CN113765704A - Private network data acquisition method, device, equipment and storage medium - Google Patents
Private network data acquisition method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN113765704A CN113765704A CN202110915496.5A CN202110915496A CN113765704A CN 113765704 A CN113765704 A CN 113765704A CN 202110915496 A CN202110915496 A CN 202110915496A CN 113765704 A CN113765704 A CN 113765704A
- Authority
- CN
- China
- Prior art keywords
- network
- private network
- data
- sensor
- subnet
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
-
- G—PHYSICS
- G16—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
- G16Y—INFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
- G16Y40/00—IoT characterised by the purpose of the information processing
- G16Y40/50—Safety; Security of things, users, data or systems
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
Landscapes
- Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Computer And Data Communications (AREA)
Abstract
The embodiment of the invention discloses a private network data acquisition method, a private network data acquisition device, private network data acquisition equipment and a storage medium, wherein the private network data acquisition method comprises the steps of receiving registration information sent by a network tip sensor deployed in a private network, and registering the network tip sensor according to the registration information; sending configuration parameters to the registered network end sensor to configure the registered network end sensor; receiving private network information data returned by the configured network tip sensor, wherein the private network information data comprises asset data and boundary risk data, and the private network information data is obtained by detecting equipment in the subnet network by the configured network tip sensor; and summarizing the private network information data, analyzing the summarized private network information data, and determining the asset condition and the risk condition of the private network. The embodiment of the invention solves the technical problem of low acquisition efficiency in the mode of acquiring the asset information and the risk data in the private network in the prior art.
Description
Technical Field
The embodiment of the application relates to the field of private network security, in particular to a private network data acquisition method, a private network data acquisition device, a private network data acquisition equipment and a storage medium.
Background
A private network refers to a private network serving a specific object, and is generally a communication network established to meet the needs of organization management, safety production, command and scheduling in some industries, departments or units. At present, the collection of asset information and risk data in a private network is generally performed in the following manner, one is to configure a mirror image on a core switch and acquire asset information and risk data by collecting mirror image traffic, and the other is to acquire asset information and risk data by remote detection; in addition, there is another way to install sensors on all hosts in the private network, and acquire asset information and risk data through the sensors.
However, the mirror traffic cannot collect all traffic, for example, traffic of private network internal communication cannot be collected, so that complete risk data cannot be acquired. In some scenes of the private network, for example, in the scene that a subnet exists such as firewall interception, asset information and risk data cannot be acquired through a remote detection mode. In addition, the scale of the private network is large, so that the deployment and maintenance costs are high for the technical scheme of installing the sensors on all the hosts, and the implementation is difficult.
In summary, there is a technical problem in the prior art that the acquisition efficiency is low in the manner of acquiring asset information and risk data in the private network.
Disclosure of Invention
The embodiment of the invention provides a private network data acquisition method, a private network data acquisition device, private network data acquisition equipment and a storage medium, and solves the technical problem of low acquisition efficiency in the prior art of acquiring asset information and risk data in a private network.
In a first aspect, an embodiment of the present invention provides a private network data acquisition method, including the following steps:
receiving registration information sent by a network tip sensor deployed in a private network, and registering the network tip sensor according to the registration information; the network tip sensor is deployed in a subnet network of the private network and used for detecting the subnet network;
sending configuration parameters to the registered network tip sensor to configure the registered network tip sensor;
receiving private network information data returned by the configured network end sensor, wherein the private network information data comprises asset data and boundary risk data, the private network information data is obtained by detecting equipment in the subnet networks by the configured network end sensor, and each subnet network at least comprises one equipment;
and summarizing the private network information data, analyzing the summarized private network information data, and determining the asset condition and the risk condition of the private network.
Preferably, the network tip sensor is deployed in at least one of the subnet networks.
Preferably, the specific process of configuring the registered network tip sensor is as follows:
the method comprises the steps of registering a network tip sensor, and configuring a detection switch, a detection strategy, a detection frequency and an upgrading strategy of the registered network tip sensor.
Preferably, the configured network peripheral sensor is further configured to detect, through a detection protocol, a device of a private network segment in the subnet network.
Preferably, the probe protocol includes an arp protocol and an http protocol.
Preferably, the asset data includes device number data and device status data, and the boundary risk data includes router data, DHCP server data and DNS server data.
In a second aspect, an embodiment of the present invention provides a private network data acquisition apparatus, including:
the registration module is used for receiving registration information sent by a network tip sensor deployed in a private network and registering the network tip sensor according to the registration information; the network tip sensor is deployed in a subnet network of the private network and used for detecting the subnet network;
the configuration module is used for sending configuration parameters to the registered network end sensor so as to configure the registered network end sensor;
the data receiving module is used for receiving private network information data returned by the configured network end sensor, the private network information data comprises asset data and boundary risk data, the private network information data is obtained by detecting equipment in the subnet networks by the configured network end sensor, and each subnet network at least comprises one equipment;
and the summarizing and analyzing module is used for summarizing the private network information data, analyzing the summarized private network information data and determining the asset condition and the risk condition of the private network.
Preferably, the network tip sensor is deployed in at least one of the subnet networks.
Preferably, the specific process of the configuration module for configuring the registered network tip sensor is as follows:
the method is used for configuring the detection switch, the detection strategy, the detection frequency and the upgrading strategy of the registered network tip sensor.
Preferably, the configured network peripheral sensor is further configured to detect, through a detection protocol, a device of a private network segment in the subnet network.
Preferably, the probe protocol includes an arp protocol and an http protocol.
Preferably, the asset data includes device number data and device status data, and the boundary risk data includes router data, DHCP server data and DNS server data.
In a third aspect, an embodiment of the present invention provides an apparatus, where the apparatus includes a processor and a memory;
the memory is used for storing a computer program and transmitting the computer program to the processor;
the processor is configured to execute a private network data acquisition method according to instructions in the computer program.
In a fourth aspect, embodiments of the present invention provide a storage medium storing computer-executable instructions for performing the private network data acquisition method according to the first aspect when executed by a computer processor.
The embodiments of the present invention provide a method, an apparatus, a device, and a storage medium for acquiring private network data, including receiving registration information sent by a network tip sensor deployed in a private network, and registering the network tip sensor according to the registration information; the network tip sensor is deployed in a subnet network of the private network and used for detecting the subnet network; sending configuration parameters to the registered network end sensor to configure the registered network end sensor; receiving private network information data returned by the configured network tip sensor, wherein the private network information data comprises asset data and boundary risk data, the private network information data is obtained by detecting equipment in the subnet networks by the configured network tip sensor, and each subnet network at least comprises one piece of equipment; and summarizing the private network information data, analyzing the summarized private network information data, and determining the asset condition and the risk condition of the private network. According to the embodiment of the invention, the subnet networks in the private network are detected by using the network peripheral sensor, the asset data and the boundary risk data in each subnet network are obtained, and the asset data and the boundary risk data acquired by the network peripheral sensor are summarized and analyzed to determine the asset condition and the risk condition of the private network. According to the embodiment of the invention, a sensor is not required to be installed on each device in the private network, and only the network end sensor is required to be deployed in the subnet network, so that the asset condition and the risk condition of the whole private network can be obtained, the efficiency of acquiring the private network data is greatly improved, the cost is reduced, and the technical problem of low acquisition efficiency in the manner of acquiring the asset information and the risk data in the private network in the prior art is solved.
Drawings
Fig. 1 is a flowchart of a private network data acquisition method according to an embodiment of the present invention.
Fig. 2 is a schematic deployment diagram of a network tip sensor according to an embodiment of the present invention.
Fig. 3 is a schematic structural diagram of a private network data acquisition device according to an embodiment of the present invention.
Fig. 4 is a schematic structural diagram of an apparatus according to an embodiment of the present invention.
Detailed Description
The following description and the annexed drawings set forth in detail certain illustrative embodiments of the application so as to enable those skilled in the art to practice them. The examples merely typify possible variations. Individual components and functions are optional unless explicitly required, and the sequence of operations may vary. Portions and features of some embodiments may be included in or substituted for those of others. The scope of the embodiments of the present application includes the full ambit of the claims, as well as all available equivalents of the claims. Embodiments may be referred to herein, individually or collectively, by the term "invention" merely for convenience and without intending to voluntarily limit the scope of this application to any single invention or inventive concept if more than one is in fact disclosed. Herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed. The embodiments are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. For the structures, products and the like disclosed by the embodiments, the description is relatively simple because the structures, the products and the like correspond to the parts disclosed by the embodiments, and the relevant parts can be just described by referring to the method part.
Example one
As shown in fig. 1, fig. 1 is a flowchart of a private network data acquisition method according to an embodiment of the present invention. The private network data acquisition method provided by the embodiment of the invention can be executed by a private network data acquisition device, the private network data acquisition device can be realized in a software and/or hardware mode, and the private network data acquisition device can be composed of two or more physical entities or one physical entity. For example, the private network data acquisition equipment can be a computer, an upper computer, a server, a tablet and other equipment. The method comprises the following steps:
In this embodiment, the network peripheral sensor needs to be deployed in the subnet network of the private network in advance, and the network peripheral sensor is used for detecting private network information data of the subnet network in the private network. It should be further described that the range of the subnet network may be set according to actual needs, for example, the range of the subnet network may be a C-segment network, and the range of the subnet network may also be greater than the C-segment network or smaller than the C-segment network.
Before detection, the network peripheral sensor needs to register with the server, and a subsequent detection process can be executed after the network peripheral sensor successfully registers on the server. The specific process is as follows: the network end sensor in the private network sends registration information to the server, the registration information comprises the identification of the network end sensor, such as an IP address, and the server registers the network end sensor according to the identification in the registration information after receiving the registration information sent by the network end sensor.
It should be noted that the network tip sensor is installed in a client (which may be a windows system or a linux system), and it is understood that in this embodiment, the installation environment of the network tip sensor may be set according to actual needs, and in this embodiment, a specific installation environment of the network tip sensor is not limited. A network tip sensor is deployed on any one device on each subnet network of the private network so that the network tip sensor can detect all devices within the subnet network, as shown in fig. 2. In fig. 2, the subnet network is a C-segment network, and a network tip sensor is installed in each C-segment network. Illustratively, if there are 254 IPs in a subnet network, each IP corresponds to a device, the network end sensor in the subnet network can detect 254 devices in the subnet network.
In one embodiment, the specific process of deploying the network tip sensor is as follows: and downloading the latest version of the network tip sensor from the server for installation by adopting an online installation mode, registering background service after the installation is finished, and setting startup self-starting. If the client private network environment has an environment for automatic pushing installation, the installer can be pushed remotely in batches, otherwise, the installer can only be manually executed.
On the basis of the above embodiment, the network tip sensor deploys at least one in one subnet network.
For the network tip sensor, one may be deployed in each subnet network, or a plurality of may be deployed redundantly. When a plurality of network end sensors are deployed in one subnet network, the server can automatically select one starting detection, and if one network end sensor stops working (such as power failure), the background server automatically starts other network end sensors in the same subnet network to detect, so that the reliability is improved.
And 102, sending configuration parameters to the registered network end sensor so as to configure the registered network end sensor.
After the network tip sensor is registered on the server, the heartbeat package is adopted to maintain the connectivity with the server, and the server sends configuration parameters to the registered network tip sensor, so that the registered network tip sensor can configure the parameters of the registered network tip sensor according to the configuration parameters issued by the server, and the subsequent detection function is realized.
On the basis of the above embodiment, a specific process of configuring the registered network tip sensor is as follows:
the method comprises the steps of registering a network tip sensor, and configuring a detection switch, a detection strategy, a detection frequency and an upgrading strategy of the registered network tip sensor.
In this embodiment, the process of configuring the registered network peripheral sensor specifically includes configuring a detection switch, a detection policy, a detection frequency, and an upgrade policy of the network peripheral sensor. Configuring a detection switch to control whether a network tip sensor is turned on or off; configuring a detection strategy so as to control a network end sensor to detect which devices in the subnet network; configuring the detection frequency so as to control the number of detection packets sent by the network end sensor per second; the configuration of the upgrading strategy can control the upgrading strategy of the network tip sensor, for example, the upgrading strategy of the network tip sensor is set to be automatically updated, the network tip sensor actively inquires the server for version updating at regular time, and automatic upgrading is realized.
103, receiving private network information data returned by the configured network end sensor, wherein the private network information data comprises asset data and boundary risk data, the private network information data is obtained by detecting equipment in the subnet networks by the configured network end sensor, and each subnet network at least comprises one equipment.
After the network end sensor is configured, the network end sensor is started and starts to collect the private network information data of the private network. Specifically, the network peripheral sensor finds the equipment in the subnet network deployed by the network peripheral sensor under the condition that the equipment installation and the network where the network peripheral sensor is located are not influenced, acquires asset data, detects risks of the equipment in the subnet network deployed by the network peripheral sensor, acquires boundary risk data, and uploads the detected asset data and the boundary risk data to the server through the https channel. It is understood that in this embodiment, at least one device is included in one subnet network.
On the basis of the above embodiment, the asset data includes the number of devices data and the state data of the devices, and the boundary risk data includes the router data, the DHCP server data, and the DNS server data.
It is further noted that the asset data includes data on the number of devices in the subnet network detected by the network end sensors and status data of each device. Illustratively, the network peripheral sensor detects 251 the number of devices in the subnet network, and the status data of each device is that the device is in an on state or an off state. The boundary risk data includes router data, DHCP server data, and DNS server data in the subnet network. Because the private network is generally an internal network and is not connected with an external network, if gateway level equipment or systems such as a router, a DHCP server or a DNS server exist in the subnet network, it indicates that an uncontrolled private network exists in the private network, and a boundary risk exists.
On the basis of the above embodiment, the configured network end sensor is also used for detecting the devices of the private network segment in the subnet network through a detection protocol.
When the configured network peripheral sensor detects the device in the subnet network, the configured network peripheral sensor can also detect a private network segment (such as 192.168.x.x) in the subnet network deployed by the detection protocol.
On the basis of the above embodiments, the probe protocol includes an arp protocol and an http protocol.
In this embodiment, when the network tip sensor detects a device in the subnet network, the adopted protocol may be at least one of an arp protocol and an http protocol, and may be flexibly selected according to an actual situation, so that the network tip sensor can detect the device using different protocols, and the application range of the network tip sensor is improved.
And 104, summarizing the private network information data, analyzing the summarized private network information data, and determining the asset condition and the risk condition of the private network.
After the network end sensors send the collected private network information data to the server, the server collects the private network information data sent by each network end sensor and further analyzes the data, and therefore the asset condition and the risk condition of the private network are determined. Exemplarily, the asset condition of the private network is determined according to the equipment quantity data and the equipment state data in the asset data; and determining the risk condition of the private network according to the router data, the DHCP server data and the DNS server data in the boundary risk data. In one embodiment, when any one of a small router, a DHCP server and a DNS server exists in the private network according to the boundary risk data, the risk condition of the private network is determined as high risk, and staff are prompted to pay attention. After the asset condition and the risk condition of the private network are determined, the asset condition and the risk condition can be displayed so as to be observed by a worker.
The embodiments of the present invention provide a method, an apparatus, a device, and a storage medium for acquiring private network data, including receiving registration information sent by a network tip sensor deployed in a private network, and registering the network tip sensor according to the registration information; the network tip sensor is deployed in a subnet network of the private network and used for detecting the subnet network; sending configuration parameters to the registered network end sensor to configure the registered network end sensor; receiving private network information data returned by the configured network tip sensor, wherein the private network information data comprises asset data and boundary risk data, the private network information data is obtained by detecting equipment in the subnet networks by the configured network tip sensor, and each subnet network at least comprises one piece of equipment; and summarizing the private network information data, analyzing the summarized private network information data, and determining the asset condition and the risk condition of the private network. According to the embodiment of the invention, the subnet networks in the private network are detected by using the network peripheral sensor, the asset data and the boundary risk data in each subnet network are obtained, and the asset data and the boundary risk data acquired by the network peripheral sensor are summarized and analyzed to determine the asset condition and the risk condition of the private network. According to the embodiment of the invention, a sensor is not required to be installed on each device in the private network, and only the network end sensor is required to be deployed in the subnet network, so that the asset condition and the risk condition of the whole private network can be obtained, the efficiency of acquiring the private network data is greatly improved, the cost is reduced, and the technical problem of low acquisition efficiency in the manner of acquiring the asset information and the risk data in the private network in the prior art is solved.
Example two
Fig. 3 is a schematic structural diagram of a private network data acquisition device according to an embodiment of the present invention, as shown in fig. 3, including:
the registration module 201 is configured to receive registration information sent by a network tip sensor deployed in a private network, and register the network tip sensor according to the registration information; the network tip sensor is deployed in a subnet network of the private network and used for detecting the subnet network;
a configuration module 202, configured to send configuration parameters to the registered network peripheral sensors, so as to configure the registered network peripheral sensors;
the data receiving module 203 is configured to receive private network information data returned by the configured network tip sensor, where the private network information data includes asset data and boundary risk data, and the private network information data is obtained by detecting devices in subnet networks by the configured network tip sensor, and each subnet network includes at least one device;
and the summarizing and analyzing module 204 is used for summarizing the private network information data, analyzing the summarized private network information data and determining the asset condition and the risk condition of the private network.
On the basis of the above embodiment, the network tip sensor deploys at least one in one subnet network.
On the basis of the foregoing embodiment, the specific process of the configuration module 202 for configuring the registered network tip sensor is as follows:
the method is used for configuring the detection switch, the detection strategy, the detection frequency and the upgrading strategy of the registered network tip sensor.
On the basis of the above embodiment, the configured network end sensor is also used for detecting the devices of the private network segment in the subnet network through a detection protocol.
On the basis of the above embodiments, the probe protocol includes an arp protocol and an http protocol.
On the basis of the above embodiment, the asset data includes the number of devices data and the state data of the devices, and the boundary risk data includes the router data, the DHCP server data, and the DNS server data.
EXAMPLE III
The present embodiment also provides an apparatus, as shown in fig. 4, an apparatus 30, which includes a processor 300 and a memory 301;
the memory 301 is used for storing a computer program 302 and transmitting the computer program 302 to the processor;
the processor 300 is configured to execute the steps in the above-described embodiment of a private network data acquisition method according to the instructions in the computer program 302.
Illustratively, the computer program 302 may be partitioned into one or more modules/units that are stored in the memory 301 and executed by the processor 300 to accomplish the present application. The one or more modules/units may be a series of computer program instruction segments capable of performing specific functions, which are used to describe the execution of the computer program 302 in the device 30.
The device 30 may be a computing device such as a desktop computer, a notebook, a palm top computer, and a cloud server. The apparatus may include, but is not limited to, a processor 300, a memory 301. Those skilled in the art will appreciate that fig. 4 is merely an example of a device 30 and does not constitute a limitation of device 30 and may include more or fewer components than shown, or some components in combination, or different components, e.g., the device may also include input-output devices, network access devices, buses, etc.
The Processor 300 may be a Central Processing Unit (CPU), other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic, discrete hardware components, etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The memory 301 may be an internal storage unit of the device 30, such as a hard disk or a memory of the device 30. The memory 301 may also be an external storage device of the device 30, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like, provided on the device 30. Further, the memory 301 may also include both an internal storage unit and an external storage device of the device 30. The memory 301 is used for storing the computer program and other programs and data required by the device. The memory 301 may also be used to temporarily store data that has been output or is to be output.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other manners. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing computer programs.
Example four
An embodiment of the present invention further provides a storage medium including computer-executable instructions, which when executed by a computer processor, are configured to perform a private network data acquisition method, including the steps of:
receiving registration information sent by a network tip sensor deployed in a private network, and registering the network tip sensor according to the registration information; the network tip sensor is deployed in a subnet network of the private network and used for detecting the subnet network;
sending configuration parameters to the registered network tip sensor to configure the registered network tip sensor;
receiving private network information data returned by the configured network tip sensor, wherein the private network information data comprises asset data and boundary risk data, the private network information data is obtained by detecting equipment in subnet networks by the configured network tip sensor, and each subnet network at least comprises one equipment;
and summarizing the private network information data, analyzing the summarized private network information data, and determining the asset condition and the risk condition of the private network.
It should be noted that the foregoing is only a preferred embodiment of the present invention and the technical principles applied. Those skilled in the art will appreciate that the embodiments of the present invention are not limited to the specific embodiments described herein, and that various obvious changes, adaptations, and substitutions are possible, without departing from the scope of the embodiments of the present invention. Therefore, although the embodiments of the present invention have been described in more detail through the above embodiments, the embodiments of the present invention are not limited to the above embodiments, and many other equivalent embodiments may be included without departing from the concept of the embodiments of the present invention, and the scope of the embodiments of the present invention is determined by the scope of the appended claims.
Claims (10)
1. A private network data acquisition method is characterized by comprising the following steps:
receiving registration information sent by a network tip sensor deployed in a private network, and registering the network tip sensor according to the registration information; the network tip sensor is deployed in a subnet network of the private network and used for detecting the subnet network;
sending configuration parameters to the registered network tip sensor to configure the registered network tip sensor;
receiving private network information data returned by the configured network end sensor, wherein the private network information data comprises asset data and boundary risk data, the private network information data is obtained by detecting equipment in the subnet networks by the configured network end sensor, and each subnet network at least comprises one equipment;
and summarizing the private network information data, analyzing the summarized private network information data, and determining the asset condition and the risk condition of the private network.
2. The method of claim 1, wherein at least one of said network tip sensors is deployed in a network of said sub-networks.
3. The method according to claim 1, wherein the specific process of configuring the registered network tip sensor is as follows:
the method comprises the steps of registering a network tip sensor, and configuring a detection switch, a detection strategy, a detection frequency and an upgrading strategy of the registered network tip sensor.
4. The method of claim 1, wherein the configured network edge sensor is further configured to detect a device of a private network segment in the subnet network via a detection protocol.
5. The method according to claim 4, wherein the probe protocol comprises an arp protocol and an http protocol.
6. The method of claim 1, wherein the asset data comprises device quantity data and device status data, and the boundary risk data comprises router data, DHCP server data and DNS server data.
7. A private network data acquisition device, comprising:
the registration module is used for receiving registration information sent by a network tip sensor deployed in a private network and registering the network tip sensor according to the registration information; the network tip sensor is deployed in a subnet network of the private network and used for detecting the subnet network;
the configuration module is used for sending configuration parameters to the registered network end sensor so as to configure the registered network end sensor;
the data receiving module is used for receiving private network information data returned by the configured network end sensor, the private network information data comprises asset data and boundary risk data, the private network information data is obtained by detecting equipment in the subnet networks by the configured network end sensor, and each subnet network at least comprises one equipment;
and the summarizing and analyzing module is used for summarizing the private network information data, analyzing the summarized private network information data and determining the asset condition and the risk condition of the private network.
8. The device of claim 7, wherein at least one of said network tip sensors is deployed in a network of said sub-networks.
9. An apparatus, comprising a processor and a memory;
the memory is used for storing a computer program and transmitting the computer program to the processor;
the processor is configured to execute a method of private network data acquisition according to any one of claims 1-7 according to instructions in the computer program.
10. A storage medium storing computer-executable instructions for performing the private network data acquisition method of any one of claims 1-7 when executed by a computer processor.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110915496.5A CN113765704B (en) | 2021-08-10 | 2021-08-10 | Private network data acquisition method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110915496.5A CN113765704B (en) | 2021-08-10 | 2021-08-10 | Private network data acquisition method, device, equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113765704A true CN113765704A (en) | 2021-12-07 |
| CN113765704B CN113765704B (en) | 2022-09-27 |
Family
ID=78789014
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110915496.5A Active CN113765704B (en) | 2021-08-10 | 2021-08-10 | Private network data acquisition method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113765704B (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109544349A (en) * | 2018-11-29 | 2019-03-29 | 广东电网有限责任公司 | One kind being based on networked asset information collecting method, device, equipment and storage medium |
| CN109922026A (en) * | 2017-12-13 | 2019-06-21 | 西门子公司 | Monitoring method, device, system and the storage medium of one OT system |
| CN110544018A (en) * | 2019-08-12 | 2019-12-06 | 中国南方电网有限责任公司 | asset management method, device, system, computer device and readable storage medium |
| CN111178760A (en) * | 2019-12-30 | 2020-05-19 | 成都烽创科技有限公司 | Risk monitoring method and device, terminal equipment and computer readable storage medium |
| CN111556077A (en) * | 2020-05-15 | 2020-08-18 | 杭州安恒信息技术股份有限公司 | Network data acquisition method, equipment and related equipment |
| CN112217817A (en) * | 2020-10-10 | 2021-01-12 | 杭州安恒信息技术股份有限公司 | Network asset risk monitoring method and device and related equipment |
| CN113326514A (en) * | 2021-07-30 | 2021-08-31 | 紫光恒越技术有限公司 | Risk assessment method and device for network assets, switch, equipment and server |
| CN114598506A (en) * | 2022-02-22 | 2022-06-07 | 烽台科技(北京)有限公司 | Industrial control network security risk tracing method and device, electronic equipment and storage medium |
-
2021
- 2021-08-10 CN CN202110915496.5A patent/CN113765704B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109922026A (en) * | 2017-12-13 | 2019-06-21 | 西门子公司 | Monitoring method, device, system and the storage medium of one OT system |
| CN109544349A (en) * | 2018-11-29 | 2019-03-29 | 广东电网有限责任公司 | One kind being based on networked asset information collecting method, device, equipment and storage medium |
| CN110544018A (en) * | 2019-08-12 | 2019-12-06 | 中国南方电网有限责任公司 | asset management method, device, system, computer device and readable storage medium |
| CN111178760A (en) * | 2019-12-30 | 2020-05-19 | 成都烽创科技有限公司 | Risk monitoring method and device, terminal equipment and computer readable storage medium |
| CN111556077A (en) * | 2020-05-15 | 2020-08-18 | 杭州安恒信息技术股份有限公司 | Network data acquisition method, equipment and related equipment |
| CN112217817A (en) * | 2020-10-10 | 2021-01-12 | 杭州安恒信息技术股份有限公司 | Network asset risk monitoring method and device and related equipment |
| CN113326514A (en) * | 2021-07-30 | 2021-08-31 | 紫光恒越技术有限公司 | Risk assessment method and device for network assets, switch, equipment and server |
| CN114598506A (en) * | 2022-02-22 | 2022-06-07 | 烽台科技(北京)有限公司 | Industrial control network security risk tracing method and device, electronic equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113765704B (en) | 2022-09-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11121925B2 (en) | IoT network management method for managing LoRaWAN-based large-scale facilities, and IoT network server and terminal applying the same | |
| CN109451021B (en) | Internet of things edge side multi-heterogeneous network access system and method | |
| US20210191826A1 (en) | Building system with ledger based software gateways | |
| EP3214891B1 (en) | Switching-on method, base station and storage medium | |
| CN113014427B (en) | Network management method and device and storage medium | |
| US9280399B2 (en) | Detecting, monitoring, and configuring services in a netwowk | |
| CN107547565B (en) | Network access authentication method and device | |
| EP2538672A1 (en) | Method for configuring networked cameras | |
| CN106549789B (en) | Method and system for realizing server installation | |
| WO2015127170A2 (en) | Method and system for providing a robust and efficient virtual asset vulnerability management and verification service | |
| GB2553784A (en) | Management of log data in electronic devices | |
| CN104685855A (en) | System and method for ensuring internet protocol (ip) address and node name consistency in middleware machine environment | |
| Zhang et al. | Capture: Centralized library management for heterogeneous {IoT} devices | |
| CN103281286A (en) | Information processing apparatus communicating with external device via network, and information processing method thereof | |
| CN114866515A (en) | IP address configuration method, device, electronic equipment and storage medium | |
| CN113765704B (en) | Private network data acquisition method, device, equipment and storage medium | |
| US10069985B2 (en) | Managing system, intermediate apparatus, and managing method | |
| US10594842B2 (en) | Method for real-time synchronization between a device and host servers | |
| EP3349138B1 (en) | Communication destination determination device, communication destination determination method, and recording medium | |
| WO2016101474A1 (en) | Method and apparatus for monitoring configuration data and system therefor | |
| CN115987963A (en) | Vehicle data uploading method, wireless networking controller and system | |
| KR100795578B1 (en) | Firmware management system for customer equipment and method thereof | |
| US12041687B2 (en) | Specifying device, specifying method, and specifying program | |
| RU2735669C1 (en) | Method and system for distribution of software for rail rolling stock, configuration server module and rail rolling stock | |
| CN114124568A (en) | Connection control method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |