CN112383524A - Operation and maintenance auditing method, device and medium - Google Patents

Operation and maintenance auditing method, device and medium Download PDF

Info

Publication number
CN112383524A
CN112383524A CN202011207366.8A CN202011207366A CN112383524A CN 112383524 A CN112383524 A CN 112383524A CN 202011207366 A CN202011207366 A CN 202011207366A CN 112383524 A CN112383524 A CN 112383524A
Authority
CN
China
Prior art keywords
maintenance
instruction
operated
equipment
maintained
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202011207366.8A
Other languages
Chinese (zh)
Other versions
CN112383524B (en
Inventor
陶文伟
陈刚
张富川
江泽铭
张文哲
李曼
梁志宏
郑伟文
吴昊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Southern Power Grid Co Ltd
Original Assignee
China Southern Power Grid Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Southern Power Grid Co Ltd filed Critical China Southern Power Grid Co Ltd
Priority to CN202011207366.8A priority Critical patent/CN112383524B/en
Publication of CN112383524A publication Critical patent/CN112383524A/en
Application granted granted Critical
Publication of CN112383524B publication Critical patent/CN112383524B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q50/00Information and communication technology [ICT] specially adapted for implementation of business processes of specific business sectors, e.g. utilities or tourism
    • G06Q50/06Energy or water supply
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Business, Economics & Management (AREA)
  • Economics (AREA)
  • General Health & Medical Sciences (AREA)
  • Public Health (AREA)
  • Medical Informatics (AREA)
  • Water Supply & Treatment (AREA)
  • Human Resources & Organizations (AREA)
  • Marketing (AREA)
  • Primary Health Care (AREA)
  • Strategic Management (AREA)
  • Tourism & Hospitality (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The application relates to an operation and maintenance auditing method, device and medium, which are used for auditing operation and maintenance operating instructions of a power monitoring system in real time, and the method comprises the following steps: acquiring an operation and maintenance operation instruction sent by operation and maintenance equipment, wherein the operation and maintenance operation instruction is requested to be executed by the operation and maintenance equipment under a preset compliance safety environment by using a target account; under the condition that the operation and maintenance equipment is determined to be the binding equipment of the target account according to the operation and maintenance operation instruction, acquiring a first target password input by the operation and maintenance equipment; and setting the authority of the operation and maintenance equipment for executing the operation and maintenance operation to be allowed to be executed under the condition that the first target password is matched with the verification password of the target account stored in the server. The method and the device avoid the illegal external connection equipment which is not in compliance from being connected to the power monitoring system for operation, and effectively improve the operation and maintenance operation safety of the power monitoring system and the use safety of the power monitoring system of the transformer substation.

Description

Operation and maintenance auditing method, device and medium
Technical Field
The present application relates to the field of power system technologies, and in particular, to an operation and maintenance auditing method, apparatus, and medium.
Background
With the gradual operation of the transformer substation power monitoring system in each level of dispatching center, the operation and maintenance of the system become an important link in a dispatching business and power grid 'large operation, maintenance and large service' system. In order to maintain a normal work order and ensure the safe and stable operation of the substation power monitoring system, a series of safety protection measures need to be established to ensure that the operation safety of the power grid is not affected.
The transformer substation power monitoring system is a set of complex computer network system, has inherent information security risks of the computer network system, and as the transformer substation power monitoring system becomes increasingly complex, security problems caused by illegal operation of operation and maintenance personnel in different backgrounds become increasingly prominent. And conventional security products such as firewalls and antivirus can solve a part of security problems, but do not help operation violation of operation and maintenance personnel.
Moreover, the conventional fort machine does not support the management and control of operation and maintenance terminals such as a notebook computer brought by an external manufacturer of the power monitoring system. If the operation and maintenance terminal carries out illegal external connection through a mobile phone hotspot and is connected to the power monitoring system for operation, uncontrollable safety risks are easily caused.
Disclosure of Invention
Therefore, it is necessary to provide an operation and maintenance auditing method, device and medium for the above technical problems, which can audit operation and maintenance operation instructions of the power monitoring system in real time, avoid that illegal external connection equipment which is not compliant is connected to the power monitoring system for operation, and effectively improve the operation and maintenance operation safety of the power monitoring system and the use safety of the power monitoring system of the transformer substation.
In order to achieve the above and other objects, a first aspect of the present application provides an operation and maintenance auditing method for auditing operation and maintenance operating instructions of a power monitoring system in real time, including:
acquiring an operation and maintenance operation instruction sent by operation and maintenance equipment, wherein the operation and maintenance operation instruction is requested to be executed by the operation and maintenance equipment under a preset compliance safety environment by using a target account;
under the condition that the operation and maintenance equipment is determined to be the binding equipment of the target account according to the operation and maintenance operation instruction, acquiring a first target password input by the operation and maintenance equipment;
and setting the authority of the operation and maintenance equipment for executing the operation and maintenance operation to be allowed to be executed under the condition that the first target password is matched with the verification password of the target account stored in the server.
According to the operation and maintenance auditing method, the operation and maintenance operation instruction sent by the operation and maintenance equipment is obtained, and the operation and maintenance equipment can be terminal equipment of a preset model, such as a notebook computer or a desktop computer; the operation and maintenance operation instruction is requested to be executed by using a target account number in the operation and maintenance equipment in a preset compliance safety environment, wherein the preset compliance safety environment can comprise at least one of network communication compliance safety, use state compliance safety of the operation and maintenance equipment, use state compliance safety of a power monitoring system and the like; judging whether the operation and maintenance equipment is the binding equipment of the target account or not according to the operation and maintenance operation instruction, and acquiring a first target password input by the operation and maintenance equipment under the condition that the operation and maintenance equipment is determined to be the binding equipment of the target account according to the operation and maintenance operation instruction; and further judging whether the first target password is matched with the check password of the target account stored in the server, and setting the authority of the operation and maintenance equipment for executing the operation and maintenance operation to be allowed to be executed under the condition that the first target password is matched with the check password of the target account stored in the server. Therefore, the operation and maintenance operation instructions of the power monitoring system can be audited in real time, the operation of illegal external connection equipment which is not in conformity with the operation of the power monitoring system is avoided, and the operation and maintenance operation safety of the power monitoring system and the use safety of the power monitoring system of the transformer substation are effectively improved.
In one embodiment, after the permission of the operation and maintenance device to perform the operation and maintenance operation is set to be allowed to be performed, the method further includes:
acquiring an operation and maintenance protocol certificate of communication;
judging whether the operation and maintenance protocol certificate is matched with a protocol certificate in a preset operation and maintenance protocol certificate feature library or not;
if so, establishing a communication link with the target resource to be operated and maintained, and sending an operation and maintenance operation instruction to the target resource to be operated and maintained on the basis of the communication link so as to perform operation and maintenance operation on the target resource to be operated and maintained.
In one embodiment, the performing operation and maintenance operations on the target resource to be operated and maintained includes:
analyzing the operation and maintenance operation instruction to obtain operation and maintenance operation instruction data;
judging whether the operation and maintenance operation instruction data are matched with instruction data in a preset event rule base or not;
if the operation and maintenance operation instruction data are matched with conventional instruction data in a preset event rule base, responding to the operation and maintenance operation instruction, and executing operation and maintenance operation according to the operation and maintenance operation instruction;
if the operation and maintenance operation instruction data are matched with first-class risk instruction data in a preset event rule base, stopping executing operation and maintenance operation of the operation and maintenance operation instruction;
if the operation and maintenance operation instruction data are matched with second-class risk instruction data in a preset event rule base, generating secondary examination and approval prompt information, responding to the operation and maintenance operation instruction under the condition that the secondary examination and approval is passed, and executing operation and maintenance operation according to the operation and maintenance operation instruction, wherein the operation risk level of the second-class risk instruction data is higher than that of the first-class risk instruction data;
otherwise, intercepting or blocking the operation and maintenance operation instruction, and disconnecting the communication link.
In one embodiment, the performing operation and maintenance operations on the target resource to be operated and maintained includes:
under the condition that the operation and maintenance operation instruction data are matched with conventional instruction data in a preset event rule base, judging whether the duration time of the operation and maintenance operation is within a preset time threshold range;
if so, performing operation and maintenance operation on the target resource to be operated and maintained;
otherwise, intercepting or blocking the operation and maintenance operation instruction, and disconnecting the communication link.
In one embodiment, the performing operation and maintenance operations on the target resource to be operated and maintained includes:
under the condition that the duration time of the operation and maintenance operation is within a preset time threshold range, judging whether the target resource to be operated and maintained belongs to a resource within a preset authorization range;
if so, performing operation and maintenance operation on the target resource to be operated and maintained;
otherwise, intercepting or blocking the operation and maintenance operation instruction, and disconnecting the communication link.
In one embodiment, the performing operation and maintenance operations on the target resource to be operated and maintained includes:
under the condition that the target resource to be operated and maintained belongs to a resource within a preset authorization range, judging whether the operation and maintenance operation instruction comprises an operation instruction for acquiring a file from the target resource to be operated and maintained;
if so, acquiring a file from the target resource to be operated and maintained according to the operation instruction for acquiring the file, and identifying the acquired file;
and under the condition that the identification result is matched with the sensitive information in the preset sensitive information base, disconnecting the communication link.
In one embodiment, the step of establishing a communication link with a target resource to be operated and maintained, and sending an operation and maintenance operation instruction to the target resource to be operated and maintained based on the communication link, includes:
establishing a communication link with the target resource to be operated and maintained;
judging whether an operation and maintenance operation instruction to be sent exists in a preset malicious instruction library or not;
if yes, sending an operation and maintenance operation instruction to the target resource to be operated and maintained based on the communication link;
otherwise, intercepting or blocking the operation and maintenance operation instruction, and disconnecting the communication link.
In one embodiment, after the permission of the operation and maintenance device to perform the operation and maintenance operation is set to be allowed to be performed, the method further includes:
and recording the operation and maintenance operation information and forming a log, wherein the operation and maintenance operation information comprises screen display information of the operation and maintenance equipment and input information of the operation and maintenance equipment.
The second aspect of the present application provides an operation and maintenance auditing device for audit the operation and maintenance operating instruction of the power monitoring system in real time, including:
the operation and maintenance operation instruction acquisition module is used for acquiring an operation and maintenance operation instruction sent by preset operation and maintenance equipment, wherein the operation and maintenance operation instruction is requested to be executed by using a target account number in the operation and maintenance equipment in a preset compliance safety environment;
the operation and maintenance equipment detection and password acquisition module is used for acquiring a first target password input by the operation and maintenance equipment under the condition that the operation and maintenance equipment is determined to be the binding equipment of the target account according to the operation and maintenance operation instruction;
and the password checking module is used for setting the authority of the operation and maintenance equipment for executing the operation and maintenance operation to be allowed to execute under the condition that the first target password is matched with the checking password of the target account stored in the server.
A third aspect of the present application provides a computer-readable storage medium having a computer program stored thereon, wherein the computer program, when executed by a processor, implements the steps of any of the methods described in the embodiments of the present application.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain drawings of other embodiments based on these drawings without any inventive work.
Fig. 1 is a schematic view of an application scenario of an operation and maintenance auditing method in an embodiment of the present application;
2-8 are schematic flow diagrams of operation and maintenance auditing methods in different embodiments of the present application;
9-12 are block diagrams of the structure of the operation and maintenance auditing device in different embodiments of the present application;
fig. 13 is an internal structural diagram of a computer device according to an embodiment of the present application.
Detailed Description
To facilitate an understanding of the present application, the present application will now be described more fully with reference to the accompanying drawings. Preferred embodiments of the present application are illustrated in the accompanying drawings. This application may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs. The terminology used herein in the description of the present application is for the purpose of describing particular embodiments only and is not intended to be limiting of the application.
Where the terms "comprising," "having," and "including" are used herein, another element may be added unless an explicit limitation is used, such as "only," "consisting of … …," etc. Unless mentioned to the contrary, terms in the singular may include the plural and are not to be construed as being one in number.
It will be understood that, although the terms first, second, etc. may be used herein to describe various elements, these elements should not be limited by these terms. These terms are only used to distinguish one element from another. For example, a first element could be termed a second element, and, similarly, a second element could be termed a first element, without departing from the scope of the present application.
The fort machine realizes the safe access of operation and maintenance personnel to the information system through a plurality of information security technologies such as access control, account management, identity authentication, behavior audit, single sign-on, protocol agency and the like, and simultaneously forms a complete audit record for the operation process of the operation and maintenance personnel, and functionally, the fort machine integrates two major functions of core system operation and safety audit management and control; in technical implementation, the direct access of the terminal computer to the network and server resources is cut off, and the access of the terminal computer to the network and the server is taken over in a protocol proxy mode. In a pictographic way, the access of the terminal computer to the target needs to be translated through operation and maintenance safety audit. For example, an operation and maintenance security audit acts as a gatekeeper, and all requests to network devices and servers pass through the gatekeeper. Therefore, the operation and maintenance safety audit can intercept illegal access and malicious attack, carry out command blocking on illegal commands, filter out all illegal access behaviors to target equipment, and carry out audit monitoring on misoperation and illegal operation of internal personnel so as to facilitate the responsibility tracking after the fact.
The conventional bastion technology is generally suitable for operation and maintenance auditing of conventional information systems, such as Windows hosts, Linux hosts, servers, network equipment such as switches or routers, databases and the like. And the device system cannot be applied to the power monitoring system. Moreover, the conventional bastion machine generally supports the conventional operation and maintenance protocol agents, such as character protocol: SSH, TELNET; the graphic protocol comprises the following steps: RDP, VNC; file transfer protocol: FTP, SFTP; and (3) database access: oracle, SQL Server, DB2, Sybase, Informix, Teradata, MySQL, PostgreSQL. The traditional bastion machine does not support the operation and maintenance protocol or the operation and maintenance tool specific to the power monitoring system, so that auditing of the operation and maintenance protocol specific to the power monitoring system or control of illegal commands and the like are not supported.
In one embodiment of the application, the operation and maintenance auditing method can be applied to the application environment as shown in figure 1, namely, the application in a mobile bastion device, and the three-layer connection architecture of a mobile bastion device management side server, the mobile bastion device and a secure Ukey access device which are connected with each other through a network or other wireless signals. The first terminal 102 is, for example, an operation and maintenance device which communicates with the mobile forter device 104 through a network, the mobile forter communicates with the mobile forter management side server 106 through the network, for example, a power monitoring system server, a secure Ukey access device can be arranged on the operation and maintenance device to ensure that the operation and maintenance device is used through the secure Ukey access device, and an operation and maintenance communication network which communicates with the mobile forter management side server through the mobile forter, for example, the power monitoring system server, is established by using a target account. Specifically, the first terminal 102 may be an operation and maintenance terminal, such as a notebook, a desktop, or an industrial personal computer, and is used for an operation and maintenance operator to send an operation and maintenance operation instruction to the power monitoring system, so that the power monitoring system executes a corresponding operation and maintenance action, and the safe and stable operation of the power monitoring system is ensured. The first terminal 102 may be, but not limited to, various personal computers, notebook computers, smart phones, tablet computers, and portable wearable devices, and the power monitoring system server may be implemented by an independent server or a server cluster formed by a plurality of servers.
By way of example, referring to fig. 2, in an embodiment of the present application, an operation and maintenance auditing method is provided for auditing operation and maintenance operating instructions of a power monitoring system in real time, including:
step 22, acquiring an operation and maintenance operation instruction sent by operation and maintenance equipment, wherein the operation and maintenance operation instruction is requested to be executed by using a target account in the operation and maintenance equipment in a preset compliance security environment;
step 24, under the condition that the operation and maintenance equipment is determined to be the binding equipment of the target account according to the operation and maintenance operation instruction, acquiring a first target password input by the operation and maintenance equipment;
and step 26, setting the authority of the operation and maintenance device for executing the operation and maintenance operation to be allowed to execute when the first target password is matched with the verification password of the target account stored in the server.
Specifically, please continue to refer to fig. 2, by obtaining an operation and maintenance operation instruction sent by an operation and maintenance device, the operation and maintenance device may be a terminal device of a preset model, such as a notebook or a desktop; the operation and maintenance operation instruction is requested to be executed by using a target account number in the operation and maintenance equipment in a preset compliance safety environment, wherein the preset compliance safety environment can comprise at least one of network communication compliance safety, use state compliance safety of the operation and maintenance equipment, use state compliance safety of Ukey, use state compliance safety of a power monitoring system and the like; judging whether the operation and maintenance equipment is the binding equipment of the target account or not according to the operation and maintenance operation instruction, and acquiring a first target password input by the operation and maintenance equipment under the condition that the operation and maintenance equipment is determined to be the binding equipment of the target account according to the operation and maintenance operation instruction; and further judging whether the first target password is matched with the check password of the target account stored in the server, and setting the authority of the operation and maintenance equipment for executing the operation and maintenance operation to be allowed to be executed under the condition that the first target password is matched with the check password of the target account stored in the server. The method and the device can adopt a strong identity verification mode, namely a user name password and safe Ukey two-factor login mode to authenticate the identity of the operation and maintenance user. When an operation and maintenance user operates and maintains a target asset, login authentication is required to be performed firstly under the condition that the operation and maintenance terminal is credible, namely, a legal user account and a password are input, and the mobile bastion device can be used only after the user passes the verification. Therefore, the operation and maintenance operation instructions of the power monitoring system can be audited in real time, the operation of illegal external connection equipment which is not in conformity with the operation of the power monitoring system is avoided, and the operation and maintenance operation safety of the power monitoring system and the use safety of the power monitoring system of the transformer substation are effectively improved.
Referring to fig. 3, in an embodiment of the present application, an operation and maintenance auditing method is provided, which is described by taking the application of the method to the mobile bastion device in fig. 1 as an example, after the authority of the operation and maintenance device to perform operation and maintenance operation is set to be allowed to be performed, the method further includes:
step 272, acquiring the operation and maintenance protocol certificate of communication;
step 274, determining whether the operation and maintenance protocol certificate matches a protocol certificate in a preset operation and maintenance protocol certificate feature library;
step 276, if yes, establishing a communication link with the target resource to be operated and maintained, and sending an operation and maintenance operation instruction to the target resource to be operated and maintained based on the communication link so as to perform operation and maintenance operation on the target resource to be operated and maintained.
By way of example, in one embodiment of the application, the mobile fort device has an access control function and can be connected in series in a network of a substation power monitoring system, the upper end of the mobile fort device is connected with an operation and maintenance target resource, and the lower end of the mobile fort device is connected with an operation and maintenance terminal; all data exchange between the operation and maintenance terminal and the target resource passes through the mobile bastion device. And the operation and maintenance terminal establishes a session with the mobile bastion device and the target resource through a protocol proxy mode. For example, the mobile forter device has front-end proxy and back-end proxy functions; when an operation and maintenance terminal is accessed to carry out operation and maintenance, a session establishment request is initiated, the mobile bastion device obtains an operation and maintenance protocol certificate of communication, whether the operation and maintenance protocol certificate is matched with a protocol certificate in a preset operation and maintenance protocol certificate feature library is judged, a communication link with a target resource to be operated and maintained is established under the condition that the operation and maintenance protocol certificate is matched with the protocol certificate in the preset operation and maintenance protocol certificate feature library, and an operation and maintenance operation instruction is sent to the target resource to be operated and maintained on the basis of the communication link. For example, a complete operation and maintenance session channel may be formed among the operation and maintenance terminal, the front-end agent, the back-end agent, and the target resource, so as to perform operation and maintenance on the target resource to be operated and maintained. According to the method and the device, the operation and maintenance protocol certificate feature library is established, the protocol certificate matched with the operation and maintenance protocol certificate of the power monitoring system is set in the operation and maintenance protocol certificate feature library, auditing of the operation and maintenance protocol certificate of the power monitoring system is achieved, and operation and maintenance connection can be blocked if violation is found.
Referring to fig. 4, in an embodiment of the present application, an operation and maintenance auditing method is provided, which is described by taking the application of the method to the mobile bastion device in fig. 1 as an example, and the performing operation and maintenance operations on the target resource to be operated and maintained includes:
step 281, analyzing the operation and maintenance operation instruction to obtain operation and maintenance operation instruction data;
282, judging whether the operation and maintenance instruction data are matched with instruction data in a preset event rule base;
step 283, if the operation and maintenance operation instruction data is matched with the conventional instruction data in the preset event rule base, responding to the operation and maintenance operation instruction, and executing operation and maintenance operation according to the operation and maintenance operation instruction;
step 284, if the operation and maintenance instruction data is matched with the first type risk instruction data in the preset event rule base, terminating the operation and maintenance operation executed by the operation and maintenance instruction;
285, if the operation and maintenance operation instruction data is matched with second-class risk instruction data in a preset event rule base, generating secondary approval prompt information, responding to the operation and maintenance operation instruction when the secondary approval is passed, and executing operation and maintenance operation according to the operation and maintenance operation instruction, wherein the operation risk level of the second-class risk instruction data is higher than that of the first-class risk instruction data;
and 286, otherwise, intercepting or blocking the operation and maintenance operation instruction, and disconnecting the communication link.
As an example, after a complete operation and maintenance session channel is formed among an operation and maintenance terminal, a front-end agent, a back-end agent and a target resource, an operation and maintenance protocol certificate of the power monitoring system is audited, so that the operation and maintenance protocol certificate of the power monitoring system is audited, wherein the front-end agent is responsible for communicating with the operation and maintenance terminal; after an operation and maintenance user inputs an operation and maintenance operation instruction to be executed, the operation and maintenance operation instruction is sent to a front-end agent of the mobile bastion device through a network, the front-end agent receives a message of an operation and maintenance terminal, after the audit of an operation and maintenance protocol certificate of the power monitoring system passes, the operation and maintenance operation instruction data is obtained through network analysis, the operation and maintenance operation instruction data is matched with an event rule base, and the operation and maintenance operation instruction is audited and controlled according to a matching result; the back-end agent is responsible for communicating with the target resource; and after the mobile bastion device confirms the safety of the operation and maintenance operation instruction, allowing the operation and maintenance operation instruction to be executed in the target resource, forwarding the instruction to the back-end agent by the front-end agent, repackaging the data message by the back-end agent, and sending the operation and maintenance operation instruction to the target resource for execution.
As an example, in one embodiment of the present application, the setting of the event rule in the event rule base may include: a) regular or normal operation and maintenance operations, i.e. operations without risk, may be listed as white list; b) slight violation operation or risk-controllable low-risk operation and maintenance operation can be listed as a red list; c) high-risk violation operations, which may be listed as a yellow list; d) serious violation high-risk operation and maintenance operations can be listed as a blacklist. Rules can be set for the number of violations of operation and maintenance user operations, including: a) illegal recording is avoided, and auditing and non-tracking can be realized; b) if the records are violated but not more than 5 times, all the sessions of the operation and maintenance users can be audited and tracked; c) if there is a violation record and more than 5 times, the blocking can be directly performed. Furthermore, if the operation of the operation and maintenance user is blocked for 5 times, the operation and maintenance application needs to be submitted to the administrator, the administrator passes the approval and re-authorizes the operation and maintenance user, and the operation and maintenance user can perform the next operation and maintenance.
Referring to fig. 5, in an embodiment of the present application, an operation and maintenance auditing method is provided, which is described by taking the application of the method to the mobile bastion device in fig. 1 as an example, and the performing operation and maintenance operations on the target resource to be operated and maintained includes:
step 2832, under the condition that the operation and maintenance operation instruction data are matched with the conventional instruction data in the preset event rule base, judging whether the duration time of the operation and maintenance operation is within a preset time threshold range;
step 2834, if yes, performing operation and maintenance operation on the target resource to be operated and maintained.
By way of example, continuing with reference to fig. 5, the operation and maintenance operations are audited for compliance by monitoring whether the duration of the operation and maintenance operations is within a preset time threshold. If the time of the operation and maintenance operation exceeds the preset time threshold, the communication link can be disconnected, and illegal users are prevented from invading to implement the operation and maintenance operation.
Referring to fig. 6, in an embodiment of the present application, an operation and maintenance auditing method is provided, which is described by taking the application of the method to the mobile bastion device in fig. 1 as an example, and the performing operation and maintenance operations on the target resource to be operated and maintained includes:
step 28322, under the condition that the duration time of the operation and maintenance operation is within a preset time threshold range, determining whether the target resource to be operated and maintained belongs to a resource within a preset authorization range.
As an example, please continue to refer to fig. 6, when the duration of the operation and maintenance operation is within a preset time threshold range, determining whether the target resource to be operated and maintained belongs to a resource within a preset authorization range, and if so, performing the operation and maintenance operation on the target resource to be operated and maintained; otherwise, intercepting or blocking the operation and maintenance operation instruction, and disconnecting the communication link. The problem that an operation and maintenance operator obtains resources exceeding operation and maintenance authorities and uncontrollable risks are brought to an electric power monitoring system is avoided. In other embodiments of the present application, the method may be configured to generate alarm information in the process of disconnecting the communication link, for example, send an alarm short message to a mobile terminal of a relevant worker, generate at least one of an alarm prompt bullet screen, a web page, or a sound to prompt the relevant worker, and also generate a warning effect on an illegal operator.
In an embodiment of the application, when the target resource to be operated and maintained belongs to a resource within a preset authorization range, it may be determined whether the operation and maintenance operation instruction includes an operation instruction for acquiring a file from the target resource to be operated and maintained; if so, acquiring a file from the target resource to be operated and maintained according to the operation instruction for acquiring the file, and identifying the acquired file; and under the condition that the identification result is matched with the sensitive information in the preset sensitive information base, disconnecting the communication link. The method and the device avoid the risk brought to the power monitoring system by introducing illegal sensitive information in the file uploading process of an operation and maintenance operator. A dual level barrier may be set for file upload instructions: firstly, only uploading a specific file suffix according to the system type of a target resource; and secondly, setting a white list according to the type of the uploaded file, forwarding the file which is outside the white list and possibly has risk to the isolation area, carrying out rapid scanning, forwarding the file to the target resource after confirmation, and blocking the uploading instruction if the forwarding is unsuccessful.
Referring to fig. 7, in an embodiment of the present application, an operation and maintenance auditing method is provided, which is described by taking the application of the method to the mobile bastion device in fig. 1 as an example, and the step of establishing a communication link with a target resource to be operated and maintained, and sending an operation and maintenance operation instruction to the target resource to be operated and maintained based on the communication link, includes:
step 2762, establishing a communication link with the target resource to be operated and maintained;
step 2764, judging whether an operation and maintenance operation instruction to be sent exists in a preset malicious instruction library;
and step 2766, if yes, sending an operation and maintenance operation instruction to the target resource to be operated and maintained based on the communication link.
As an example, please continue to refer to fig. 7, after a communication link with the target resource to be operated and maintained is established, whether an operation and maintenance operation instruction to be sent exists in a preset malicious instruction library is determined, and if yes, the operation and maintenance operation instruction is sent to the target resource to be operated and maintained based on the communication link; otherwise, the operation and maintenance operation instruction is intercepted or blocked, the communication link is disconnected, malicious instructions carried in the operation and maintenance operation instruction are intercepted in time, and adverse effects of the malicious instructions on the power monitoring system are avoided. The malicious instruction library can be updated and optimized occasionally so as to intercept the possibly invaded malicious instructions in time.
Referring to fig. 8, in an embodiment of the present application, an operation and maintenance auditing method is provided, which is described by taking the application of the method to the mobile bastion device in fig. 1 as an example, after the authority of the operation and maintenance device to perform operation and maintenance operation is set to be allowed to be performed, the method further includes:
and step 29, recording the operation and maintenance operation information and forming a log, wherein the operation and maintenance operation information comprises screen display information of the operation and maintenance equipment and input information of the operation and maintenance equipment.
By way of example, continuing to refer to fig. 8, by continuously recording the operation and maintenance operation information and forming a log, the recorded operation and maintenance operation information includes screen display information of the operation and maintenance equipment and input information of the operation and maintenance equipment, so as to save communication session information of the operation and maintenance operation instruction. The forming of the audit and blocking of the log record is to form a record file for the whole operation and maintenance process, and different dimensions including the name of the transformer substation, the name of a team and a group, operation and maintenance personnel, a target resource IP and an operation command can be integrated, and the log file is checked, downloaded, audited and analyzed.
The operation and maintenance auditing method in the embodiment can intercept illegal access and malicious attack, block or alarm illegal commands and filter all illegal access behaviors to target equipment aiming at the real-time auditing and blocking of the operation and maintenance operation of the power monitoring system, and can audit and monitor the misoperation and illegal operation of internal personnel, thereby reducing the safety risk caused by human factors, realizing the risk minimization control of the artificial operation and maintenance operation of the station-side power monitoring system while ensuring the operation and maintenance benefits, and improving the safety protection capability.
It should be understood that although the various steps in the flow charts of fig. 2-8 are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least some of the steps in fig. 2-8 may include multiple sub-steps or multiple stages that are not necessarily performed at the same time, but may be performed at different times, and the order of performance of the sub-steps or stages is not necessarily sequential, but may be performed in turn or alternating with other steps or at least some of the sub-steps or stages of other steps.
Referring to fig. 9, in an embodiment of the present application, an operation and maintenance auditing apparatus is provided, configured to audit an operation and maintenance operation instruction of an electric power monitoring system in real time, and includes an operation and maintenance operation instruction obtaining module 12, an operation and maintenance equipment detecting and password obtaining module 14, and a password verifying module 16, where the operation and maintenance operation instruction obtaining module 12 is configured to obtain an operation and maintenance operation instruction sent by a preset operation and maintenance equipment, where the operation and maintenance operation instruction is requested to be executed by using a target account number in the operation and maintenance equipment in an environment with a preset compliance safety; the operation and maintenance device detection and password acquisition module 14 is configured to acquire a first target password input by the operation and maintenance device when it is determined that the operation and maintenance device is a binding device of the target account according to the operation and maintenance operation instruction; the password verification module 16 is configured to set, in a case that the first target password matches the verification password of the target account stored in the server, the authority of the operation and maintenance device for executing the operation and maintenance operation to be allowed to be executed. Therefore, the operation and maintenance operation instructions of the power monitoring system can be audited in real time, the operation of illegal external connection equipment which is not in conformity with the operation of the power monitoring system is avoided, and the operation and maintenance operation safety of the power monitoring system and the use safety of the power monitoring system of the transformer substation are effectively improved.
Referring to fig. 10, in an embodiment of the present application, an operation and maintenance auditing apparatus is provided, where the operation and maintenance auditing apparatus further includes an operation and maintenance protocol certificate obtaining module 18, an operation and maintenance protocol certificate verifying module 110, and an operation and maintenance target communication link establishing module 112, where the operation and maintenance protocol certificate obtaining module 18 is configured to obtain an operation and maintenance protocol certificate of communication; the operation and maintenance protocol certificate checking module 110 is configured to determine whether the operation and maintenance protocol certificate matches a protocol certificate in a preset operation and maintenance protocol certificate feature library; the operation and maintenance target communication link establishing module 112 is configured to establish a communication link with the target resource to be operated and maintained when the operation and maintenance protocol certificate is matched with a protocol certificate in a preset operation and maintenance protocol certificate feature library, and send an operation and maintenance operation instruction to the target resource to be operated and maintained based on the communication link, so as to perform operation and maintenance operation on the target resource to be operated and maintained.
Referring to fig. 11, in an embodiment of the present application, an operation and maintenance auditing apparatus is provided, where the operation and maintenance target communication link establishing module 112 includes an operation and maintenance operation instruction data obtaining module 1122 and an event rule base matching response module 1123, where the operation and maintenance operation instruction data obtaining module 1122 is configured to analyze the operation and maintenance operation instruction to obtain operation and maintenance operation instruction data; the event rule base matching response module 1123 is configured to determine whether the operation and maintenance instruction data matches instruction data in a preset event rule base; if the operation and maintenance operation instruction data are matched with conventional instruction data in a preset event rule base, responding to the operation and maintenance operation instruction, and executing operation and maintenance operation according to the operation and maintenance operation instruction; if the operation and maintenance operation instruction data are matched with first-class risk instruction data in a preset event rule base, stopping executing operation and maintenance operation of the operation and maintenance operation instruction; if the operation and maintenance operation instruction data are matched with second-class risk instruction data in a preset event rule base, generating secondary examination and approval prompt information, responding to the operation and maintenance operation instruction under the condition that the secondary examination and approval is passed, and executing operation and maintenance operation according to the operation and maintenance operation instruction, wherein the operation risk level of the second-class risk instruction data is higher than that of the first-class risk instruction data; otherwise, intercepting or blocking the operation and maintenance operation instruction, and disconnecting the communication link.
Referring to fig. 12, in an embodiment of the present application, an operation and maintenance auditing apparatus is provided, where the operation and maintenance auditing apparatus further includes a log generating module 114, and the log generating module 114 is configured to record the operation and maintenance operation information and form a log, where the operation and maintenance operation information includes screen display information of the operation and maintenance equipment and input information of the operation and maintenance equipment.
For specific limitations of the operation and maintenance auditing device, reference may be made to the above limitations of the operation and maintenance auditing method, which are not described herein again.
The modules in the operation and maintenance auditing device can be wholly or partially realized by software, hardware and a combination thereof. The modules can be embedded in a hardware form or independent from a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
In one embodiment of the present application, a computer device is provided, and the computer device may be a terminal, and the internal structure diagram thereof may be as shown in fig. 13. The computer device includes a processor, a memory, a network interface, a display screen, and an input device connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement an operation and maintenance auditing method. The display screen of the computer equipment can be a liquid crystal display screen or an electronic ink display screen, and the input device of the computer equipment can be a touch layer covered on the display screen, a key, a track ball or a touch pad arranged on the shell of the computer equipment, an external keyboard, a touch pad or a mouse and the like.
Those skilled in the art will appreciate that the architecture shown in fig. 13 is merely a block diagram of some of the structures associated with the disclosed aspects and is not intended to limit the computing devices to which the disclosed aspects apply, as particular computing devices may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.
In one embodiment of the present application, there is provided a computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the steps of any of the methods described in the embodiments of the present application when executing the computer program.
In an embodiment of the application, a computer-readable storage medium is provided, on which a computer program is stored which, when being executed by a processor, carries out the steps of any of the methods described in the embodiments of the application.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in the embodiments provided herein may include non-volatile and/or volatile memory, among others. Non-volatile memory can include read-only memory (ROM), Programmable ROM (PROM), Electrically Programmable ROM (EPROM), Electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), Double Data Rate SDRAM (DDRSDRAM), Enhanced SDRAM (ESDRAM), Synchronous Link DRAM (SLDRAM), Rambus Direct RAM (RDRAM), direct bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM).
The technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, but should be considered as the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.

Claims (10)

1. An operation and maintenance auditing method is used for auditing operation and maintenance operating instructions of a power monitoring system in real time, and comprises the following steps:
acquiring an operation and maintenance operation instruction sent by operation and maintenance equipment, wherein the operation and maintenance operation instruction is requested to be executed by the operation and maintenance equipment under a preset compliance safety environment by using a target account;
under the condition that the operation and maintenance equipment is determined to be the binding equipment of the target account according to the operation and maintenance operation instruction, acquiring a first target password input by the operation and maintenance equipment;
and setting the authority of the operation and maintenance equipment for executing the operation and maintenance operation to be allowed to be executed under the condition that the first target password is matched with the verification password of the target account stored in the server.
2. The method of claim 1, wherein after setting the right of the operation and maintenance device to perform the operation and maintenance operation as permitted, further comprising:
acquiring an operation and maintenance protocol certificate of communication;
judging whether the operation and maintenance protocol certificate is matched with a protocol certificate in a preset operation and maintenance protocol certificate feature library or not;
if so, establishing a communication link with the target resource to be operated and maintained, and sending an operation and maintenance operation instruction to the target resource to be operated and maintained on the basis of the communication link so as to perform operation and maintenance operation on the target resource to be operated and maintained.
3. The method of claim 2, wherein the performing the operation and maintenance operation on the target resource to be operated and maintained comprises:
analyzing the operation and maintenance operation instruction to obtain operation and maintenance operation instruction data;
judging whether the operation and maintenance operation instruction data are matched with instruction data in a preset event rule base or not;
if the operation and maintenance operation instruction data are matched with conventional instruction data in a preset event rule base, responding to the operation and maintenance operation instruction, and executing operation and maintenance operation according to the operation and maintenance operation instruction;
if the operation and maintenance operation instruction data are matched with first-class risk instruction data in a preset event rule base, stopping executing operation and maintenance operation of the operation and maintenance operation instruction;
if the operation and maintenance operation instruction data are matched with second-class risk instruction data in a preset event rule base, generating secondary examination and approval prompt information, responding to the operation and maintenance operation instruction under the condition that the secondary examination and approval is passed, and executing operation and maintenance operation according to the operation and maintenance operation instruction, wherein the operation risk level of the second-class risk instruction data is higher than that of the first-class risk instruction data;
otherwise, intercepting or blocking the operation and maintenance operation instruction, and disconnecting the communication link.
4. The method of claim 3, wherein the performing the operation and maintenance operation on the target resource to be operated and maintained comprises:
under the condition that the operation and maintenance operation instruction data are matched with conventional instruction data in a preset event rule base, judging whether the duration time of the operation and maintenance operation is within a preset time threshold range;
if so, performing operation and maintenance operation on the target resource to be operated and maintained;
otherwise, intercepting or blocking the operation and maintenance operation instruction, and disconnecting the communication link.
5. The method of claim 4, wherein the performing the operation and maintenance operation on the target resource to be operated and maintained comprises:
under the condition that the duration time of the operation and maintenance operation is within a preset time threshold range, judging whether the target resource to be operated and maintained belongs to a resource within a preset authorization range;
if so, performing operation and maintenance operation on the target resource to be operated and maintained;
otherwise, intercepting or blocking the operation and maintenance operation instruction, and disconnecting the communication link.
6. The method of claim 5, wherein the performing the operation and maintenance operation on the target resource to be operated and maintained comprises:
under the condition that the target resource to be operated and maintained belongs to a resource within a preset authorization range, judging whether the operation and maintenance operation instruction comprises an operation instruction for acquiring a file from the target resource to be operated and maintained;
if so, acquiring a file from the target resource to be operated and maintained according to the operation instruction for acquiring the file, and identifying the acquired file;
and under the condition that the identification result is matched with the sensitive information in the preset sensitive information base, disconnecting the communication link.
7. The method according to any one of claims 2 to 6, wherein the step of establishing a communication link with the target resource to be operated and maintained, and sending the operation and maintenance operation instruction to the target resource to be operated and maintained based on the communication link, comprises:
establishing a communication link with the target resource to be operated and maintained;
judging whether an operation and maintenance operation instruction to be sent exists in a preset malicious instruction library or not;
if yes, sending an operation and maintenance operation instruction to the target resource to be operated and maintained based on the communication link;
otherwise, intercepting or blocking the operation and maintenance operation instruction, and disconnecting the communication link.
8. The method according to any one of claims 1 to 6, wherein after the right of the operation and maintenance device to perform the operation and maintenance operation is set to be allowed to be performed, the method further comprises:
and recording the operation and maintenance operation information and forming a log, wherein the operation and maintenance operation information comprises screen display information of the operation and maintenance equipment and input information of the operation and maintenance equipment.
9. The utility model provides an operation and maintenance auditing device which for to the real-time audit of electric power monitoring system operation and maintenance operating instruction, include:
the operation and maintenance operation instruction acquisition module is used for acquiring an operation and maintenance operation instruction sent by preset operation and maintenance equipment, wherein the operation and maintenance operation instruction is requested to be executed by using a target account number in the operation and maintenance equipment in a preset compliance safety environment;
the operation and maintenance equipment detection and password acquisition module is used for acquiring a first target password input by the operation and maintenance equipment under the condition that the operation and maintenance equipment is determined to be the binding equipment of the target account according to the operation and maintenance operation instruction;
and the password checking module is used for setting the authority of the operation and maintenance equipment for executing the operation and maintenance operation to be allowed to execute under the condition that the first target password is matched with the checking password of the target account stored in the server.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method of any one of claims 1 to 9.
CN202011207366.8A 2020-11-03 2020-11-03 Operation and maintenance auditing method, device and medium for transformer substation power monitoring system Active CN112383524B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011207366.8A CN112383524B (en) 2020-11-03 2020-11-03 Operation and maintenance auditing method, device and medium for transformer substation power monitoring system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011207366.8A CN112383524B (en) 2020-11-03 2020-11-03 Operation and maintenance auditing method, device and medium for transformer substation power monitoring system

Publications (2)

Publication Number Publication Date
CN112383524A true CN112383524A (en) 2021-02-19
CN112383524B CN112383524B (en) 2022-09-30

Family

ID=74577621

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011207366.8A Active CN112383524B (en) 2020-11-03 2020-11-03 Operation and maintenance auditing method, device and medium for transformer substation power monitoring system

Country Status (1)

Country Link
CN (1) CN112383524B (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113282950A (en) * 2021-07-26 2021-08-20 阿里云计算有限公司 Operation and maintenance method, device, equipment and system of encryption machine
CN113311809A (en) * 2021-05-28 2021-08-27 苗叶 Industrial control system-based safe operation and maintenance instruction blocking device and method
CN113364765A (en) * 2021-06-03 2021-09-07 北京天融信网络安全技术有限公司 Cloud operation and maintenance auditing method and device
CN113378152A (en) * 2021-06-30 2021-09-10 北京天融信网络安全技术有限公司 Operation and maintenance auditing method and device, storage medium and electronic equipment
CN113505050A (en) * 2021-06-07 2021-10-15 广发银行股份有限公司 User behavior analysis method, system, device and storage medium
CN113542218A (en) * 2021-06-07 2021-10-22 南京地铁建设有限责任公司 Data transmission method, power monitoring equipment, operation and maintenance equipment and storage medium
CN113572733A (en) * 2021-06-23 2021-10-29 北京思特奇信息技术股份有限公司 Safety management and control method and safety management and control system based on front-end module
CN114301799A (en) * 2021-11-23 2022-04-08 航天信息股份有限公司 Remote operation and maintenance method and device based on ganymed-ssh2
CN114338087A (en) * 2021-12-03 2022-04-12 成都安恒信息技术有限公司 Directional operation and maintenance auditing method and system based on firewall
CN115118509A (en) * 2022-06-29 2022-09-27 国网河南省电力公司电力科学研究院 Substation secondary equipment debugging file permission detection method and security control device

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105139139A (en) * 2015-08-31 2015-12-09 国家电网公司 Data processing method, device and system for operation and maintenance audit
US20180276270A1 (en) * 2015-09-17 2018-09-27 Eoriginal, Inc. System and method for electronic data capture and management for audit, monitoring, reporting and compliance
CN110032098A (en) * 2019-03-13 2019-07-19 国网安徽省电力有限公司安庆供电公司 A kind of integral electrical monitoring system and method with safe O&M audit function
CN110705726A (en) * 2019-09-30 2020-01-17 杭州安恒信息技术股份有限公司 Operation and maintenance auditing method, system and device for industrial equipment
CN111697694A (en) * 2020-06-02 2020-09-22 广西电网有限责任公司电力科学研究院 Power distribution terminal near-end maintenance identity authentication method and system
CN111768079A (en) * 2020-06-01 2020-10-13 国网江苏省电力有限公司 Safe operation and maintenance management system and method for power system

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105139139A (en) * 2015-08-31 2015-12-09 国家电网公司 Data processing method, device and system for operation and maintenance audit
US20180276270A1 (en) * 2015-09-17 2018-09-27 Eoriginal, Inc. System and method for electronic data capture and management for audit, monitoring, reporting and compliance
CN110032098A (en) * 2019-03-13 2019-07-19 国网安徽省电力有限公司安庆供电公司 A kind of integral electrical monitoring system and method with safe O&M audit function
CN110705726A (en) * 2019-09-30 2020-01-17 杭州安恒信息技术股份有限公司 Operation and maintenance auditing method, system and device for industrial equipment
CN111768079A (en) * 2020-06-01 2020-10-13 国网江苏省电力有限公司 Safe operation and maintenance management system and method for power system
CN111697694A (en) * 2020-06-02 2020-09-22 广西电网有限责任公司电力科学研究院 Power distribution terminal near-end maintenance identity authentication method and system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
刘涛: "电力综合业务数据网安全运维管理建议", 《电力信息与通信技术》 *

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113311809A (en) * 2021-05-28 2021-08-27 苗叶 Industrial control system-based safe operation and maintenance instruction blocking device and method
CN113364765A (en) * 2021-06-03 2021-09-07 北京天融信网络安全技术有限公司 Cloud operation and maintenance auditing method and device
CN113505050A (en) * 2021-06-07 2021-10-15 广发银行股份有限公司 User behavior analysis method, system, device and storage medium
CN113542218A (en) * 2021-06-07 2021-10-22 南京地铁建设有限责任公司 Data transmission method, power monitoring equipment, operation and maintenance equipment and storage medium
CN113572733A (en) * 2021-06-23 2021-10-29 北京思特奇信息技术股份有限公司 Safety management and control method and safety management and control system based on front-end module
CN113572733B (en) * 2021-06-23 2024-04-12 北京思特奇信息技术股份有限公司 Safety control method and safety control system based on front-end module
CN113378152A (en) * 2021-06-30 2021-09-10 北京天融信网络安全技术有限公司 Operation and maintenance auditing method and device, storage medium and electronic equipment
CN113378152B (en) * 2021-06-30 2024-09-24 北京天融信网络安全技术有限公司 Operation and maintenance auditing method and device, storage medium and electronic equipment
CN113282950A (en) * 2021-07-26 2021-08-20 阿里云计算有限公司 Operation and maintenance method, device, equipment and system of encryption machine
CN114301799A (en) * 2021-11-23 2022-04-08 航天信息股份有限公司 Remote operation and maintenance method and device based on ganymed-ssh2
CN114338087A (en) * 2021-12-03 2022-04-12 成都安恒信息技术有限公司 Directional operation and maintenance auditing method and system based on firewall
CN114338087B (en) * 2021-12-03 2024-03-15 成都安恒信息技术有限公司 Directional operation and maintenance auditing method and system based on firewall
CN115118509A (en) * 2022-06-29 2022-09-27 国网河南省电力公司电力科学研究院 Substation secondary equipment debugging file permission detection method and security control device
CN115118509B (en) * 2022-06-29 2024-06-18 国网河南省电力公司电力科学研究院 Method for detecting authority of debugging files of secondary equipment of transformer substation and safety control device

Also Published As

Publication number Publication date
CN112383524B (en) 2022-09-30

Similar Documents

Publication Publication Date Title
CN112383524B (en) Operation and maintenance auditing method, device and medium for transformer substation power monitoring system
CN110213215B (en) Resource access method, device, terminal and storage medium
CN113536258A (en) Terminal access control method and device, storage medium and electronic equipment
KR101276261B1 (en) Security System For Remote Connection
CN101588360A (en) Associated equipment and method for internal network security management
CN110912929B (en) Safety control middle platform system based on regional medical treatment
US11245704B2 (en) Automatically executing responsive actions based on a verification of an account lineage chain
CN104202338A (en) Secure access method applicable to enterprise-level mobile applications
US10958670B2 (en) Processing system for providing console access to a cyber range virtual environment
CN115150208B (en) Zero-trust-based Internet of things terminal secure access method and system
CN101667232A (en) Terminal credible security system and method based on credible computing
US8677446B2 (en) Centrally managed impersonation
CN109547402B (en) Data protection method and device, electronic equipment and readable storage medium
US11778048B2 (en) Automatically executing responsive actions upon detecting an incomplete account lineage chain
CN111212077A (en) Host access system and method
US10924481B2 (en) Processing system for providing console access to a cyber range virtual environment
KR102655993B1 (en) System for providing zero trust model based seruity management service
CN108154026B (en) Root-free and non-invasive secure communication method and system based on Android system
CN114244568A (en) Security access control method, device and equipment based on terminal access behavior
CN116996238A (en) Processing method and related device for network abnormal access
Murthy et al. Database Forensics and Security Measures to Defend from Cyber Threats
CN114205116A (en) Zero-trust borderless security access system
CN113407947A (en) Trusted connection verification method for mobile terminal user in cloud environment
CN112398792B (en) Login protection method, client, central control management equipment and storage medium
Chen et al. Research and Design of O&M Audit System Based on Commercial Cryptography Technology

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant