CN114338068A - Multi-node vulnerability scanning method and device, electronic equipment and storage medium - Google Patents
Multi-node vulnerability scanning method and device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN114338068A CN114338068A CN202110599128.4A CN202110599128A CN114338068A CN 114338068 A CN114338068 A CN 114338068A CN 202110599128 A CN202110599128 A CN 202110599128A CN 114338068 A CN114338068 A CN 114338068A
- Authority
- CN
- China
- Prior art keywords
- vulnerability scanning
- node
- scanning
- vulnerability
- data center
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention relates to a multi-node vulnerability scanning method, a multi-node vulnerability scanning device, electronic equipment and a storage medium, wherein the method comprises the following steps: acquiring information of a terminal to be scanned; setting a multi-node vulnerability scanning rule according to the information of the terminal to be scanned; and carrying out vulnerability scanning according to the multi-node vulnerability scanning rule. The distributed architecture is adopted, a multi-task multi-node vulnerability scanning mode is designed, vulnerability scanning is actively and passively carried out on the data center, vulnerability scanning results on the multi-nodes are also followed up periodically, specific nodes of the statistical analysis data center are more easily attacked by network security, the scanning speed is high, a vulnerability protection enclosure of the data center is established, and the data center is prevented from being attacked by the network security. The stability, reliability and safety of the data center are improved, the safety barrier of the data center is constructed, and the risk of network security holes is reduced.
Description
Technical Field
The present invention relates to the field of network security technologies, and in particular, to a multi-node vulnerability scanning method and apparatus, an electronic device, and a storage medium.
Background
The miss-scanning platform is a comprehensive security platform and provides a plurality of security detection tools, and the security detection tools can scan the vulnerabilities of the terminals to be scanned in the data center to obtain corresponding scanning results, so that related personnel can determine the security configuration of the network of the terminals to be scanned in the data center and vulnerabilities of running application services according to the scanning results, and the vulnerabilities can be repaired in time.
However, when the vulnerability scanning is performed on the data center, network communication with the data center is required, and after the missing scanning platform is successfully attacked by a hacker, the hacker can illegally access the data of the terminal to be scanned in the data center through the network between the missing scanning platform and the data center, so that the data security is poor, and when the network between the missing scanning platform and the data center is unstable, the scanning result is inaccurate.
Thus, significant advances in the art are needed.
Disclosure of Invention
The technical problem to be solved by the present invention is that current vulnerability scanning is inaccurate, and in view of the above-mentioned defects in the prior art, the present invention provides a multi-node vulnerability scanning method, which includes:
acquiring information of a terminal to be scanned;
setting a multi-node vulnerability scanning rule according to the information of the terminal to be scanned;
and carrying out vulnerability scanning according to the multi-node vulnerability scanning rule.
Preferably, the setting a multi-node vulnerability scanning rule according to the terminal information to be scanned includes:
setting a distributed multi-node vulnerability scanning mode, setting a multi-task multi-thread vulnerability scanning mode, and setting an active scanning mode and a passive scanning mode.
Preferably, the setting a distributed multi-node vulnerability scanning mode according to the terminal information to be scanned includes:
setting a network node, a management node, a Linux/unix scanning node and a Windows scanning node.
Preferably, the setting of the multitask and multithread vulnerability scanning mode comprises:
and creating multiple threads according to the multiple tasks to perform vulnerability scanning.
Preferably, the multitask vulnerability scanning mode comprises:
password authentication vulnerability scanning tasks, login mode vulnerability scanning tasks, and system vulnerability scanning tasks.
Preferably, the method further comprises the steps of actively acquiring the vulnerability repair upgrade package from the internet at regular intervals, and issuing the vulnerability repair upgrade package to the distributed multi-nodes, so that the data center can actively and actively prevent the network vulnerability.
Preferably, the method also comprises the steps of follow-up of vulnerability scanning results on multiple nodes at regular intervals, statistics and analysis of aspects of the data center which are more easily attacked by the network security vulnerability, important precaution of the part, and assessment of other places with vulnerabilities without worry, and establishment of a data center vulnerability protection enclosure to avoid the data center being attacked by the network security.
In another aspect, the present invention further provides a multi-node vulnerability scanning apparatus, including:
the terminal information acquisition module to be scanned is used for acquiring the terminal information to be scanned;
the multi-node vulnerability scanning rule setting module is used for setting a multi-node vulnerability scanning rule according to the information of the terminal to be scanned;
and the vulnerability scanning module is used for carrying out vulnerability scanning according to the multi-node vulnerability scanning rule.
In another aspect, the present invention further provides an electronic device, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor executes the computer program to implement the steps of the multi-node vulnerability scanning method.
In another aspect, the present invention further provides a storage medium, where the storage medium stores a computer program, and the computer program, when executed by a processor, implements the steps of the multi-node vulnerability scanning method.
The multi-node vulnerability scanning method has the following beneficial effects: the distributed architecture is adopted, a multi-task multi-node vulnerability scanning mode is designed, vulnerability scanning is actively and passively carried out on the data center, vulnerability scanning results on the multi-nodes are also followed up periodically, specific nodes of the statistical analysis data center are more easily attacked by network security, the scanning speed is high, a vulnerability protection enclosure of the data center is established, and the data center is prevented from being attacked by the network security. The stability, reliability and safety of the data center are improved, the safety barrier of the data center is constructed, and the risk of network security holes is reduced.
Drawings
Various other advantages and benefits of the present invention will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the invention. It is obvious that the drawings described below are only some embodiments of the invention, and that for a person skilled in the art, other drawings can be derived from them without inventive effort.
The invention will be further described with reference to the accompanying drawings and examples, in which:
FIG. 1 is a flowchart of a multi-node vulnerability scanning method according to the present invention.
Fig. 2 is a schematic structural diagram of a multi-node vulnerability scanning apparatus according to the present invention.
Fig. 3 is a schematic physical structure diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present application are clearly and completely described below with reference to the drawings in the embodiments of the present application. It is to be understood that the described embodiments are merely a few embodiments of the present application and not all embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments in the present application without any creative effort belong to the protection scope of the present application.
The multi-node vulnerability scanning method provided by the embodiment of the application can be applied to various server terminals and terminals. The server-side and terminal devices include, but are not limited to, personal computers, server computers, handheld or laptop devices, mobile devices (such as mobile phones, tablet computers, PDAs, media players, etc.), consumer electronics devices, vehicle-mounted computers, smart watches, televisions, and other terminal devices with display screens, etc.
Example one
Please refer to fig. 1, which is a flowchart illustrating a multi-node vulnerability scanning method according to the present invention. As shown in fig. 1, the multi-node vulnerability scanning method provided by the first embodiment of the present invention at least includes the steps of,
and S1, acquiring the information of the terminal to be scanned.
The terminal information to be scanned generally includes services of different ports of the target host ICP/IP, such as whether anonymous login can be used, whether writable FTP directory exists, whether Telnet and httpd can be used, whether root is used for operation, etc., allocation of various TCP/IP ports of the Web server, open services, Web service software versions, information of these services and software presented on the Internet, etc.
For example, in the scanning of TCP 80 ports, if/CGI-bin/phf or/CGI-bin/count, CGI is found, it can be presumed that there are two CGI vulnerabilities for this WWW service based on the sharing and standardization of CGI programs.
And S2, setting a multi-node vulnerability scanning rule according to the information of the terminal to be scanned.
According to the information of the terminal to be scanned, setting a multi-node vulnerability scanning rule comprises the following steps:
setting a distributed multi-node vulnerability scanning mode, setting a multi-task multi-thread vulnerability scanning mode, and setting an active scanning mode and a passive scanning mode.
By adopting a distributed multi-node vulnerability scanning mode, the division of labor cooperation of scanning tasks can be realized, the scanning efficiency is high, and the complex and tedious scanning operation which may omit scanning of a single task is avoided. From the nature of security vulnerabilities, the method mainly focuses on password authentication, login methods, system vulnerabilities and other aspects. The multitask vulnerability scanning mode can comprise a password authentication vulnerability scanning task, a login mode vulnerability scanning task, a system vulnerability scanning task and the like.
According to the information of the terminal to be scanned, setting a distributed multi-node vulnerability scanning mode comprises the following steps: setting a network node, a management node, a Linux/unix scanning node and a Windows scanning node. A network node refers to a computer or other device connected to a network having an independent address and having the function of transmitting or receiving data. The nodes may be workstations, clients, network users or personal computers, servers, printers and other network-connected devices. Each workstation, server, terminal device, network device, i.e. the device having its own unique network address, is a network node. The whole network is composed of a great number of network nodes, and the network nodes are connected by communication lines to form a certain geometrical relationship, namely a computer network topology. The management node is a network behavior management node, and network information transmission is carried out through the management node. The Linux/unix scanning node is a Linux/unix system scanning node. The Windows scan node is a Windows system scan node. By acquiring and analyzing the information of the terminal to be scanned, a network node, a management node, a Linux/unix scanning node and a Windows scanning node can be set.
The method for setting the multi-task and multi-thread vulnerability scanning mode comprises the following steps: and creating multiple threads according to the multiple tasks to perform vulnerability scanning. Because the terminal to be scanned is very complicated, a multitask multithreading vulnerability scanning mode needs to be set according to the information of the terminal to be scanned.
The setting of the active scanning mode includes: the service program periodically initiates active vulnerability scanning to the data center, collects vulnerability scanning results of the data center, executes a vulnerability repair processing plan according to the vulnerability scanning results, scans and detects a plurality of contents in the data center, further generates a detection report and feeds the detection report back to a data center manager for the data center manager to analyze and process discovered vulnerabilities, and then amends the data center.
In order to timely perform security defense on the scanning terminal, the vulnerability repair upgrade package can be actively acquired from the internet periodically and issued to the distributed multi-nodes, so that the data center can actively and actively prevent network vulnerabilities.
In order to timely perform security defense on the scanning terminal, vulnerability scanning results on multiple nodes can be followed up regularly, statistics and analysis are performed on aspects of the data center which are more easily attacked by network security vulnerabilities, the data center is mainly prevented from being attacked by the vulnerabilities, certainly, other places where vulnerabilities occur cannot be cared for, evaluation is given, a vulnerability protection enclosure of the data center is established, and the data center is prevented from being attacked by the network security.
Under a general condition, network security vulnerability scanning mainly aims at improper and fragile passwords set in a system, and other objects conflicting with security rules to check and the like.
And S3, vulnerability scanning is carried out according to the multi-node vulnerability scanning rule.
Network scanning is an Internet-based method for detecting information of a remote network or a host, and is also an essential means for ensuring the security of the system and the network. Host scanning refers to security detection of a computer host or other network devices to find out potential safety hazards and system vulnerabilities. In general, both network scanning and host scanning may fall into the category of vulnerability scanning. Vulnerability scanning is essentially a double-edged sword: hackers use it to find a way to launch attacks on the network or system, and system administrators use it to effectively guard against hacker intrusion. Through vulnerability scanning, a scanner can discover configuration information of a remote network or a host, allocation of TCP/UDP ports, provided network services, specific information of a server and the like. The principle of vulnerability scanning is as follows: mainly to check whether the target host has lacrimation. The method mainly comprises the following two methods of checking whether a target host has a bug or not; after the port is scanned, the port opened by the target host and the network service on the port are obtained, the related information is matched with a vulnerability database provided by a network scanning system, and whether a vulnerability meeting the matching condition exists is checked; and (3) performing aggressive security vulnerability scanning on the self-standard host system by simulating an attack method of a hacker, such as testing a weak password and the like. If the simulation attack is successful, the target host system is indicated to have a security vulnerability.
One complete network security vulnerability scanning is generally divided into three stages:
the first stage is as follows: a target host or network is discovered.
And a second stage: target information is further gathered after the target is found, wherein the target information comprises the type of an operating system, the running service, the version of service software and the like. If the target is a network, the topology of the network, routing devices, and information about hosts may be further discovered.
And a third stage: and judging or further testing whether the system has a security vulnerability according to the collected information.
The network security vulnerability scanning method comprises PING scanning (PING sweep), Operating system detection (Operating system identification), how to detect access control rules (firewall), Port scanning (Port scan), vulnerability scanning (virtualization scan), and the like. PING scanning the first phase for network security vulnerability scanning can help us identify whether the system is active.
Detecting, by an operating system, how to detect the access control rules and port scanning for a second stage of network security vulnerability scanning, wherein the detection of the operating system is used for identifying the operating system operated by a target host as the name implies; how to detect the access control rule is used for obtaining the data of the remote network protected by the firewall; and port scanning is through connecting with the TCP/IP port of the target system and looking at the service that the system is in a listening or running state.
The vulnerability scanning adopted in the third stage of network security vulnerability scanning is generally to perform relevant processing on the obtained information on the basis of port scanning, so as to detect the security vulnerability existing in the target system.
Vulnerability scanning can be classified as ping scanning, port scanning, OS probing, vulnerability probing, firewall scanning, etc.
ping scanning refers to scanning to detect the IP address of the host. The purpose of ping scanning is to confirm whether the TCP/IP network of the target host is connected, i.e. whether the scanned IP address is assigned to the host. For hackers without any predicted information, ping scanning is the first step of vulnerability scanning and intrusion; for network security personnel who have knowledge of the overall IP partitioning of the network, it is also possible to have an accurate location for the IP assignment of the host by means of ping scanning. Generally, ping scanning is based on the ICMP protocol. The main idea is to construct an ICMP packet, send the ICMP packet to the target host, and make a judgment according to the obtained response. According to different ICMP packets, the method is divided into ECH0 scanning and non-ECHO scanning.
The ECH0 scans to send an ICMP ECHO request (ICMP type 8) packet to the destination IP address, waiting for the UICMP ECHO REPLY (ICMP type 0) to be received. If ICMP ECHO REPLY is received, it indicates that there is a host on the target IP, otherwise, it indicates that there is no host. Notably, if the firewall on the target network is configured to block ICMP ECH0 traffic, the ECH0 scan may not truly reflect the presence of a host on the target IP.
Furthermore, if an ICMP ECCHO REQUEST is sent to the broadcast address, the unix host in the network will respond to the REQUEST, and the windows host will not generate a response, which can also be used for OS probing.
The non-ECH0 scans to send a ICMP TIMESTAMP REQUEST (ICMP type l3) or ICMP ADDRESS MASK REQUEST (ICMP type l7) packet to the destination IP address, and determines whether the destination host exists based on whether a response is received. When a firewall on the target network is configured to block ICMP ECH0 traffic, then a non.
Port scanning is used to detect ports opened by a host. Port scanning usually only performs the simplest port connectivity test, and does not perform further data analysis, so it is more suitable for performing large-scale scanning: and scanning a certain port value segment for the specified IP address, or scanning a certain IP address segment for the specified port value. According to the protocol used by port scanning, the method is divided into TCP scanning and UDP scanning.
TCP scanning, establishing TCP connection between hosts in three steps (also called three-way handshake):
(1) the requesting peer sends a SYN packet indicating the destination port to which the connection is intended.
(2) And observing a packet returned by the destination:
returning a SYN/ACK packet to indicate that the destination port is in an interception state;
and returning a RST/ACK packet, which indicates that the destination port does not sense and the connection is reset.
(3) If the SYN/ACK packet is returned, the request end sends the ACK packet to the destination port to complete 3 times of handshake, and the TCP connection is established.
According to the TCP connection establishment procedure, the TCP scan mainly includes two ways:
(1) TCP full and half connection scanning
Full connection scanning establishes a TCP connection with the destination host through three handshakes, and the connection is recorded in the log file of the destination host. While half-connection scanning (also known as TCP SYN scanning) does not complete the full TCP three-way handshake process. The scanner sends a SYN packet to start a three-way handshake waiting for the response of the destination host. If the SYN/ACK packet is received, the target port is in a monitoring state, the scanner immediately sends an RST packet, and three-way handshake is stopped. Because a half-connection scan does not establish a TCP connection, the destination host may not record this scan in its log file.
(2) TCP covert scanning
According to the TCP protocol, the port in the closed state responds to the RST packet when receiving the probe packet, and the port in the listening state ignores the probe packet. According to different settings of each flag bit in the detection packet, the TCP covert scanning is divided into SYN/ACK scanning, FIN scanning, XMAS (christmas tree) scanning and NULL scanning.
SYN/ACK scanning and FIN scanning bypass the first step of TCP three-way handshake process, and send SYN/ACK packet or FIN packet to destination port directly. Since TCP is a connection-based protocol, the destination host considers that the SYN packet that the sender should send in the first step is not sent out, and thus defines this connection process error, and sends an RST packet to reset the connection. This is what the scanner needs-as long as there is a response, it indicates that the target system is present and the target port is in the off state.
XMAS scan and NULL scan: these two types of scanning are in contrast, where XMAS scanning sets all flag bits (URG, ACK, RST, PSH, SYN, FIN) in a TCP packet, while NULL scanning turns off all flag bits in a TCP packet.
UDP port scanning: the UDP protocol is a packet protocol, and in order to find a UDP port being serviced, a common scanning method is to construct a UDP packet with empty contents and send the UDP packet to a destination port. If the service on the destination port is waiting, the destination port returns an error message; if the destination port is in the closed state, the destination host returns an ICMP port unreachable message. The speed of UDP port scanning is slow because the UDP port scanning software counts the number of lost packets in transmission.
OS probing has a dual purpose: the first is to probe the OS information of the target host, and the second is to probe the information of the computer program providing the service. The results of, for example, OS probing are: the OS is Windows XP sp3 and the server platform is IIS 4.0.
Detecting binary information: by logging on the target host, the OS type, version, etc. are known from the banner returned by the host, which is the simplest OS probing method.
After telnet connects to the FTP server, the server returns the banner already provided the server information, and more specific information is available after executing the FTP syst command.
HTTP response analysis: after establishing an HTTP connection with the target host, the response packet of the server may be analyzed to derive the OS type.
Hosts on a network will communicate with each other through a TCP/IP or similar protocol stack. Because the OS developer is not unique, the system architecture is diverse, and even the software version difference results in different specific implementations of the protocol stack. The response to the error packet, default values, and the like can be used as the basis for distinguishing the OS.
Vulnerability scanning: from the analysis of hacking behavior and the classification of vulnerabilities, the vast majority of scans are made for specific network services in a specific operating system, i.e., for specific ports on a host. Vulnerability scanning uses methods mainly including vulnerability database-based and plug-in-based methods.
Vulnerability database based scanning: firstly, a scanned environment model is constructed, and the vulnerability possibly existing in the system, the past hacking case and the security configuration of a system administrator are modeled and analyzed. And secondly, generating a set of standard vulnerability database and matching mode based on the analysis result. And finally, automatically scanning by a program based on the vulnerability database and the matching mode. The accuracy of vulnerability scanning depends on the integrity and validity of the vulnerability database.
Plug-in based scanning: the plug-in is a subroutine module written by a scripting language, and the scanning program can perform scanning by calling the plug-in. Adding a new feature plug-in may cause the scanner to add new features or increase the type and number of vulnerabilities that can be scanned. Plug-ins may also be upgraded to update vulnerability profile information to obtain more accurate results. The plug-in method makes the upgrade and maintenance of the vulnerability scanning software relatively simple, and the use of the special script language also simplifies the programming work of writing new plug-ins, so that the vulnerability scanning software has strong expansibility.
And (3) firewall rule detection: and detecting whether a specific packet can be sent to a host positioned behind the filtering equipment by adopting an IP data packet analysis method similar to traceroute, so as to facilitate intrusion after vulnerability scanning or smooth proceeding of next scanning. By this scanning, it is possible to detect the ports opened or allowed to pass through on the firewall and to detect whether or not the packets with control information are allowed to pass through in the firewall rules, and further, it is possible to detect the router located behind the packet filtering device.
By implementing the embodiment, a distributed architecture is adopted, a multi-task multi-node vulnerability scanning mode is designed, vulnerability scanning is actively and passively carried out on the data center, vulnerability scanning results on multiple nodes are also followed up at regular intervals, specific nodes of the data center are counted and analyzed, the specific nodes are easily attacked by network security, the scanning speed is high, vulnerability protection enclosing walls of the data center are built, and the data center is prevented from being attacked by the network security. The stability, reliability and safety of the data center are improved, the safety barrier of the data center is constructed, and the risk of network security holes is reduced.
Example two
Please refer to fig. 2, which is a schematic structural diagram of a multi-node vulnerability scanning apparatus according to the present invention. As shown in fig. 2, the multi-node vulnerability scanning apparatus provided in the first embodiment of the present invention at least includes:
a multi-node vulnerability scanning apparatus, comprising:
the terminal information acquisition module to be scanned is used for acquiring the terminal information to be scanned;
the multi-node vulnerability scanning rule setting module is used for setting a multi-node vulnerability scanning rule according to the information of the terminal to be scanned;
and the vulnerability scanning module is used for carrying out vulnerability scanning according to the multi-node vulnerability scanning rule.
During specific implementation, a FT-1500A/16 core processor can be used for scanning bugs, a distributed architecture and a multi-task multi-node bug scanning mode are adopted, bug scanning is actively and passively carried out on a data center, bug scanning results on multiple nodes are also regularly followed, specific nodes of a statistical analysis data center are more easily attacked by network security, the scanning speed is high, a data center bug protection enclosure is established, and the data center is prevented from being attacked by the network security. The stability, reliability and safety of the data center are improved, the safety barrier of the data center is constructed, and the risk of network security holes is reduced. The whole machine can provide 2 SATA 3.0 interfaces (compatible with USB2.0), 2 2.5-inch hard disk supports and 1 3.5-inch hard disk; 4U-DIMM slots are supported, 4GB and 8GB memory banks can be supported, and 32GB is supported to the maximum extent; the system supports 2-channel intel i210 gigabit management ports and 2 intel i350 gigabit optical ports; support 6 intel i350 giga electric ports with 3 groups of ByPass. The product has the functions of a network security firewall, a bastion machine, intrusion detection, VPN encryption and the like, can be applied to the industries of banks, telecommunications, rail transit, electric power and the like, and can be applied to the application scenes of the network security firewall, the bastion machine, the intrusion detection and the VPN encryption machine.
On the basis of this embodiment, please refer to embodiment one for a multi-node vulnerability scanning method in the first embodiment, which is not described herein again.
By implementing the embodiment, a distributed architecture is adopted, a multi-task multi-node vulnerability scanning mode is designed, vulnerability scanning is actively and passively carried out on the data center, vulnerability scanning results on the multi-nodes are also followed up at regular intervals, specific nodes of the statistical analysis data center are more easily attacked by network security, the scanning speed is high, vulnerability protection enclosing walls of the data center are built, and the data center is prevented from being attacked by the network security. The stability, reliability and safety of the data center are improved, the safety barrier of the data center is constructed, and the risk of network security holes is reduced.
EXAMPLE III
Fig. 3 is a schematic physical structure diagram of an electronic device according to an embodiment of the present invention. Based on the content of the above embodiment, as shown in fig. 3, the electronic device may include: a processor (processor) 301, a memory (memory)302, and a bus 303; wherein, the processor 301 and the memory 302 complete the communication with each other through the bus 303; the processor 301 is configured to invoke computer program instructions stored in the memory 302 and executable on the processor 301 to perform the multi-node vulnerability scanning method provided by the above-described method embodiments, for example, including:
s1, acquiring information of the terminal to be scanned;
s2, setting a multi-node vulnerability scanning rule according to the information of the terminal to be scanned;
and S3, vulnerability scanning is carried out according to the multi-node vulnerability scanning rule.
Furthermore, the logic instructions in the memory 302 may be implemented in software functional units and stored in a computer readable storage medium when sold or used as a stand-alone product. Based on such understanding, the technical solution of the embodiments of the present invention substantially or partly contributes to the prior art may be embodied in the form of a software product, stored in a storage medium, including several instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method for generating a memo based on face recognition according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a portable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, an optical disk, or other various media storing program codes.
By adopting the embodiment, a distributed architecture and a multi-task multi-node vulnerability scanning mode are adopted, vulnerability scanning is actively and passively carried out on the data center, vulnerability scanning results on the multi-nodes are also followed up at regular intervals, specific nodes of the statistical analysis data center are more easily attacked by network security, the scanning speed is high, vulnerability protection enclosing walls of the data center are established, and the data center is prevented from being attacked by the network security. The stability, reliability and safety of the data center are improved, the safety barrier of the data center is constructed, and the risk of network security holes is reduced.
Example four
Another embodiment of the present invention discloses a computer program product, which includes a computer program stored on a non-transitory computer readable storage medium, the computer program includes program instructions, and when the program instructions are executed by a computer, the computer can execute the multi-node vulnerability scanning method provided by the above embodiments, for example, the method includes the following steps:
s1, acquiring information of the terminal to be scanned;
s2, setting a multi-node vulnerability scanning rule according to the information of the terminal to be scanned;
and S3, vulnerability scanning is carried out according to the multi-node vulnerability scanning rule.
By adopting the embodiment, a distributed architecture and a multi-task multi-node vulnerability scanning mode are adopted, vulnerability scanning is actively and passively carried out on the data center, vulnerability scanning results on the multi-nodes are also followed up at regular intervals, specific nodes of the statistical analysis data center are more easily attacked by network security, the scanning speed is high, vulnerability protection enclosing walls of the data center are established, and the data center is prevented from being attacked by the network security. The stability, reliability and safety of the data center are improved, the safety barrier of the data center is constructed, and the risk of network security holes is reduced.
EXAMPLE five
Another embodiment of the present invention provides a non-transitory computer-readable storage medium, which stores computer instructions, where the computer instructions cause a computer to execute the multi-node vulnerability scanning method provided by the foregoing method embodiments, for example, the method includes:
s1, acquiring information of the terminal to be scanned;
s2, setting a multi-node vulnerability scanning rule according to the terminal information to be scanned;
and S3, carrying out vulnerability scanning according to the multi-node vulnerability scanning rule.
By adopting the embodiment, a distributed architecture and a multi-task multi-node vulnerability scanning mode are adopted, vulnerability scanning is actively and passively carried out on the data center, vulnerability scanning results on the multi-nodes are also followed up at regular intervals, specific nodes of the statistical analysis data center are more easily attacked by network security, the scanning speed is high, vulnerability protection enclosing walls of the data center are established, and the data center is prevented from being attacked by the network security. The stability, reliability and safety of the data center are improved, the safety barrier of the data center is constructed, and the risk of network security holes is reduced.
In summary, the invention has the beneficial effects that through the design of the above embodiments: the distributed architecture is adopted, a multi-task multi-node vulnerability scanning mode is designed, vulnerability scanning is actively and passively carried out on the data center, vulnerability scanning results on the multi-nodes are also followed up periodically, specific nodes of the statistical analysis data center are more easily attacked by network security, the scanning speed is high, a vulnerability protection enclosure of the data center is established, and the data center is prevented from being attacked by the network security. The stability, reliability and safety of the data center are improved, the safety barrier of the data center is constructed, and the risk of network security holes is reduced.
While the invention has been described with reference to specific embodiments, it will be understood by those skilled in the art that various changes may be made and equivalents may be substituted without departing from the scope of the invention. In addition, many modifications may be made to adapt a particular situation to the teachings of the invention without departing from its scope. Therefore, it is intended that the invention not be limited to the particular embodiments disclosed, but that the invention will include all embodiments falling within the scope of the appended claims.
Claims (10)
1. A multi-node vulnerability scanning method is characterized by comprising the following steps:
acquiring information of a terminal to be scanned;
setting a multi-node vulnerability scanning rule according to the information of the terminal to be scanned;
and carrying out vulnerability scanning according to the multi-node vulnerability scanning rule.
2. The multi-node vulnerability scanning method according to claim 1, wherein the setting of multi-node vulnerability scanning rules according to the terminal information to be scanned comprises:
setting a distributed multi-node vulnerability scanning mode, setting a multi-task multi-thread vulnerability scanning mode, and setting an active scanning mode and a passive scanning mode.
3. The multi-node vulnerability scanning method according to claim 2, wherein the setting of a distributed multi-node vulnerability scanning mode according to the terminal information to be scanned comprises:
setting a network node, a management node, a Linux/unix scanning node and a Windows scanning node.
4. The multi-node vulnerability scanning method according to claim 2, wherein the setting a multitask and multithread vulnerability scanning mode comprises:
and creating multiple threads according to the multiple tasks to perform vulnerability scanning.
5. The multi-node vulnerability scanning method according to claim 2, wherein the multi-task vulnerability scanning manner comprises:
password authentication vulnerability scanning tasks, login mode vulnerability scanning tasks, and system vulnerability scanning tasks.
6. The multi-node vulnerability scanning method according to any one of claims 1 to 5, further comprising periodically and actively obtaining vulnerability repair upgrade packages from the Internet, and sending the vulnerability repair upgrade packages to the distributed multi-nodes, so that the data center can actively and actively prevent network vulnerabilities.
7. The multi-node vulnerability scanning method according to any one of claims 1 to 5, characterized by further comprising follow-up of vulnerability scanning results on the multi-nodes at regular intervals, statistics and analysis of aspects of the data center which are more vulnerable to network security vulnerabilities, and key precaution of the part, certainly, other places where vulnerabilities occur cannot be cared for, then evaluation is given, a data center vulnerability protection enclosure is established, and the data center is prevented from being attacked by network security.
8. A multi-node vulnerability scanning apparatus, comprising:
the terminal information acquisition module to be scanned is used for acquiring the terminal information to be scanned;
the multi-node vulnerability scanning rule setting module is used for setting a multi-node vulnerability scanning rule according to the information of the terminal to be scanned;
and the vulnerability scanning module is used for carrying out vulnerability scanning according to the multi-node vulnerability scanning rule.
9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the steps of the multi-node vulnerability scanning method according to any of claims 1 to 7 when executing the program.
10. A storage medium storing a computer program, wherein the computer program, when executed by a processor, implements the steps of the multi-node vulnerability scanning method according to any of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110599128.4A CN114338068A (en) | 2021-05-31 | 2021-05-31 | Multi-node vulnerability scanning method and device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110599128.4A CN114338068A (en) | 2021-05-31 | 2021-05-31 | Multi-node vulnerability scanning method and device, electronic equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114338068A true CN114338068A (en) | 2022-04-12 |
Family
ID=81044160
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110599128.4A Pending CN114338068A (en) | 2021-05-31 | 2021-05-31 | Multi-node vulnerability scanning method and device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114338068A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115134263A (en) * | 2022-06-29 | 2022-09-30 | 中国银行股份有限公司 | Network equipment scanning method and device |
| CN115208634A (en) * | 2022-06-17 | 2022-10-18 | 江苏信息职业技术学院 | Supervision engine of network assets |
| CN116915653A (en) * | 2023-09-11 | 2023-10-20 | 北京格尔国信科技有限公司 | Method and system for detecting number of devices based on network address conversion |
-
2021
- 2021-05-31 CN CN202110599128.4A patent/CN114338068A/en active Pending
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115208634A (en) * | 2022-06-17 | 2022-10-18 | 江苏信息职业技术学院 | Supervision engine of network assets |
| WO2023241202A1 (en) * | 2022-06-17 | 2023-12-21 | 江苏信息职业技术学院 | Supervision engine for network assets |
| CN115134263A (en) * | 2022-06-29 | 2022-09-30 | 中国银行股份有限公司 | Network equipment scanning method and device |
| CN116915653A (en) * | 2023-09-11 | 2023-10-20 | 北京格尔国信科技有限公司 | Method and system for detecting number of devices based on network address conversion |
| CN116915653B (en) * | 2023-09-11 | 2024-02-02 | 北京格尔国信科技有限公司 | Method and system for detecting number of devices based on network address conversion |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10929538B2 (en) | Network security protection method and apparatus | |
| US10440049B2 (en) | Network traffic analysis for malware detection and performance reporting | |
| CN114338068A (en) | Multi-node vulnerability scanning method and device, electronic equipment and storage medium | |
| CN101803305B (en) | Network monitoring device, network monitoring method, and network monitoring program | |
| CN112702300B (en) | Security vulnerability defense method and device | |
| Izhikevich et al. | {LZR}: Identifying unexpected internet services | |
| SE524963C2 (en) | Node and mobile device for a mobile telecommunications network providing intrusion detection | |
| CN108270722B (en) | Attack behavior detection method and device | |
| CN112073437B (en) | Multi-dimensional security threat event analysis method, device, equipment and storage medium | |
| AbdelSalam et al. | Mitigating ARP spoofing attacks in software-defined networks | |
| CN110943984B (en) | Asset safety protection method and device | |
| CN113079185B (en) | Industrial firewall control method and equipment for realizing deep data packet detection control | |
| US9350754B2 (en) | Mitigating a cyber-security attack by changing a network address of a system under attack | |
| CN110880983A (en) | Penetration testing method and device based on scene, storage medium and electronic device | |
| Khosravifar et al. | An experience improving intrusion detection systems false alarm ratio by using honeypot | |
| Jones et al. | Pptp vpn: An analysis of the effects of a ddos attack | |
| WO2017217247A1 (en) | Malignant event detection apparatus, malignant event detection method, and malignant event detection program | |
| CN112565203B (en) | Centralized management platform | |
| Amin et al. | Edge-computing with graph computation: A novel mechanism to handle network intrusion and address spoofing in SDN | |
| Balogh et al. | LAN security analysis and design | |
| CN113259208B (en) | Operating system fingerprint information security detection method and device based on SMB protocol | |
| CN116015876B (en) | Access control method, device, electronic equipment and storage medium | |
| Bykasov et al. | Trust Model for Active Scanning Methods, Ensuring Their Secure Interaction with Automated Process Control Networks | |
| CN117614668A (en) | Enterprise internet exposure surface asset detection system and method thereof | |
| Sun et al. | A Measurement of Real-world Attack Connections toward Honeypots |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| CB03 | Change of inventor or designer information |
Inventor after: Wang Peng Inventor after: Wang Wei Inventor after: Guo Jituo Inventor after: Chen Debin Inventor after: Zhang Jun Inventor after: Shao Liuhe Inventor after: Xu Anshu Inventor after: Kang Shaoming Inventor before: Wang Wei Inventor before: Guo Jituo Inventor before: Chen Debin Inventor before: Zhang Jun Inventor before: Shao Liuhe Inventor before: Xu Anshu Inventor before: Kang Shaoming |
|
| CB03 | Change of inventor or designer information | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |