CN113378152A - Operation and maintenance auditing method and device, storage medium and electronic equipment - Google Patents
Operation and maintenance auditing method and device, storage medium and electronic equipment Download PDFInfo
- Publication number
- CN113378152A CN113378152A CN202110734466.4A CN202110734466A CN113378152A CN 113378152 A CN113378152 A CN 113378152A CN 202110734466 A CN202110734466 A CN 202110734466A CN 113378152 A CN113378152 A CN 113378152A
- Authority
- CN
- China
- Prior art keywords
- maintenance
- terminal
- information
- target
- target terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
- G06F21/445—Program or device authentication by mutual authentication, e.g. between devices or programs
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The embodiment of the application provides an operation and maintenance auditing method, an operation and maintenance auditing device, a storage medium and electronic equipment, wherein the operation and maintenance auditing method comprises the following steps: acquiring to-be-verified terminal information of a target terminal, wherein the to-be-verified terminal information comprises operating system type information of the target terminal and/or version type information of a browser in the target terminal; matching an operation and maintenance terminal information set with terminal information to be verified, wherein the operation and maintenance terminal information set comprises a plurality of operation and maintenance terminal information which are input in advance, and each operation and maintenance terminal information in the plurality of operation and maintenance terminal information corresponds to an operation and maintenance asset; and if the matching of the terminal information to be verified and the target operation and maintenance terminal information is determined through matching, allowing the target terminal to operate and maintain the operation and maintenance assets corresponding to the target operation and maintenance terminal information. By means of the technical scheme, the operation and maintenance safety can be improved.
Description
Technical Field
The application relates to the technical field of safety protection, in particular to an operation and maintenance auditing method, device, storage medium and electronic equipment.
Background
With the continuous expansion of network scale and equipment quantity, the uncontrollable behaviors of increasingly complex IT systems and operation and maintenance personnel bring great risks to information security, common auditing systems cannot meet the requirements of operation and maintenance security, and operation and maintenance auditing management systems are widely used.
However, the existing operation and maintenance auditing method has the problem of low safety.
Disclosure of Invention
The embodiment of the application aims to provide an operation and maintenance auditing method, device, storage medium and electronic equipment so as to improve the safety of operation and maintenance.
In a first aspect, an embodiment of the present application provides an operation and maintenance auditing method, where the operation and maintenance auditing method includes: acquiring to-be-verified terminal information of a target terminal, wherein the to-be-verified terminal information comprises operating system type information of the target terminal and/or version type information of a browser in the target terminal; matching an operation and maintenance terminal information set with terminal information to be verified, wherein the operation and maintenance terminal information set comprises a plurality of operation and maintenance terminal information which are input in advance, and each operation and maintenance terminal information in the plurality of operation and maintenance terminal information corresponds to an operation and maintenance asset; and if the matching of the terminal information to be verified and the target operation and maintenance terminal information is determined through matching, allowing the target terminal to operate and maintain the operation and maintenance assets corresponding to the target operation and maintenance terminal information.
Therefore, the embodiment of the application limits the terminal information of the terminal of the user and verifies the terminal information in the operation and maintenance process, so that compared with a related operation and maintenance auditing method, the dimension of the operation and maintenance rule is increased, and the safety of the operation and maintenance can be improved.
In one possible embodiment, the information of the terminal to be verified comprises the type information of an operating system of the target terminal and the version type information of a browser in the target terminal; the method for acquiring the information of the terminal to be verified of the target terminal comprises the following steps: receiving an operation and maintenance request which is sent by a target terminal and carries user agent information; and acquiring the operating system type information of the target terminal and the version type information of the browser in the target terminal according to the user agent information.
Therefore, the method and the device for obtaining the operating system type information of the target terminal and the version type information of the browser in the target terminal quickly acquire the operating system type information of the target terminal and the version type information of the browser in the target terminal through the user agent information.
In one possible embodiment, the operation and maintenance auditing method further includes: receiving operation and maintenance record data sent by a target terminal; detecting operation and maintenance record data; and if the operation and maintenance record data contain sensitive operation and maintenance data through detection, sending a stop instruction for indicating the target terminal to stop operation and maintenance to the target terminal.
Therefore, the operation and maintenance process of the terminal is monitored, and therefore the safety of the operation and maintenance can be further improved.
In a possible embodiment, if it is determined through matching that the terminal information to be verified matches the target operation and maintenance terminal information, allowing the target terminal to operate and maintain the operation and maintenance asset corresponding to the target operation and maintenance terminal information, includes: if the matching of the terminal information to be verified and the target operation and maintenance terminal information is determined through matching, acquiring environment information of the target terminal; determining the security level of the environment where the target terminal is located according to the environment information; and if the security level of the environment where the target terminal is located is higher than the preset security level, allowing the target terminal to operate and maintain the operation and maintenance assets corresponding to the target operation and maintenance terminal information.
Therefore, the embodiment of the application ensures the safety of the operation and maintenance environment by detecting the safety level of the terminal, so that the safety of the operation and maintenance can be further improved.
In a second aspect, an embodiment of the present application provides an operation and maintenance auditing apparatus, where the operation and maintenance auditing apparatus includes: the system comprises an acquisition module, a verification module and a verification module, wherein the acquisition module is used for acquiring to-be-verified terminal information of a target terminal, and the to-be-verified terminal information comprises operating system type information of the target terminal and/or version type information of a browser in the target terminal; the matching module is used for matching the operation and maintenance terminal information set with the terminal information to be verified, wherein the operation and maintenance terminal information set comprises a plurality of operation and maintenance terminal information which are input in advance, and each operation and maintenance terminal information in the plurality of operation and maintenance terminal information corresponds to an operation and maintenance asset; and the determining module is used for allowing the operation and maintenance assets corresponding to the target operation and maintenance terminal information of the target terminal if the matching of the terminal information to be verified and the target operation and maintenance terminal information is determined through matching.
In one possible embodiment, the information of the terminal to be verified comprises the type information of an operating system of the target terminal and the version type information of a browser in the target terminal; wherein, the acquisition module is specifically configured to: receiving an operation and maintenance request which is sent by a target terminal and carries user agent information; and acquiring the operating system type information of the target terminal and the version type information of the browser in the target terminal according to the user agent information.
In a possible embodiment, the operation and maintenance auditing device further includes: the receiving module is used for receiving operation and maintenance record data sent by a target terminal; the detection module is used for detecting the operation and maintenance record data; and the sending module is used for sending a stopping instruction for indicating the target terminal to stop operation and maintenance to the target terminal if the operation and maintenance record data contains the sensitive operation and maintenance data through detection.
In a possible embodiment, the determining module is specifically configured to: if the matching of the terminal information to be verified and the target operation and maintenance terminal information is determined through matching, acquiring environment information of the target terminal; determining the security level of the environment where the target terminal is located according to the environment information; and if the security level of the environment where the target terminal is located is higher than the preset security level, allowing the target terminal to operate and maintain the operation and maintenance assets corresponding to the target operation and maintenance terminal information.
In a third aspect, an embodiment of the present application provides a storage medium, where a computer program is stored on the storage medium, and when the computer program is executed by a processor, the computer program performs the method according to the first aspect or any optional implementation manner of the first aspect.
In a fourth aspect, an embodiment of the present application provides an electronic device, including: a processor, a memory and a bus, the memory storing machine-readable instructions executable by the processor, the processor and the memory communicating via the bus when the electronic device is running, the machine-readable instructions when executed by the processor performing the method of the first aspect or any of the alternative implementations of the first aspect.
In a fifth aspect, the present application provides a computer program product which, when run on a computer, causes the computer to perform the method of the first aspect or any possible implementation manner of the first aspect.
In order to make the aforementioned and other objects, features and advantages of the present invention comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required to be used in the embodiments of the present application will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and that those skilled in the art can also obtain other related drawings based on the drawings without inventive efforts.
Fig. 1 is a schematic diagram illustrating an application scenario provided in an embodiment of the present application;
fig. 2 is a schematic diagram illustrating a setting method of an operation and maintenance rule according to an embodiment of the present application;
FIG. 3 is a flowchart illustrating an operation and maintenance auditing method according to an embodiment of the present disclosure;
FIG. 4 is a specific flowchart illustrating an operation and maintenance auditing method according to an embodiment of the present disclosure;
FIG. 5 is a block diagram illustrating a structure of an operation and maintenance auditing device according to an embodiment of the present disclosure;
fig. 6 shows a block diagram of an electronic device according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be described below with reference to the drawings in the embodiments of the present application.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures. Meanwhile, in the description of the present application, the terms "first", "second", and the like are used only for distinguishing the description, and are not to be construed as indicating or implying relative importance.
Currently, the related operation and maintenance auditing methods include the following two methods:
one method is to configure the asset authorization of the user to authorize the operation and maintenance authority of the asset to a specific user, and then configure the operation and maintenance rules of the user, such as the IP address, the operation and maintenance asset, and the operation and maintenance time. However, for this method, the operation and maintenance rules of this method do not limit the terminal used by the user, so that the related operation and maintenance auditing method has a problem of low security.
That is, the asset and the user involved in the operation and maintenance process have many attributes, for example, an account number of the asset, an agreement, an IP of the asset, an IP of the user, an operation and maintenance time and an operation and maintenance behavior of the user, and the like. However, at present, most of the restrictions in the operation and maintenance process are restrictions on the operation and maintenance assets of the user, the user login IP, the operation and maintenance time of the user, and the like, and there is no restriction on the terminal used by the user in the operation and maintenance process;
another method is to import the terminal information into the memory of the operation and maintenance security management device, and after the terminal makes a login request, compare the terminal information of the terminal to be logged in with the terminal information stored in the memory, if they are consistent, the authentication is successful, if they are not consistent, the authentication is failed. However, this method is a method of determining the correlation of the terminal information when the user logs in the system, and is not a method of determining the operation and maintenance.
Based on this, the embodiment of the application skillfully provides an operation and maintenance auditing scheme, and the operation and maintenance auditing scheme is characterized in that terminal information to be verified of a target terminal is obtained, wherein the terminal information to be verified comprises operating system type information of the target terminal and/or version type information of a browser in the target terminal, then an operation and maintenance terminal information set is matched with the terminal information to be verified, wherein the operation and maintenance terminal information set comprises a plurality of pieces of operation and maintenance terminal information which are input in advance, each piece of operation and maintenance terminal information in the plurality of pieces of operation and maintenance terminal information corresponds to an operation and maintenance asset, and finally, if the matching of the terminal information to be verified and the target operation and maintenance terminal information is determined through matching, the operation and maintenance asset corresponding to the target operation and maintenance terminal information of the target terminal is allowed.
Therefore, the embodiment of the application limits the terminal information of the terminal of the user and verifies the terminal information in the operation and maintenance process, so that compared with a related operation and maintenance auditing method, the dimension of the operation and maintenance rule is increased, and the safety of the operation and maintenance can be improved.
Referring to fig. 1, fig. 1 is a schematic diagram illustrating an application scenario provided in an embodiment of the present application. The application scenario shown in fig. 1 includes a target terminal, an operation and maintenance audit management system, and an asset to be operated and maintained.
It should be understood that the specific device of the target terminal, the specific device of the operation and maintenance audit management system, the specific device of the asset to be operated and maintained, and the like may be set according to actual requirements, and the embodiment of the present application is not limited thereto.
For example, the target terminal may be a mobile phone, a notebook, a desktop, or the like.
For another example, the operation and maintenance audit management system can be a bastion machine and the like.
For another example, the asset to be operated and maintained may be a switch, a firewall, a computer, or the like.
It should also be understood that the target terminal may also be referred to as a client of the target operation.
It should also be understood that the operation and maintenance audit management system can also be referred to as an operation and maintenance audit management device.
In order to facilitate understanding of the embodiments of the present application, the following description will be given by way of specific examples.
Specifically, under the condition that a User logs in the system through a target terminal, the User can click an operation and maintenance list (or an operation and maintenance service object list) displayed on an interface of the target terminal and used for recording a plurality of operation and maintenance services corresponding to the target terminal, so that the target terminal can respond to the click of the User, generate an operation and maintenance request carrying User Agent (UA) information, and send the operation and maintenance request to an operation and maintenance audit management system. Correspondingly, the operation and maintenance auditing management system receives the operation and maintenance request sent by the target terminal.
And then, the operation and maintenance audit management system can acquire the operating system type information of the target terminal and the version type information of the browser in the target terminal according to the UA information in the operation and maintenance request. And the operation and maintenance auditing management system can match the operation and maintenance terminal information set with the terminal information to be verified. The operation and maintenance terminal information set comprises a plurality of operation and maintenance terminal information which are input in advance, and each operation and maintenance terminal information in the plurality of operation and maintenance terminal information corresponds to an operation and maintenance asset.
It should be noted that, although the above description is given by taking the matching of the terminal information as an example, in the actual use process, in addition to the verification of the terminal information in the operation and maintenance rule, verification of other information in the operation and maintenance rule (for example, operation and maintenance time and the like) is also required, and the embodiment of the present application is not limited to this.
In addition, if the operation and maintenance audit management system determines that the terminal information to be verified is matched with the target operation and maintenance terminal information through matching, the operation and maintenance assets corresponding to the target operation and maintenance terminal information of the target terminal are allowed, namely the target terminal can be authorized and the operation and maintenance can be successful; and if the operation and maintenance audit management system determines that the information of the terminal to be verified is not matched with the operation and maintenance terminal information set through matching, the operation and maintenance of the target terminal are not allowed, namely the operation and maintenance are failed if the target terminal cannot be authorized.
It should be noted that the operation and maintenance auditing scheme provided in the embodiment of the present application may be further extended to other suitable application scenarios, and is not limited to the application scenario shown in fig. 1.
For example, although one terminal and one asset to be operated are shown in fig. 1, it should be understood by those skilled in the art that the application scenario may include more terminals and more assets to be operated in the process of actual application.
Referring to fig. 2, fig. 2 is a schematic diagram illustrating a method for setting an operation and maintenance rule according to an embodiment of the present application. The setting method shown in fig. 2 includes:
and step S210, authorizing the operation and maintenance authority of the assets to the appointed terminal by the operation and maintenance audit management system.
It should be understood that the operable and maintainable equipment corresponding to the asset may be set according to actual needs, and the embodiment of the present application is not limited thereto.
For example, the asset may be a firewall, a switch, a personal computer, or the like.
It should also be understood that the corresponding terminal in the specified terminals may be set by an administrator according to actual needs, and the embodiment of the present application is not limited thereto.
In order to facilitate understanding of the embodiments of the present application, the following description will be given by way of specific examples.
Specifically, in the case that the administrator logs in the operation and maintenance audit management system, the administrator may add an asset (e.g., the asset may be the first identified switch, etc.) in the operation and maintenance audit management system. Subsequently, after the assets are added to the operation and maintenance audit management system, an administrator can authorize the operation and maintenance authority of the specified assets to the specified terminal through the operation and maintenance audit management system, so that the relation between the specified assets and the specified terminal can be established, and the specified terminal is qualified to operate and maintain the corresponding assets.
Step S220, after the authorization is completed, the operation and maintenance audit management system sets operation and maintenance rules.
It should be understood that the information included in the operation and maintenance rule may be set according to actual requirements, and the embodiment of the present application is not limited thereto.
For example, the operation and maintenance rules may include asset information, user information, time information, operation and maintenance terminal information, and other conventional information. Wherein the asset information may include an identification of the asset and an IP address of the asset; the user information may include a login account of the user; the time information may include an operation and maintenance time identifying whether operation and maintenance is allowed or not allowed; the operation and maintenance terminal information may include a source IP address of the terminal, an operating system type of the terminal (e.g., win7 or win10 or Unix, etc.), and a version type of a browser in the terminal (e.g., Google browser or 360 browser, etc.; e.g., version 1.0 or version 2.0, etc.).
It should be noted that the information included in the operation and maintenance rule is used for verification to determine whether the terminal applying for operation and maintenance has the operation and maintenance right.
In order to facilitate understanding of the embodiments of the present application, the following description will be given by way of specific examples.
Specifically, after the administrator logs in the operation and maintenance audit management system, the administrator can configure operation and maintenance authorization through the operation and maintenance audit management system so as to authorize the operation and maintenance authority of the asset to a specified user. And after configuration authorization, the asset account, the user and the terminal can be bound, so that the user at the terminal side can see the authorized asset information (i.e. the operation and maintenance list). And, during operation and maintenance, only the operation and maintenance can be carried out through the authorization check as shown in fig. 3.
It should be understood that the method for setting the operation and maintenance rules is only exemplary, and those skilled in the art can make various changes, modifications or variations according to the above method and also fall within the scope of the present application.
It should be noted that the operation and maintenance auditing method shown in fig. 3 is implemented on the basis of the setting method of the operation and maintenance rule shown in fig. 2.
Referring to fig. 3, fig. 3 is a flowchart illustrating an operation and maintenance auditing method according to an embodiment of the present application. The operation and maintenance auditing method shown in FIG. 3 includes:
step S310, the operation and maintenance audit management system obtains the information of the terminal to be verified of the target terminal. The information of the terminal to be verified comprises the type information of an operating system of the target terminal and/or the version type information of a browser in the target terminal.
It should be understood that the target terminal may be any one of a plurality of terminals connected in communication with the operation and maintenance audit management system, or may be a designated one of the plurality of terminals.
It should also be understood that the version type information of the browser in the target terminal includes the type information and version information of the browser.
It should also be understood that the operating system type information of the target terminal and/or the version type information of the browser in the target terminal includes the operating system type information of the target terminal, the version type information of the browser in the target terminal, and the operating system type information of the target terminal and the version type information of the browser in the target terminal.
It should also be understood that, although the above description is made by taking the example that the to-be-verified terminal information includes the operating system type information of the target terminal and/or the version type information of the browser in the target terminal, it should be understood by those skilled in the art that the to-be-verified terminal information may also include other information, and the embodiment of the present application is not limited thereto.
For example, the to-be-verified terminal information may further include a source IP address of the terminal, and the like.
It should also be understood that the specific process of the operation and maintenance audit management system for acquiring the to-be-verified terminal information of the target terminal may be set according to actual requirements, and the embodiment of the application is not limited to this.
Optionally, in a case where the target account has logged in through the target terminal, the target terminal may display an operation and maintenance list. Therefore, when the user at the target terminal side can click the operation and maintenance list to carry out asset operation and maintenance, the target terminal is triggered to generate an operation and maintenance request carrying UA information of the browser, and the operation and maintenance request is sent to the operation and maintenance audit management system. Correspondingly, the operation and maintenance auditing management system receives the operation and maintenance request sent by the target terminal.
The UA information can carry the operating system type information of the target terminal and/or the version type information of the browser in the target terminal, so that the operation and maintenance audit management system can acquire the operating system type information of the target terminal and the version type information of the browser in the target terminal according to the UA information.
And step S320, the operation and maintenance auditing management system matches the operation and maintenance terminal information set with the terminal information to be verified. The operation and maintenance terminal information set comprises a plurality of operation and maintenance terminal information which are input in advance, and each operation and maintenance terminal information in the plurality of operation and maintenance terminal information can correspond to an operation and maintenance asset.
It should be understood that a plurality of operation and maintenance terminal information in the operation and maintenance terminal information set may be operation and maintenance terminal information in an operation and maintenance rule entered in advance.
For ease of understanding, the following description is given by way of specific examples.
Specifically, the operation and maintenance audit management system compares the terminal information to be verified with each operation and maintenance terminal information in the operation and maintenance terminal information set to determine whether the operation and maintenance terminal information set has target operation and maintenance terminal information corresponding to the terminal information to be verified.
For example, when the terminal information to be verified includes an IP address of the terminal and version type information of a browser in the terminal, the terminal information to be verified and each operation and maintenance terminal information in the operation and maintenance terminal information set may be compared, and if it is determined that the IP address of the terminal in the target operation and maintenance terminal information in the operation and maintenance terminal information set, the version type information of the browser, the IP address of the terminal in the terminal information to be verified, and the version type information of the browser are consistent, it is determined that the target operation and maintenance terminal information is matched with the terminal information to be verified.
And step S330, if the operation and maintenance audit management system determines that the information of the terminal to be verified is matched with the information of the target operation and maintenance terminal through matching, allowing the target terminal to operate and maintain the operation and maintenance assets corresponding to the information of the target operation and maintenance terminal.
Specifically, if the matching of the terminal information to be verified and the target operation and maintenance terminal information is determined through matching, the operation and maintenance audit management system obtains the environment information of the target terminal. The environment information may reflect a security level or a trust level of the target terminal, and may include environment information of the target terminal side user during a payment operation (e.g., a transfer operation, etc.).
Then, the operation and maintenance audit management system may determine the security level of the environment in which the target terminal is located according to the environment information (e.g., determine the security level by determining whether the payment operation satisfies a number of preset conditions, determine the security level of the environment in which the target terminal is located as a low security level if the environment information satisfies a preset condition, and determine the security level of the environment in which the target terminal is located as a high security level if the environment information satisfies two or more preset conditions of the number).
After the security level of the environment where the target terminal is located is determined, if the security level of the environment where the target terminal is located is determined to be higher than the preset security level, the target terminal is allowed to operate and maintain the operation and maintenance assets corresponding to the target operation and maintenance terminal information; and if the security level of the environment where the target terminal is located is determined not to be higher than the preset security level, the operation and maintenance assets corresponding to the target operation and maintenance terminal information are not allowed to be operated and maintained by the target terminal.
It should be understood that the specific security level corresponding to the preset security level may be set according to actual requirements, and the embodiment of the present application is not limited thereto.
In addition, in the process of allowing the target terminal to operate and maintain the operation and maintenance assets corresponding to the target operation and maintenance terminal information, the operation and maintenance audit management system can receive operation and maintenance record data sent by the target terminal. The operation and maintenance record data may be log record data of the target terminal in the operation and maintenance process. Subsequently, the operation and maintenance audit management system can detect the operation and maintenance record data to determine whether preset sensitive operation and maintenance data exist in the operation and maintenance record data.
It should be understood that the specific data of the sensitive operation and maintenance data may be set according to actual requirements, and the embodiment of the present application is not limited thereto.
For example, in the case that the sensitive operation and maintenance data is configurable sensitive instruction data, the sensitive operation and maintenance data includes a system restart instruction, a shutdown interface instruction, and an instruction for forcibly shutting down a process.
For another example, in the case that the sensitive operation and maintenance data is a configurable sensitive field, the sensitive operation and maintenance data may be a number or a symbol.
In addition, if the operation and maintenance record data contain sensitive operation and maintenance data through detection, a stop instruction for indicating the target terminal to stop operation and maintenance is sent to the target terminal, so that the target terminal stops operation and maintenance according to the stop instruction; and if the operation and maintenance recorded data do not contain the sensitive operation and maintenance data through detection, continuing to perform next detection.
Step S340, if the operation and maintenance audit management system determines that the terminal information to be verified is not matched with the operation and maintenance terminal information set through matching, the operation and maintenance asset corresponding to the target terminal operation and maintenance terminal information is not allowed.
Therefore, in the process of verifying authorization, the embodiment of the application judges and authenticates the user identity by limiting the type of the operation and maintenance terminal and the version type of the browser thereof, so that the network and the data can be prevented from being invaded and protected by abnormal users.
It should be noted that, although the above is described by taking the user already logging in the system as an example, it should be understood by those skilled in the art that the operation and maintenance process when the user does not log in the system may also be set according to actual requirements, and the embodiment of the present application is not limited thereto.
For example, in a case that a user does not log in the system, if the user clicks on the operation and maintenance list, the user side generates a corresponding operation and maintenance request, and the operation and maintenance request at this time may not carry the operating system type information of the target terminal and the version type information of the browser in the target terminal, then the operation and maintenance audit management system at this time may match the relevant information carried in the operation and maintenance request at this time with the operation and maintenance terminal information set, and if other information is matched, the operation and maintenance asset in the unregistered state corresponding to the target operation and maintenance terminal information of the target terminal may be allowed to be maintained.
That is, the operation and maintenance assets in the embodiment of the present application may include an operation and maintenance asset in a logged state and an operation and maintenance asset in an unregistered state, and the importance degree of the operation and maintenance asset in the logged state is higher than that of the operation and maintenance asset in the unregistered state. The operation and maintenance asset in the login state may be the operation system type information of the target terminal and the version type information of the browser in the target terminal, and the operation and maintenance asset in the non-login state may be the operation system type information of the target terminal and the version type information of the browser in the target terminal, which do not need to be verified.
In order to facilitate understanding of the embodiments of the present application, the following description will be given by way of specific examples.
Referring to fig. 4, fig. 4 shows a specific flowchart of an operation and maintenance auditing method provided by an embodiment of the present application. The method shown in fig. 4 includes:
in step S410, the administrator configures user authorization.
Specifically, the administrator creates an operation and maintenance authorization, accurately configures user information and asset information, and can bind the user, the terminal and the asset. The terminal type and browser version and model can be selectively configured in the authorization, and the configuration of various types of terminals can be supported, and the terminals configured in the authorization can be operated and maintained. In addition, if the terminal is not configured, all types of terminals are defaulted, and all types of browsers can access the operation and maintenance.
And step S420, logging in the operation and maintenance audit management system through the target terminal by the user.
And step S430, the target terminal sends an operation and maintenance request to the operation and maintenance audit management system. Correspondingly, the operation and maintenance auditing management system receives the operation and maintenance request sent by the target terminal.
Step S440, the operation and maintenance audit management system judges whether the target terminal is an authorized terminal according to the operation and maintenance request.
If the target terminal is determined to be an authorized terminal, step S450 may be executed; if it is determined that the target terminal is not an authorized terminal, step S460 may be performed.
And step S450, the operation and maintenance are successful.
Step S460, the operation fails.
And step S470, log audit.
Specifically, if it is determined through the log that the terminal information of the same IP has changed greatly for a plurality of times, the warning information may be generated.
It should be understood that the above operation and maintenance auditing method is only exemplary, and those skilled in the art can make various changes, modifications or variations according to the above method and still fall within the scope of the present application.
Referring to fig. 5, fig. 5 shows a structural block diagram of an operation and maintenance auditing device 500 provided in an embodiment of the present application, and it should be understood that the operation and maintenance auditing device 500 corresponds to the method embodiment of fig. 3 and fig. 4 described above, and can perform the steps related to the method embodiment described above, and the specific functions of the operation and maintenance auditing device 500 may be referred to the description above, and detailed descriptions are appropriately omitted here to avoid repetition. The operation and maintenance auditing device 500 includes at least one software function module which can be stored in a memory in the form of software or firmware (firmware) or solidified in an Operating System (OS) of the operation and maintenance auditing device 500. Specifically, the operation and maintenance auditing device 500 includes:
an obtaining module 510, configured to obtain terminal information to be verified of a target terminal, where the terminal information to be verified includes operating system type information of the target terminal and/or version type information of a browser in the target terminal;
the matching module 520 is configured to match an operation and maintenance terminal information set with terminal information to be verified, where the operation and maintenance terminal information set includes a plurality of operation and maintenance terminal information which are input in advance, and each operation and maintenance terminal information in the plurality of operation and maintenance terminal information corresponds to an operation and maintenance asset;
the determining module 530 is configured to allow the operation and maintenance asset corresponding to the target operation and maintenance terminal information of the target terminal if it is determined through matching that the terminal information to be verified is matched with the target operation and maintenance terminal information.
In one possible embodiment, the information of the terminal to be verified comprises the type information of an operating system of the target terminal and the version type information of a browser in the target terminal;
the obtaining module 510 is specifically configured to: receiving an operation and maintenance request which is sent by a target terminal and carries user agent information; and acquiring the operating system type information of the target terminal and the version type information of the browser in the target terminal according to the user agent information.
In a possible embodiment, the operation and maintenance auditing device further includes: a receiving module (not shown) for receiving the operation and maintenance record data sent by the target terminal; a detection module (not shown) for detecting the operation and maintenance record data; and a sending module (not shown) configured to send a stop instruction to the target terminal to instruct the target terminal to stop operation and maintenance if it is determined through detection that the operation and maintenance record data includes the sensitive operation and maintenance data.
In a possible embodiment, the determining module 530 is specifically configured to: if the matching of the terminal information to be verified and the target operation and maintenance terminal information is determined through matching, acquiring environment information of the target terminal; determining the security level of the environment where the target terminal is located according to the environment information; and if the security level of the environment where the target terminal is located is higher than the preset security level, allowing the target terminal to operate and maintain the operation and maintenance assets corresponding to the target operation and maintenance terminal information.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working process of the apparatus described above may refer to the corresponding process in the foregoing method, and will not be described in too much detail herein.
Referring to fig. 6, fig. 6 shows a block diagram of an electronic device 600 according to an embodiment of the present disclosure. As shown in fig. 6. Electronic device 600 may include a processor 610, a communication interface 620, a memory 630, and at least one communication bus 640. Wherein communication bus 640 is used to enable direct, coupled communication of these components. The communication interface 620 in the embodiment of the present application is used for performing signaling or data communication with other devices. The processor 610 may be an integrated circuit chip having signal processing capabilities. The Processor 610 may be a general-purpose Processor, and includes a Central Processing Unit (CPU), a Network Processor (NP), and the like; but may also be a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic, discrete hardware components. The various methods, steps, and logic blocks disclosed in the embodiments of the present application may be implemented or performed. A general purpose processor may be a microprocessor or the processor 610 may be any conventional processor or the like.
The Memory 630 may be, but is not limited to, a Random Access Memory (RAM), a Read Only Memory (ROM), a Programmable Read-Only Memory (PROM), an Erasable Read-Only Memory (EPROM), an electrically Erasable Read-Only Memory (EEPROM), and the like. The memory 630 stores computer readable instructions that, when executed by the processor 610, the electronic device 600 may perform the various steps involved in the above-described method embodiments.
The electronic device 600 may further include a memory controller, an input-output unit, an audio unit, and a display unit.
The memory 630, the memory controller, the processor 610, the peripheral interface, the input/output unit, the audio unit, and the display unit are electrically connected to each other directly or indirectly to realize data transmission or interaction. For example, these components may be electrically coupled to each other via one or more communication buses 640. The processor 610 is configured to execute executable modules stored in the memory 630. Also, the apparatus 300 is configured to perform the following method: acquiring to-be-verified terminal information of a target terminal, wherein the to-be-verified terminal information comprises operating system type information of the target terminal and/or version type information of a browser in the target terminal; matching an operation and maintenance terminal information set with the terminal information to be verified, wherein the operation and maintenance terminal information set comprises a plurality of operation and maintenance terminal information which are input in advance, and each operation and maintenance terminal information in the plurality of operation and maintenance terminal information corresponds to an operation and maintenance asset; and if the matching of the terminal information to be verified and the target operation and maintenance terminal information is determined through matching, allowing the target terminal to operate and maintain the operation and maintenance assets corresponding to the target operation and maintenance terminal information.
The input and output unit is used for providing input data for a user to realize the interaction of the user and the server (or the local terminal). The input/output unit may be, but is not limited to, a mouse, a keyboard, and the like.
The audio unit provides an audio interface to the user, which may include one or more microphones, one or more speakers, and audio circuitry.
The display unit provides an interactive interface (e.g. a user interface) between the electronic device and a user or for displaying image data to a user reference. In this embodiment, the display unit may be a liquid crystal display or a touch display. In the case of a touch display, the display can be a capacitive touch screen or a resistive touch screen, which supports single-point and multi-point touch operations. The support of single-point and multi-point touch operations means that the touch display can sense touch operations simultaneously generated from one or more positions on the touch display, and the sensed touch operations are sent to the processor for calculation and processing.
It will be appreciated that the configuration shown in FIG. 6 is merely illustrative and that the electronic device 600 may include more or fewer components than shown in FIG. 6 or have a different configuration than shown in FIG. 6. The components shown in fig. 6 may be implemented in hardware, software, or a combination thereof.
The present application also provides a storage medium having a computer program stored thereon, which, when executed by a processor, performs the method of the method embodiments.
The present application also provides a computer program product which, when run on a computer, causes the computer to perform the method of the method embodiments.
It can be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working process of the system described above may refer to the corresponding process in the foregoing method, and will not be described in too much detail herein.
It should be noted that, in the present specification, the embodiments are all described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments may be referred to each other. For the device-like embodiment, since it is basically similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method can be implemented in other ways. The apparatus embodiments described above are merely illustrative, and for example, the flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, functional modules in the embodiments of the present application may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.
The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes. It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The above description is only a preferred embodiment of the present application and is not intended to limit the present application, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present application shall be included in the protection scope of the present application. It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures.
The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present application, and shall be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (10)
1. An operation and maintenance auditing method is characterized by comprising the following steps:
acquiring to-be-verified terminal information of a target terminal, wherein the to-be-verified terminal information comprises operating system type information of the target terminal and/or version type information of a browser in the target terminal;
matching an operation and maintenance terminal information set with the terminal information to be verified, wherein the operation and maintenance terminal information set comprises a plurality of operation and maintenance terminal information which are input in advance, and each operation and maintenance terminal information in the plurality of operation and maintenance terminal information corresponds to an operation and maintenance asset;
and if the matching of the terminal information to be verified and the target operation and maintenance terminal information is determined through matching, allowing the target terminal to operate and maintain the operation and maintenance assets corresponding to the target operation and maintenance terminal information.
2. The operation and maintenance auditing method according to claim 1, characterized in that the terminal information to be verified comprises operating system type information of the target terminal and version type information of a browser in the target terminal;
the acquiring of the to-be-verified terminal information of the target terminal includes:
receiving an operation and maintenance request carrying user agent information and sent by the target terminal;
and acquiring the operating system type information of the target terminal and the version type information of the browser in the target terminal according to the user agent information.
3. The operation and maintenance auditing method according to claim 1, further comprising:
receiving operation and maintenance record data sent by the target terminal;
detecting the operation and maintenance record data;
and if the operation and maintenance record data contain sensitive operation and maintenance data through detection, sending a stop instruction for indicating the target terminal to stop operation and maintenance to the target terminal.
4. The operation and maintenance auditing method according to claim 1, wherein if it is determined through matching that the terminal information to be verified matches the target operation and maintenance terminal information, allowing the target terminal to operate and maintain the operation and maintenance asset corresponding to the target operation and maintenance terminal information comprises:
if the matching of the terminal information to be verified and the target operation and maintenance terminal information is determined through matching, acquiring environment information of the target terminal;
determining the security level of the environment where the target terminal is located according to the environment information;
and if the security level of the environment where the target terminal is located is higher than the preset security level, allowing the target terminal to operate and maintain the operation and maintenance assets corresponding to the target operation and maintenance terminal information.
5. An operation audit device, comprising:
the system comprises an acquisition module, a verification module and a verification module, wherein the acquisition module is used for acquiring to-be-verified terminal information of a target terminal, and the to-be-verified terminal information comprises operating system type information of the target terminal and/or version type information of a browser in the target terminal;
the matching module is used for matching an operation and maintenance terminal information set with the terminal information to be verified, wherein the operation and maintenance terminal information set comprises a plurality of operation and maintenance terminal information which are input in advance, and each operation and maintenance terminal information in the plurality of operation and maintenance terminal information corresponds to an operation and maintenance asset;
and the determining module is used for allowing the target terminal to operate and maintain the operation and maintenance assets corresponding to the target operation and maintenance terminal information if the matching of the terminal information to be verified and the target operation and maintenance terminal information is determined through matching.
6. The operation and maintenance auditing device of claim 5, wherein the terminal information to be verified comprises operating system type information of the target terminal and version type information of a browser in the target terminal;
the obtaining module is specifically configured to: receiving an operation and maintenance request carrying user agent information and sent by the target terminal; and acquiring the operating system type information of the target terminal and the version type information of the browser in the target terminal according to the user agent information.
7. The operation and maintenance auditing device of claim 5, further comprising:
the receiving module is used for receiving the operation and maintenance record data sent by the target terminal;
the detection module is used for detecting the operation and maintenance record data;
and the sending module is used for sending a stopping instruction for indicating the target terminal to stop operation and maintenance to the target terminal if the operation and maintenance record data contains sensitive operation and maintenance data through detection.
8. The operation and maintenance auditing device of claim 6, wherein the determining module is specifically configured to: if the matching of the terminal information to be verified and the target operation and maintenance terminal information is determined through matching, acquiring environment information of the target terminal; determining the security level of the environment where the target terminal is located according to the environment information; and if the security level of the environment where the target terminal is located is higher than the preset security level, allowing the target terminal to operate and maintain the operation and maintenance assets corresponding to the target operation and maintenance terminal information.
9. A storage medium having stored thereon a computer program for performing the operation and maintenance auditing method according to any one of claims 1-4 when executed by a processor.
