CN113783837B - Method and terminal for checking longitudinal encryption host of self-adaptive substation - Google Patents

Method and terminal for checking longitudinal encryption host of self-adaptive substation Download PDF

Info

Publication number
CN113783837B
CN113783837B CN202110885419.XA CN202110885419A CN113783837B CN 113783837 B CN113783837 B CN 113783837B CN 202110885419 A CN202110885419 A CN 202110885419A CN 113783837 B CN113783837 B CN 113783837B
Authority
CN
China
Prior art keywords
tunnel
strategy
configuration
verification
port
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110885419.XA
Other languages
Chinese (zh)
Other versions
CN113783837A (en
Inventor
邱建斌
陈建洪
林峰
江秋华
陈闽江
陈志辉
胡琳
张振兴
陈扩松
郑宇�
林炜
吴雨晴
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Maintenance Branch of State Grid Fujian Electric Power Co Ltd
Original Assignee
Maintenance Branch of State Grid Fujian Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Maintenance Branch of State Grid Fujian Electric Power Co Ltd filed Critical Maintenance Branch of State Grid Fujian Electric Power Co Ltd
Priority to CN202110885419.XA priority Critical patent/CN113783837B/en
Publication of CN113783837A publication Critical patent/CN113783837A/en
Application granted granted Critical
Publication of CN113783837B publication Critical patent/CN113783837B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • H04L63/205Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4633Interconnection of networks using encapsulation techniques, e.g. tunneling
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/50Testing arrangements
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Abstract

The invention discloses a method and a terminal for checking a longitudinal encryption host of a self-adaptive substation; the invention establishes connection with a longitudinal encryption host to acquire and identify configuration information; establishing a virtual tunnel to a longitudinal encryption host according to the configuration information, and generating a verification case according to the configuration information; performing tunnel policy verification on the virtual tunnel according to the verification use cases to obtain a verification result, and performing policy consistency comparison according to the verification result and a preset policy information table to obtain a comparison result; correcting the tunnel strategy according to the comparison result, and generating an analysis report; the method solves the problem of automatic verification of the longitudinal encryption host of the transformer substation, realizes the automatic verification of the whole strategy information table covered by multiple channels, realizes the self-adaptive verification and correction of different encryption host types, does not need manual intervention, and greatly improves the working efficiency.

Description

Method and terminal for checking longitudinal encryption host of self-adaptive substation
Technical Field
The invention relates to the technical field of power systems, in particular to a method and a terminal for checking a longitudinal encryption host of a self-adaptive substation.
Background
With the massive use of network equipment, equipment monitoring and popularization of the internet of things, the network security of a power monitoring system is one of indexes for measuring the safe and stable operation of a power system. In the electric power monitoring system network safety protection guide rule, the basic protection principle is defined: secure zoning, network specific, lateral quarantine, longitudinal authentication. The use of longitudinal encryption authentication devices in most power monitoring systems is currently an important measure for network security protection of power monitoring systems.
The verification of the longitudinal encryption authentication host (device) under the prior art condition can only be realized through the actual joint debugging of the service, and the following defects exist:
(1) If the service is not communicated in the verification process, the fault point cannot be accurately judged, and the service equipment and personnel skills are highly dependent.
(2) When checking, only one service corresponds to one strategy, namely, each tunnel strategy can be checked independently, and large-batch and multi-channel checking cannot be realized.
(3) The verification time is long. As the service access increases, the configuration of the tunnel-related policies increases, and the required verification time increases according to the prior art conditions.
Disclosure of Invention
The technical problems to be solved by the invention are as follows: the method and the terminal for checking the longitudinal encryption host of the self-adaptive substation can realize automatic checking of the longitudinal encryption host of the substation.
In order to solve the technical problems, the invention adopts the following technical scheme:
a method for checking a longitudinal encryption host of a self-adaptive transformer substation comprises the following steps:
s1, establishing connection with a longitudinal encryption host to acquire and identify configuration information;
s2, establishing a virtual tunnel to the longitudinal encryption host according to the configuration information, and generating a verification case according to the configuration information;
s3, verifying the tunnel strategy according to the verification case to obtain a verification result, and performing strategy consistency comparison according to the verification result and a preset strategy information table to obtain a comparison result;
s4, correcting the tunnel strategy according to the comparison result, and generating an analysis report.
In order to solve the technical problems, the invention adopts another technical scheme that:
an adaptive substation longitudinal encryption host verification terminal, comprising a processor, a memory and a computer program stored on the memory and capable of running on the processor, wherein the processor realizes the following steps when executing the computer program:
s1, establishing connection with a longitudinal encryption host to acquire and identify configuration information;
s2, establishing a virtual tunnel to the longitudinal encryption host according to the configuration information, and generating a verification case according to the configuration information;
s3, verifying the tunnel strategy according to the verification case to obtain a verification result, and performing strategy consistency comparison according to the verification result and a preset strategy information table to obtain a comparison result;
s4, correcting the tunnel strategy according to the comparison result, and generating an analysis report.
The invention has the beneficial effects that: the invention acquires the configuration information of the longitudinal encryption authentication host, automatically identifies the configuration information of the hosts of different types, establishes each service tunnel through the acquired configuration information, automatically generates the check cases and executes the check program, finally generates the check report and corrects the strategy, solves the problem of automatic check of the longitudinal encryption host of the transformer substation, realizes the automatic check of the whole strategy information table covered by multiple channels, realizes the self-adaptive check and correction of the different types of the encryption hosts, does not need manual intervention, and greatly improves the working efficiency.
Drawings
FIG. 1 is a flow chart of a method for checking a longitudinal encryption host of a self-adaptive substation according to an embodiment of the invention;
fig. 2 is a block diagram of a calibration terminal of a longitudinal encryption host of a self-adaptive substation according to an embodiment of the present invention;
FIG. 3 is a specific flowchart of a method for checking a longitudinal encryption host of an adaptive substation according to an embodiment of the present invention;
description of the reference numerals:
1. a self-adaptive substation longitudinal encryption host verification terminal; 2. a processor; 3. a memory.
Detailed Description
In order to describe the technical contents, the achieved objects and effects of the present invention in detail, the following description will be made with reference to the embodiments in conjunction with the accompanying drawings.
Referring to fig. 1 and 3, a method for checking a longitudinal encryption host of a self-adaptive substation includes:
s1, establishing connection with a longitudinal encryption host to acquire and identify configuration information;
s2, establishing a virtual tunnel to the longitudinal encryption host according to the configuration information, and generating a verification case according to the configuration information;
s3, verifying the tunnel strategy according to the verification case to obtain a verification result, and performing strategy consistency comparison according to the verification result and a preset strategy information table to obtain a comparison result;
s4, correcting the tunnel strategy according to the comparison result, and generating an analysis report.
From the above description, the beneficial effects of the invention are as follows: the invention acquires the configuration information of the longitudinal encryption authentication host, automatically identifies the configuration information of the hosts of different types, establishes each service tunnel through the acquired configuration information, automatically generates the check cases and executes the check program, finally generates the check report and corrects the strategy, solves the problem of automatic check of the longitudinal encryption host of the transformer substation, realizes the automatic check of the whole strategy information table covered by multiple channels, realizes the self-adaptive check and correction of the different types of the encryption hosts, does not need manual intervention, and greatly improves the working efficiency.
Further, the step S1 specifically includes:
and establishing connection with the longitudinal encryption host through a configuration port, and acquiring and identifying configuration information through the configuration port, wherein the configuration information comprises certificate configuration, tunnel configuration and strategy configuration.
As can be seen from the above description, the present invention establishes connection with the longitudinal encryption host through the configuration port, and obtains the configuration information of the longitudinal encryption host through the configuration port, so that the configuration information of the hosts of different types can be identified, and further, the subsequent operation is performed according to the different configuration information of the hosts of different types.
Further, the establishing connection with the longitudinal encryption host through the configuration port specifically comprises:
establishing connection with the longitudinal encryption host through three network ports, namely a configuration port, an uplink port and a downlink port;
in the step S2, the establishing a virtual tunnel to the longitudinal encryption host according to the configuration information specifically includes:
s21, according to the tunnel configuration and the certificate configuration, sending encrypted link information to the longitudinal encrypted host, establishing each virtual tunnel through the uplink port and the downlink port for linking, performing tunnel test, testing the availability of the virtual tunnel, and performing subsequent steps after the test is passed.
As is apparent from the above description, the virtual tunnel is established by transmitting the encrypted link information to the encrypted host, and the virtual tunnel is tested after the virtual tunnel is established, thereby ensuring the availability of the established virtual tunnel.
Further, in the step S2, the generating a check case according to the configuration information specifically includes:
s22, determining network and port boundaries according to the tunnel configuration and the policy configuration, generating a rule data packet of the longitudinal encryption host based on the determined network and port boundaries as a verification example, and carrying out link matching on each virtual tunnel according to the policy configuration, wherein the link matching is to match addresses at two ends of the virtual tunnel;
the step S3 includes:
s31, sending the rule data packet to the virtual tunnel through the uplink port, receiving return data and alarm log information at the downlink port, and analyzing the return data and the alarm log information to obtain the verification result.
As can be seen from the above description, the present invention determines the network and port boundaries according to the tunnel configuration and the policy configuration, generates the rule data packet of the longitudinal encryption host based on the determined network and port boundaries as a verification use case, verifies the correctness of the "tunnel policy" boundary condition of the longitudinal encryption host, and performs link matching on the virtual tunnel, thereby ensuring the communication between the virtual tunnel and the longitudinal encryption host.
Further, the step S3 includes:
s32, obtaining an actual tunnel strategy with correct verification according to the verification result;
s33, carrying out consistency comparison on the actual tunnel strategy which is checked to be correct through the preset strategy information table, and judging whether strategy setting is correct or not to obtain a comparison result;
the step S4 specifically includes:
s41, obtaining an actual tunnel strategy with consistency comparison errors and an actual tunnel strategy with strategy setting errors according to the comparison result, and classifying the actual tunnel strategy as an error strategy;
s42, correcting the error strategy and generating an analysis report.
The above description shows that the correct actual tunnel policy can be obtained according to the verification result, but the actual tunnel policy is also required to be compared with the preset policy information table, and the content recorded by the policy information table is confirmed to be consistent, otherwise, the error still exists, and the correction can be performed after the error policy is confirmed, and an analysis report is generated.
Referring to fig. 2, a longitudinally encrypted host verification terminal for an adaptive substation includes a processor, a memory, and a computer program stored in the memory and capable of running on the processor, wherein the processor implements the following steps when executing the computer program:
s1, establishing connection with a longitudinal encryption host to acquire and identify configuration information;
s2, establishing a virtual tunnel to the longitudinal encryption host according to the configuration information, and generating a verification case according to the configuration information;
s3, verifying the tunnel strategy according to the verification case to obtain a verification result, and performing strategy consistency comparison according to the verification result and a preset strategy information table to obtain a comparison result;
s4, correcting the tunnel strategy according to the comparison result, and generating an analysis report.
From the above description, the beneficial effects of the invention are as follows: the invention acquires the configuration information of the longitudinal encryption authentication host, automatically identifies the configuration information of the hosts of different types, establishes each service tunnel through the acquired configuration information, automatically generates the check cases and executes the check program, finally generates the check report and corrects the strategy, solves the problem of automatic check of the longitudinal encryption host of the transformer substation, realizes the automatic check of the whole strategy information table covered by multiple channels, realizes the self-adaptive check and correction of the different types of the encryption hosts, does not need manual intervention, and greatly improves the working efficiency.
Further, the step S1 specifically includes:
and establishing connection with the longitudinal encryption host through a configuration port, and acquiring and identifying configuration information through the configuration port, wherein the configuration information comprises certificate configuration, tunnel configuration and strategy configuration.
As can be seen from the above description, the present invention establishes connection with the longitudinal encryption host through the configuration port, and obtains the configuration information of the longitudinal encryption host through the configuration port, so that the configuration information of the hosts of different types can be identified, and further, the subsequent operation is performed according to the different configuration information of the hosts of different types.
Further, the establishing connection with the longitudinal encryption host through the configuration port specifically comprises:
establishing connection with the longitudinal encryption host through three network ports, namely a configuration port, an uplink port and a downlink port;
in the step S2, the establishing a virtual tunnel to the longitudinal encryption host according to the configuration information specifically includes:
s21, according to the tunnel configuration and the certificate configuration, sending encrypted link information to the longitudinal encrypted host, establishing each virtual tunnel through the uplink port and the downlink port for linking, performing tunnel test, testing the availability of the virtual tunnel, and performing subsequent steps after the test is passed.
As is apparent from the above description, the virtual tunnel is established by transmitting the encrypted link information to the encrypted host, and the virtual tunnel is tested after the virtual tunnel is established, thereby ensuring the availability of the established virtual tunnel.
Further, in the step S2, the generating a check case according to the configuration information specifically includes:
s22, determining network and port boundaries according to the tunnel configuration and the policy configuration, generating a rule data packet of the longitudinal encryption host based on the determined network and port boundaries as a verification example, and carrying out link matching on each virtual tunnel according to the policy configuration, wherein the link matching is to match addresses at two ends of the virtual tunnel;
the step S3 includes:
s31, sending the rule data packet to the virtual tunnel through the uplink port, receiving return data and alarm log information at the downlink port, and analyzing the return data and the alarm log information to obtain the verification result.
As can be seen from the above description, the present invention determines the network and port boundaries according to the tunnel configuration and the policy configuration, generates the rule data packet of the longitudinal encryption host based on the determined network and port boundaries as a verification use case, verifies the correctness of the "tunnel policy" boundary condition of the longitudinal encryption host, and performs link matching on the virtual tunnel, thereby ensuring the communication between the virtual tunnel and the longitudinal encryption host.
Further, the step S3 includes:
s32, obtaining an actual tunnel strategy with correct verification according to the verification result;
s33, carrying out consistency comparison on the actual tunnel strategy which is checked to be correct through the preset strategy information table, and judging whether strategy setting is correct or not to obtain a comparison result;
the step S4 specifically includes:
s41, obtaining an actual tunnel strategy with consistency comparison errors and an actual tunnel strategy with strategy setting errors according to the comparison result, and classifying the actual tunnel strategy as an error strategy;
s42, correcting the error strategy and generating an analysis report.
The above description shows that the correct actual tunnel policy can be obtained according to the verification result, but the actual tunnel policy is also required to be compared with the preset policy information table, and the content recorded by the policy information table is confirmed to be consistent, otherwise, the error still exists, and the correction can be performed after the error policy is confirmed, and an analysis report is generated.
Referring to fig. 1 and 3, a first embodiment of the present invention is as follows:
a method for checking a longitudinal encryption host of a self-adaptive transformer substation comprises the following steps:
s1, establishing connection with a longitudinal encryption host to acquire and identify configuration information;
the step S1 specifically comprises the following steps:
establishing connection with the longitudinal encryption host through a configuration port, and acquiring and identifying configuration information through the configuration port, wherein the configuration information comprises certificate configuration, tunnel configuration and strategy configuration;
the connection establishment between the longitudinal encryption host computer and the configuration port is specifically as follows:
and establishing connection with the longitudinal encryption host through three network ports, namely a configuration port, an uplink port and a downlink port.
In this embodiment, we establish connection with the longitudinal encryption host through three network ports of the configuration port, the uplink port and the downlink port, and obtain configuration information of the longitudinal encryption authentication host through the configuration port, and automatically identify configuration information of hosts of different types, including routing configuration, certificate configuration, bridging configuration, tunnel configuration and policy configuration of the longitudinal encryption host.
S2, establishing a virtual tunnel to the longitudinal encryption host according to the configuration information, and generating a verification case according to the configuration information;
in the step S2, the establishing a virtual tunnel to the longitudinal encryption host according to the configuration information specifically includes:
s21, according to the tunnel configuration and the certificate configuration, sending encryption link information to the longitudinal encryption host, establishing each virtual tunnel through the uplink port and the downlink port for linking, performing tunnel test, testing the availability of the virtual tunnel, and performing subsequent steps after the test is passed;
in the step S2, the generating a check case according to the configuration information specifically includes:
s22, determining network and port boundaries according to the tunnel configuration and the policy configuration, generating rule data packets of the longitudinal encryption host based on the determined network and port boundaries as verification examples, and carrying out link matching on each virtual tunnel according to the policy configuration, wherein the link matching is to match addresses at two ends of the virtual tunnel.
In this embodiment, the obtained configuration information, including tunnel configuration and certificate configuration, sends encrypted link information, establishes virtual tunnels for each service through the uplink port and the downlink port, links the virtual tunnels, and performs tunnel test. And determining network and port boundaries according to tunnel configuration and strategy configuration information, generating a rule data packet for checking the longitudinal encryption host, realizing automatic generation of check cases, automatically matching links of the virtual tunnel according to strategy information, matching addresses at two ends of the virtual tunnel, and ensuring that the virtual tunnel is communicated with the longitudinal encryption host.
S3, verifying the tunnel strategy according to the verification case to obtain a verification result, and performing strategy consistency comparison according to the verification result and a preset strategy information table to obtain a comparison result;
the step S3 includes:
s31, sending the rule data packet to the virtual tunnel through the uplink port, receiving return data and alarm log information at the downlink port, and analyzing the return data and the alarm log information to obtain the verification result;
s32, obtaining a verification correct actual tunnel strategy according to the verification result;
s33, carrying out consistency comparison on the actual tunnel strategy which is checked to be correct through the preset strategy information table, and judging whether strategy setting is correct or not to obtain a comparison result.
In this embodiment, after the verification case is obtained, an "uplink" data packet is automatically sent to the virtual tunnel, and the correctness of the verification is determined according to the return data received by the "downlink" and the acquired alarm log information. And the rule data packet is sent through the virtual tunnel of the uplink port, the return data and the alarm log information are received through the downlink port, and the return data and the alarm log information are analyzed to obtain the verification result. And carrying out consistent comparison on the verified strategy and a preset strategy information table to obtain a comparison result. The policy information table is encryption policy information in a unified format, and comprises information such as a source address, a destination address, a protocol, a local port, a remote port, an application protocol and the like, and is used for carrying out correctness comparison of an actual tunnel policy and judging whether the policy setting of the checking longitudinal encryption host is correct or not, and is a policy table which is verified to be correct manually.
S4, correcting the tunnel strategy according to the comparison result, and generating an analysis report;
the step S4 specifically includes:
s41, obtaining an actual tunnel strategy with consistency comparison errors and an actual tunnel strategy with strategy setting errors according to the comparison result, and classifying the actual tunnel strategy as an error strategy;
s42, correcting the error strategy and generating an analysis report.
In this embodiment, it is further required to confirm the policy consistency comparison again, correct the actual tunnel policy with the consistency comparison error and the policy setting error after the confirmation is completed, and generate an analysis report.
Referring to fig. 2, a second embodiment of the present invention is as follows:
the longitudinally encrypted host verification terminal for the adaptive substation comprises a processor, a memory and a computer program which is stored in the memory and can run on the processor, wherein the steps in the first embodiment are realized when the processor executes the computer program.
In summary, the configuration information of the longitudinal encryption authentication host is acquired through the configuration port, the configuration information of hosts of different types is automatically identified, each service tunnel is established through the acquired configuration information, the verification use cases are automatically generated and the verification program is executed, the verification report is finally generated and the strategy is corrected, the automatic verification problem of the longitudinal encryption host of the transformer substation is solved, the correctness verification of the boundary conditions of the tunnel strategy of the longitudinal encryption host is realized, the automatic verification of the multi-channel coverage whole strategy information table is realized, the self-adaptive verification and correction of different encryption host types are realized, manual intervention is not needed, and the working efficiency is greatly improved.
The foregoing description is only illustrative of the present invention and is not intended to limit the scope of the invention, and all equivalent changes made by the specification and drawings of the present invention, or direct or indirect application in the relevant art, are included in the scope of the present invention.

Claims (4)

1. The method for checking the longitudinal encryption host of the adaptive transformer substation is characterized by comprising the following steps of:
s1, establishing connection with a longitudinal encryption host to acquire and identify configuration information;
the step S1 specifically comprises the following steps:
establishing connection with the longitudinal encryption host through a configuration port, and acquiring and identifying configuration information through the configuration port, wherein the configuration information comprises certificate configuration, tunnel configuration and strategy configuration;
s2, establishing a virtual tunnel to the longitudinal encryption host according to the configuration information, and generating a verification case according to the configuration information;
the connection establishment between the longitudinal encryption host computer and the configuration port is specifically as follows:
establishing connection with the longitudinal encryption host through three network ports, namely a configuration port, an uplink port and a downlink port;
in the step S2, the establishing a virtual tunnel to the longitudinal encryption host according to the configuration information specifically includes:
s21, according to the tunnel configuration and the certificate configuration, sending encryption link information to the longitudinal encryption host, establishing each virtual tunnel through the uplink port and the downlink port for linking, performing tunnel test, testing the availability of the virtual tunnel, and performing subsequent steps after the test is passed;
in the step S2, the generating a check case according to the configuration information specifically includes:
s22, determining network and port boundaries according to the tunnel configuration and the policy configuration, generating a rule data packet of the longitudinal encryption host based on the determined network and port boundaries as a verification example, and carrying out link matching on each virtual tunnel according to the policy configuration, wherein the link matching is to match addresses at two ends of the virtual tunnel; s3, verifying the tunnel strategy according to the verification case to obtain a verification result, and performing strategy consistency comparison according to the verification result and a preset strategy information table to obtain a comparison result;
the step S3 includes:
s31, sending the rule data packet to the virtual tunnel through the uplink port, receiving return data and alarm log information at the downlink port, and analyzing the return data and the alarm log information to obtain the verification result;
s32, obtaining an actual tunnel strategy with correct verification according to the verification result;
s33, carrying out consistency comparison on the actual tunnel strategy which is checked to be correct through the preset strategy information table, and judging whether strategy setting is correct or not to obtain a comparison result;
s4, correcting the tunnel strategy according to the comparison result, and generating an analysis report.
2. The method for checking the longitudinal encryption host of the adaptive substation according to claim 1, wherein the step S4 is specifically:
s41, obtaining an actual tunnel strategy with consistency comparison errors and an actual tunnel strategy with strategy setting errors according to the comparison result, and classifying the actual tunnel strategy as an error strategy;
s42, correcting the error strategy and generating an analysis report.
3. An adaptive substation longitudinal encryption host verification terminal, comprising a processor, a memory and a computer program stored on the memory and capable of running on the processor, characterized in that the processor implements the following steps when executing the computer program:
s1, establishing connection with a longitudinal encryption host to acquire and identify configuration information;
the step S1 specifically comprises the following steps:
establishing connection with the longitudinal encryption host through a configuration port, and acquiring and identifying configuration information through the configuration port, wherein the configuration information comprises certificate configuration, tunnel configuration and strategy configuration;
s2, establishing a virtual tunnel to the longitudinal encryption host according to the configuration information, and generating a verification case according to the configuration information;
the connection establishment between the longitudinal encryption host computer and the configuration port is specifically as follows:
establishing connection with the longitudinal encryption host through three network ports, namely a configuration port, an uplink port and a downlink port;
in the step S2, the establishing a virtual tunnel to the longitudinal encryption host according to the configuration information specifically includes:
s21, according to the tunnel configuration and the certificate configuration, sending encryption link information to the longitudinal encryption host, establishing each virtual tunnel through the uplink port and the downlink port for linking, performing tunnel test, testing the availability of the virtual tunnel, and performing subsequent steps after the test is passed;
in the step S2, the generating a check case according to the configuration information specifically includes:
s22, determining network and port boundaries according to the tunnel configuration and the policy configuration, generating a rule data packet of the longitudinal encryption host based on the determined network and port boundaries as a verification example, and carrying out link matching on each virtual tunnel according to the policy configuration, wherein the link matching is to match addresses at two ends of the virtual tunnel;
s3, verifying the tunnel strategy according to the verification case to obtain a verification result, and performing strategy consistency comparison according to the verification result and a preset strategy information table to obtain a comparison result;
the step S3 includes:
s31, sending the rule data packet to the virtual tunnel through the uplink port, receiving return data and alarm log information at the downlink port, and analyzing the return data and the alarm log information to obtain the verification result;
s32, obtaining an actual tunnel strategy with correct verification according to the verification result;
s33, carrying out consistency comparison on the actual tunnel strategy which is checked to be correct through the preset strategy information table, and judging whether strategy setting is correct or not to obtain a comparison result;
s4, correcting the tunnel strategy according to the comparison result, and generating an analysis report.
4. The terminal for checking the longitudinal encryption host of the adaptive substation according to claim 3, wherein the step S4 is specifically:
s41, obtaining an actual tunnel strategy with consistency comparison errors and an actual tunnel strategy with strategy setting errors according to the comparison result, and classifying the actual tunnel strategy as an error strategy;
s42, correcting the error strategy and generating an analysis report.
CN202110885419.XA 2021-08-03 2021-08-03 Method and terminal for checking longitudinal encryption host of self-adaptive substation Active CN113783837B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110885419.XA CN113783837B (en) 2021-08-03 2021-08-03 Method and terminal for checking longitudinal encryption host of self-adaptive substation

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110885419.XA CN113783837B (en) 2021-08-03 2021-08-03 Method and terminal for checking longitudinal encryption host of self-adaptive substation

Publications (2)

Publication Number Publication Date
CN113783837A CN113783837A (en) 2021-12-10
CN113783837B true CN113783837B (en) 2023-07-14

Family

ID=78836651

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110885419.XA Active CN113783837B (en) 2021-08-03 2021-08-03 Method and terminal for checking longitudinal encryption host of self-adaptive substation

Country Status (1)

Country Link
CN (1) CN113783837B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116319105B (en) * 2023-05-22 2023-08-15 北京中鼎昊硕科技有限责任公司 High-reliability data transmission management system based on multipath secure tunnel

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN200962604Y (en) * 2006-09-14 2007-10-17 北京科东电力控制系统有限责任公司 Vertical encryption authentication gateway device special for power
CN111431862A (en) * 2020-02-28 2020-07-17 中国电子科技网络信息安全有限公司 Network security deep protection method and system for threat-driven power monitoring system

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107294711B (en) * 2017-07-11 2021-03-30 国网辽宁省电力有限公司 Power information intranet message encryption issuing method based on VXLAN technology
CN110784459B (en) * 2019-10-22 2021-10-26 云南恒协科技有限公司 Power network safety protection diagnosis system and method based on fuzzy theory
CN111756693A (en) * 2020-05-20 2020-10-09 国网河北省电力有限公司电力科学研究院 Encryption type electric power monitored control system network safety monitoring device
CN112887324B (en) * 2021-02-20 2022-07-08 广西电网有限责任公司 Policy configuration management system for network security device of power monitoring system

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN200962604Y (en) * 2006-09-14 2007-10-17 北京科东电力控制系统有限责任公司 Vertical encryption authentication gateway device special for power
CN111431862A (en) * 2020-02-28 2020-07-17 中国电子科技网络信息安全有限公司 Network security deep protection method and system for threat-driven power monitoring system

Also Published As

Publication number Publication date
CN113783837A (en) 2021-12-10

Similar Documents

Publication Publication Date Title
CN110752952B (en) Network fault positioning method and device, network equipment and computer storage medium
US10873594B2 (en) Test system and method for identifying security vulnerabilities of a device under test
EP2001165B1 (en) Method and system for measuring network performance
US9448914B2 (en) Method and system for implementing remote debugging
US10367713B2 (en) Cloud based system and method for managing testing configurations for cable test devices
EP1990958A1 (en) Method for testing safety access protocol conformity of access point and apparatus thereof
CN103138988B (en) Positioning treatment method and positioning treatment device of network faults
CN103259797B (en) data file transmission method and platform
CN113783837B (en) Method and terminal for checking longitudinal encryption host of self-adaptive substation
JP2009528730A (en) Method and apparatus for conformance test of secure access protocol of authentication server
KR100882814B1 (en) Dual processing system for ensuring realtime of protocol test
CN112367680A (en) External communication test method and device based on intelligent electric meter and computer equipment
CN111683044A (en) Method and device for automatically detecting forward isolation device strategy
CN102624587B (en) System and method capable of achieving defect detection for IEC60870-5-101/104 communication protocol
US8086908B2 (en) Apparatus and a method for reporting the error of each level of the tunnel data packet in a communication network
CN109167809B (en) Internet of things platform docking data transmission format processing method
US20100110899A1 (en) Stressing a network device
CN113179317B (en) Test system and method for content rewriting device
CN111221764B (en) Cross-link data transmission method and system
CN110198202B (en) Method and device for checking AFDX (avionics full Duplex switched Ethernet) bus message data source
KR101616402B1 (en) Discriminating apparatus of line sharing terminal
CN109495330A (en) A kind of method and device realized UDP and intercept test
CN109495349B (en) NAT throughput testing method and system for wireless access point
CN114157509A (en) Encryption method and device with SSL and IPsec based on cryptographic algorithm
KR101389646B1 (en) Communication device and communication method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant