CN113111344A - Asset management method, device, electronic equipment and medium - Google Patents
Asset management method, device, electronic equipment and medium Download PDFInfo
- Publication number
- CN113111344A CN113111344A CN202110321307.1A CN202110321307A CN113111344A CN 113111344 A CN113111344 A CN 113111344A CN 202110321307 A CN202110321307 A CN 202110321307A CN 113111344 A CN113111344 A CN 113111344A
- Authority
- CN
- China
- Prior art keywords
- switch
- server
- entry
- firewall
- hit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000007726 management method Methods 0.000 title abstract description 58
- 238000000034 method Methods 0.000 claims abstract description 41
- 238000012545 processing Methods 0.000 claims abstract description 10
- 230000015654 memory Effects 0.000 claims description 21
- 238000004590 computer program Methods 0.000 claims description 12
- 238000012423 maintenance Methods 0.000 abstract description 9
- 230000003111 delayed effect Effects 0.000 abstract description 4
- 238000005516 engineering process Methods 0.000 abstract description 3
- 238000010586 diagram Methods 0.000 description 5
- 230000008901 benefit Effects 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 2
- 238000011156 evaluation Methods 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 230000001360 synchronised effect Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- Databases & Information Systems (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses an asset management method, an asset management device, electronic equipment and an asset management medium, relates to the technical field of data processing, and is used for solving the problem that in the related technology, an asset management system does not store the connection relation between a switch and a server, so that the maintenance process of the switch is delayed. The method comprises the steps of obtaining a first table based on the firewall, wherein the first table comprises more than one first entry; acquiring a second table based on the switch, wherein the second table comprises more than one second entry; a switch ID-server IP table is constructed based on the first table and the second table, the switch ID-server IP table including more than one switch ID-server IP entry, the switch ID-server IP entry associating a server IP and a switch ID associated with the same MAC address. According to the invention, the connection relation between the switch and the server is stored by establishing the ID-server IP table of the switch, so that the risk of delaying the maintenance process of the switch is reduced.
Description
Technical Field
The present invention relates to the field of data processing technologies, and in particular, to an asset management method, an asset management apparatus, an electronic device, and a medium.
Background
Most networks, such as enterprises, parks, and data centers, require firewalls to be deployed at the egress boundary to secure assets. Meanwhile, the system can be matched with an asset management system to carry out data acquisition and server management on assets.
In the related art, the asset management system stores the serial numbers of the servers and the serial numbers of the switches, but does not store the connection relationship between the servers and the switches, so that the connected servers cannot be quickly determined before the switches are maintained, and the maintenance process of the switches is delayed.
At present, no effective solution is provided for the problem that the connection relation between the switch and the server is not stored in an asset management system in the related art, so that the maintenance process of the switch is delayed.
Disclosure of Invention
In order to overcome the defects of the related art, the invention aims to provide an asset management method, an asset management device, electronic equipment and an asset management medium, which realize the storage of the connection relation between a switch and a server by establishing a switch ID-server IP table so as to reduce the risk of delaying the maintenance process of the switch.
One of the purposes of the invention is realized by adopting the following technical scheme:
an asset management method comprising:
obtaining a first table based on a firewall, wherein the first table comprises more than one first entry, and the first entry is associated with a MAC address and a server IP;
acquiring a second table based on a switch, wherein the second table comprises more than one second entry, and the second entry is associated with a MAC address and a switch ID;
constructing a switch ID-server IP table based on the first table and the second table, the switch ID-server IP table including more than one switch ID-server IP entry associating the server IP and the switch ID associated with the same MAC address.
In some embodiments, the second table further comprises one or more second entries, the second entries associating MAC addresses and interfaces, and the switch ID-server IP associates the server IP, the switch, and the interfaces associated with the same MAC address.
In some of these embodiments, the method further comprises:
obtaining a third table based on the switch, wherein the third table comprises more than one third entry, and the third entry relates to the interface and the interface description;
building a management table based on the third table and the switch ID-server IP table, the management table including one or more management entries associating the server IP, switch ID, the interface, and the interface description.