10. An electronic device, comprising: a processor, a memory and a bus, the memory storing machine-readable instructions executable by the processor, the processor and the memory communicating via the bus when the electronic device is running, the machine-readable instructions when executed by the processor performing the operation and maintenance auditing method according to any one of claims 1-4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110734466.4A CN113378152A (en) | 2021-06-30 | 2021-06-30 | Operation and maintenance auditing method and device, storage medium and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110734466.4A CN113378152A (en) | 2021-06-30 | 2021-06-30 | Operation and maintenance auditing method and device, storage medium and electronic equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113378152A true CN113378152A (en) | 2021-09-10 |
Family
ID=77580126
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110734466.4A Pending CN113378152A (en) | 2021-06-30 | 2021-06-30 | Operation and maintenance auditing method and device, storage medium and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113378152A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114039873A (en) * | 2021-11-09 | 2022-02-11 | 北京天融信网络安全技术有限公司 | Auditing method and operation and maintenance safety auditing system for client type |
| CN115473824A (en) * | 2022-09-06 | 2022-12-13 | 北京天融信网络安全技术有限公司 | Operation and maintenance management and control processing method, operation and maintenance terminal and operation and maintenance auditing system |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101867490A (en) * | 2010-06-09 | 2010-10-20 | 中兴通讯股份有限公司 | Maintenance operation system and method |
| CN108521347A (en) * | 2018-04-10 | 2018-09-11 | 江苏亨通工控安全研究院有限公司 | Industry control O&M behavior auditing method, apparatus and system |
| CN110764971A (en) * | 2019-10-30 | 2020-02-07 | 杭州安恒信息技术股份有限公司 | Auxiliary database operation and maintenance auditing method and device and electronic equipment |
| CN112383524A (en) * | 2020-11-03 | 2021-02-19 | 中国南方电网有限责任公司 | Operation and maintenance auditing method, device and medium |
| CN112967056A (en) * | 2021-03-30 | 2021-06-15 | 建信金融科技有限责任公司 | Access information processing method and device, electronic equipment and medium |
-
2021
- 2021-06-30 CN CN202110734466.4A patent/CN113378152A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101867490A (en) * | 2010-06-09 | 2010-10-20 | 中兴通讯股份有限公司 | Maintenance operation system and method |
| CN108521347A (en) * | 2018-04-10 | 2018-09-11 | 江苏亨通工控安全研究院有限公司 | Industry control O&M behavior auditing method, apparatus and system |
| CN110764971A (en) * | 2019-10-30 | 2020-02-07 | 杭州安恒信息技术股份有限公司 | Auxiliary database operation and maintenance auditing method and device and electronic equipment |
| CN112383524A (en) * | 2020-11-03 | 2021-02-19 | 中国南方电网有限责任公司 | Operation and maintenance auditing method, device and medium |
| CN112967056A (en) * | 2021-03-30 | 2021-06-15 | 建信金融科技有限责任公司 | Access information processing method and device, electronic equipment and medium |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114039873A (en) * | 2021-11-09 | 2022-02-11 | 北京天融信网络安全技术有限公司 | Auditing method and operation and maintenance safety auditing system for client type |
| CN114039873B (en) * | 2021-11-09 | 2023-11-28 | 北京天融信网络安全技术有限公司 | Audit method and operation and maintenance security audit system aiming at client type |
| CN115473824A (en) * | 2022-09-06 | 2022-12-13 | 北京天融信网络安全技术有限公司 | Operation and maintenance management and control processing method, operation and maintenance terminal and operation and maintenance auditing system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP6680840B2 (en) | Automatic detection of fraudulent digital certificates | |
| CN109376078B (en) | Mobile application testing method, terminal equipment and medium | |
| US10223524B1 (en) | Compromised authentication information clearing house | |
| CN108377241B (en) | Monitoring method, device and equipment based on access frequency and computer storage medium | |
| US9838384B1 (en) | Password-based fraud detection | |
| US11582242B2 (en) | System, computer program product and method for risk evaluation of API login and use | |
| US10122830B2 (en) | Validation associated with a form | |
| US20190058992A1 (en) | Multifactor network authentication | |
| CN113489713B (en) | Network attack detection method, device, equipment and storage medium | |
| US10114960B1 (en) | Identifying sensitive data writes to data stores | |
| CN105591743B (en) | Method and device for identity authentication through equipment operation characteristics of user terminal | |
| US9934310B2 (en) | Determining repeat website users via browser uniqueness tracking | |
| US9824207B1 (en) | Authentication information update based on fraud detection | |
| US10462126B2 (en) | Self-adjusting multifactor network authentication | |
| CN113378152A (en) | Operation and maintenance auditing method and device, storage medium and electronic equipment | |
| CN113949560B (en) | Network security identification method, device, server and storage medium | |
| TW201426593A (en) | Method and apparatus for information verification | |
| US10693897B2 (en) | Behavioral and account fingerprinting | |
| CN106685945B (en) | Service request processing method, service handling number verification method and terminal thereof | |
| CN111259368A (en) | Method and equipment for logging in system | |
| US20170076292A1 (en) | Enhanced fraud screening process for filtering of network statistics in order to detect, block, and deter fraudulent on-line activity | |
| CN110659897A (en) | Method, system, computing device and medium for transaction verification | |
| CN112650557B (en) | Command execution method and device | |
| CN114050990A (en) | Test method and device for network isolation equipment, storage medium and electronic equipment | |
| JP5947358B2 (en) | Authentication processing apparatus, method and program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |