CN113378245A - Operation and maintenance method and device of safety state data, electronic equipment and storage medium - Google Patents

Operation and maintenance method and device of safety state data, electronic equipment and storage medium Download PDF

Info

Publication number
CN113378245A
CN113378245A CN202110769194.1A CN202110769194A CN113378245A CN 113378245 A CN113378245 A CN 113378245A CN 202110769194 A CN202110769194 A CN 202110769194A CN 113378245 A CN113378245 A CN 113378245A
Authority
CN
China
Prior art keywords
mobile storage
data
storage device
state data
safety state
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110769194.1A
Other languages
Chinese (zh)
Inventor
孙洪伟
徐翰隆
肖新光
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Antiy Network Technology Co Ltd
Original Assignee
Beijing Antiy Network Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Antiy Network Technology Co Ltd filed Critical Beijing Antiy Network Technology Co Ltd
Priority to CN202110769194.1A priority Critical patent/CN113378245A/en
Publication of CN113378245A publication Critical patent/CN113378245A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • G06F21/80Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in storage media based on magnetic or optical technology, e.g. disks with sectors
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0628Interfaces specially adapted for storage systems making use of a particular technique
    • G06F3/0646Horizontal data movement in storage systems, i.e. moving data in between storage devices or systems
    • G06F3/0647Migration mechanisms

Abstract

The invention provides an operation and maintenance method, an operation and maintenance device, electronic equipment and a storage medium for safety state data, wherein the method comprises the following steps: responding to a mobile storage device access terminal device, and obtaining a hidden sector form of the mobile storage device in the terminal device; acquiring safety state data of the terminal equipment; the safety state data comprises abnormal data and basic attribute data in the terminal equipment; and writing the safety state data into the mobile storage equipment, so that when the mobile storage equipment is accessed to other terminal equipment, the other terminal equipment can process the safety state data according to preset processing logic. The scheme can avoid the virus infection of the mobile storage device in the operation and maintenance process of the safety state data.

Description

Operation and maintenance method and device of safety state data, electronic equipment and storage medium
Technical Field
The embodiment of the invention relates to the technical field of computers, in particular to a method and a device for operation and maintenance of safety state data, electronic equipment and a storage medium.
Background
As the terminal device is used for a long time, a large amount of security state data may be generated inside the terminal device, and therefore, it is necessary to maintain the security state data.
The operation and maintenance mode of the safety state data generally comprises network networking operation and mobile storage device-based operation and maintenance. The operation and maintenance based on the mobile storage device refers to accessing the mobile storage device (for example, including an optical disc, a usb disk, and the like) to the terminal device, and then manually migrating the previously organized security state data to the mobile storage device.
Disclosure of Invention
In order to solve the problem that a mobile storage device is infected with viruses in the operation and maintenance process of the safety state data, the embodiment of the invention provides an operation and maintenance method and device of the safety state data, an electronic device and a storage medium.
In a first aspect, an embodiment of the present invention provides an operation and maintenance method for security status data, including:
responding to a mobile storage device access terminal device, and obtaining a hidden sector form of the mobile storage device in the terminal device;
acquiring safety state data of the terminal equipment; the safety state data comprises abnormal data and basic attribute data in the terminal equipment;
and writing the safety state data into the mobile storage equipment, so that when the mobile storage equipment is accessed to other terminal equipment, the other terminal equipment can process the safety state data according to preset processing logic.
In one possible design, before the accessing the terminal device in response to the mobile storage device, the method further includes:
initializing a thread interacting with the mobile storage device;
and judging whether the mobile storage equipment is accessed to the terminal equipment or not based on the initialized thread.
In one possible design, the accessing, to a terminal device in response to a mobile storage device, a hidden sector shape existing in the terminal device by the mobile storage device includes:
responding to the access of the mobile storage equipment to the terminal equipment, and obtaining a unique equipment identifier of the mobile storage equipment;
identifying the unique device identification based on the initialized thread;
and after the identification is successful, obtaining the hidden sector form of the mobile storage device in the terminal device.
In one possible design, after the writing the security status data into the mobile storage device, the method further includes:
and reading all safety state data in the mobile storage equipment based on the initialized thread.
In one possible design, the obtaining the security status data of the terminal device includes:
acquiring abnormal data detected by antivirus software of the terminal equipment aiming at a preset detection object; wherein the detection object includes at least one of: processes, services, drivers, ports, group policies, remote desktop access, sharing, startup items, and plan tasks;
acquiring basic attribute data of the terminal equipment; wherein the base attribute data comprises at least one of: software data, hardware data, operating system data, user data, network configuration data.
In one possible design, the base attribute data includes a MAC address;
the writing the security state data into the mobile storage device includes:
taking the MAC address included in the basic attribute data as the input of a preset GUID algorithm to obtain a unique asset identifier corresponding to the MAC address;
and writing the safety state data into the mobile storage equipment based on the obtained unique asset identification.
In one possible design, after the obtaining of the security status data of the terminal device and before the writing of the security status data into the removable storage device, the method further includes:
acquiring the residual storage space of the mobile storage equipment;
determining whether the storage space occupied by the safety state data exceeds the residual storage space of the mobile storage device;
and if not, executing the step of writing the safety state data into the mobile storage equipment.
In a second aspect, an embodiment of the present invention further provides an operation and maintenance device for security status data, including:
the mobile storage device access control method comprises a first determining module, a second determining module and a third determining module, wherein the first determining module is used for responding to a mobile storage device access terminal device and obtaining a hidden sector form of the mobile storage device in the terminal device;
the first acquisition module is used for acquiring the safety state data of the terminal equipment; the safety state data comprises abnormal data and basic attribute data in the terminal equipment;
and the writing module is used for writing the safety state data into the mobile storage equipment.
In a third aspect, an embodiment of the present invention further provides an electronic device, which includes a memory and a processor, where the memory stores a computer program, and the processor executes the computer program to implement the method according to any embodiment of this specification.
In a fourth aspect, the present invention further provides a computer-readable storage medium, on which a computer program is stored, and when the computer program is executed in a computer, the computer program causes the computer to execute the method described in any embodiment of the present specification.
The embodiment of the invention provides an operation and maintenance method and device of security state data, electronic equipment and a storage medium.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
Fig. 1 is a flowchart of an operation and maintenance method for security status data according to an embodiment of the present invention;
FIG. 2 is a flowchart of another operation and maintenance method for security status data according to an embodiment of the present invention;
FIG. 3 is a diagram of a hardware architecture of an electronic device according to an embodiment of the present invention;
fig. 4 is a structural diagram of an operation and maintenance device for security status data according to an embodiment of the present invention;
FIG. 5 is a block diagram of another operation and maintenance device for security status data according to an embodiment of the present invention;
FIG. 6 is a block diagram of another embodiment of a security status data management apparatus according to the present invention;
fig. 7 is a structural diagram of another operation and maintenance device for security status data according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer and more complete, the technical solutions in the embodiments of the present invention will be described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention, and based on the embodiments of the present invention, all other embodiments obtained by a person of ordinary skill in the art without creative efforts belong to the scope of the present invention.
As mentioned above, in the operation and maintenance method based on the mobile storage device, if a terminal device has a virus infecting the mobile storage device, when a mobile storage device is accessed to the terminal device, it is likely that the mobile storage device is infected with the virus. Therefore, when the mobile storage device is accessed into other terminal devices, the other terminal devices are infected with viruses.
The inventor finds out in the development process that the essential reason for causing the mobile storage device to be infected with the virus in the operation and maintenance process of the security state data is that the terminal device has an operation of writing into the mobile storage device, that is, a tampering operation, and therefore the terminal device will infect the virus to the mobile storage device.
In order to solve the technical problem, it may be considered that the mobile storage device is not subjected to a write operation by any third-party program in the terminal device, but is only subjected to a write operation by a specific program (for example, software adapted to the mobile storage device), so that not only can the terminal device be ensured to write the security status data into the mobile storage device, but also the mobile storage device can be prevented from being infected with a virus during the operation and maintenance of the security status data (i.e., the mobile storage device is possibly infected with a virus when being subjected to a write operation by a third-party program that is not a specific program).
Specific implementations of the above concepts are described below.
Referring to fig. 1, an embodiment of the present invention provides an operation and maintenance method for security status data, including:
step 100: responding to the access of the mobile storage equipment to the terminal equipment, and obtaining the hidden sector form of the mobile storage equipment in the terminal equipment;
step 102: acquiring safety state data of the terminal equipment; the safety state data comprises abnormal data and basic attribute data in the terminal equipment;
step 104: and writing the safety state data into the mobile storage equipment, so that when the mobile storage equipment is accessed to other terminal equipment, the other terminal equipment can process the safety state data according to the preset processing logic.
In the embodiment of the invention, the hidden sector form obtained after the mobile storage equipment is accessed into the terminal equipment is determined, and the obtained security state data of the terminal equipment is written into the mobile storage equipment, so that possible tampering operation of the mobile storage equipment by a malicious program in the terminal equipment can be avoided, and the mobile storage equipment is prevented from being infected by viruses in the operation and maintenance process of the security state data.
In addition, after the mobile storage device is accessed into the terminal device, the safety state data of the terminal device can be automatically written into the mobile storage device, namely, on the basis of ensuring the safety of the safety state data in the operation and maintenance process, the efficiency of the safety state data migration can be ensured, and the misoperation possibly caused by manual data migration is avoided.
In some embodiments, the preset processing logic may include:
acquiring the residual storage space of other terminal equipment;
determining whether the storage space occupied by the safety state data exceeds the remaining storage space of the other terminal equipment;
if not, the safety state data is written into the other terminal equipment;
if yes, executing: dividing the residual storage space of the other terminal equipment into two sub-storage spaces with the same storage space size; writing part of the safety state data into one of the sub-storage spaces, writing the rest of the safety state data into the other sub-storage space in batches, and deleting the same safety state data in the two sub-storage spaces until target safety state data is obtained, wherein the same data do not exist in the target safety state data; determining whether the storage space occupied by the target safety state data exceeds the remaining storage space of the other terminal equipment; if not, writing the target safety state data into the other terminal equipment; otherwise, the current flow is ended.
In this embodiment, by setting the preset processing logic in the other terminal device, it is beneficial to implement processing on the security state data, so that the other terminal device is beneficial to analyzing the security state data written into the other terminal device. When the initial security state data exceeds the remaining storage space of the other terminal equipment, the target security state data is obtained by carrying out deduplication on the security state data so as to be beneficial to being written into the other terminal equipment.
It can be understood that the existing state of the mobile storage device in the access terminal device needs to be used for prohibiting the third-party program from performing the write operation, and the manner for prohibiting the third-party program from performing the write operation includes read-only operation and non-operation, wherein the technical solution provided by the present invention needs to write the security state data into the mobile storage device, so that only the non-operation can be considered. In particular, inoperable may be understood as that the presence state is not visible to the user in the terminal device, thereby implementing a "hidden" function, i.e. an inoperable function. The form with the inoperable function is the hidden sector form in the embodiment of the present invention.
Although the hidden sector pattern is an inoperable disk, if a lawbreaker knows the source code of the address where the hidden sector is located (of course, the probability of this occurrence is low), the hidden sector pattern is also exposed to the risk of being tampered. In order to solve the technical problem, it may be considered that a file is stored in the hidden sector through a self-developed file system, and the self-developed file system establishes a file sequence table through a read-write interface of the mobile storage device, and stores a name, a path, a length, a start address, and an offset address of the file, where a format of the self-developed file system is only identified by a specific program (i.e., software adapted to the mobile storage device) deployed in the terminal device, so as to further improve security of the mobile storage device in the operation and maintenance process of the security state data.
It can also be understood that the premise that other terminal devices can process the safety state data according to the preset processing logic is that: the mobile storage device can be successfully read. Therefore, the other terminal device also needs to be configured with a specific program capable of identifying the mobile storage device, thereby improving the security of data reading.
The manner in which the various steps shown in fig. 1 are performed is described below.
Prior to step 100, the method further comprises:
initializing a thread interacting with the mobile storage device;
and judging whether the mobile storage equipment is accessed to the terminal equipment or not based on the initialized thread.
In this embodiment, the reason that the mobile storage device is infected with the virus also includes that the security performance of the mobile storage device is not high, that is, the right to read the storage content in the mobile storage device is low. In order to solve the technical problem, in the embodiment, software which can be adapted to the mobile storage device is installed in the terminal device, so that the security of the mobile storage device in the operation and maintenance process of the security state data is improved. That is, after the software is started, the software needs to be initialized first to realize the interaction with the mobile storage device. Specifically, a thread interacting with the mobile storage device is initialized, and whether the mobile storage device is accessed to the terminal device is judged by using the initialized thread, so that the safety of the mobile storage device in the operation and maintenance process of the safety state data is improved.
In some embodiments, step 100 may comprise:
responding to the access of the mobile storage equipment to the terminal equipment, and obtaining the unique equipment identification of the mobile storage equipment;
identifying a unique device identifier based on the initialized thread;
and after the identification is successful, obtaining the hidden sector form of the mobile storage device in the terminal device.
In this embodiment, each mobile storage device is configured with a unique device identifier when it leaves the factory, and a mapping relationship between the unique device identifier and the hidden sector form can be established by configuring the unique device identifier, so that after software identifies the unique device identifier, the hidden sector form existing in the terminal device of the mobile storage device can be determined, thereby facilitating the execution of subsequent operations.
In addition, after the unique device identifier is obtained, whether the mobile storage device is a target device (i.e. a device adapted to software) can be verified through the unique device identifier, and if the verification is passed (i.e. the unique device identifier is successfully identified by the software), the hidden sector form of the mobile storage device existing in the terminal device can be determined based on the unique device identifier; otherwise, the mobile storage device is not adapted. That is to say, the security of the mobile storage device in the operation and maintenance process of the security state data can be further improved by setting the unique device identifier. Meanwhile, the mobile storage device can be identified only through the initialized thread, namely the mobile storage device can be identified only through the software, so that certain operation and maintenance safety is improved.
With respect to step 102, the safety status data includes abnormal data and basic attribute data in the terminal device, so step 102 may include:
acquiring abnormal data detected by antivirus software of the terminal equipment aiming at a preset detection object; wherein the detection object comprises at least one of: processes, services, drivers, ports, group policies, remote desktop access, sharing, startup items, and plan tasks;
acquiring basic attribute data of terminal equipment; wherein the basic attribute data includes at least one of: software data, hardware data, operating system data, user data, network configuration data.
In this embodiment, by acquiring the abnormal data and the basic attribute data in the terminal device, it is beneficial to analyze the security state of the terminal device. The abnormal data refers to abnormal data detected by antivirus software of the terminal device in a historical time period aiming at a preset detection object, once the antivirus software detects the abnormal data, the abnormal data is stored in a preset storage position, after the mobile storage device is accessed to the terminal device, the specific program of the terminal device can access the storage position, and the abnormal data are migrated to the mobile storage device.
The following explains the adaptability of the monitoring object and the basic attribute data:
a process refers to an executable file that an operating system has actively started, and a series of behavioral actions occur after the executable file is started. If the virus threat file is in the process list, the operation behaviors such as tampering, stealing, destroying and the like can be carried out on the privacy information of the system and the user.
Service refers to a sub-classification of a process, a method for passively starting when an operating system is started. The system is authorized, and if the system is utilized by virus threats, the system has a very large risk.
The driver refers to a third-party program loaded by an operating system kernel, and has high kernel scheduling authority and extremely high imperceptibility. If a viral threat is exploited, it will cause destructive damage to the system and be extremely difficult to dispose of.
A port, which is a necessary component of a process link network, typically accesses a sensitive port of a target host if a virus threat.
The group policy refers to the strengthened configuration of the operating system, and can set user rights, access rights and the like. If the low-privilege configuration is easily exploited by a virus threat.
Remote desktop access refers to an application of an operating system that facilitates a user to remotely access the native machine. The remote login can be carried out on the computer through the user password to carry out graphical operation. If the virus threat usually uses the mode of blasting user password to log in the user host system, the information can be stolen remotely.
Sharing, which refers to providing a network shared disk for remote access, so as to facilitate a remote host to directly access data.
The starting item and the planning task refer to a part of an operating system starting chain, the started file is the authority of a common user, and if virus threat utilization is available, the operation of destroying and stealing the non-administrator authority can be carried out.
The software data refers to record information of application software installed in the operating system, and includes, for example, WeChat version, path, and the like.
The hardware data refers to host hardware information such as a motherboard, a CPU, a memory, a network card, a hard disk, a sound card, and a video card, and includes, for example, specification data such as a brand and a model.
The operating system data refers to operating system basic information, including, for example, operating system name, version, brand, and the like.
The user data refers to a list of user accounts of the operating system, and includes, for example, a user name, a right, a password, and the like.
The network configuration data refers to the network address of the host, and includes, for example, IPv4, IPv6, MAC address, gateway address, and the like.
In some embodiments, between step 102 and step 104 may include:
acquiring the residual storage space of the mobile storage device;
determining whether the storage space occupied by the safety state data exceeds the residual storage space of the mobile storage device;
and if not, executing to write the safety state data into the mobile storage device.
In this embodiment, in order to ensure that the security status data of the current terminal device can be completely written into the mobile storage device, it may be considered to compare the storage space occupied by the security status data with the remaining storage space of the mobile storage device, and only when the storage space occupied by the security status data does not exceed the remaining storage space of the mobile storage device, the security status data is written into the mobile storage device. Otherwise, writing the security status data into the mobile storage device cannot be performed. Once again, even if the security status data is written into the mobile storage device, the security status data of the current terminal device written into the mobile storage device is incomplete, which is not beneficial to analyzing the security status of the current terminal device subsequently.
Further, if the storage space occupied by the safety state data exceeds the remaining storage space of the mobile storage device, executing: carrying out duplicate removal processing on the safety state data to obtain target safety state data, wherein the same data does not exist in the target safety state data; determining whether the storage space occupied by the target safety state data exceeds the residual storage space of the mobile storage device; if not, writing the target safety state data into the mobile storage equipment; otherwise, the current flow is ended.
In this embodiment, the target security state data is obtained by deduplication of the security state data, which is beneficial to writing into the mobile storage device.
With respect to step 104, if the security status data stored in the removable storage device includes security status data of a plurality of terminal devices, in order to facilitate subsequent analysis of the security status data stored in the removable storage device, it may be considered to establish a mapping relationship between the security status data and the terminal device corresponding to the security status data, for example, the mapping relationship may be established by using a MAC address included in the basic attribute data.
In some embodiments, step 104 may include:
taking the MAC address included in the basic attribute data as the input of a preset GUID algorithm to obtain a unique asset identifier corresponding to the MAC address;
and writing the safety state data into the mobile storage device based on the obtained unique asset identification.
In this embodiment, by using the MAC address as the GUID algorithm, the unique asset identifier of the current terminal device can be obtained, and thus the security status data is written into the mobile storage device with the obtained unique asset identifier as an index. When the security state data of a certain terminal device in the mobile storage device needs to be analyzed subsequently, the security state data of the terminal device can be read only by knowing the unique asset identification of the terminal device. A GUID (global Unique Identifier) refers to a number generated on one machine, and is guaranteed to be Unique to all machines in the same space-time.
In some embodiments, the operation and maintenance of the safety state data further includes analyzing the data, and therefore after step 104, the method may further include:
and reading all safety state data in the mobile storage device based on the initialized thread.
In this embodiment, the mobile storage device can be successfully read, and a specific program capable of identifying the mobile storage device is also required.
In summary, after loading the specific program, the thread interacting with the removable storage device can be initialized, and at this time, it can be identified whether the removable storage device is connected to the terminal device, the unique device identifier of the removable storage device can be obtained, the security status data in the removable storage device can be read, and the security status data can be written into the removable storage device. That is, by installing the specific program in the terminal device, it is not only ensured that the terminal device can write the security state data into the mobile storage device, but also it is avoided that the mobile storage device is infected with a virus during the operation and maintenance of the security state data (i.e., a virus may be infected by a third-party program that is not a specific program performing a write operation).
Fig. 2 shows a flow chart of a method of identification of power system anomaly data according to another embodiment.
Referring to fig. 2, the method includes:
step 200: initializing a thread interacting with the mobile storage device;
step 202: judging whether the mobile storage equipment is accessed to the terminal equipment or not based on the initialized thread;
step 204: responding to the access of the mobile storage equipment to the terminal equipment, and obtaining the unique equipment identification of the mobile storage equipment;
step 206: identifying a unique device identifier based on the initialized thread;
step 208: after the identification is successful, obtaining the hidden sector form of the mobile storage device in the terminal device;
step 210: acquiring safety state data of the terminal equipment;
step 212: acquiring the residual storage space of the mobile storage device;
step 214: determining whether the storage space occupied by the safety state data exceeds the residual storage space of the mobile storage device; if not, go to step 216, if yes, end the current flow;
step 216: taking the MAC address included in the basic attribute data as the input of a preset GUID algorithm to obtain a unique asset identifier corresponding to the MAC address;
step 218: based on the obtained unique asset identification, the safety state data is written into the mobile storage device, so that when the mobile storage device is accessed into other terminal devices, the other terminal devices can process the safety state data according to preset processing logic;
step 220: and reading all safety state data in the mobile storage device based on the initialized thread.
As shown in fig. 3 and 4, an embodiment of the present invention provides an operation and maintenance device for security status data. The device embodiments may be implemented by software, or by hardware, or by a combination of hardware and software. From a hardware aspect, as shown in fig. 3, for a hardware architecture diagram of an electronic device where an operation and maintenance apparatus for security status data provided in an embodiment of the present invention is located, in addition to the processor, the memory, the network interface, and the nonvolatile memory shown in fig. 3, the electronic device where the apparatus is located in the embodiment may also generally include other hardware, such as a forwarding chip responsible for processing a message, and the like. Taking a software implementation as an example, as shown in fig. 4, as a logical device, a CPU of the electronic device reads a corresponding computer program in the non-volatile memory into the memory for running.
As shown in fig. 4, the operation and maintenance device for safety status data provided in this embodiment includes:
a first determining module 400, configured to respond to that a mobile storage device accesses a terminal device, and obtain a hidden sector form of the mobile storage device existing in the terminal device;
a first obtaining module 402, configured to obtain security status data of a terminal device; the safety state data comprises abnormal data and basic attribute data in the terminal equipment;
the writing module 404 is configured to write the security status data into the mobile storage device, so that when the mobile storage device accesses another terminal device, the other terminal device can process the security status data according to the preset processing logic.
In an embodiment of the present invention, the first determining module 400 may be configured to perform step 100 in the above-described method embodiment, the first obtaining module 402 may be configured to perform step 102 in the above-described method embodiment, and the writing module 404 may be configured to perform step 104 in the above-described method embodiment.
As shown in fig. 5, another operation and maintenance device for safety status data provided in this embodiment further includes:
an initialization module 406, configured to initialize a thread interacting with the mobile storage device;
the determining module 408 is configured to determine whether the mobile storage device is accessed to the terminal device based on the initialized thread.
In one embodiment of the present invention, the first determining module 400 is configured to perform the following operations:
responding to the access of the mobile storage equipment to the terminal equipment, and obtaining the unique equipment identification of the mobile storage equipment;
identifying a unique device identifier based on the initialized thread;
and after the identification is successful, obtaining the hidden sector form of the mobile storage device in the terminal device.
As shown in fig. 6, the operation and maintenance device for further safety state data provided in this embodiment further includes:
and a reading module 410, configured to read all the security status data in the mobile storage device based on the initialized thread.
In an embodiment of the present invention, the first obtaining module 402 is configured to perform the following operations:
acquiring abnormal data detected by antivirus software of the terminal equipment aiming at a preset detection object; wherein the detection object comprises at least one of: processes, services, drivers, ports, group policies, remote desktop access, sharing, startup items, and plan tasks;
acquiring basic attribute data of terminal equipment; wherein the basic attribute data includes at least one of: software data, hardware data, operating system data, user data, network configuration data.
In one embodiment of the invention, the base attribute data includes a MAC address;
a write module 404 configured to:
taking the MAC address included in the basic attribute data as the input of a preset GUID algorithm to obtain a unique asset identifier corresponding to the MAC address;
and writing the safety state data into the mobile storage device based on the obtained unique asset identification.
As shown in fig. 7, the operation and maintenance device for further safety state data provided in this embodiment further includes:
a second obtaining module 412, configured to obtain a remaining storage space of the mobile storage device;
a second determining module 414, configured to determine whether the storage space occupied by the security status data exceeds the remaining storage space of the mobile storage device, and if not, execute the writing module 404.
It is to be understood that the illustrated structure of the embodiment of the present invention does not constitute a specific limitation to an operation and maintenance device for safety state data. In other embodiments of the present invention, an operation and maintenance device for safety status data may include more or fewer components than those shown, or some components may be combined, some components may be split, or a different arrangement of components. The illustrated components may be implemented in hardware, software, or a combination of software and hardware.
Because the content of information interaction, execution process, and the like among the modules in the device is based on the same concept as the method embodiment of the present invention, specific content can be referred to the description in the method embodiment of the present invention, and is not described herein again.
The embodiment of the present invention further provides an electronic device, which includes a memory and a processor, where the memory stores a computer program, and when the processor executes the computer program, the method for operating and maintaining security status data in any embodiment of the present invention is implemented.
An embodiment of the present invention further provides a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the computer program causes the processor to execute an operation and maintenance method for security status data in any embodiment of the present invention.
Specifically, a system or an apparatus equipped with a storage medium on which software program codes that realize the functions of any of the above-described embodiments are stored may be provided, and a computer (or a CPU or MPU) of the system or the apparatus is caused to read out and execute the program codes stored in the storage medium.
In this case, the program code itself read from the storage medium can realize the functions of any of the above-described embodiments, and thus the program code and the storage medium storing the program code constitute a part of the present invention.
Examples of the storage medium for supplying the program code include a floppy disk, a hard disk, a magneto-optical disk, an optical disk (e.g., CD-ROM, CD-R, CD-RW, DVD-ROM, DVD-RAM, DVD-RW, DVD + RW), a magnetic tape, a nonvolatile memory card, and a ROM. Alternatively, the program code may be downloaded from a server computer via a communications network.
Further, it should be clear that the functions of any one of the above-described embodiments may be implemented not only by executing the program code read out by the computer, but also by causing an operating system or the like operating on the computer to perform a part or all of the actual operations based on instructions of the program code.
Further, it is to be understood that the program code read out from the storage medium is written to a memory provided in an expansion board inserted into the computer or to a memory provided in an expansion module connected to the computer, and then causes a CPU or the like mounted on the expansion board or the expansion module to perform part or all of the actual operations based on instructions of the program code, thereby realizing the functions of any of the above-described embodiments.
In summary, the present invention provides an operation and maintenance method, an apparatus, an electronic device and a storage medium for safety state data, and the invention at least has the following beneficial effects:
1. in an embodiment of the present invention, a hidden sector form obtained after the mobile storage device accesses the terminal device is determined, and then the obtained security state data of the terminal device is written into the mobile storage device, so that a malicious program in the terminal device can be prevented from tampering the mobile storage device, and the mobile storage device is prevented from being infected with viruses during the operation and maintenance process of the security state data.
2. In one embodiment of the present invention, the reason for the virus infection of the mobile storage device also includes that the security performance is not high, that is, the right to read the storage content in the mobile storage device is low. In order to solve the technical problem, in the embodiment, software which can be adapted to the mobile storage device is installed in the terminal device, so that the security of the mobile storage device in the operation and maintenance process of the security state data is improved. That is, after the software is started, the software needs to be initialized first to realize the interaction with the mobile storage device. Specifically, a thread interacting with the mobile storage device is initialized, and whether the mobile storage device is accessed to the terminal device is judged by using the initialized thread, so that the safety of the mobile storage device in the operation and maintenance process of the safety state data is improved.
3. In an embodiment of the present invention, each mobile storage device is configured with a unique device identifier when leaving the factory, and a mapping relationship between the unique device identifier and the hidden sector form can be established by configuring the unique device identifier, so that after software identifies the unique device identifier, the hidden sector form existing in the terminal device of the mobile storage device can be determined, thereby facilitating the execution of subsequent operations.
In addition, after the unique device identifier is obtained, whether the mobile storage device is a target device (i.e. a device adapted to software) can be verified through the unique device identifier, and if the verification is passed (i.e. the unique device identifier is successfully identified by the software), the hidden sector form of the mobile storage device existing in the terminal device can be determined based on the unique device identifier; otherwise, the mobile storage device is not adapted. That is to say, the security of the mobile storage device in the operation and maintenance process of the security state data can be further improved by setting the unique device identifier. Meanwhile, the mobile storage device can be identified only through the initialized thread, namely the mobile storage device can be identified only through the software, so that certain operation and maintenance safety is improved.
4. In an embodiment of the present invention, in order to ensure that the security status data of the current terminal device can be completely written into the mobile storage device, it may be considered to compare the storage space occupied by the security status data with the remaining storage space of the mobile storage device, and only when the storage space occupied by the security status data does not exceed the remaining storage space of the mobile storage device, the security status data is written into the mobile storage device. Otherwise, writing the security status data into the mobile storage device cannot be performed. Once again, even if the security status data is written into the mobile storage device, the security status data of the current terminal device written into the mobile storage device is incomplete, which is not beneficial to analyzing the security status of the current terminal device subsequently.
5. In one embodiment of the invention, the unique asset identifier of the current terminal device can be obtained by using the MAC address as the GUID algorithm, so that the security status data is written into the mobile storage device by using the obtained unique asset identifier as an index. When the security state data of a certain terminal device in the mobile storage device needs to be analyzed subsequently, the security state data of the terminal device can be read only by knowing the unique asset identification of the terminal device.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an …" does not exclude the presence of other similar elements in a process, method, article, or apparatus that comprises the element.
Those of ordinary skill in the art will understand that: all or part of the steps for realizing the method embodiments can be completed by hardware related to program instructions, the program can be stored in a computer readable storage medium, and the program executes the steps comprising the method embodiments when executed; and the aforementioned storage medium includes: various media that can store program codes, such as ROM, RAM, magnetic or optical disks.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.

Claims (10)

1. An operation and maintenance method for safety state data, comprising:
responding to a mobile storage device access terminal device, and obtaining a hidden sector form of the mobile storage device in the terminal device;
acquiring safety state data of the terminal equipment; the safety state data comprises abnormal data and basic attribute data in the terminal equipment;
and writing the safety state data into the mobile storage equipment, so that when the mobile storage equipment is accessed to other terminal equipment, the other terminal equipment can process the safety state data according to preset processing logic.
2. The method of claim 1, prior to said accessing the terminal device in response to the mobile storage device, further comprising:
initializing a thread interacting with the mobile storage device;
and judging whether the mobile storage equipment is accessed to the terminal equipment or not based on the initialized thread.
3. The method of claim 2, wherein the accessing a terminal device in response to a mobile storage device to obtain a hidden sector shape of the mobile storage device existing in the terminal device comprises:
responding to the access of the mobile storage equipment to the terminal equipment, and obtaining a unique equipment identifier of the mobile storage equipment;
identifying the unique device identification based on the initialized thread;
and after the identification is successful, obtaining the hidden sector form of the mobile storage device in the terminal device.
4. The method of claim 3, further comprising, after the writing the security state data to the mobile storage device:
and reading all safety state data in the mobile storage equipment based on the initialized thread.
5. The method according to any one of claims 1-4, wherein the obtaining the security status data of the terminal device comprises:
acquiring abnormal data detected by antivirus software of the terminal equipment aiming at a preset detection object; wherein the detection object includes at least one of: processes, services, drivers, ports, group policies, remote desktop access, sharing, startup items, and plan tasks;
acquiring basic attribute data of the terminal equipment; wherein the base attribute data comprises at least one of: software data, hardware data, operating system data, user data, network configuration data.
6. The method according to any of claims 1-4, wherein the base attribute data comprises a MAC address;
the writing the security state data into the mobile storage device includes:
taking the MAC address included in the basic attribute data as the input of a preset GUID algorithm to obtain a unique asset identifier corresponding to the MAC address;
and writing the safety state data into the mobile storage equipment based on the obtained unique asset identification.
7. The method according to any one of claims 1-4, further comprising, after said obtaining the security status data of the terminal device and before said writing the security status data into the removable storage device:
acquiring the residual storage space of the mobile storage equipment;
determining whether the storage space occupied by the safety state data exceeds the residual storage space of the mobile storage device;
and if not, executing the step of writing the safety state data into the mobile storage equipment.
8. An operation and maintenance device for safety state data, comprising:
the mobile storage device access control method comprises a first determining module, a second determining module and a third determining module, wherein the first determining module is used for responding to a mobile storage device access terminal device and obtaining a hidden sector form of the mobile storage device in the terminal device;
the first acquisition module is used for acquiring the safety state data of the terminal equipment; the safety state data comprises abnormal data and basic attribute data in the terminal equipment;
and the writing module is used for writing the safety state data into the mobile storage equipment.
9. An electronic device comprising a memory having stored therein a computer program and a processor that, when executing the computer program, implements the method of any of claims 1-7.
10. A computer-readable storage medium, on which a computer program is stored which, when executed in a computer, causes the computer to carry out the method of any one of claims 1-7.
CN202110769194.1A 2021-07-07 2021-07-07 Operation and maintenance method and device of safety state data, electronic equipment and storage medium Pending CN113378245A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110769194.1A CN113378245A (en) 2021-07-07 2021-07-07 Operation and maintenance method and device of safety state data, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110769194.1A CN113378245A (en) 2021-07-07 2021-07-07 Operation and maintenance method and device of safety state data, electronic equipment and storage medium

Publications (1)

Publication Number Publication Date
CN113378245A true CN113378245A (en) 2021-09-10

Family

ID=77581378

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110769194.1A Pending CN113378245A (en) 2021-07-07 2021-07-07 Operation and maintenance method and device of safety state data, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN113378245A (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102968391A (en) * 2012-03-20 2013-03-13 广州市国迈科技有限公司 U disk capable of protecting copyrights of stored software
CN104573563A (en) * 2013-10-24 2015-04-29 西安造新电子信息科技有限公司 Safety use method of mobile storage equipment
CN107818028A (en) * 2017-04-26 2018-03-20 西安航空学院 A kind of computer data backup and restoring method
CN109408403A (en) * 2018-10-12 2019-03-01 深圳市硅格半导体有限公司 Mapping method, device, system and storage medium based on storage equipment bottom
CN110489357A (en) * 2019-09-10 2019-11-22 深圳市得一微电子有限责任公司 A kind of method and system of the hiding data on movable memory equipment
CN110516428A (en) * 2019-08-30 2019-11-29 苏州国芯科技股份有限公司 A kind of data read-write method of movable storage device, device and storage medium
CN111522499A (en) * 2019-02-01 2020-08-11 香港商希瑞科技股份有限公司 Operation and maintenance data reading device and reading method thereof
CN112883402A (en) * 2021-03-15 2021-06-01 英韧科技(上海)有限公司 Encryption method and device, electronic equipment and storage medium

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102968391A (en) * 2012-03-20 2013-03-13 广州市国迈科技有限公司 U disk capable of protecting copyrights of stored software
CN104573563A (en) * 2013-10-24 2015-04-29 西安造新电子信息科技有限公司 Safety use method of mobile storage equipment
CN107818028A (en) * 2017-04-26 2018-03-20 西安航空学院 A kind of computer data backup and restoring method
CN109408403A (en) * 2018-10-12 2019-03-01 深圳市硅格半导体有限公司 Mapping method, device, system and storage medium based on storage equipment bottom
CN111522499A (en) * 2019-02-01 2020-08-11 香港商希瑞科技股份有限公司 Operation and maintenance data reading device and reading method thereof
CN110516428A (en) * 2019-08-30 2019-11-29 苏州国芯科技股份有限公司 A kind of data read-write method of movable storage device, device and storage medium
CN110489357A (en) * 2019-09-10 2019-11-22 深圳市得一微电子有限责任公司 A kind of method and system of the hiding data on movable memory equipment
CN112883402A (en) * 2021-03-15 2021-06-01 英韧科技(上海)有限公司 Encryption method and device, electronic equipment and storage medium

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
杨沛东;: "轻松解决U盘数据的安全问题", 教育教学论坛, no. 38, 18 September 2013 (2013-09-18) *

Similar Documents

Publication Publication Date Title
US10242186B2 (en) System and method for detecting malicious code in address space of a process
US11068585B2 (en) Filesystem action profiling of containers and security enforcement
US11093625B2 (en) Adaptive file access authorization using process access patterns
US10169585B1 (en) System and methods for advanced malware detection through placement of transition events
US9223966B1 (en) Systems and methods for replicating computing system environments
JP5586216B2 (en) Context-aware real-time computer protection system and method
RU2472215C1 (en) Method of detecting unknown programs by load process emulation
US8925076B2 (en) Application-specific re-adjustment of computer security settings
JP4828199B2 (en) System and method for integrating knowledge base of anti-virus software applications
US6907396B1 (en) Detecting computer viruses or malicious software by patching instructions into an emulator
US11409862B2 (en) Intrusion detection and prevention for unknown software vulnerabilities using live patching
US11070570B2 (en) Methods and cloud-based systems for correlating malware detections by endpoint devices and servers
US10284564B1 (en) Systems and methods for dynamically validating remote requests within enterprise networks
US9385869B1 (en) Systems and methods for trusting digitally signed files in the absence of verifiable signature conditions
CN105760787A (en) System and method used for detecting malicious code of random access memory
CN114065196A (en) Java memory horse detection method and device, electronic equipment and storage medium
US9219728B1 (en) Systems and methods for protecting services
US9811659B1 (en) Systems and methods for time-shifted detection of security threats
US10089469B1 (en) Systems and methods for whitelisting file clusters in connection with trusted software packages
JPWO2005103909A1 (en) Security maintenance method, data storage device, security maintenance server, and recording medium recording the program
US20140298002A1 (en) Method and device for identifying a disk boot sector virus, and storage medium
CN110659478A (en) Method for detecting malicious files that prevent analysis in an isolated environment
US9501649B2 (en) Systems and methods for determining potential impacts of applications on the security of computing systems
CN113378245A (en) Operation and maintenance method and device of safety state data, electronic equipment and storage medium
US11392696B1 (en) Systems and methods for detecting code implanted into a published application

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination