CN114157496B - Intelligent machine room equipment management platform - Google Patents

Intelligent machine room equipment management platform Download PDF

Info

Publication number
CN114157496B
CN114157496B CN202111480701.6A CN202111480701A CN114157496B CN 114157496 B CN114157496 B CN 114157496B CN 202111480701 A CN202111480701 A CN 202111480701A CN 114157496 B CN114157496 B CN 114157496B
Authority
CN
China
Prior art keywords
server
area
zone
safety
access area
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111480701.6A
Other languages
Chinese (zh)
Other versions
CN114157496A (en
Inventor
崔惠
裴培
王黎明
朱健
王升波
冯威
俞慧
佘文俊
顾妍
高婷婷
沈扬
朱亚天
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Yangzhou Power Supply Branch Of State Grid Jiangsu Electric Power Co ltd
State Grid Jiangsu Electric Power Co Ltd
Original Assignee
Yangzhou Power Supply Branch Of State Grid Jiangsu Electric Power Co ltd
State Grid Jiangsu Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Yangzhou Power Supply Branch Of State Grid Jiangsu Electric Power Co ltd, State Grid Jiangsu Electric Power Co Ltd filed Critical Yangzhou Power Supply Branch Of State Grid Jiangsu Electric Power Co ltd
Priority to CN202111480701.6A priority Critical patent/CN114157496B/en
Publication of CN114157496A publication Critical patent/CN114157496A/en
Application granted granted Critical
Publication of CN114157496B publication Critical patent/CN114157496B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/28Restricting access to network management systems or functions, e.g. using authorisation function to access network configuration
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Power Engineering (AREA)
  • Small-Scale Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

An intelligent machine room equipment management platform. The intelligent machine room equipment management platform is convenient to discover equipment access in time, convenient to identify and capable of improving safety. The system comprises a first distribution network area, a fourth distribution network area, a first safety access area, a second safety access area and a third safety access area, wherein the fourth distribution network area, the first safety access area, the second safety access area and the third safety access area are respectively connected with the first distribution network area through isolation devices; the management platform comprises a zone system, a zone server, a four zone server, a safety access zone second server and a safety access zone third server, wherein the zone system comprises a display module, a scanning identification module and a data receiving and processing module, and the display module is used for information display; the invention is convenient for finding the equipment access in time, and scanning, identifying and displaying in a zone system, and improving the safety by judging whether the access is allowed.

Description

Intelligent machine room equipment management platform
Technical Field
The invention relates to the field of power distribution automation, in particular to an intelligent machine room equipment management platform.
Background
The distribution automation is a comprehensive information management system integrating computer technology, data transmission, control technology, modern equipment and management, and aims to improve the power supply reliability, improve the power quality, provide high-quality service for users, reduce the running cost and lighten the labor intensity of operators.
The secondary system is divided into four safe working areas: a real-time control area, a non-control production area, a production management area and a management information area. The safety area I is a real-time control area, and the key point and the core of safety protection are the safety area; the safety zone II is a non-controlled production zone; the safety zone III is a production management zone; the security area IV is a management information area.
At present, when the secondary system is in use, equipment access assets are disordered, the equipment access assets are inconvenient to find in time, IP address conflict is easily caused, access equipment does not meet the safety access requirement, and the like, and further potential safety hazards of a network are caused.
Disclosure of Invention
Aiming at the problems, the invention provides the intelligent machine room equipment management platform which is convenient for discovering equipment access in time, is convenient for identification and improves safety.
The technical scheme of the invention is as follows: the network distribution system comprises a first network distribution area, a fourth network distribution area, a first safety access area, a second safety access area and a third safety access area,
the fourth distribution network area, the first safety access area, the second safety access area and the third safety access area are respectively connected with the first distribution network area through isolation devices;
the management platform comprises a zone system, a zone server, a four zone server, a safety access zone second server and a safety access zone third server,
the one-area system comprises a display module, a scanning identification module and a data receiving and processing module,
the display module is used for information display;
the scanning and identifying module is used for scanning the new and old equipment and analyzing the old equipment;
the data receiving and processing module is used for receiving data of the four-zone server, the safety access zone second server and the safety access zone third server;
the display module, the scanning identification module and the data receiving and processing module are respectively connected with a zone server;
the one-area server is correspondingly arranged in one area of the distribution network, the four-area server is correspondingly arranged in four areas of the distribution network, the safe access area server is correspondingly arranged in one safe access area,
the second server of the safe access area is correspondingly arranged in the second safe access area,
and the third safety access area server is correspondingly arranged in the third safety access area.
The four-area server, the first secure access area server, the second secure access area server and the third secure access area server are used for discovering new equipment, acquiring new equipment information, generating a file, transmitting the file to the first area server for analysis, and displaying through a display module;
whether the IP address is legal or not is judged by people, whether the vulnerability information meets the access standard or not is judged, and then an instruction for permission or rejection is issued.
Wherein, judging whether the IP address is legal,
when the IP address is found to be a new address, if the IP address is artificially allocated, the IP address is legal; if the distribution is not artificial, the distribution is illegal;
when the IP address is found to already exist, it is illegal.
Wherein, whether the vulnerability information accords with the access standard,
when the loopholes are found, the loopholes are divided into high, medium and low levels, and are manually selected.
The safety access area-server pair is connected with the safety access area-I through a switch, the switch is connected with a corresponding isolation device,
the safety access area server is used for scanning the network port of the switch and the number of the IP corresponding to the network port, uploading information to the area server for analysis, and displaying through the display module;
if the number of the IPs is more than or equal to 2, judging that the network port is externally connected with other switches;
if the number of the IPs is 1, the method is normal.
If the number of the IP is more than or equal to 2, other switches are corresponding to the network ports of the switches and are configured in a zone system.
In operation, the management platform is arranged in the distribution network system and comprises a zone system, a zone server, a four-zone server, a safety access zone second server and a safety access zone third server, so that equipment access can be found conveniently in time in the corresponding distribution network four-zone, the safety access zone first, the safety access zone second and the safety access zone third, scanning identification and display can be carried out in the zone system, and meanwhile, safety is improved by judging whether access is allowed or not.
Drawings
Figure 1 is a block diagram of the structure of the present invention,
figure 2 is a block diagram of a region of a distribution network,
figure 3 is a block diagram of the architecture of a zone system,
fig. 4 is a schematic diagram of the connection between the first distribution network area and the first security access area.
Detailed Description
The invention is shown in fig. 1-4, and is applied to a distribution network system, wherein the distribution network system comprises a distribution network first area, a distribution network fourth area, a security access area first, a security access area second and a security access area third,
the fourth distribution network area, the first safety access area, the second safety access area and the third safety access area are respectively connected with the first distribution network area through isolation devices;
the management platform comprises a zone system, a zone server, a four zone server, a safety access zone second server and a safety access zone third server,
the one-area system comprises a display module, a scanning identification module and a data receiving and processing module,
the display module is used for information display (such as login, data display, vulnerability display, asset information display, scanning task configuration and the like);
the scanning and identifying module is used for scanning the new and old devices and analyzing the old devices (such as analyzing whether a service port changes, asset state changes, device vulnerability information changes and the like);
the data receiving and processing module is used for receiving data of the four-zone server, the safety access zone second server and the safety access zone third server;
the display module, the scanning identification module and the data receiving and processing module are respectively connected with a zone server;
the one-area server is correspondingly arranged in one area of the distribution network, the four-area server is correspondingly arranged in four areas of the distribution network, the safe access area server is correspondingly arranged in one safe access area,
the second server of the safe access area is correspondingly arranged in the second safe access area,
and the third safety access area server is correspondingly arranged in the third safety access area.
In operation, the management platform is arranged in the distribution network system and comprises a zone system, a zone server, a four-zone server, a safety access zone second server and a safety access zone third server, so that equipment access can be found conveniently in time in the corresponding distribution network four-zone, the safety access zone first, the safety access zone second and the safety access zone third, scanning identification and display can be carried out in the zone system, and meanwhile, safety is improved by judging whether access is allowed or not.
The four-area server, the security access area server II and the security access area server III are used for discovering new equipment, acquiring new equipment information (digital asset information, vulnerability information, IP addresses and the like), generating files, transmitting the files to the area server for analysis, and displaying the files through a display module;
whether the IP address is legal or not is judged by people, whether the vulnerability information meets the access standard or not is judged, and then an instruction for permission or rejection is issued.
Thus, the system discovers the IP address and the vulnerability information to perform artificial judgment.
When a new device is accessed, full scanning is performed, and a file containing the network topology structure of the region and node information is generated. And then all the generated files containing the network topology structure and the node information are transmitted to a zone server through an isolating device, and the zone server combines all the received files to generate a new file containing the whole network topology structure and the node information.
Wherein, judging whether the IP address is legal,
when the IP address is found to be a new address, if the IP address is artificially allocated, the IP address is legal; if the distribution is not artificial, the distribution is illegal;
when the IP address is found to already exist, it is illegal.
Thus, the uniqueness of IP address allocation is ensured, and the reasonable and record of the address allocated in the past is ensured when the IP address is allocated manually; the network operation equipment is prevented from being disconnected due to IP address conflict, and the accuracy and timeliness of the disconnection equipment are ensured.
The new access equipment is subjected to interception detection by technical means such as network detection, and the IP address, the equipment name, the operating system type, the MAC address and the like of the detection equipment are detected.
Wherein, whether the vulnerability information accords with the access standard,
when the loopholes are found, the loopholes are divided into high, medium and low levels, and are manually selected.
In order to timely find out corresponding information possibly endangering network safety when equipment is accessed, the system automatically calls the missing scanning module to missing scanning so as to timely guarantee network safety.
In the application, the loophole multi-mode import is realized, and the import modes are as follows: excel file import, interface acquisition import, database acquisition import, and import log generation can trace back to each import condition. The vulnerability can be refined and corresponds to an operating system level and an application level, and can be refined and corresponds to a specific application so as to analyze the vulnerability in a subsequent multi-dimension. Analyzing the imported excel to analyze the bug detail condition of each host, and realizing the automatic association of the equipment asset and the bug through the IP of the host associated to the IP of the equipment asset.
The safety access area-server pair is connected with the safety access area-I through a switch, the switch is connected with a corresponding isolation device,
the safety access area server is used for scanning the network port of the switch and the number of the IP corresponding to the network port, uploading information to the area server for analysis, and displaying through the display module;
if the number of the IPs is more than or equal to 2, judging that the network port is externally connected with other switches;
if the number of the IPs is 1, the IP is normal (i.e., external device).
In the application, the corresponding servers in other areas are all connected through the switch, so that the IP can be found out in time through the switch, and judgment is performed.
If the number of the IP is more than or equal to 2, other switches are corresponding to the network ports of the switches and are configured in a zone system.
Thus, the exchanger and the exchanger connected with the network port of the exchanger form corresponding relation in a zone server, namely, the network port is only connected with the exchanger;
therefore, when the network ports of any switch are found to have a large number of corresponding IP, the network ports are convenient to find in time, the corresponding relation is established, and the topology is convenient to expand gradually.
For the purposes of this disclosure, the following points are also described:
(1) The drawings of the embodiments disclosed in the present application relate only to the structures related to the embodiments disclosed in the present application, and other structures can refer to common designs;
(2) The embodiments disclosed herein and features of the embodiments may be combined with each other to arrive at new embodiments without conflict;
the above is only a specific embodiment disclosed in the present application, but the protection scope of the present disclosure is not limited thereto, and the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (5)

1. An intelligent machine room equipment management platform is applied to a distribution network system, the distribution network system comprises a distribution network first area, a distribution network fourth area, a security access area first, a security access area second and a security access area third,
the fourth distribution network area, the first safety access area, the second safety access area and the third safety access area are respectively connected with the first distribution network area through isolation devices;
it is characterized in that the management platform comprises a zone system, a zone server, a four zone server, a safety access zone second server and a safety access zone third server,
the one-area server is correspondingly arranged in one area of the distribution network, the four-area server is correspondingly arranged in four areas of the distribution network, the safe access area server is correspondingly arranged in one safe access area,
the second server of the safe access area is correspondingly arranged in the second safe access area,
the third safety access area server is correspondingly arranged in the third safety access area;
the one-area system comprises a display module, a scanning identification module and a data receiving and processing module,
the display module, the scanning identification module and the data receiving and processing module are respectively connected with a zone server;
the display module is used for information display;
the scanning and identifying module is used for scanning the new and old equipment and analyzing the old equipment;
the data receiving and processing module is used for receiving data of the four-zone server, the safety access zone second server and the safety access zone third server;
when new equipment is accessed, the four-area server, the safe access area server II and the safe access area server III are comprehensively scanned to generate files containing network topological structures and node information of areas, the files are used for finding new equipment and acquiring new equipment information, then all the generated files containing the network topological structures and the node information are transmitted to the area server through the isolating device, and the area server combines all the received files to generate new files containing the whole network topological structures and the node information and displays the files through the display module;
whether the IP address is legal or not is judged by people, whether the vulnerability information meets the access standard or not is judged, and then an instruction for permission or rejection is issued.
2. The intelligent computer room equipment management platform of claim 1, wherein determining whether the IP address is valid,
when the IP address is found to be a new address, if the IP address is artificially allocated, the IP address is legal; if the distribution is not artificial, the distribution is illegal;
when the IP address is found to already exist, it is illegal.
3. The intelligent computer room equipment management platform of claim 1, wherein the vulnerability information is in compliance with an access standard,
when the loopholes are found, the loopholes are divided into high, medium and low levels, and are manually selected.
4. The intelligent equipment room management platform according to claim 1, wherein the safety access area server pair is connected with the safety access area I through a switch, the switch is connected with a corresponding isolation device,
the safety access area server is used for scanning the network port of the switch and the number of the IP corresponding to the network port, uploading information to the area server for analysis, and displaying through the display module;
if the number of the IPs is more than or equal to 2, judging that the network port is externally connected with other switches;
if the number of the IPs is 1, the method is normal.
5. The intelligent machine room equipment management platform according to claim 4, wherein if the number of IPs is not less than 2, other switches are configured in a zone system corresponding to the network ports of the switch.
CN202111480701.6A 2021-12-06 2021-12-06 Intelligent machine room equipment management platform Active CN114157496B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111480701.6A CN114157496B (en) 2021-12-06 2021-12-06 Intelligent machine room equipment management platform

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111480701.6A CN114157496B (en) 2021-12-06 2021-12-06 Intelligent machine room equipment management platform

Publications (2)

Publication Number Publication Date
CN114157496A CN114157496A (en) 2022-03-08
CN114157496B true CN114157496B (en) 2023-06-02

Family

ID=80453322

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111480701.6A Active CN114157496B (en) 2021-12-06 2021-12-06 Intelligent machine room equipment management platform

Country Status (1)

Country Link
CN (1) CN114157496B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104811912A (en) * 2015-04-02 2015-07-29 佛山市云端容灾信息技术有限公司 Information interaction system and processing method based on wireless access device identity (ID) identification
CN110838936A (en) * 2019-02-21 2020-02-25 南方电网科学研究院有限责任公司 Power distribution communication network management device and method
CN111092869A (en) * 2019-12-10 2020-05-01 中盈优创资讯科技有限公司 Security management and control method for terminal access to office network and authentication server
CN112804241A (en) * 2021-01-25 2021-05-14 豪越科技有限公司 Intelligent monitoring method and system for computer room network
CN113723872A (en) * 2021-05-31 2021-11-30 云聚数据科技(上海)有限公司 Intelligent real-time capacity display method and system for data center

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10242390B2 (en) * 2017-07-31 2019-03-26 Bank Of America Corporation Digital data processing system for controlling automated exchange zone systems
US20200311643A1 (en) * 2019-03-27 2020-10-01 Blackberry Limited Systems and methods of tracking distributed tasks

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104811912A (en) * 2015-04-02 2015-07-29 佛山市云端容灾信息技术有限公司 Information interaction system and processing method based on wireless access device identity (ID) identification
CN110838936A (en) * 2019-02-21 2020-02-25 南方电网科学研究院有限责任公司 Power distribution communication network management device and method
CN111092869A (en) * 2019-12-10 2020-05-01 中盈优创资讯科技有限公司 Security management and control method for terminal access to office network and authentication server
CN112804241A (en) * 2021-01-25 2021-05-14 豪越科技有限公司 Intelligent monitoring method and system for computer room network
CN113723872A (en) * 2021-05-31 2021-11-30 云聚数据科技(上海)有限公司 Intelligent real-time capacity display method and system for data center

Also Published As

Publication number Publication date
CN114157496A (en) 2022-03-08

Similar Documents

Publication Publication Date Title
CN107733863B (en) Log debugging method and device under distributed hadoop environment
CN108134764B (en) Distributed data sharing and exchanging method and system
US20080092237A1 (en) System and method for network vulnerability analysis using multiple heterogeneous vulnerability scanners
CN111586033A (en) Asset data middle platform of data center
WO2016028067A2 (en) System and method for detecting malicious code using visualization
CN108966216B (en) Mobile communication method and system applied to power distribution network
CN112019571B (en) VPN connection implementation method and system
CN109271802A (en) A kind of user information management method, system, equipment and computer storage medium
KR102160950B1 (en) Data Distribution System and Its Method for Security Vulnerability Inspection
CN111510463B (en) Abnormal behavior recognition system
CN104579796A (en) Remote network equipment maintenance method, remote network equipment maintenance system and terminal
CN105743746A (en) Intelligent home electric appliance management method, management apparatus and management system
WO2023041039A1 (en) Secure access control method, system and apparatus based on dns resolution, and device
CN105516395A (en) Network address assignment method and device
CN111291382B (en) Vulnerability scanning system
CN117040943B (en) Cloud network endophytic security defense method and device based on IPv6 address driving
CN114238879A (en) Data processing method and device
CN114157496B (en) Intelligent machine room equipment management platform
CN116032691B (en) Shooting range interconnection method, electronic equipment and readable storage medium
CN110457897A (en) A kind of database security detection method based on communication protocol and SQL syntax
CN110995738B (en) Violent cracking behavior identification method and device, electronic equipment and readable storage medium
CN111314918A (en) DTU remote control system and remote control method
CN113824809B (en) IP resource information management system and method applied to spaceflight transmitting field
CN114915472B (en) Security operation and maintenance control center, security operation and maintenance control method and readable storage medium
CN112055098B (en) Method for establishing long IP data connection, 5G gateway equipment and computer equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant