CN113472775A - Exposed surface determining method and system and storage medium - Google Patents
Exposed surface determining method and system and storage medium Download PDFInfo
- Publication number
- CN113472775A CN113472775A CN202110733137.8A CN202110733137A CN113472775A CN 113472775 A CN113472775 A CN 113472775A CN 202110733137 A CN202110733137 A CN 202110733137A CN 113472775 A CN113472775 A CN 113472775A
- Authority
- CN
- China
- Prior art keywords
- asset
- information
- target asset
- target
- exposed surface
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The application discloses an exposed surface determining method, which comprises the following steps: obtaining accessed information of each target asset in the target asset set; exposed face information of the target asset is determined based on the obtained access control policy and the accessed information. By applying the technical scheme provided by the application, based on the access control strategy and the accessed information of each target asset, the exposed surface information of the target asset can be accurately determined, the comprehensive carding of the exposed surface of the asset is realized, and then the exposed surface can be quickly and effectively controlled by accurately determining the exposed surface of the asset, so that the safety risk is reduced. The application also discloses another exposed surface determining method, an exposed surface determining system and a storage medium, which have corresponding technical effects.
Description
Technical Field
The present application relates to the field of computer application technologies, and in particular, to an exposed surface determining method, system and storage medium.
Background
Asset exposure surface, Asset exposure, refers to the access right opened by an Asset such as a server, and the larger the exposure surface of the Asset is, the more access right is opened, and the greater the security risk is.
With the continuous development of various business systems, the quantity of assets is gradually increased, and the attention on the exposed surface of the assets is higher and higher. At present, access control logs, flow logs and the like are mostly analyzed in a manual mode to obtain the current access condition of an asset, and then the exposed surface of the asset is combed according to the current access condition of the asset, so that the exposed surface is controlled. However, because the number of access control logs, flow logs and the like is huge, the inter-access relationship among the systems is complex, comprehensive carding is difficult to realize in a manual mode, and especially for some third-party systems, old systems and the like, the application and the purpose of the systems cannot be determined due to the fact that no personnel maintain for a long time, and the asset exposure surface cannot be accurately determined.
Disclosure of Invention
The application aims to provide an exposed surface determining method, an exposed surface determining system and a storage medium, so that an asset exposed surface can be accurately determined, and comprehensive carding of the asset exposed surface is realized.
In order to solve the technical problem, the application provides the following technical scheme:
an exposed surface determining method comprising:
obtaining accessed information of each target asset in the target asset set;
determining exposed surface information of the target asset based on the obtained access control policy and the accessed information.
In one embodiment of the present application, the method further includes:
adding a local area network asset associated with the internet asset to the target asset set if the target asset set includes internet assets exposed to an internet environment.
In one embodiment of the present application, the adding the local area network asset associated with the internet asset to the target asset set comprises:
for each internet asset, determining whether a local area network asset associated with a current internet asset exists in the target set of assets;
if the local area network asset associated with the current internet asset does not exist in the target asset set, determining the local area network asset associated with the current internet asset according to an asset library, and adding the local area network asset to the target asset set.
In one embodiment of the present application, the target asset set is determined by the steps comprising:
determining a core asset according to the marking information;
determining the target asset set based on the core assets.
In one embodiment of the present application, the determining the exposure information of the target asset based on the obtained access control policy and the accessed information includes:
and matching the accessed information of each target asset with the obtained access control strategy, and determining the open port of the target asset.
In one embodiment of the present application, the exposure information includes information of an open port and an accessed amount of each open port, and the determining exposure information of the target asset based on the obtained access control policy and the accessed information includes:
matching the accessed information of each target asset with the obtained access control strategy, and determining an open port of the target asset;
and determining the accessed quantity of the open port of the target asset according to the accessed information of the target asset.
In one embodiment of the present application, the method further includes:
outputting exposed surface information of the target asset.
In one embodiment of the present application, the method further includes:
adjusting the access control policy based on the exposure face information.
In one embodiment of the present application, the method further includes:
and determining a risk port in the open ports according to preset risk information.
In a specific embodiment of the present application, the risk information is determined by learning port information corresponding to historical security events.
In one embodiment of the present application, the method further includes:
outputting the risk port.
An exposed surface determining method comprising:
receiving a policy acquisition request;
and returning an access control policy according to the policy acquisition request, so as to determine exposed surface information of each target asset in the target asset set according to the access control policy and the accessed information of the target asset.
An exposure surface determination system comprising an asset management platform, wherein:
the asset management platform is used for acquiring the accessed information of each target asset in the target asset set; determining exposed surface information of the target asset based on the obtained access control policy and the accessed information.
An exposure surface determination system comprising a security device, wherein:
the security device is used for receiving a policy acquisition request; and returning an access control policy according to the policy acquisition request, so as to determine exposed surface information of each target asset in the target asset set according to the access control policy and the accessed information of the target asset.
A computer-readable storage medium having stored thereon a computer program which, when executed by a processor, carries out the steps of the exposure surface determination method described above.
By applying the technical scheme provided by the embodiment of the application, the accessed information of each target asset in the target asset set is obtained, and then the exposed surface information of each target asset can be determined based on the obtained access control strategy and the accessed information of each target asset. Based on the access control strategy and the accessed information of each target asset, the exposed surface information of the target asset can be accurately determined, the comprehensive carding of the exposed surface of the asset is realized, and then the exposed surface of the asset is accurately determined, so that the exposed surface can be quickly and effectively controlled, and the safety risk is reduced.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a flow chart of an embodiment of a method for determining an exposed surface;
FIG. 2 is a schematic diagram of an exposed surface determination process in an embodiment of the present application;
FIG. 3 is a flow chart of another method for determining an exposed surface according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of an exposed surface determining system according to an embodiment of the present application.
Detailed Description
The core of the application is to provide an exposure surface determination method, which can be applied to an asset management platform, such as a situation awareness platform. Situation Awareness, namely, Situation aware, is an ability to dynamically and integrally know security risks based on an environment, and is a way to improve capabilities of discovery, identification, understanding, analysis, and response handling of security threats from a global perspective based on security big data, and finally, for decision making and action, it is a ground of security capabilities.
Can accurately confirm the exposed face information of target asset through asset management platform, comb exposed face comprehensively, and then through accurate definite asset exposed face, can manage and control exposed face effectively fast, reduce safe risk.
In order that those skilled in the art will better understand the disclosure, the following detailed description will be given with reference to the accompanying drawings. It is to be understood that the embodiments described are only a few embodiments of the present application and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Referring to fig. 1, a flowchart for implementing an exposed surface determining method provided in an embodiment of the present application may include the following steps:
s110: accessed information for each target asset in the set of target assets is obtained.
In the embodiment of the application, when the demand of combing or managing the exposed surface of the asset exists, a corresponding instruction can be sent to the asset management platform. According to the instruction, the asset management platform can determine a target asset set to be subjected to exposure surface information determination currently. Or, the asset management platform may determine, at set time intervals, a specified set of partial assets or all assets as a target asset set to be currently subjected to exposure surface information determination.
The target asset set may include one or more target assets, each of which may be configured with a plurality of ports.
The asset management platform can monitor the flow of each asset in real time. After the target asset set is determined, the accessed information of each target asset in the target asset set can be obtained according to the actual access flow log.
S120: exposed face information of the target asset is determined based on the obtained access control policy and the accessed information.
A security device such as a firewall can be deployed in the user system to perform access control on the assets. Such as next generation firewalls may be deployed. Next Generation Firewall, i.e. Next Generation Firewall, NGFW for short, is a high performance Firewall that can fully deal with application layer threats. By deeply insights about users, applications and contents in network flow and by means of a high-performance single-path heterogeneous parallel processing engine, the next-generation firewall can provide effective application layer integrated security protection for the users, help the users to safely develop services and simplify the network security architecture of the users.
A security device such as a firewall may access control assets based on a preset access control policy. There may be a plurality of preset access control policies. The asset management platform can acquire the corresponding access control strategy through security equipment such as a firewall.
After the asset management platform acquires the accessed information of each target asset in the target asset set, the exposed surface information of each target asset can be determined based on the acquired access control policy and the accessed information of each target asset. The determined exposure face information for each target asset may include an open port, or information including an open port and an accessed amount for each open port.
Specifically, the access-allowed port, i.e., the open port, of each target asset in the target asset set can be obtained through traversal of the access control policy and the accessed information. For an asset, other devices or systems can only access the asset through its open port. The accessed information acquired for each target asset in the target asset set may include information such as an accessed port, an accessed amount, and the like. According to the accessed information of each target asset, the accessed amount of each open port of each target asset can be obtained.
And determining the exposure surface information of each target asset based on the acquired access control strategy and the accessed information of each target asset, wherein the exposure surface information is more comprehensive than the exposure surface information obtained by counting only the accessed condition of the asset. Because some assets do not necessarily have corresponding accessed information on the open port, there may be no corresponding access to the open port due to service change or other reasons, and thus it is impossible to determine whether the open port exists by simply accessing the information, and thus, comprehensive asset exposure information cannot be obtained.
By applying the method provided by the embodiment of the application, the accessed information of each target asset in the target asset set is obtained, and then the exposed surface information of each target asset can be determined based on the obtained access control strategy and the accessed information of each target asset. Based on the access control strategy and the accessed information of each target asset, the exposed surface information of the target asset can be accurately determined, the comprehensive carding of the exposed surface of the asset is realized, and then the exposed surface of the asset is accurately determined, so that the exposed surface can be quickly and effectively controlled, and the safety risk is reduced.
In one embodiment of the present application, the method may further comprise the steps of:
the access control policy is adjusted based on the exposure face information.
In this embodiment, the determined exposure information of the target asset may include information of the open ports and the visited amount of each open port, may further include information of visited frequency determined based on the visited amount of each open port, and the like, for example, for a certain open port of a certain asset, the visited frequency is obtained by comparing the visited amount of the open port with the statistical number of days, and may further include visited amount change information of each open port of a certain target asset, for example, the visited amount change information of a certain open port of a certain asset in the last month.
After the exposure surface information of the target assets is determined, the current exposure surface condition of each target asset in the target asset set can be known based on the exposure surface information. Such as the open port each target asset has, the volume visited in the last week of each open port, the volume visited in the last month, volume change information, frequency of visits, etc.
The access control policy may be adjusted based on the exposed surface information, such as determining an open port with security risk based on the exposed surface information, and restricting access to the open port by adjusting the access control policy. For example, if the access amount of an open port of an asset is greater than a preset access amount threshold in the last week, it may be considered that the open port has a security risk of being exposed too much, and the access to the open port may be limited by adjusting a corresponding access control policy.
The exposed face of the target asset may also be adjusted based on the exposed face information, such as closing an open port. For example, if an open port of an asset is gradually accessed in a decreasing amount in a month, the traffic of the open port may have been migrated, and the open port may be selected to be closed.
Of course, the above is only a specific example, and in practical applications, it may be determined which exposure surfaces of which target assets or which access control policies are to be adjusted based on the exposure surface information. And carrying out specific adjustment operation, reducing the exposed surface, realizing closed-loop control and permission minimization control on the asset exposed surface, and reducing the security risk.
In one embodiment of the present application, the method may further comprise the steps of:
if the target set of assets includes internet assets exposed to an internet environment, then a local area network asset associated with the internet asset is added to the target set of assets.
After the target asset set is determined, whether internet assets exposed in the internet environment exist in the target asset set can be further determined, if so, local area network assets associated with each internet asset can be respectively determined, and the determined local area network assets associated with the internet assets are added into the target asset set.
For an asset, if the asset is exposed to an internet environment, it may be referred to as an internet asset, and may also be referred to as an extranet asset, which has an access address for an extranet, but also an access address for an intranet, i.e., a local area network, corresponding to the local area network asset. When the accessed information of the assets is obtained, the more accurate accessed information can be obtained by combining the access addresses of the outer network and the inner network. Therefore, the internet assets and the corresponding local area network assets are associated, the associated local area network assets are added into the target asset set, and more comprehensive and more accurate accessed information can be obtained.
In one embodiment of the present application, the process of adding the local area network asset associated with the internet asset to the target asset set may specifically be, for each internet asset, determining whether a local area network asset associated with the current internet asset exists in the target asset set, and if the local area network asset associated with the current internet asset does not exist in the target asset set, determining the local area network asset associated with the current internet asset according to an asset library, and adding the local area network asset to the target asset set.
The asset library can record the related information of all current assets of the user. In the case where there is an internet asset exposed to the internet environment in the target asset set, for each internet asset, it may be determined whether there is a local area network asset associated with the current internet asset in the target asset set, such as a determination of an association relationship by fingerprint information. If the local area network assets exist, the addition processing is not needed, and if the local area network assets do not exist, the local area network assets related to the current Internet assets can be obtained by querying the asset library. Such as a query in an asset repository with a domain name as a query condition. And then adding the inquired associated local area network assets into the target asset set. So as to acquire more comprehensive and more accurate accessed information of each target asset.
Current internet assets refer to internet assets for which current operations are directed.
In the embodiment of the application, the internet assets can be acquired through the cloud asset scanning tool. Such as internet assets exposed to an internet environment, may be pulled through the cloud eye. The cloud eye access configuration file path can be obtained in advance, the cloud eye access configuration file can be read through the path, whether the cloud eye is accessed or not is determined, if the cloud eye is accessed, whether the cloud eye is online or not can be further determined, if the cloud eye is online, a set number of cloud eye exposure surface assets, namely the internet assets exposed in the internet environment, can be pulled, and meanwhile port information and fingerprint information corresponding to each internet asset can be pulled.
The cloud asset scanning tool can be used for rapidly acquiring the internet assets exposed in the internet environment.
In one embodiment of the present application, the target asset set may be determined by:
the method comprises the following steps: determining a core asset according to the marking information;
step two: a target asset set is determined based on the core assets.
For convenience of description, the above two steps are combined for illustration.
It will be appreciated that the core assets in the user system need to take on more important business, and that the user's focus on the exposed faces of the core assets will be higher. When the target asset set needs to be determined, the core assets can be determined according to the mark information. Specifically, whether each asset is a core asset may be marked in the asset library, and the core asset may be acquired through the asset library according to the marking information.
Based on the core assets, a target set of assets can be determined. Specifically, the current set of all core assets can be directly determined as the target asset set. Or, if the target asset set is acquired through a cloud asset scanning tool such as a cloud eye, each core asset may be sequentially traversed, whether a current core asset exists in the target asset set is determined, and if not, the current core asset is added to the target asset set. The current core asset refers to the core asset for which the current operation is directed.
As shown in fig. 2, the situation awareness platform may pull internet assets exposed in the internet environment through cloud eyes, obtain local area network assets associated with each internet asset through an asset library, and obtain core assets through the asset library, where a set of these assets may form a target asset set, obtain accessed information of each target asset in the target asset set through an actual access traffic log, determine exposed surface information of each target asset based on the obtained access control policy deployed in the firewall and the accessed information of each target asset, adjust the exposed surface or the access control policy based on the exposed surface information, reduce the asset exposed surface, and implement the minimum authority management and control.
In one embodiment of the present application, the exposure information includes an open port, and determining the exposure information of the target asset based on the obtained access control policy and the accessed information may include the following steps:
and matching the accessed information of each target asset with the obtained access control strategy to determine the open port of the target asset.
In the embodiment of the application, after the target asset set is determined and the accessed information of each target asset in the target asset set is acquired, the accessed information of each target asset can be matched with the acquired access control policy to determine the open port of the target asset.
For each target asset, an accessed port of the target asset may be obtained according to the accessed information of the target asset, and the accessed port may open one or more ports of the ports for the target asset.
There may be one or more of the access control policies obtained. For each target asset in the set of target assets, an open port for the current target asset may be determined by traversing each access control policy. Specifically, for each traversed access control policy, if in the current access control policy, access to an asset in an area to which an access portal of the current target asset belongs is allowed, an access address of the current target asset is within an access address range corresponding to an access address group allowed by the current access control policy, and access to all services of the asset is allowed in the current access control policy, it is determined that each port of the current target asset is an open port; otherwise, determining the open port of the current target asset based on the service which is allowed to be accessed by the current access control policy.
Specifically, for each traversed access control policy, it may be determined whether the current access control policy allows access to the area to which the access portal of the current target asset belongs. Various configuration information such as an access control policy, an IP (Internet Protocol) group configuration, a regional configuration, routing information, and the like may be obtained in advance. The network port through which the current target asset is accessed can be obtained through the routing information, and the area to which the access network port belongs can be obtained through area configuration. And determining whether the current access control strategy allows the access of the area to which the access network port belongs, if so, continuing the operation of the subsequent step, if not, indicating that the current target asset is not in the allowed access range of the current access control strategy, and traversing to the next access control strategy to perform corresponding judgment.
And in the case that the current access control policy allows the access of the area to which the access portal of the current target asset belongs, further determining an access address range corresponding to the access address group allowed by the current access control policy. The access address may be an IP address, etc. The IP range corresponding to the IP group allowed by the current access control policy can be obtained through the IP group configuration.
And judging whether the access address of the current target asset is in the access address range. If so, continuing the operation of the subsequent step, otherwise, indicating that the current target asset is not in the allowed access range of the current access control policy, and traversing to the next access control policy to make a corresponding judgment.
If the access address of the current target asset is in the access address range corresponding to the access address group allowed by the current access control policy, it may be further determined whether the current access control policy allows access to all services. If so, determining that any port of the current target asset is an open port, otherwise, determining the open port of the current target asset based on the service which is allowed to be accessed by the current access control policy.
After traversing all the access control strategies, the open ports which are allowed to be accessed by all the strategies of the current target asset can be obtained, and then all the open ports of the current target asset can be obtained by combining the accessed port of the current target asset, which is obtained according to the accessed information of the current target asset.
Before traversing the access control strategy, the access control strategy which is rejected by action and has no effect of state conflict can be filtered, only the access control strategy which is allowed and effective by action is traversed, and the open port of the current target asset is determined, so that the processing efficiency is improved.
For each target asset in the target asset set, all open ports of each target asset can be accurately determined through the operation of the steps.
In one embodiment of the present application, the exposure information includes information of the open ports and the accessed amount of each open port, and determining the exposure information of the target asset based on the obtained access control policy and the accessed information may include the following steps:
matching the accessed information of each target asset with the obtained access control strategy to determine an open port of the target asset;
and determining the accessed amount of the open port of the target asset according to the accessed information of the target asset.
In the embodiment of the present application, the process of matching the accessed information of each target asset with the obtained access control policy and determining the open port of the target asset may refer to the execution process of the previous embodiment, which is not described again.
From the accessed information for each target asset, an amount of access to each open port for each target asset may be determined. The accessed volume may be a monthly or weekly volume, etc. For an asset, the asset can be accessed through a certain open port of the asset, and a connection can be used as one access to obtain a corresponding accessed amount.
The determined exposure surface information of the target asset comprises the information of the open ports and the accessed amount of each open port, and compared with the exposure surface information obtained through statistics only of the accessed condition of the asset, the exposure surface information is more comprehensive, and adjustment of the exposure surface and/or the corresponding access control strategy is facilitated based on the exposure surface information.
In one embodiment of the present application, the method may further comprise the steps of:
and determining a risk port in the open ports according to preset risk information.
In the embodiment of the application, the risk information can be preset, can be set by a user, and can also be determined by learning the port information corresponding to the historical security event. Historical security events can be acquired, analyzed, and port information such as the accessed amount of the port, the variation trend of the accessed amount and the like can be extracted. And learning port information corresponding to historical security events to determine risk information. The risk information may include port identification, port risk characteristics, and the like.
The determined exposure surface information comprises open ports, and risk ports in the open ports can be determined according to the risk information. For example, according to the port identifier in the risk information, the port with the corresponding port identifier in the open port may be determined as the risk port, or according to the port risk feature in the risk information, the port with the corresponding port risk feature in the open port may be determined and determined as the risk port.
According to the risk information, the risk port in the open port can be accurately determined, and then the risk port can be timely disposed.
After the risk port in the open port is determined, the risk port can be output, so that a user can timely know the condition of the risk port and dispose the risk port.
After determining the exposed surface information of the target asset based on the obtained access control policy and the accessed information, the exposed surface information of the target asset may also be output. So that the user can know the exposed surface condition of the asset in time and adjust the exposed surface condition accordingly.
In making the output of the exposure information and/or the output of the risk port for the target asset, the specific information may be prominently identified, such as by highlighting, underlining, or using a different font color, etc. For example, all ports may be output, and a significant identifier may be performed on an open port, or all open ports may be output, and a significant identifier may be performed on a risk port, or only a risk port may be output, or an access control policy corresponding to a risk port may be output while a risk port is output, and the like.
Referring to fig. 3, a flow chart of another method for determining an exposed surface according to an embodiment of the present application is shown, where the method may include the following steps:
s310: receiving a policy acquisition request;
s320: and returning the access control policy according to the policy acquisition request so as to determine the exposed surface information of the target asset according to the access control policy and the accessed information of each target asset in the target asset set.
For convenience of description, the above two steps are combined for illustration.
The technical scheme provided by the embodiment of the application can be applied to security equipment such as a firewall, and the security equipment can perform access control on assets in a user system based on a preset access control strategy.
When there is a need to card or otherwise manage the exposed surfaces of the asset, asset management may issue a policy acquisition request to the security device. After receiving the policy acquisition request, the security device may return an access control policy according to the policy acquisition request, so that after the asset management platform determines the target asset set, the asset management platform may determine exposed surface information of the target asset according to the access control policy and the accessed information of each target asset in the target asset set.
By applying the method provided by the embodiment of the application, the security device returns the access control strategy according to the strategy receiving request, the asset management platform can accurately determine the exposed surface information of the target asset based on the access control strategy and the accessed information of each target asset in the target asset set, so that the exposed surface of the asset can be comprehensively combed, and further, the exposed surface can be quickly and effectively controlled by accurately determining the exposed surface of the asset, and the security risk is reduced.
Corresponding to the method embodiment shown in fig. 1 above, the present application further provides an exposed surface determining system, which includes an asset management platform, as shown in fig. 4, and the exposed surface determining system described below and the exposed surface determining method described above may be referred to correspondingly. Wherein:
the asset management platform is used for acquiring the accessed information of each target asset in the target asset set; exposed face information of the target asset is determined based on the obtained access control policy and the accessed information.
By applying the system provided by the embodiment of the application, the asset management platform can accurately determine the exposed surface information of the target asset based on the access control strategy and the accessed information of each target asset, so that the exposed surface of the asset can be comprehensively combed, and further, the exposed surface can be quickly and effectively controlled by accurately determining the exposed surface of the asset, so that the safety risk is reduced.
In one embodiment of the present application, the method further includes:
if the target set of assets includes internet assets exposed to an internet environment, then a local area network asset associated with the internet asset is added to the target set of assets.
In one embodiment of the present application, joining a local area network asset associated with an internet asset to a target asset set comprises:
for each internet asset, determining whether a local area network asset associated with the current internet asset exists in the target asset set;
if the local area network asset associated with the current internet asset does not exist in the target asset set, determining the local area network asset associated with the current internet asset according to the asset library, and adding the local area network asset to the target asset set.
In one embodiment of the present application, the target asset set is determined by:
determining a core asset according to the marking information;
a target asset set is determined based on the core assets.
In one embodiment of the present application, the exposure information includes an open port, and determining the exposure information of the target asset based on the obtained access control policy and the accessed information includes:
and matching the accessed information of each target asset with the obtained access control strategy to determine the open port of the target asset.
In one embodiment of the present application, the exposure information includes information of the open ports and the visited amount of each open port, and determining the exposure information of the target asset based on the obtained access control policy and the visited information includes:
matching the accessed information of each target asset with the obtained access control strategy to determine an open port of the target asset;
and determining the accessed amount of the open port of the target asset according to the accessed information of the target asset.
In one embodiment of the present application, the method further includes:
outputting the exposed surface information of the target asset.
In one embodiment of the present application, the method further includes:
the access control policy is adjusted based on the exposure face information.
In one embodiment of the present application, the method further includes:
and determining a risk port in the open ports according to preset risk information.
In one embodiment of the present application, the risk information is determined by learning port information corresponding to historical security events.
In one embodiment of the present application, the method further includes:
and outputting the risk port.
Corresponding to the method embodiment shown in fig. 3, the present application further provides an exposed surface determining system, including a security device, as shown in fig. 4, and the exposed surface determining system described below and the exposed surface determining method described above are correspondingly referred to. Wherein:
the security device is used for receiving the strategy acquisition request; and returning the access control policy according to the policy acquisition request so as to determine the exposed surface information of the target asset according to the access control policy and the accessed information of each target asset in the target asset set.
By applying the system provided by the embodiment of the application, the security device returns the access control strategy according to the strategy receiving request, the asset management platform can accurately determine the exposed surface information of the target asset based on the access control strategy and the accessed information of each target asset in the target asset set, so that the exposed surface of the asset can be comprehensively combed, and further, the exposed surface can be quickly and effectively controlled by accurately determining the exposed surface of the asset, and the security risk is reduced.
Corresponding to the above method embodiments, the present application further provides a computer-readable storage medium, on which a computer program is stored, and the computer program, when executed by a processor, implements the steps of the exposure surface determination method described above.
The embodiments are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same or similar parts among the embodiments are referred to each other.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
The principle and the implementation of the present application are explained in the present application by using specific examples, and the above description of the embodiments is only used to help understanding the technical solution and the core idea of the present application. It should be noted that, for those skilled in the art, it is possible to make several improvements and modifications to the present application without departing from the principle of the present application, and such improvements and modifications also fall within the scope of the claims of the present application.
Claims (10)
1. An exposed surface determining method, comprising:
obtaining accessed information of each target asset in the target asset set;
determining exposed surface information of the target asset based on the obtained access control policy and the accessed information.
2. The exposed surface determining method according to claim 1, further comprising:
adding a local area network asset associated with the internet asset to the target asset set if the target asset set includes internet assets exposed to an internet environment.
3. The exposure surface determination method of claim 2, wherein the adding a local area network asset associated with the internet asset to the target asset set comprises:
for each internet asset, determining whether a local area network asset associated with a current internet asset exists in the target set of assets;
if the local area network asset associated with the current internet asset does not exist in the target asset set, determining the local area network asset associated with the current internet asset according to an asset library, and adding the local area network asset to the target asset set.
4. The exposed surface determination method of claim 1 wherein the target set of assets is determined by:
determining a core asset according to the marking information;
determining the target asset set based on the core assets.
5. The exposed surface determination method of any of claims 1 to 4, wherein the exposed surface information comprises an open port, and wherein determining exposed surface information of the target asset based on the obtained access control policy and the accessed information comprises:
and matching the accessed information of each target asset with the obtained access control strategy, and determining the open port of the target asset.
6. The exposed surface determination method of any one of claims 1 to 4, wherein the exposed surface information comprises information of open ports and an accessed amount of each open port, and wherein the determining the exposed surface information of the target asset based on the obtained access control policy and the accessed information comprises:
matching the accessed information of each target asset with the obtained access control strategy, and determining an open port of the target asset;
and determining the accessed quantity of the open port of the target asset according to the accessed information of the target asset.
7. An exposed surface determining method, comprising:
receiving a policy acquisition request;
and returning an access control policy according to the policy acquisition request, so as to determine exposed surface information of each target asset in the target asset set according to the access control policy and the accessed information of the target asset.
8. An exposure surface determination system, comprising an asset management platform, wherein:
the asset management platform is used for acquiring the accessed information of each target asset in the target asset set; determining exposed surface information of the target asset based on the obtained access control policy and the accessed information.
9. An exposure surface determining system, comprising a security device, wherein:
the security device is used for receiving a policy acquisition request; and returning an access control policy according to the policy acquisition request, so as to determine exposed surface information of each target asset in the target asset set according to the access control policy and the accessed information of the target asset.
10. A computer-readable storage medium, having stored thereon a computer program which, when being executed by a processor, carries out the steps of the exposure surface determination method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110733137.8A CN113472775B (en) | 2021-06-29 | 2021-06-29 | Method, system and storage medium for determining exposed surface |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110733137.8A CN113472775B (en) | 2021-06-29 | 2021-06-29 | Method, system and storage medium for determining exposed surface |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113472775A true CN113472775A (en) | 2021-10-01 |
| CN113472775B CN113472775B (en) | 2023-07-14 |
Family
ID=77874145
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110733137.8A Active CN113472775B (en) | 2021-06-29 | 2021-06-29 | Method, system and storage medium for determining exposed surface |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113472775B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114615015A (en) * | 2022-01-29 | 2022-06-10 | 奇安信科技集团股份有限公司 | Method, device, equipment and medium for determining repair priority of service system |
| CN115086013A (en) * | 2022-06-13 | 2022-09-20 | 北京奇艺世纪科技有限公司 | Risk identification method, risk identification device, electronic equipment, storage medium and computer program product |
| CN115296917A (en) * | 2022-08-09 | 2022-11-04 | 山东港口科技集团烟台有限公司 | Asset exposure surface information acquisition method, device, equipment and storage medium |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090037300A1 (en) * | 2007-07-30 | 2009-02-05 | Michael Steven Abrams | Systems, Methods, and Computer Readable Storage Media for Tracking Assets |
| US20140359749A1 (en) * | 2013-05-31 | 2014-12-04 | Catbird Networks, Inc. | Systems and methods for dynamic network security control and configuration |
| US20170237747A1 (en) * | 2016-02-15 | 2017-08-17 | Cisco Technology, Inc. | Digital asset protection policy using dynamic network attributes |
| CN108111487A (en) * | 2017-12-05 | 2018-06-01 | 全球能源互联网研究院有限公司 | A kind of safety monitoring method and system |
| CN108449345A (en) * | 2018-03-22 | 2018-08-24 | 深信服科技股份有限公司 | A kind of networked asset continues method for safety monitoring, system, equipment and storage medium |
| US20180375892A1 (en) * | 2017-06-23 | 2018-12-27 | Ido Ganor | Enterprise cyber security risk management and resource planning |
| WO2020156135A1 (en) * | 2019-01-28 | 2020-08-06 | 电信科学技术研究院有限公司 | Method and device for processing access control policy and computer-readable storage medium |
| CN112131577A (en) * | 2020-09-25 | 2020-12-25 | 杭州安恒信息技术股份有限公司 | Vulnerability detection method, device and equipment and computer readable storage medium |
| CN112270493A (en) * | 2020-11-13 | 2021-01-26 | 中盈优创资讯科技有限公司 | Method and device for automatically protecting assets |
| CN112565287A (en) * | 2020-12-18 | 2021-03-26 | 深信服科技股份有限公司 | Asset exposure surface determining method and device, firewall and storage medium |
| CN112926942A (en) * | 2021-03-08 | 2021-06-08 | 北京华顺信安信息技术有限公司 | Internet asset exposure information checking method |
-
2021
- 2021-06-29 CN CN202110733137.8A patent/CN113472775B/en active Active
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090037300A1 (en) * | 2007-07-30 | 2009-02-05 | Michael Steven Abrams | Systems, Methods, and Computer Readable Storage Media for Tracking Assets |
| US20140359749A1 (en) * | 2013-05-31 | 2014-12-04 | Catbird Networks, Inc. | Systems and methods for dynamic network security control and configuration |
| US20170237747A1 (en) * | 2016-02-15 | 2017-08-17 | Cisco Technology, Inc. | Digital asset protection policy using dynamic network attributes |
| US20180375892A1 (en) * | 2017-06-23 | 2018-12-27 | Ido Ganor | Enterprise cyber security risk management and resource planning |
| CN108111487A (en) * | 2017-12-05 | 2018-06-01 | 全球能源互联网研究院有限公司 | A kind of safety monitoring method and system |
| CN108449345A (en) * | 2018-03-22 | 2018-08-24 | 深信服科技股份有限公司 | A kind of networked asset continues method for safety monitoring, system, equipment and storage medium |
| WO2020156135A1 (en) * | 2019-01-28 | 2020-08-06 | 电信科学技术研究院有限公司 | Method and device for processing access control policy and computer-readable storage medium |
| CN112131577A (en) * | 2020-09-25 | 2020-12-25 | 杭州安恒信息技术股份有限公司 | Vulnerability detection method, device and equipment and computer readable storage medium |
| CN112270493A (en) * | 2020-11-13 | 2021-01-26 | 中盈优创资讯科技有限公司 | Method and device for automatically protecting assets |
| CN112565287A (en) * | 2020-12-18 | 2021-03-26 | 深信服科技股份有限公司 | Asset exposure surface determining method and device, firewall and storage medium |
| CN112926942A (en) * | 2021-03-08 | 2021-06-08 | 北京华顺信安信息技术有限公司 | Internet asset exposure information checking method |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114615015A (en) * | 2022-01-29 | 2022-06-10 | 奇安信科技集团股份有限公司 | Method, device, equipment and medium for determining repair priority of service system |
| CN115086013A (en) * | 2022-06-13 | 2022-09-20 | 北京奇艺世纪科技有限公司 | Risk identification method, risk identification device, electronic equipment, storage medium and computer program product |
| CN115086013B (en) * | 2022-06-13 | 2024-08-09 | 北京奇艺世纪科技有限公司 | Risk identification method, apparatus, electronic device, storage medium, and computer program product |
| CN115296917A (en) * | 2022-08-09 | 2022-11-04 | 山东港口科技集团烟台有限公司 | Asset exposure surface information acquisition method, device, equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113472775B (en) | 2023-07-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113472775A (en) | Exposed surface determining method and system and storage medium | |
| Johnson et al. | Guide to cyber threat information sharing | |
| US8943575B2 (en) | Method and system for policy simulation | |
| CN111245793A (en) | Method and device for analyzing abnormity of network data | |
| DE112019004913T5 (en) | DETECTING INAPPROPRIATE ACTIVITY IN THE PRESENCE OF UNAUTHORIZED API REQUESTS USING ARTIFICIAL INTELLIGENCE | |
| DE112019006367T5 (en) | Process and system for securing cloud storage and databases against insider threats and for optimizing performance | |
| CN112565287B (en) | Asset exposure surface determination method, device, firewall and storage medium | |
| US20120180120A1 (en) | System for data leak prevention from networks using context sensitive firewall | |
| US10965680B2 (en) | Authority management method and device in distributed environment, and server | |
| US8533782B2 (en) | Access control | |
| Pasquale et al. | Adaptive evidence collection in the cloud using attack scenarios | |
| CN105681276A (en) | Sensitive information leakage active monitoring and responsibility confirmation method and device | |
| CN111092910B (en) | Database security access method, device, equipment, system and readable storage medium | |
| EP2972935B1 (en) | Managing data in a cloud computing environment using management metadata | |
| DE112021003315T5 (en) | QUICKLY IDENTIFY VIOLATIONS AND ATTACKS IN NETWORK TRAFFIC PATTERNS | |
| US20170270602A1 (en) | Object manager | |
| US9888014B2 (en) | Enforcing security for sensitive data on database client hosts | |
| WO2018177167A1 (en) | Method for analyzing ip address, system, computer readable storage medium, and computer device | |
| US20180309782A1 (en) | Method and Apparatus for Determining a Threat Using Distributed Trust Across a Network | |
| Santa Barletta et al. | Deriving smart city security from the analysis of their technological levels: a case study | |
| CN111212027A (en) | Network security verification method and device based on enterprise browser | |
| RU2481633C2 (en) | System and method for automatic investigation of safety incidents | |
| CN112769739B (en) | Database operation violation processing method, device and equipment | |
| CN110611673B (en) | IP credit calculation method, device, electronic equipment and medium | |
| US20210279329A1 (en) | Security policy and audit log two way inquiry, collation, and tracking system and method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |