidential hosts, management work is complex and tedious, management personnel need to perform confidential inspection on a large number of confidential hosts, collect and arrange results, and meanwhile, daily management such as maintenance of versions and operation log records among different hosts has a large number of repeated operations and generates a lot of data which are difficult to maintain. In addition, due to the particularity of a computer information system, the work efficiency of security and privacy inspectors is low when the security and privacy inspectors adopt the traditional means to inspect, the inspection contents cannot be comprehensive and consistent, and comprehensive analysis of background data is difficult to realize.
Disclosure of Invention
A terminal checking and analyzing system based on network is characterized in that: the system mainly comprises an inspection service execution module (1), a data encapsulation module (2), a data transmission module (3), a data analysis module (4), data storage and interaction (5), network topology management (6), a strategy configuration module (7) and a data visualization display and evaluation analysis module (8). The inspection service execution module (1) is connected with the data encapsulation module (2), the data encapsulation module (2) is connected with the data transmission module (3), the data transmission module (3) is connected with the data analysis module (4), the data analysis module (4) is connected with the data storage and interaction module (5), and the data storage and interaction module (5) is connected with the network topology management module (6), the strategy configuration module (7) and the data visualization display and evaluation analysis module (8). The system can accurately check the internet access records, hidden partitions, protection software installation, account security, secret-related files and the like of the secret-related computer; according to the requirement of the latest inspection standard of inspection equipment, a remote inspection system based on a network is integrated, the strategy customization of a client on a confidential host through a server is realized, the confidential inspection is carried out on the host in batches, the result collection and the visual statistical analysis are carried out, the alarm display is carried out on the sensitive collection, and meanwhile, the system has the advantages of humanized inspection strategy customization, centralized version maintenance, convenient B/S structure management, convenience for the inspection work of managers, intuitive understanding of the omnibearing confidential condition of a unit, rapid positioning of the confidential host with sensitive information and reduction of a large number of repeated operations. The problems that the traditional inspection mode is large in labor consumption, long in time consumption, incapable of realizing full coverage of inspection, incapable of forming normalization and the like are solved.
Drawings
FIG. 1 is a system flow diagram of the terminal inspection and analysis system of the present invention.
Detailed Description
With reference to fig. 1, the present invention is a network-based terminal inspection and analysis system, and the working principle thereof is as follows: the inspection service execution module (1) realizes data acquisition, total 40 inspection items are analyzed and classified, the received security inspection strategy instruction is processed by the processing module to establish a security inspection mode, and the security inspection mode can be scanned once, analyzed in parallel and inspected at the same time; the data encapsulation module (2) packs the checking result according to the strategy mode to generate a json data format for sending, establishes a temporary storage retransmission mechanism and ensures that data is not lost; the data transmission module (3) starts a service program and is used for receiving commands of the server and analyzing the commands sent by the server, wherein the commands comprise heartbeat packages, backlogs, version upgrading and server migration, the heartbeat packages are polled to send heartbeat maintenance systems at regular time and communicate with the server side, the data transmission of the inspection result adopts multiple encryption, and the data are compressed and transmitted; and the security check result information received by the data analysis module (4) is put into the data analysis module, and the TomCat server is used for realizing data uploading and issuing with a plurality of clients. In the specific communication process, heartbeat connection needs to be kept, and the last heartbeat time is updated regularly; checking whether the client has the event and returning the check item and a plurality of checked configuration information; checking whether the upgrade is needed and returning the upgraded information; decrypting and storing the result of the check; data storage and interaction (5) data are classified, analyzed and processed and stored into a MySQL database; the three modules, namely a network topology management module (6), a strategy configuration module (7) and a data visualization display and evaluation analysis module (8), perform data interaction with a database through a user operation interface, maintain the terminal network topology, add, delete and modify clients and adjust groups and operation logs where the clients are located; maintenance of inspection items, configuration of general inspection items, conventional inspection of files and conventional inspection of mails, deep inspection of files, Internet access records and USB deep inspection configuration, task setting, plan setting and timer setting; maintaining groups, adding, deleting and modifying groups and operation logs of the client; role maintenance, user maintenance (including three-person), menu maintenance, authority maintenance, and the like.

Claims (1)

1. A network-based terminal inspection and analysis system, the system comprising the steps of:
step 1: data acquisition is realized, 40 inspection items are totally acquired, the inspection instructions are analyzed and classified, the received security inspection strategy instructions pass through the processing module to formulate a security inspection mode, and the security inspection mode can be scanned once, analyzed in parallel and inspected at the same time;
step 2: data encapsulation, wherein the checking result is packed according to a strategy mode to generate a json data format for sending, and a temporary storage retransmission mechanism is established to ensure that data is not lost;
and step 3: the data transmission module starts a service program and is used for receiving commands of the server and analyzing the commands sent by the server, wherein the commands comprise heartbeat packages, backlog, version upgrading and server migration, the heartbeat packages are polled to send heartbeat maintenance systems at regular time and communicate with the server side, and the data transmission of the inspection result adopts multiple encryption and compression transmission;
step 4, the data analysis module is used for putting the received security check result information into the data analysis module and realizing data uploading and issuing with a plurality of clients by using the TomCat server;
in the specific communication process, heartbeat connection needs to be kept, and the last heartbeat time is updated regularly; checking whether the client has the event and returning the check item and a plurality of checked configuration information; checking whether the upgrade is needed and returning the upgraded information; decrypting and storing the result of the check; data storage and interaction
And 5: performing classification analysis processing, and storing the processed data into a MySQL database; the three modules, namely a network topology management module (6), a strategy configuration module (7) and a data visualization display and evaluation analysis module (8), are all used for carrying out data interaction with a database through a user operation interface, so that the maintenance of the terminal network topology is realized, the addition and deletion of clients are changed, and the grouping and operation logs where the clients are located are adjusted; maintenance of inspection items, configuration of general inspection items, conventional inspection of files and conventional inspection of mails, deep inspection of files, Internet access records and USB deep inspection configuration, task setting, plan setting and timer setting; maintaining groups, adding, deleting and modifying groups and operation logs of the client; role maintenance, user maintenance (including three-member), menu maintenance, and authority maintenance.
CN201911151864.2A 2019-11-22 2019-11-22 Network-based terminal checking and analyzing system Withdrawn CN111082970A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911151864.2A CN111082970A (en) 2019-11-22 2019-11-22 Network-based terminal checking and analyzing system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911151864.2A CN111082970A (en) 2019-11-22 2019-11-22 Network-based terminal checking and analyzing system

Publications (1)

Publication Number Publication Date
CN111082970A true CN111082970A (en) 2020-04-28

Family

ID=70311596

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911151864.2A Withdrawn CN111082970A (en) 2019-11-22 2019-11-22 Network-based terminal checking and analyzing system

Country Status (1)

Country Link
CN (1) CN111082970A (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105488100A (en) * 2015-11-18 2016-04-13 国信司南(北京)地理信息技术有限公司 Efficient detection and discovery system for secret-associated geographic data in non secret-associated environment
US20160171793A1 (en) * 2014-12-11 2016-06-16 Hyundai Motor Company Apparatus for processing a plurality of logging policies and method thereof
CN106411650A (en) * 2016-10-19 2017-02-15 北京交通大学 Distributed security and confidentiality checking method

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160171793A1 (en) * 2014-12-11 2016-06-16 Hyundai Motor Company Apparatus for processing a plurality of logging policies and method thereof
CN105488100A (en) * 2015-11-18 2016-04-13 国信司南(北京)地理信息技术有限公司 Efficient detection and discovery system for secret-associated geographic data in non secret-associated environment
CN106411650A (en) * 2016-10-19 2017-02-15 北京交通大学 Distributed security and confidentiality checking method

Similar Documents

Publication Publication Date Title
CN112651126B (en) BIM-based construction engineering construction optimization system, method, terminal and storage medium
CN109039749B (en) Remote log acquisition and encryption transmission system and method
CN107094158B (en) Automatic change intranet security fragile analytic system
CN103853585B (en) A kind of implementation method for managing version concentratedly by high in the clouds
WO2017131774A1 (en) Log event summarization for distributed server system
CN103124293A (en) Cloud data safe auditing method based on multi-Agent
CN105335271A (en) State monitoring apparatus and comprehensive monitoring system and method
CN111125042A (en) Method and device for determining risk operation event
CN111198778A (en) Self-service terminal fault reporting method and device
CN211905008U (en) Online automatic monitoring system platform for catering oil fume
CN103903077A (en) Danger source supervision system and method
CN103226768A (en) System and method for automatically generating original lab record list in real time
CN109639791A (en) Cloud workflow schedule method and system under a kind of container environment
CN112287067A (en) Sensitive event visualization application implementation method, system and terminal based on semantic analysis
CN105868056A (en) Method, device and safety virtual machine for acquiring deleted files in Windows virtual machines
CN203982448U (en) A kind of visualized system of logistic article
US10365925B2 (en) Merging applications
KR20150136369A (en) Integration control system using log security and big-data
CN113836237A (en) Method and device for auditing data operation of database
CN111082970A (en) Network-based terminal checking and analyzing system
CN112801623A (en) Patent process management system and method
JP7412938B2 (en) Information analysis device, information analysis method, information analysis system and program
US11921602B2 (en) Edge-based data collection system for an observability pipeline system
CN112579406A (en) Log call chain generation method and device
CN116431430A (en) System and method for monitoring and analyzing Zookeeper cluster

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication
WW01 Invention patent application withdrawn after publication

Application publication date: 20200428