In some of these embodiments, the method further comprises:
acquiring a fourth table based on the switch, wherein the fourth table comprises more than one fourth entry, and the fourth entry is associated with a server IP and an interface description;
building a management table based on the fourth table and the switch ID-server IP table, the management table including one or more management entries associating the server IP, switch ID, the interface, and the interface description.
In some of these embodiments, the method further comprises:
receiving a hit inquiry signal, wherein the hit inquiry signal carries the selected firewall ID, the first time period and the second time period;
responding to the hit inquiry signal to inquire data hit in a first time period and recording the data hit in a second time period as first hit data by a security policy deployed in cooperation with the selected firewall ID;
and outputting the changed data relative to the first hit data in the second hit data and/or the changed data quantity.
In some of these embodiments, the method further comprises:
recording the scoring condition of any firewall in a preset time period as data to be processed;
calculating a standard total score and an actual total score of the arbitrary firewall based on the data to be processed;
calculating a security score for the arbitrary firewall using a scoring formula set, wherein the scoring formula set comprises:
u is the security score of any firewall, E is the actual total score of the firewall, G is the standard total score of the firewall, and Y is a constant and is not equal to 0.
In some of these embodiments, the method further comprises:
taking the security score of the firewall as the security score of the related server IP;
and the switch ID-server IP entry is associated with the security score and/or the hit frequency of the corresponding server IP in the preset time period.
The second purpose of the invention is realized by adopting the following technical scheme:
an asset management device comprising:
the first obtaining module is used for obtaining a first table based on a firewall, wherein the first table comprises more than one first entry, and the first entry is associated with a MAC address and a server IP;
a second obtaining module, configured to obtain a second table based on a switch, where the second table includes more than one second entry, and the second entry associates a MAC address with the switch;
a processing module to construct a switch ID-server IP table based on the first table and the second table, the switch ID-server IP table including more than one switch ID-server IP entry, the switch ID-server IP entry associating the server IP and the switch associated with a same MAC address.
It is a further object of the invention to provide an electronic device performing one of the objects of the invention, comprising a memory in which a computer program is stored and a processor arranged to carry out the method described above when executing the computer program.
It is a fourth object of the present invention to provide a computer readable storage medium storing one of the objects of the invention, having stored thereon a computer program which, when executed by a processor, implements the method described above.
Compared with the related technology, the invention has the beneficial effects that: and constructing a switch ID-server IP table by using the first firewall-based table and the second switch-based table, so that equipment connected with the switch can be quickly determined and quickly notified by taking the switch as a query condition in the switch ID-server IP table on an execution device, thereby reducing the risk of delaying the maintenance process of the switch.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:
FIG. 1 is a flow chart of a method for asset management according to an embodiment of the present application;
FIG. 2 is a flowchart of the query procedure in the second embodiment of the present application;
FIG. 3 is a block diagram of an asset management device according to a third embodiment of the present application;
fig. 4 is a block diagram of an electronic device according to a fourth embodiment of the present application.
Description of reference numerals: 31. a first acquisition module; 32. a second acquisition module; 33. a processing module;
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application will be described and illustrated below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments provided in the present application without any inventive step are within the scope of protection of the present application.
It will be appreciated that such a development effort might be complex and tedious, but would nevertheless be a routine undertaking of design, fabrication, and manufacture for those of ordinary skill having the benefit of this disclosure, and is not intended to limit the scope of this disclosure.
Example one
The embodiment provides an asset management method, and aims to solve the problem that in the related art, an asset management system does not store the connection relation between a switch and equipment, so that the maintenance process of the switch is delayed.
Fig. 1 is a flowchart of an asset management method according to an embodiment of the present application, and referring to fig. 1, the asset management method includes steps S101 to S103.
Step S101, a first table based on a firewall is obtained, the first table comprises more than one first entry, and the first entry is associated with a MAC address and a server IP.
Step S102, a second table based on the switch is obtained, the second table comprises more than one second entry, and the second entry is associated with the MAC address and the switch ID. It is to be understood that the steps S101 and S102 do not limit the execution order.
Step S103, constructing a switch ID-server IP table based on the first table and the second table, wherein the switch ID-server IP table comprises more than one switch ID-server IP entry, and the switch ID-server IP entry is related to a server IP and a switch ID related to the same MAC address.
In summary, the switch ID-server IP table is constructed by the first firewall-based table and the second switch-based table, so that the equipment connected with the switch can be quickly determined and quickly notified by taking the switch as a query condition in the switch ID-server IP table on the executing equipment, and the risk of delaying the maintenance process of the switch is reduced.
It is worth mentioning that the steps of the method may be performed on the basis of an execution device. Specifically, the execution device may be a server, a cloud server, a client, a processor, a firewall, a switch, or the like, but the execution device is not limited to the above type.
It will be appreciated that the steps illustrated in the flowcharts described above or in the flowcharts of the figures may be performed in a computer system such as a set of computer-executable instructions and that, although a logical order is illustrated in the flowcharts, in some cases, the steps illustrated or described may be performed in an order different than here.
As an optional embodiment, for step S101, since the number of firewalls is more than one, the first table may be set in a one-to-one manner with the firewalls, or the first table may be set in a one-to-many manner with the firewalls, which is not limited herein.
In a case that the first table and the firewall are in one-to-one configuration, the generating of the first table may include the following steps: logging in a firewall; controlling the firewall to capture and feed back corresponding ARP information according to the brand coordination, wherein the content of the capture command is different due to different brands of the firewall, and the details are not repeated herein as long as the capture of the ARP information can be realized; and extracting the corresponding MAC address and the server IP from the ARP information, and generating a second table according to the extracted MAC address, the server IP and the corresponding relation of the server IP and the server IP. It is understood that the executing device may also control the firewall to generate the corresponding first table and then feed the first table back to the executing device, and the generation manner of the first table is not limited to the above type.
It is further worth mentioning that, in the case that the first table and the firewall are arranged in a one-to-many manner, the generating of the first table may include the following steps: respectively logging in each firewall; controlling the brand of each firewall to capture ARP information in a matching way and feeding back the ARP information; extracting corresponding MAC addresses and server IPs from each ARP message, namely, the MAC addresses and the server IPs form a pair; and summarizing the extracted MAC address, the server IP and the corresponding relation of the MAC address and the server IP to generate a second table. It is to be understood that the executing device may also feed back the MAC address-server IP to the executing device after extracting the MAC address-server IP, and the generation manner of the first table is not limited to the above type.
Here, the first entry is exemplified in the form of table 1, but of course, the first entry is not limited to the above parameters, and may include a virtual port and the like.
| MAC address | Server IP |
| 3CAB.007C.A784 | 129.71.11.80 |
TABLE 1
As an optional embodiment, for step S102, since the number of switches is more than one, the second table may be set in one-to-one relationship with the switches, or the second table may also be set in one-to-many relationship with the switches, which is not limited herein.
It is further worth mentioning that, in case the second table is in one-to-one configuration with the switch, the generation of the second table may include the following steps: logging in the switch; controlling each switch to capture corresponding information according to the brand coordination and feed back the information; and generating a second table according to the fed MAC address, the switch ID and the corresponding relation of the MAC address and the switch ID. It is understood that the executing device may also control the switch to generate the corresponding second table and then feed the second table back to the executing device, and the generation manner of the second table is not limited to the above type. It should be noted that the information of the switch is presented in the form of an ID. For the case that the second table and the switch are set in a one-to-many manner, the specific steps can be understood by combining with the above-mentioned embodiment related to the first table, and detailed description is not repeated here.
The second entry is illustrated in table 2, but of course, the second entry is limited to the above parameters and may include a virtual port, an interface, and the like.
| MAC address | Switch ID | Interface |
| 3CAB.007C.A784 | JHJ01 | gi039 |
TABLE 2
As an alternative embodiment, for step S102, since the second entry includes the MAC address and the switch ID, and the second entry includes the associated MAC address and the switch ID, the switch ID may be associated with the server IP based on the MAC address. The switch ID-server IP entries are illustrated in table 3 and include at least a switch ID-server IP and one corresponding to a server IP, but are limited to the above parameters and may include virtual ports and the like.
| MAC address | Switch ID | Server IP | Interface |
| 3CAB.007C.A784 | JHJ01 | 129.71.11.80 | gi039 |
TABLE 3
As an optional implementation manner, the second table further includes more than one second entry, and the second entry associates the MAC address and the interface, and then the switch ID-server IP entry associates the server IP, the switch ID, and the interface related to the same MAC address. Specifically, as shown in table 3, the interface is a switch interface, and the switch ID-server IP entry at least includes: switch ID-server IP-interface.
Through the technical scheme, the server connected with the switch can be quickly determined, and the interface connected with each server can be known, so that local maintenance or fault inspection can be conveniently carried out on the switch.
As an optional implementation, the method may further include: acquiring a third table based on the switch, wherein the third table comprises more than one third entry, and the third entry is related to interfaces and interface descriptions; a management table is constructed based on the third table and the switch ID-server IP table, the management table including more than one management entry, the management entries further associated with interface descriptions associated with the interfaces.
It should be noted that, the management entry may specifically refer to the following table 4, where the interface is a switch interface, and the management entry may at least include: switch ID-server IP-interface description. The interface description can be a specific number of a server connected with the interface, so that the management table can be in a relationship with an existing asset management list, and a worker can quickly determine to find the equipment.
| MAC address | Switch ID | Server IP | Interface | Interface description |
| 3CAB.007C.A784 | JHJ01 | 129.71.11.80 | gi039 | 70e28408b32 |
TABLE 4
The obtaining of the management table may refer to the description of the second table, which is not described herein in detail. However, the command executed by the switch needs to be described here, and the switch needs to execute the show ip interface bridge and the show interface switch bridge, and summarize the data obtained by the playback according to the interface. By the technical scheme, accurate interface description can be obtained.
As an optional implementation, the method may further include: acquiring a fourth table based on the switch, wherein the fourth table comprises more than one fourth entry, and the fourth entry is associated with the server IP and the interface description; and constructing a management table based on the fourth table and the switch ID-server IP table, wherein the management table comprises more than one management entry, and the management entry is also associated with the interface description related to the server IP. The generation of the fourth table may refer to the relevant description of the first table, and the management entry may also refer to the relevant description of the previous embodiment, which is not described herein again, but it is worth explaining here that the interface description may be directly captured in the APR information, so through the technical solution, information such as the server IP, the MAC address, the interface description, and the like may be directly obtained in the generation process of the first table by adjusting the capture command, thereby improving the generation efficiency of the management table.
As an alternative embodiment, in step S103, the switch ID-server IP table may be directly supplemented with the fourth table, i.e., the switch ID-server IP table may be the same as the management table, thereby improving the processing efficiency.
Example two
The second embodiment provides an asset management method, and the second embodiment is performed on the basis of the first embodiment. Fig. 2 is a flowchart of the query procedure in the second embodiment of the present application.
Referring to fig. 2, the inquiring step may include steps S201 to S203.
Step S201, receiving a hit inquiry signal, wherein the hit inquiry signal carries the selected firewall ID, the first time period and the second time period. It should be noted that the sending end of the hit query signal is not limited herein, and the first time period and the second time period may have an intersection or may be independent of each other.
Step S202, responding to the hit inquiry signal, inquiring data hit in a first time period by a security policy deployed in cooperation with the selected firewall ID, and recording the data hit in the first time period as first hit data, and recording the data hit in a second time period as second hit data. The security policy is deployed on the firewall for security protection, and the security policies to be deployed on the respective firewalls may differ.
And step S203, outputting the changed data and/or the changed amount of data relative to the first hit data in the second hit data. It is understood that, in this step S203, unchanged data and/or the number of unchanged data in the second hit data with respect to the first hit data may also be output.
Through the technical scheme, the worker can quickly check the protection condition of the firewall so as to serve as the basis for the worker to adjust the security policy.
As an optional implementation, the querying step may further include: receiving a hit inquiry signal, wherein the hit inquiry signal carries the ID of the selected firewall, the third time and the fourth time; responding to the hit inquiry signal to inquire the version of the security strategy corresponding to the third time and the version of the security strategy corresponding to the fourth time; and obtaining the updated security policy according to the version of the security policy corresponding to the third time and the version of the security policy corresponding to the fourth time. By the technical scheme, the staff can quickly check the updating condition of the security policy so as to determine the security policy of the latest version and coordinate the security policy to adjust.
Further, in the hit query step, the number of times that the server corresponding to the firewall is hit can be obtained, and the switch ID-server IP table and/or the management table can be enriched according to the number of times that the server IP-hits, so that the worker can know the security of each server conveniently.
As an alternative embodiment, the method may further comprise a scoring step, and in particular, the scoring step may refer to the following description.
Recording the scoring condition of any firewall in a preset time period as data to be processed;
calculating a standard total score and an actual total score of any firewall based on the data to be processed;
calculating the security score of any firewall by using a scoring formula group, wherein the scoring formula group comprises:
u is the security score of any firewall,e is the actual total score of the firewall, G is the standard total score of the firewall, Y is a constant and Y ≠ 0.
The security score for any firewall is illustrated here: the firewall has more than one security policy, each security policy having a standard score and an actual score, wherein the actual score may be given by a worker, and the standard score of one security policy is set to the full score of the actual score of the security policy. Accordingly, the standard total score of the firewall is the sum of each standard score, and the actual total score of the firewall is the sum of each actual score. Another example is: when E113 and G114, U is 0.991Y, U may have a certain difference according to the decimal point number requirement of E/G, and when the security score of the firewall adopts the tenth system, Y is 10.
According to the technical scheme, the dimensionality of security management is introduced into the firewall scoring, so that the accuracy of the firewall security evaluation result is improved. The higher the security score of the firewall is, the higher the security of the current corresponding server IP is so as to realize the security evaluation of the server environment, and the switch ID-server IP table and/or the management table are enriched according to the server IP-security score so as to facilitate the staff to know the security condition of each server.
EXAMPLE III
A third embodiment provides an asset management device, which is the virtual device structure of the first embodiment. Fig. 3 is a block diagram of an asset management device according to a third embodiment of the present application, and referring to fig. 3, the asset management device includes: comprises a first acquisition module 31, a second acquisition module 32 and a processing module 33.
A first obtaining module 31, configured to obtain a first table based on a firewall, where the first table includes more than one first entry, and the first entry associates a MAC address and a server IP;
a second obtaining module 32, configured to obtain a second table based on the switch, where the second table includes more than one second entry, and the second entry associates the MAC address with the switch;
a processing module 33 configured to construct a switch ID-server IP table based on the first table and the second table, where the switch ID-server IP table includes more than one switch ID-server IP entry, and the switch ID-server IP entries are associated with a server IP and a switch associated with the same MAC address.
The above modules may be functional modules or program modules, and may be implemented by software or hardware. For a module implemented by hardware, the modules may be located in the same processor; or the modules can be respectively positioned in different processors in any combination.
Example four
In a fourth embodiment, an electronic device is provided, fig. 4 is a block diagram of a structure of the electronic device shown in the fourth embodiment of the present application, and referring to fig. 4, the electronic device includes a memory and a processor, where the memory stores a computer program, and the processor is configured to run the computer program to execute any asset management method in the foregoing embodiments, for a specific example, reference may be made to the examples described in the foregoing embodiments and optional embodiments, and details of the present embodiment are not repeated herein.
Optionally, the electronic device may further include a transmission device and an input/output device, wherein the transmission device is connected to the processor, and the input/output device is connected to the processor.
In addition, in combination with the asset management method in the foregoing embodiments, a storage medium may be provided to implement the fourth embodiment of the present application. The storage medium having stored thereon a computer program; the computer program when executed by a processor implementing a method of asset management in any of the above embodiments, the method comprising:
the method comprises the steps of obtaining a first table based on a firewall, wherein the first table comprises more than one first entry, and the first entry is associated with an MAC address and a server IP;
acquiring a second table based on the switch, wherein the second table comprises more than one second entry, and the second entry is associated with the MAC address and the ID of the switch;
a switch ID-server IP table is constructed based on the first table and the second table, the switch ID-server IP table including more than one switch ID-server IP entry, the switch ID-server IP entry associating a server IP and a switch ID associated with the same MAC address.
As shown in fig. 4, taking a processor as an example, the processor, the memory, the input device and the output device in the electronic device may be connected by a bus or other means, and fig. 4 takes the connection by the bus as an example.
The memory, which is a computer-readable storage medium, may include a high-speed random access memory, a non-volatile memory, and the like, and may be used to store an operating system, a software program, a computer-executable program, and a database, such as program instructions/modules corresponding to the asset management method according to the embodiment of the present invention, and may further include a memory, which may be used to provide a running environment for the operating system and the computer program. In some examples, the memory may further include memory located remotely from the processor, and these remote memories may be connected to the electronic device through a network.
The processor, which is used to provide computing and control capabilities, may include a Central Processing Unit (CPU), or A Specific Integrated Circuit (ASIC), or may be configured to implement one or more Integrated circuits of embodiments of the present Application. The processor executes various functional applications and data processing of the electronic device by executing the computer-executable programs, software programs, instructions and modules stored in the memory, that is, the asset management method of the first embodiment is implemented.
The output device of the electronic equipment can be a liquid crystal display screen or an electronic ink display screen, and the input device of the electronic equipment can be a touch layer covered on the display screen, a key, a track ball or a touch pad arranged on a shell of the computer equipment, an external keyboard, a touch pad or a mouse and the like.
The electronic device may further include a network interface/communication interface, the network interface of the electronic device being for communicating with an external terminal through a network connection. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
Those skilled in the art will appreciate that the structure shown in fig. 4 is a block diagram of only a portion of the structure relevant to the present application, and does not constitute a limitation on the electronic device to which the present application is applied, and a particular electronic device may include more or less components than those shown in the drawings, or combine certain components, or have a different arrangement of components.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in the embodiments provided herein may include non-volatile and/or volatile memory, among others. Non-volatile memory can include read-only memory (ROM), Programmable ROM (PROM), Electrically Programmable ROM (EPROM), Electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), Double Data Rate SDRAM (DDRSDRAM), Enhanced SDRAM (ESDRAM), synchronous link (Synchlink), DRAM (SLDRAM), Rambus Direct RAM (RDRAM), direct bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM).
It should be noted that, in the embodiment of the asset management method, each included unit and module are merely divided according to functional logic, but are not limited to the above division as long as the corresponding functions can be implemented; in addition, specific names of the functional units are only for convenience of distinguishing from each other, and are not used for limiting the protection scope of the present invention.
Unless defined otherwise, technical or scientific terms referred to herein shall have the ordinary meaning as understood by those of ordinary skill in the art to which this application belongs. Reference to "a," "an," "the," and similar words throughout this application are not to be construed as limiting in number, and may refer to the singular or the plural. The terms "comprises," "comprising," "including," "has," "having," and any variations thereof, as referred to herein, are intended to cover a non-exclusive inclusion. Reference to "connected," "coupled," and the like in this application is not intended to be limited to physical or mechanical connections, but may include electrical connections, whether direct or indirect. The term "plurality" as referred to herein means two or more. "and/or" describe the association relationship of the associated objects, meaning that three relationships may exist. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship. Reference herein to the terms "first," "second," "third," and the like, are merely to distinguish similar objects and do not denote a particular ordering for the objects.
The above examples only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.
Claims (10)
1. A method for asset management, the method comprising:
obtaining a first table based on a firewall, wherein the first table comprises more than one first entry, and the first entry is associated with a MAC address and a server IP;
acquiring a second table based on a switch, wherein the second table comprises more than one second entry, and the second entry is associated with a MAC address and a switch ID;
constructing a switch ID-server IP table based on the first table and the second table, the switch ID-server IP table including more than one switch ID-server IP entry associating the server IP and the switch ID associated with the same MAC address.
2. The method of claim 1, wherein the second table further comprises one or more second entries, wherein the second entries associate MAC addresses and interfaces, and wherein the switch ID-server IP associates the server IP, the switch, and the interface associated with the same MAC address.
3. The method of claim 2, further comprising:
obtaining a third table based on the switch, wherein the third table comprises more than one third entry, and the third entry relates to the interface and the interface description;
building a management table based on the third table and the switch ID-server IP table, the management table including one or more management entries associating the server IP, switch ID, the interface, and the interface description.
4. The method of claim 2, further comprising:
acquiring a fourth table based on the switch, wherein the fourth table comprises more than one fourth entry, and the fourth entry is associated with a server IP and an interface description;
building a management table based on the fourth table and the switch ID-server IP table, the management table including one or more management entries associating the server IP, switch ID, the interface, and the interface description.
5. The method according to any one of claims 1 to 4, further comprising:
receiving a hit inquiry signal, wherein the hit inquiry signal carries the selected firewall ID, the first time period and the second time period;
responding to the hit inquiry signal to inquire data hit in a first time period and recording the data hit in a second time period as first hit data by a security policy deployed in cooperation with the selected firewall ID;
and outputting the changed data relative to the first hit data in the second hit data and/or the changed data quantity.
6. The method of claim 5, further comprising:
recording the scoring condition of any firewall in a preset time period as data to be processed;
calculating a standard total score and an actual total score of the arbitrary firewall based on the data to be processed;
calculating a security score for the arbitrary firewall using a scoring formula set, wherein the scoring formula set comprises:
u is the security score of any firewall, E is the actual total score of the firewall, G is the standard total score of the firewall, and Y is a constant and is not equal to 0.
7. The method of claim 6, further comprising:
taking the security score of the firewall as the security score of the related server IP;
and the switch ID-server IP entry is associated with the security score and/or the hit frequency of the corresponding server IP in the preset time period.
8. An asset management device, characterized in that the device comprises:
the first obtaining module is used for obtaining a first table based on a firewall, wherein the first table comprises more than one first entry, and the first entry is associated with a MAC address and a server IP;
a second obtaining module, configured to obtain a second table based on a switch, where the second table includes more than one second entry, and the second entry associates a MAC address with the switch;
a processing module to construct a switch ID-server IP table based on the first table and the second table, the switch ID-server IP table including more than one switch ID-server IP entry, the switch ID-server IP entry associating the server IP and the switch associated with a same MAC address.
9. An electronic device comprising a memory and a processor, wherein the memory has stored therein a computer program, and wherein the processor is arranged to carry out the method of any one of claims 1 to 7 when the computer program is executed.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the method of any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110321307.1A CN113111344A (en) | 2021-03-25 | 2021-03-25 | Asset management method, device, electronic equipment and medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110321307.1A CN113111344A (en) | 2021-03-25 | 2021-03-25 | Asset management method, device, electronic equipment and medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113111344A true CN113111344A (en) | 2021-07-13 |
Family
ID=76712199
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110321307.1A Pending CN113111344A (en) | 2021-03-25 | 2021-03-25 | Asset management method, device, electronic equipment and medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113111344A (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101938398A (en) * | 2009-06-29 | 2011-01-05 | 深圳市联软科技有限公司 | Generation method, system and server of equipment positioning relationship table |
| CN203492034U (en) * | 2013-05-13 | 2014-03-19 | 北京百度网讯科技有限公司 | Data center server and asset management system, and server management device |
| CN109639743A (en) * | 2018-12-13 | 2019-04-16 | 成都亚信网络安全产业技术研究院有限公司 | A kind of firewall policy detection method and equipment |
| CN110704115A (en) * | 2019-09-16 | 2020-01-17 | 中盈优创资讯科技有限公司 | Method, device and system for configuring BMC (baseboard management controller) of server |
| CN110839089A (en) * | 2019-11-07 | 2020-02-25 | 苏州浪潮智能科技有限公司 | Server positioning method, system, electronic equipment and storage medium |
| CN111698199A (en) * | 2020-04-13 | 2020-09-22 | 国网浙江省电力有限公司杭州供电公司 | Firewall monitoring method and device |
| CN112040016A (en) * | 2019-06-04 | 2020-12-04 | 鸿富锦精密电子(天津)有限公司 | Server management method and server management device |
| CN112272246A (en) * | 2020-10-26 | 2021-01-26 | 北京首都在线科技股份有限公司 | Out-of-band network IP automatic configuration method and device, electronic equipment and storage medium |
-
2021
- 2021-03-25 CN CN202110321307.1A patent/CN113111344A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101938398A (en) * | 2009-06-29 | 2011-01-05 | 深圳市联软科技有限公司 | Generation method, system and server of equipment positioning relationship table |
| CN203492034U (en) * | 2013-05-13 | 2014-03-19 | 北京百度网讯科技有限公司 | Data center server and asset management system, and server management device |
| CN109639743A (en) * | 2018-12-13 | 2019-04-16 | 成都亚信网络安全产业技术研究院有限公司 | A kind of firewall policy detection method and equipment |
| CN112040016A (en) * | 2019-06-04 | 2020-12-04 | 鸿富锦精密电子(天津)有限公司 | Server management method and server management device |
| CN110704115A (en) * | 2019-09-16 | 2020-01-17 | 中盈优创资讯科技有限公司 | Method, device and system for configuring BMC (baseboard management controller) of server |
| CN110839089A (en) * | 2019-11-07 | 2020-02-25 | 苏州浪潮智能科技有限公司 | Server positioning method, system, electronic equipment and storage medium |
| CN111698199A (en) * | 2020-04-13 | 2020-09-22 | 国网浙江省电力有限公司杭州供电公司 | Firewall monitoring method and device |
| CN112272246A (en) * | 2020-10-26 | 2021-01-26 | 北京首都在线科技股份有限公司 | Out-of-band network IP automatic configuration method and device, electronic equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3079313B1 (en) | Data splitting method and splitter | |
| CN110502546B (en) | Data processing method and device | |
| WO2021217863A1 (en) | Order identifier generation method and apparatus, server, and storage medium | |
| CN111193749B (en) | Attack tracing method and device, electronic equipment and storage medium | |
| US9930005B2 (en) | Method, device and system for processing DNS cache information | |
| DE112013004315T5 (en) | Check the geographic address of a workload in a cloud computing environment | |
| US20220200902A1 (en) | Method, apparatus and storage medium for application identification | |
| CN113890879B (en) | Load balancing method and device for data access, computer equipment and medium | |
| US20220311773A1 (en) | Method and device for communication between microservices | |
| CN108090000A (en) | A kind of method and system for obtaining CPU register informations | |
| CN111224878B (en) | Route forwarding method and device, electronic equipment and storage medium | |
| CN114595481A (en) | Method, device, equipment and storage medium for processing response data | |
| CN114143090B (en) | Firewall deployment method, device, equipment and medium based on network security architecture | |
| CN111064786A (en) | Account identifier management method and device | |
| CN110515979B (en) | Data query method, device, equipment and storage medium | |
| CN104424316A (en) | Data storage method, data searching method, related device and system | |
| CN104702508A (en) | Method and system for dynamically updating table items | |
| CN113111344A (en) | Asset management method, device, electronic equipment and medium | |
| CN116303343A (en) | Data slicing method, device, electronic equipment and storage medium | |
| JP5530474B2 (en) | Information processing apparatus and method | |
| WO2022078001A1 (en) | Method and apparatus for managing static rule, and electronic device and storage medium | |
| US20230308933A1 (en) | Data transmission method, related network node and storage medium | |
| WO2022133827A1 (en) | Method and apparatus for processing task processing request, and blockchain node device | |
| CN114268608A (en) | Address segment retrieval method and device, electronic equipment and storage medium | |
| WO2017049959A1 (en) | Service processing method and equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210713 |