CN113472775B - Method, system and storage medium for determining exposed surface - Google Patents
Method, system and storage medium for determining exposed surface Download PDFInfo
- Publication number
- CN113472775B CN113472775B CN202110733137.8A CN202110733137A CN113472775B CN 113472775 B CN113472775 B CN 113472775B CN 202110733137 A CN202110733137 A CN 202110733137A CN 113472775 B CN113472775 B CN 113472775B
- Authority
- CN
- China
- Prior art keywords
- asset
- target
- assets
- information
- internet
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The application discloses a method for determining an exposed surface, which comprises the following steps: acquiring accessed information of each target asset in the target asset set; the exposure face information of the target asset is determined based on the acquired access control policy and the accessed information. By applying the technical scheme provided by the application, based on the access control strategy and the accessed information of each target asset, the information of the exposed surface of the target asset can be accurately determined, the comprehensive carding of the exposed surface of the asset is realized, and then the exposed surface of the asset can be rapidly and effectively managed and controlled by accurately determining the exposed surface of the asset, so that the safety risk is reduced. The application also discloses another method for determining the exposed surface, a system for determining the exposed surface and a storage medium, and the method and the system have corresponding technical effects.
Description
Technical Field
The present disclosure relates to the field of computer application technologies, and in particular, to a method, a system, and a storage medium for determining an exposed surface.
Background
The Asset exposure surface, namely Asset exposure, refers to the open access rights of assets such as servers, and the larger the Asset exposure surface is, the more the open access rights are, and the greater the security risk is.
With the continuous development of various business systems, the number of assets is gradually increased, and the attention degree on the exposed surface of the assets is higher. At present, access control logs, flow logs and the like are analyzed manually to obtain the current access condition of the asset, and then the exposed surface of the asset is combed according to the current access condition of the asset, so that the exposed surface is controlled. However, because the number of access control logs, flow logs and the like is huge, the inter-visit relationship between systems is complex, and comprehensive carding is difficult to realize in a manual mode, especially for some third-party systems, old systems and the like, the application and the purpose of the systems cannot be determined due to the fact that no personnel are used for a long time for maintenance, and the exposed surface of the asset cannot be accurately determined.
Disclosure of Invention
The invention aims to provide a method, a system and a storage medium for determining an exposed surface so as to accurately determine an asset exposed surface and realize comprehensive carding of the asset exposed surface.
In order to solve the technical problems, the application provides the following technical scheme:
an exposed surface determination method, comprising:
acquiring accessed information of each target asset in the target asset set;
and determining the exposure surface information of the target asset based on the acquired access control policy and the accessed information.
In a specific embodiment of the present application, further comprising:
if the target set of assets includes Internet assets exposed to an Internet environment, local area network assets associated with the Internet assets are added to the target set of assets.
In one embodiment of the present application, the adding of the local area network asset associated with the internet asset to the target asset set includes:
determining, for each internet asset, whether there are local area network assets in the target set of assets that are associated with the current internet asset;
if the local area network asset associated with the current internet asset does not exist in the target asset set, determining the local area network asset associated with the current internet asset according to an asset library, and adding the local area network asset to the target asset set.
In one embodiment of the present application, the target asset set is determined by the steps comprising:
determining a core asset from the tag information;
the set of target assets is determined based on the core assets.
In one embodiment of the present application, the exposure face information includes an open port, and the determining the exposure face information of the target asset based on the acquired access control policy and the accessed information includes:
and matching the accessed information of each target asset with the acquired access control strategy, and determining the open port of the target asset.
In one specific embodiment of the present application, the exposure face information includes information of an open port and an accessed amount of each open port, and the determining the exposure face information of the target asset based on the acquired access control policy and the accessed information includes:
matching the accessed information of each target asset with the acquired access control strategy, and determining an open port of the target asset;
and determining the accessed quantity of the open port of the target asset according to the accessed information of the target asset.
In a specific embodiment of the present application, further comprising:
and outputting the exposure surface information of the target asset.
In a specific embodiment of the present application, further comprising:
and adjusting the access control strategy based on the exposure plane information.
In a specific embodiment of the present application, further comprising:
and determining the risk port in the open ports according to preset risk information.
In a specific embodiment of the present application, the risk information is determined through learning port information corresponding to a historical security event.
In a specific embodiment of the present application, further comprising:
and outputting the risk port.
An exposed surface determination method, comprising:
receiving a policy acquisition request;
and returning an access control strategy according to the strategy acquisition request, so as to determine the exposure surface information of each target asset in the target asset set according to the access control strategy and the accessed information of the target asset.
An exposure face determination system, comprising an asset management platform, wherein:
the asset management platform is used for acquiring the accessed information of each target asset in the target asset set; and determining the exposure surface information of the target asset based on the acquired access control policy and the accessed information.
An exposed surface determination system comprising a security device, wherein:
the security device is configured to receive a policy acquisition request; and returning an access control strategy according to the strategy acquisition request, so as to determine the exposure surface information of each target asset in the target asset set according to the access control strategy and the accessed information of the target asset.
A computer readable storage medium having stored thereon a computer program which when executed by a processor performs the steps of the above-described exposure surface determination method.
By applying the technical scheme provided by the embodiment of the application, the accessed information of each target asset in the target asset set is acquired first, and then the exposed surface information of each target asset can be determined based on the acquired access control strategy and the accessed information of each target asset. Based on the access control strategy and the accessed information of each target asset, the information of the exposed surface of the target asset can be accurately determined, the comprehensive carding of the exposed surface of the asset is realized, and then the exposed surface of the asset can be rapidly and effectively managed and controlled by accurately determining the exposed surface of the asset, so that the safety risk is reduced.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flowchart of an implementation of a method for determining an exposed surface in an embodiment of the present application;
FIG. 2 is a schematic diagram of an exposed surface determination process according to an embodiment of the present application;
FIG. 3 is a flowchart illustrating another method for determining an exposed surface according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of an exposed surface determining system according to an embodiment of the present application.
Detailed Description
The core of the application is to provide an exposure surface determination method which can be applied to an asset management platform, such as a situation awareness platform. Situation awareness, situation Awareness, is an environment-based, dynamic and overall security risk awareness capability, is a way to improve the discovery, recognition, understanding and analysis and response handling capability of security threats from a global perspective based on security big data, and finally is a landing of security capability for decision making and actions.
The method has the advantages that the information of the exposed surface of the target asset can be accurately determined through the asset management platform, the exposed surface is comprehensively combed, and then the exposed surface can be rapidly and effectively managed and controlled through the accurate determination of the exposed surface of the asset, so that the safety risk is reduced.
In order to provide a better understanding of the present application, those skilled in the art will now make further details of the present application with reference to the drawings and detailed description. It will be apparent that the described embodiments are only some, but not all, of the embodiments of the present application. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the present disclosure, are within the scope of the present disclosure.
Referring to fig. 1, a flowchart of an implementation of an exposed surface determining method according to an embodiment of the present application may include the following steps:
s110: the accessed information for each target asset in the set of target assets is obtained.
In the embodiment of the application, when the requirement of carding or controlling the exposed surface of the asset exists, a corresponding instruction can be sent to the asset management platform. The asset management platform may determine, based on the instruction, a target set of assets currently to be subject to the exposure surface information determination. Alternatively, the asset management platform may determine a specified set of partial or complete assets as the target set of assets currently to be exposed surface information determined at set time intervals.
The set of target assets may include one or more target assets, each of which may be configured with a plurality of ports.
The asset management platform may perform real-time traffic monitoring on each asset. After the target asset set is determined, the accessed information of each target asset in the target asset set can be obtained according to the actual access flow log.
S120: the exposure face information of the target asset is determined based on the acquired access control policy and the accessed information.
Security devices such as firewalls can be deployed in the user system to control access to the assets. Such as next generation firewalls may be deployed. The next generation of firewalls, next Generation Firewall, abbreviated as NGFW, are high performance firewalls that can fully address application layer threats. Through deep insight into users, applications and content in network traffic and by means of a high-performance single-path heterogeneous parallel processing engine, the next-generation firewall can provide effective application layer integrated security protection for the users, help the users to safely develop services and simplify network security architecture of the users.
Security devices such as firewalls can access control the asset based on a preset access control policy. There may be a plurality of preset access control policies. The asset management platform can acquire the corresponding access control policy through security devices such as a firewall.
After the asset management platform obtains the accessed information of each target asset in the target asset set, the exposure surface information of each target asset can be determined based on the obtained access control policy and the accessed information of each target asset. The determined exposure surface information for each target asset may include an open port or information including an open port and an accessed amount for each open port.
Specifically, the access-allowed port, i.e., the open port, of each target asset in the target asset set can be obtained through traversal of the access control policy and the accessed information. For an asset, other devices or systems can only access it through the asset's open port. The accessed information obtained for each target asset in the set of target assets may include information on the accessed port, the accessed volume, etc. Based on the accessed information for each target asset, the accessed amount for each open port for each target asset may be obtained.
Based on the access control policy and the accessed information of each target asset, the exposed surface information of each target asset is determined, which is more comprehensive than the exposed surface information obtained by statistics only through the accessed condition of the asset. Because for some assets, the open ports do not necessarily have corresponding accessed information, there may be no corresponding access to the open ports for business changes or other reasons, and thus simply by the accessed information, it will not be possible to determine whether the open ports exist, and thus not obtain comprehensive asset exposure surface information.
By applying the method provided by the embodiment of the application, the accessed information of each target asset in the target asset set is acquired first, and then the exposed surface information of each target asset can be determined based on the acquired access control strategy and the accessed information of each target asset. Based on the access control strategy and the accessed information of each target asset, the information of the exposed surface of the target asset can be accurately determined, the comprehensive carding of the exposed surface of the asset is realized, and then the exposed surface of the asset can be rapidly and effectively managed and controlled by accurately determining the exposed surface of the asset, so that the safety risk is reduced.
In one embodiment of the present application, the method may further comprise the steps of:
the access control policy is adjusted based on the exposure plane information.
In the embodiment of the present application, the determined exposure face information of the target asset may include information about an open port and an accessed amount of each open port, may further include information about an accessed frequency determined based on the accessed amount of each open port, for example, for a certain open port of a certain asset, the accessed amount of the open port is compared with a statistical day to obtain the accessed frequency, and may further include accessed amount change information about each open port of each target asset, for example, accessed amount change information about a certain open port of a certain asset within a month.
After the exposure face information of the target assets is determined, the current exposure face condition of each target asset in the target asset set can be known based on the exposure face information. Such as the open port each target asset has, the accessed volume in the last week, the accessed volume in the last month, the accessed volume information, the accessed frequency, etc. of each open port.
The access control policy may be adjusted based on the exposure plane information, such as determining an open port for which a security risk exists based on the exposure plane information, and restricting access to the open port by adjusting the access control policy. For example, if the accessed amount of an open port of an asset is greater than a preset access amount threshold in approximately one week, the open port may be considered to have an overexposed security risk, and access to the open port may be limited by adjusting a corresponding access control policy.
The exposed face of the target asset may also be adjusted based on the exposed face information, such as closing an open port. For example, if an open port of an asset is accessed gradually decreasing in approximately one month, traffic for the open port may have been migrated, and the open port may be selected to be closed.
Of course, the above is merely a specific example, and in actual application, it may be determined which exposure planes of which target assets or which access control policies are to be adjusted based on the exposure plane information. And specific adjustment operation is carried out, the exposed surface is reduced, closed-loop control and authority minimization control on the exposed surface of the asset are realized, and the safety risk is reduced.
In one embodiment of the present application, the method may further comprise the steps of:
if the target set of assets includes Internet assets exposed to the Internet environment, local area network assets associated with the Internet assets are added to the target set of assets.
After determining the target set of assets, it may be further determined whether there are internet assets in the target set of assets that are exposed to the internet environment, and if so, local area network assets associated with each internet asset may be separately determined, and the determined local area network assets associated with the internet assets may be added to the target set of assets.
For an asset, if the asset is exposed to an internet environment, it may be referred to as an internet asset, also referred to as an extranet asset, having an access address to the extranet, but also having an access address to the intranet, i.e., the local area network, corresponding to the local area network asset. When the accessed information of the asset is acquired, more accurate accessed information can be acquired by combining the access addresses of the external network and the internal network. Therefore, the internet assets are associated with the corresponding local area network assets, and the associated local area network assets are added into the target asset set, so that more comprehensive and more accurate accessed information can be obtained.
In a specific embodiment of the present application, the process of adding the local area network asset associated with the internet asset to the target asset set may specifically be to determine, for each internet asset, whether the local area network asset associated with the current internet asset exists in the target asset set, and if the local area network asset associated with the current internet asset does not exist in the target asset set, determine the local area network asset associated with the current internet asset according to the asset library, and add the local area network asset to the target asset set.
The asset library may record information about all of the user's current assets. In the case where there are internet assets in the target asset set that are exposed to the internet environment, it may be determined for each internet asset whether there are local area network assets in the target asset set that are associated with the current internet asset, such as may be determined by fingerprint information. If so, no additional processing is required, and if not, local area network assets associated with the current Internet asset can be obtained by querying an asset library. Such as a domain name, may be used as a query condition in an asset library. And then adding the inquired associated local area network assets into the target asset set. To obtain more comprehensive and accurate accessed information for each target asset.
The current internet asset refers to the internet asset for which the current operation is directed.
In the embodiment of the application, the internet assets can be acquired through a cloud asset scanning tool. Such as by pulling internet assets exposed to the internet environment through the cloud eye. The cloud eye access configuration file path can be obtained in advance, the cloud eye access configuration file can be read through the path, whether the cloud eye is accessed or not is determined, if so, whether the cloud eye is online or not can be further determined, if so, the set number of cloud eye exposure surface assets, namely the internet assets exposed in the internet environment, can be pulled, and meanwhile, the port information and the fingerprint information corresponding to each internet asset can be pulled.
Internet assets exposed in an Internet environment can be quickly acquired through the cloud asset scanning tool.
In one embodiment of the present application, the target set of assets may be determined by:
step one: determining a core asset from the tag information;
step two: a set of target assets is determined based on the core assets.
For ease of description, the two steps described above are combined.
It will be appreciated that the core assets in the user system need to be subjected to more important business and that the user's attention to the exposed surface of the core assets will be higher. When a target asset set needs to be determined, a core asset may be first determined based on the tag information. Specifically, whether each asset is a core asset can be marked in the asset library, and the core asset is obtained through the asset library according to marking information.
Based on the core assets, a target set of assets can be determined. Specifically, the current set of all core assets may be determined directly as the target asset set. Or if the target asset set is acquired through cloud asset scanning tools such as cloud eyes, each core asset can be traversed in sequence, whether the current core asset exists in the target asset set is determined, and if the current core asset does not exist, the current core asset is added into the target asset set. The current core asset refers to the core asset for which the current operation is directed.
As shown in fig. 2, the situation awareness platform may pull internet assets exposed in the internet environment through cloud eyes, obtain local area network assets associated with each internet asset through an asset library, obtain core assets through an asset library, and collect a set of the assets to form a target asset set, obtain accessed information of each target asset in the target asset set through an actual access traffic log, determine exposed surface information of each target asset based on an access control policy deployed in an obtained firewall and the accessed information of each target asset, and adjust an exposed surface or an access control policy based on the exposed surface information, thereby reducing an exposed surface of the asset and realizing authority minimization management and control.
In one embodiment of the present application, where the exposure face information includes an open port, determining the exposure face information of the target asset based on the acquired access control policy and the accessed information may include the steps of:
and matching the accessed information of each target asset with the acquired access control strategy, and determining the open port of the target asset.
In the embodiment of the application, after the target asset set is determined and the accessed information of each target asset in the target asset set is acquired, the accessed information of each target asset can be matched with the acquired access control strategy, and the open port of the target asset is determined.
For each target asset, an accessed port of the target asset may be obtained based on the accessed information of the target asset, the accessed port potentially being one or more of the ports opened for the target asset.
The access control policies acquired may be one or more. For each target asset in the target asset set, an open port for the current target asset may be determined by traversing each access control policy. Specifically, for each traversed access control policy, if in the current access control policy, access to the asset in the area to which the access portal of the current target asset belongs is allowed, the access address of the current target asset is within the access address range corresponding to the access address group allowed by the current access control policy, and in the current access control policy, access to all services of the asset is allowed, determining that each port of the current target asset is an open port; otherwise, determining an open port of the current target asset based on the services that the current access control policy allows access to.
Specifically, for each traversed access control policy, it may be determined first whether the current access control policy allows access to the area to which the access portal of the current target asset belongs. Various configuration information such as access control policy, IP (Internet Protocol ) group configuration, area configuration, routing information, and the like may be obtained in advance. The network port through which the current target asset needs to be accessed can be obtained through the route information, and then the area to which the access network port belongs can be obtained through the area configuration. And determining whether the current access control strategy allows the access of the area to which the access portal belongs, if so, continuing the operation of the subsequent steps, and if not, indicating that the current target asset is not in the allowed access range of the current access control strategy, and traversing to the next access control strategy to perform corresponding judgment.
And under the condition that the current access control strategy allows the access of the area of the access portal of the current target asset, further determining the access address range corresponding to the access address group allowed by the current access control strategy. The access address may be an IP address or the like. The IP range corresponding to the IP group allowed by the current access control strategy can be obtained through the IP group configuration.
It is determined whether the access address of the current target asset is within the access address range. If yes, the operation of the subsequent steps can be continued, otherwise, the current target asset is not in the allowed access range of the current access control strategy, and the next access control strategy can be traversed to carry out corresponding judgment.
If the access address of the current target asset is within the access address range corresponding to the set of access addresses allowed by the current access control policy, then a further determination may be made as to whether the current access control policy allows access to all services. If so, it may be determined that any port of the current target asset is an open port, otherwise, it may be determined that the current target asset is an open port based on services that the current access control policy allows access to.
After traversing all access control strategies, obtaining all the open ports which are allowed to be accessed by all the strategies of the current target asset, and combining the accessed ports of the current target asset obtained according to the accessed information of the current target asset to obtain all the open ports of the current target asset.
Before traversing the access control strategy, the access control strategy with action refusal and state conflict not effective can be filtered, only the access control strategy which is allowed and effective by the action is traversed, and the open port of the current target asset is determined, so that the processing efficiency is improved.
For each target asset in the target asset set, all the open ports of each target asset can be accurately determined through the operation of the steps.
In one embodiment of the present application, the exposure face information including information of the open ports and the accessed amount of each open port, determining the exposure face information of the target asset based on the acquired access control policy and the accessed information may include the steps of:
matching the accessed information of each target asset with the acquired access control strategy, and determining an open port of the target asset;
and determining the accessed quantity of the open port of the target asset according to the accessed information of the target asset.
In this embodiment of the present application, the process of determining the open port of the target asset may refer to the execution process of the previous embodiment, and will not be described in detail.
Based on the accessed information for each target asset, the accessed amount for each open port for each target asset may be determined. The accessed volume may be a month access volume, a week access volume, or the like. For an asset, access to the asset may be made through an open port of the asset, and a connection may be made as a single access, resulting in a corresponding amount of access.
The determined exposure surface information of the target asset comprises information of the open ports and the accessed quantity of each open port, and compared with the exposure surface information which is obtained by statistics only through the accessed condition of the asset, the exposure surface information is more comprehensive, and the adjustment of the exposure surface and/or the corresponding access control strategy based on the exposure surface information is more facilitated.
In one embodiment of the present application, the method may further comprise the steps of:
and determining a risk port in the open ports according to the preset risk information.
In the embodiment of the application, risk information can be preset, can be set by a user, and can also be determined through learning port information corresponding to a historical security event. The historical security event can be acquired, analyzed and the port information in the historical security event, such as the accessed quantity of the port, the variation trend of the accessed quantity and the like, is extracted. And learning the port information corresponding to the historical security event to determine risk information. The risk information may include information such as port identification, port risk characteristics, and the like.
The determined exposure face information comprises open ports, and risk ports in the open ports can be determined according to the risk information. The port of the corresponding port identification in the open ports may be determined as a risk port, for example, according to the port identification in the risk information, or the port of the open ports having the corresponding port risk feature may be determined as a risk port, according to the port risk feature in the risk information.
According to the risk information, the risk port in the open ports can be accurately determined, and further the risk port can be timely disposed.
After determining the risk ports in the open ports, the risk ports can be output, so that a user can know the situation of the risk ports in time, and the risk ports are treated.
The exposure surface information of the target asset may also be output after the exposure surface information of the target asset is determined based on the acquired access control policy and the accessed information. The method is convenient for users to know the condition of the exposed surface of the asset in time and to adjust correspondingly.
The particular information may be marked upon output of the exposed surface information of the target asset and/or output of the risk port, such as by highlighting, underlining, or using a different font color, etc. For example, all ports may be output, and significant identification may be performed on the open ports, or all open ports may be output, and significant identification may be performed on the risk ports, or only the risk ports may be output, or at the same time when the risk ports are output, the access control policies corresponding to the risk ports may be output, and so on.
Referring to fig. 3, a flowchart of another method for determining an exposed surface according to an embodiment of the present application is shown, where the method may include the following steps:
s310: receiving a policy acquisition request;
s320: the access control policy is returned in accordance with the policy acquisition request to determine exposure level information for the target asset in accordance with the access control policy and the accessed information for each of the target assets in the target asset set.
For ease of description, the two steps described above are combined.
The technical scheme provided by the embodiment of the application can be applied to security equipment such as a firewall, and the security equipment can carry out access control on the assets in the user system based on a preset access control strategy.
Asset management may issue policy acquisition requests to security devices when there is a need to comb or manage the exposed surface of the asset. After the security device receives the policy acquisition request, the security device can return an access control policy according to the policy acquisition request, so that after the asset management platform determines the target asset set, the security device can determine the exposure surface information of the target asset according to the access control policy and the accessed information of each target asset in the target asset set.
By applying the method provided by the embodiment of the application, the security device returns the access control strategy according to the strategy receiving request, the asset management platform can accurately determine the information of the exposed surface of the target asset based on the access control strategy and the accessed information of each target asset in the target asset set, so that the comprehensive carding of the exposed surface of the asset is realized, and the exposed surface of the asset can be rapidly and effectively managed and controlled by accurately determining the exposed surface of the asset, and the security risk is reduced.
Corresponding to the method embodiment shown in fig. 1 above, the embodiment of the present application further provides an exposure surface determination system, including an asset management platform, as shown in fig. 4, where the exposure surface determination system described below and the exposure surface determination method described above may be referred to correspondingly with each other. Wherein:
the asset management platform is used for acquiring the accessed information of each target asset in the target asset set; the exposure face information of the target asset is determined based on the acquired access control policy and the accessed information.
By applying the system provided by the embodiment of the application, the asset management platform can accurately determine the information of the exposed surface of the target asset based on the access control strategy and the accessed information of each target asset, so that the comprehensive carding of the exposed surface of the asset is realized, and the exposed surface can be rapidly and effectively managed and controlled by accurately determining the exposed surface of the asset, and the safety risk is reduced.
In a specific embodiment of the present application, further comprising:
if the target set of assets includes Internet assets exposed to the Internet environment, local area network assets associated with the Internet assets are added to the target set of assets.
In one embodiment of the present application, adding a local area network asset associated with an internet asset to a target asset set includes:
determining, for each internet asset, whether there are local area network assets in the target set of assets that are associated with the current internet asset;
if the local area network asset associated with the current Internet asset does not exist in the target asset set, determining the local area network asset associated with the current Internet asset according to the asset library, and adding the local area network asset to the target asset set.
In one embodiment of the present application, the target asset set is determined by:
determining a core asset from the tag information;
a set of target assets is determined based on the core assets.
In one embodiment of the present application, the exposure level information includes an open port, and determining exposure level information of the target asset based on the acquired access control policy and the accessed information includes:
and matching the accessed information of each target asset with the acquired access control strategy, and determining the open port of the target asset.
In one embodiment of the present application, the exposure face information includes information of an open port and an accessed amount of each open port, and determining the exposure face information of the target asset based on the acquired access control policy and the accessed information includes:
matching the accessed information of each target asset with the acquired access control strategy, and determining an open port of the target asset;
and determining the accessed quantity of the open port of the target asset according to the accessed information of the target asset.
In a specific embodiment of the present application, further comprising:
and outputting the exposure surface information of the target asset.
In a specific embodiment of the present application, further comprising:
the access control policy is adjusted based on the exposure plane information.
In a specific embodiment of the present application, further comprising:
and determining a risk port in the open ports according to the preset risk information.
In one embodiment of the present application, the risk information is determined by learning port information corresponding to the historical security event.
In a specific embodiment of the present application, further comprising:
and outputting a risk port.
Corresponding to the method embodiment shown in fig. 3 above, the embodiment of the present application further provides an exposure surface determining system, including a security device, as shown in fig. 4, where the exposure surface determining system described below and the exposure surface determining method described above may be referred to correspondingly with each other. Wherein:
the security device is used for receiving a policy acquisition request; the access control policy is returned in accordance with the policy acquisition request to determine exposure level information for the target asset in accordance with the access control policy and the accessed information for each of the target assets in the target asset set.
By applying the system provided by the embodiment of the application, the security device returns the access control strategy according to the strategy receiving request, the asset management platform can accurately determine the information of the exposed surface of the target asset based on the access control strategy and the accessed information of each target asset in the target asset set, so that the comprehensive carding of the exposed surface of the asset is realized, and the exposed surface of the asset can be rapidly and effectively managed and controlled by accurately determining the exposed surface of the asset, and the security risk is reduced.
Corresponding to the above method embodiments, the present application further provides a computer readable storage medium, on which a computer program is stored, which when executed by a processor, implements the steps of the above method for determining an exposed surface.
In this specification, each embodiment is described in a progressive manner, and each embodiment is mainly described in a different point from other embodiments, so that the same or similar parts between the embodiments are referred to each other.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative elements and steps are described above generally in terms of functionality in order to clearly illustrate the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. The software modules may be disposed in Random Access Memory (RAM), memory, read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
Specific examples are used herein to illustrate the principles and embodiments of the present application, and the description of the above examples is only for aiding in understanding the technical solution of the present application and its core ideas. It should be noted that it would be obvious to those skilled in the art that various improvements and modifications can be made to the present application without departing from the principles of the present application, and such improvements and modifications fall within the scope of the claims of the present application.
Claims (8)
1. An exposed surface determining method, comprising:
acquiring accessed information of each target asset in the target asset set;
determining exposure surface information of the target asset based on the acquired access control policy and the accessed information;
adjusting the access control policy based on the exposure plane information;
wherein, still include:
adding local area network assets associated with the internet assets to the target set of assets if the target set of assets includes internet assets exposed to an internet environment;
wherein said adding local area network assets associated with said internet assets to said target set of assets comprises:
determining, for each internet asset, whether there are local area network assets in the target set of assets that are associated with the current internet asset;
if the local area network asset associated with the current internet asset does not exist in the target asset set, determining the local area network asset associated with the current internet asset according to an asset library, and adding the local area network asset to the target asset set.
2. The method of claim 1, wherein the set of target assets is determined by:
determining a core asset from the tag information;
the set of target assets is determined based on the core assets.
3. The method of claim 1 or 2, wherein the exposure face information comprises an open port, the determining the exposure face information of the target asset based on the acquired access control policy and the accessed information comprising:
and matching the accessed information of each target asset with the acquired access control strategy, and determining the open port of the target asset.
4. The exposure face determination method according to claim 1 or 2, wherein the exposure face information includes information of an open port and an accessed amount of each open port, the determining the exposure face information of the target asset based on the acquired access control policy and the accessed information includes:
matching the accessed information of each target asset with the acquired access control strategy, and determining an open port of the target asset;
and determining the accessed quantity of the open port of the target asset according to the accessed information of the target asset.
5. An exposed surface determining method, comprising:
receiving a policy acquisition request;
returning an access control policy according to the policy acquisition request, so as to determine the exposure surface information of each target asset in the target asset set according to the access control policy and the accessed information of the target asset;
adjusting the access control policy based on the exposure plane information;
wherein, still include:
adding local area network assets associated with the internet assets to the target set of assets if the target set of assets includes internet assets exposed to an internet environment;
wherein said adding local area network assets associated with said internet assets to said target set of assets comprises:
determining, for each internet asset, whether there are local area network assets in the target set of assets that are associated with the current internet asset;
if the local area network asset associated with the current internet asset does not exist in the target asset set, determining the local area network asset associated with the current internet asset according to an asset library, and adding the local area network asset to the target asset set.
6. An exposure face determination system comprising an asset management platform, wherein:
the asset management platform is used for acquiring the accessed information of each target asset in the target asset set; determining exposure surface information of the target asset based on the acquired access control policy and the accessed information; adjusting the access control policy based on the exposure plane information;
wherein, still include:
adding local area network assets associated with the internet assets to the target set of assets if the target set of assets includes internet assets exposed to an internet environment;
wherein said adding local area network assets associated with said internet assets to said target set of assets comprises:
determining, for each internet asset, whether there are local area network assets in the target set of assets that are associated with the current internet asset;
if the local area network asset associated with the current internet asset does not exist in the target asset set, determining the local area network asset associated with the current internet asset according to an asset library, and adding the local area network asset to the target asset set.
7. An exposure face determination system comprising a security device, wherein:
the security device is configured to receive a policy acquisition request; returning an access control policy according to the policy acquisition request, so as to determine the exposure surface information of each target asset in the target asset set according to the access control policy and the accessed information of the target asset; adjusting the access control policy based on the exposure plane information;
wherein, still include:
adding local area network assets associated with the internet assets to the target set of assets if the target set of assets includes internet assets exposed to an internet environment;
wherein said adding local area network assets associated with said internet assets to said target set of assets comprises:
determining, for each internet asset, whether there are local area network assets in the target set of assets that are associated with the current internet asset;
if the local area network asset associated with the current internet asset does not exist in the target asset set, determining the local area network asset associated with the current internet asset according to an asset library, and adding the local area network asset to the target asset set.
8. A computer-readable storage medium, characterized in that the computer-readable storage medium has stored thereon a computer program which, when executed by a processor, implements the steps of the exposure surface determination method according to any of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110733137.8A CN113472775B (en) | 2021-06-29 | 2021-06-29 | Method, system and storage medium for determining exposed surface |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110733137.8A CN113472775B (en) | 2021-06-29 | 2021-06-29 | Method, system and storage medium for determining exposed surface |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113472775A CN113472775A (en) | 2021-10-01 |
| CN113472775B true CN113472775B (en) | 2023-07-14 |
Family
ID=77874145
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110733137.8A Active CN113472775B (en) | 2021-06-29 | 2021-06-29 | Method, system and storage medium for determining exposed surface |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113472775B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114615015B (en) * | 2022-01-29 | 2024-07-19 | 奇安信科技集团股份有限公司 | Method, device, equipment and medium for determining repair priority of service system |
| CN115086013B (en) * | 2022-06-13 | 2024-08-09 | 北京奇艺世纪科技有限公司 | Risk identification method, apparatus, electronic device, storage medium, and computer program product |
| CN115296917B (en) * | 2022-08-09 | 2023-07-07 | 山东港口科技集团烟台有限公司 | Asset exposure surface information acquisition method, device, equipment and storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2020156135A1 (en) * | 2019-01-28 | 2020-08-06 | 电信科学技术研究院有限公司 | Method and device for processing access control policy and computer-readable storage medium |
| CN112131577A (en) * | 2020-09-25 | 2020-12-25 | 杭州安恒信息技术股份有限公司 | Vulnerability detection method, device and equipment and computer readable storage medium |
| CN112565287A (en) * | 2020-12-18 | 2021-03-26 | 深信服科技股份有限公司 | Asset exposure surface determining method and device, firewall and storage medium |
Family Cites Families (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090037300A1 (en) * | 2007-07-30 | 2009-02-05 | Michael Steven Abrams | Systems, Methods, and Computer Readable Storage Media for Tracking Assets |
| US9088541B2 (en) * | 2013-05-31 | 2015-07-21 | Catbird Networks, Inc. | Systems and methods for dynamic network security control and configuration |
| US10609042B2 (en) * | 2016-02-15 | 2020-03-31 | Cisco Technology, Inc. | Digital data asset protection policy using dynamic network attributes |
| EP3643036B1 (en) * | 2017-06-23 | 2023-08-09 | Cisoteria Ltd. | Enterprise cyber security risk management and resource planning |
| CN108111487B (en) * | 2017-12-05 | 2022-08-09 | 全球能源互联网研究院有限公司 | Safety monitoring method and system |
| CN108449345B (en) * | 2018-03-22 | 2022-01-18 | 深信服科技股份有限公司 | Network asset continuous safety monitoring method, system, equipment and storage medium |
| CN112270493B (en) * | 2020-11-13 | 2023-05-12 | 中盈优创资讯科技有限公司 | Asset automatic protection method and device |
| CN112926942A (en) * | 2021-03-08 | 2021-06-08 | 北京华顺信安信息技术有限公司 | Internet asset exposure information checking method |
-
2021
- 2021-06-29 CN CN202110733137.8A patent/CN113472775B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2020156135A1 (en) * | 2019-01-28 | 2020-08-06 | 电信科学技术研究院有限公司 | Method and device for processing access control policy and computer-readable storage medium |
| CN112131577A (en) * | 2020-09-25 | 2020-12-25 | 杭州安恒信息技术股份有限公司 | Vulnerability detection method, device and equipment and computer readable storage medium |
| CN112565287A (en) * | 2020-12-18 | 2021-03-26 | 深信服科技股份有限公司 | Asset exposure surface determining method and device, firewall and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113472775A (en) | 2021-10-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113472775B (en) | Method, system and storage medium for determining exposed surface | |
| DE112019006367T5 (en) | Process and system for securing cloud storage and databases against insider threats and for optimizing performance | |
| CN105933268B (en) | A kind of website back door detection method and device based on the analysis of full dose access log | |
| CN104580344B (en) | Method and system for generating resources accessing control decision | |
| CN101924757B (en) | Method and system for reviewing Botnet | |
| DE112019004913T5 (en) | DETECTING INAPPROPRIATE ACTIVITY IN THE PRESENCE OF UNAUTHORIZED API REQUESTS USING ARTIFICIAL INTELLIGENCE | |
| DE112013000865B4 (en) | Consolidation of different cloud service data and behaviors based on trust relationships between cloud services | |
| DE102014113582B4 (en) | Apparatus, method and system for context-aware security control in a cloud environment | |
| US20120278851A1 (en) | Automated policy builder | |
| CN112565287B (en) | Asset exposure surface determination method, device, firewall and storage medium | |
| US11468185B2 (en) | Dynamically controlling access to linked content in electronic communications | |
| DE112021003315T5 (en) | QUICKLY IDENTIFY VIOLATIONS AND ATTACKS IN NETWORK TRAFFIC PATTERNS | |
| CN112506983A (en) | Anti-fraud method based on big data support | |
| DE112020002552T5 (en) | SYSTEM AND PROCEDURES FOR A SIEM RULE ORDER AND CONDITIONAL EXECUTION | |
| DE102021130396A1 (en) | DATA ACCESS MONITORING AND CONTROL | |
| DE112016002392T5 (en) | Authorization in a distributed system using access control lists and groups | |
| CN117879936A (en) | Dynamic virtualization network security management method and system based on NFV | |
| CN114598499B (en) | Network risk behavior analysis method combined with business application | |
| WO2018177167A1 (en) | Method for analyzing ip address, system, computer readable storage medium, and computer device | |
| CN109067783A (en) | A kind of centralized management security system | |
| CN104580090B (en) | The method and device that security strategy O&M is assessed | |
| Santa Barletta et al. | Deriving smart city security from the analysis of their technological levels: a case study | |
| Kurek et al. | Taking back control of privacy: a novel framework for preserving cloud-based firewall policy confidentiality | |
| US9680871B2 (en) | Adopting policy objects for host-based access control | |
| CN115221553A (en) | Data protection system based on artificial intelligence and block chain intelligent contract partition |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |