CN114338072A - Remote login permission detection method for Root account of power distribution automation terminal - Google Patents
Remote login permission detection method for Root account of power distribution automation terminal Download PDFInfo
- Publication number
- CN114338072A CN114338072A CN202111315199.3A CN202111315199A CN114338072A CN 114338072 A CN114338072 A CN 114338072A CN 202111315199 A CN202111315199 A CN 202111315199A CN 114338072 A CN114338072 A CN 114338072A
- Authority
- CN
- China
- Prior art keywords
- power distribution
- account
- terminal
- remote
- distribution terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention provides a remote login permission detection method for a Root account of a power distribution automation terminal, which relates to the technical field of network security and comprises the following steps: connecting the terminal carrying the detection tool into a network of a power distribution terminal; scanning remote connection ports of the power distribution terminal, and detecting the safety of all the remote connection ports; acquiring an account password of a secure remote connection power distribution terminal, inputting the account password into a detection tool, and trying to remotely log in the power distribution terminal in a Root authority; remotely logging the account password in the power distribution terminal with a common authority, and checking whether the account password is logged in successfully; and checking the parameter values of the parameters related to the remote login in the power distribution terminal system file. The method solves the problems that when the equipment authority is analyzed manually, the number of the equipment and the number of the ports are too large, the detection, recording and management of all the equipment by operation and maintenance personnel are very complicated, and the workload is huge.
Description
Technical Field
The invention relates to the technical field of network security, in particular to a remote login permission detection method for a Root account of a power distribution automation terminal.
Background
Distribution automation terminals (hereinafter referred to as distribution terminals) are widely applied to power equipment such as distribution network substations, switching stations, ring main units, column switches, distribution transformers, box-type transformers and the like, are protected, monitored and controlled, and are connected with a main station through a communication network to complete the whole distribution network automation management function. When a master station or a communication network is attacked in a penetration mode, a power distribution terminal is an important attention target of hackers, and the damage caused by the attack is enlarged by acquiring the authority of the power distribution terminal to carry out more attacks. In the face of such security threats, a layer of protection measures can be added to the authority limit of the power distribution terminal access. However, in the actual power industry, various devices are too many, so that management holes are easily caused, and the authority management of the power distribution terminal is neglected, so that a great amount of devices are attacked to obtain the risk of authority.
The Root account, i.e., the "Root" account, is the most privileged account on all Unix-like systems. The account enables the user to perform all aspects of system management including adding accounts, changing user passwords, checking log files, installing software, etc. No security restrictions are placed on the "root" account, which means that any actions can be performed by the user. The system assumes that the user knows what he is doing and will execute exactly as the command is issued-no questions asked. Therefore, Root rights should not be used easily. The protection devices on the attacked equipment are all protected from behaviors obviously threatening virus protection, attack methods and the like, the behaviors with Root authority can be selectively released, or only the occurrence of threats can be reminded, but the handling operation is handed to a privileged account, and a hacker has the Root authority after remotely logging in, so that the protection devices can be easily closed, or a hacker tool is utilized to disable the protection devices.
For such situations, operation and maintenance personnel need to regularly detect the intranet, and know the situation of each device. At present, the detection mode of the power distribution terminal is very limited, and more, various traditional network detection tools are utilized to perform manual analysis on the detection result. The Root remote login condition of the power distribution terminal can be manually checked. The detection personnel can check the opening condition of the remote connection power distribution terminal by using the traditional port scanning tool. Then, the detection personnel remotely log in the power distribution terminal by using the common account and check the system file to detect whether the Root account authority remotely-logged power distribution terminal is forbidden or not.
The Chinese patent with the application number of CN201710847088.4 discloses an automatic detection method for the security of MySQL database configuration, firstly acquiring the version information of the MySQL database; detecting MySQL user account number authority, and prompting a security risk if the user is a Root user and a user capable of remotely logging in exists; a security risk is prompted if a non-administrator user has privileges. The invention provides a method for checking whether to obtain Root authority or remote login authority after user accounts with different authorities log in, but the security of a remote login port is not detected, and whether a system starts related authorities or not can not be accurately judged.
The method mainly provides an efficient scheme for the remote login forbidden detection of the Root account of the power distribution terminal, automatically detects and gives a result, and gives a mode for operation and maintenance personnel to simply and conveniently find the equipment authority management problem. This scheme intuitively detects permission patency by attempting to telnet with a Root account. The equipment ports are then scanned to detect an open condition of the power distribution terminal remote connection. And (4) giving the condition whether the remote connection of the Root account is opened or not by looking at the parameters of the system file. The found problems are output to operation and maintenance personnel, and can be corrected and managed in time.
Disclosure of Invention
The method mainly provides an efficient scheme for the remote login forbidden detection of the Root account of the power distribution terminal, automatically detects and gives a result, and gives a mode for operation and maintenance personnel to simply and conveniently find the equipment authority management problem.
In order to achieve the purpose, the invention provides the following technical scheme:
a remote login permission detection method for a Root account of a distribution automation terminal comprises the following steps:
s1, connecting the terminal with the detection tool into the network of the power distribution terminal;
s2, scanning remote connection ports of the power distribution terminal, and detecting the safety of all the remote connection ports;
s3, obtaining an account password of the safe remote connection power distribution terminal, inputting the account password into a detection tool, trying to remotely log in the power distribution terminal with Root authority, and checking whether the account password is logged in successfully; if the login fails, the account password is regarded as a common account password for subsequent verification;
s4, remotely logging the account password in the power distribution terminal with a common authority, and checking whether the account password is logged in successfully;
and S5, checking the parameter values of the parameters related to the remote login in the power distribution terminal system file.
Preferably, in step S2, the manner of scanning the remote connection port of the power distribution terminal for detection is as follows: the detection tool respectively sends data packets to all remote connection ports of the power distribution terminal and checks data returned by the power distribution terminal to detect the opening condition of each remote connection port;
if the risk remote connection port is opened, the detection result is unqualified; if the risk remote connection port is not opened; the output is qualified.
Preferably, the transmitted data packets are data packets of a TCP protocol or a UDP protocol.
Preferably, the opening of each remote connection port is detected by,
the returned data comprises effective TCP connection or UDP connection in the power distribution terminal system, whether the risk remote connection port is successfully connected or not is observed, the risk remote connection port is opened if the risk remote connection port is successfully connected, and the risk remote connection port is not opened if the risk remote connection port is not connected.
Preferably, in step S3, when the account password attempts to remotely log in to the power distribution terminal with Root authority, a Root log-in request is sent to the power distribution terminal; if the login is successful, the detection is unqualified.
Preferably, the opening of each remote connection port is detected by,
and the detection personnel remotely logs in the power distribution terminal by using the common account and checks the parameter values of the parameters related to remote login in the system file of the power distribution terminal.
Preferably, when the parameter value is Yes and the parameter value is effective, the detection result is unqualified; and if the parameter value is other values or the parameter is not effective, the detection result is qualified.
Preferably, the path of the system file is/etc/ssh/sshd _ config, and the parameter is a permittologin.
Compared with the prior art, the invention has the following advantages:
the invention provides a remote login permission detection method for a Root account of a power distribution automation terminal. The user needs to provide Root or common access account of the power distribution terminal, and the subsequent process will automatically detect and output the final result. The problem of when the current manual work carries out the analysis to the result, equipment quantity and port quantity are too much, and the condition that the operation and maintenance personnel detected, recorded and managed all equipment will be very complicated, and work load is huge is solved.
Drawings
FIG. 1 is a flow chart of power distribution terminal root account telnet disabling detection in accordance with the present invention;
fig. 2 is a schematic diagram of the interaction process of the detection tool with the power distribution terminal in the present invention.
Detailed Description
In order to make the purpose and technical solution of the embodiments of the present invention clearer, the technical solution of the present invention will be clearly and completely described below with reference to the embodiments of the present invention.
In the description of the present application, it is to be understood that the terms "length," "upper," "lower," "vertical," "horizontal," "top," "bottom," "inner," "outer," etc. indicate orientations or positional relationships based on those illustrated in the drawings, which are merely for convenience in describing the present application and to simplify the description, and are not intended to indicate or imply that the referenced device or element must have a particular orientation, be constructed and operated in a particular orientation, and thus should not be considered limiting of the present application.
As shown in fig. 1 and fig. 2, a remote login permission detection method for a Root account of a distribution automation terminal includes the following steps:
s1, connecting the terminal carrying the detection tool into a network of the power distribution terminal, so that the detection tool can access the power distribution terminal for subsequent detection;
s2, scanning remote connection ports of the power distribution terminal, and detecting the safety of all the remote connection ports;
s3, obtaining an account password of the safe remote connection power distribution terminal, inputting the account password into a detection tool, trying to remotely log in the power distribution terminal with Root authority, and checking whether the account password is logged in successfully; if the login fails, the account password is regarded as a common account password for subsequent verification;
s4, remotely logging the account password in the power distribution terminal with a common authority, and checking whether the account password is logged in successfully;
and S5, checking the parameter values of the parameters related to the remote login in the power distribution terminal system file.
Because there are several kinds of remote connections at present and do not encrypt the communication, can also comparatively simple carry on the right-raising after the login of ordinary account, thus bypass the authority management, reach the effect that Root authority logs in, such kind of remote connection will receive the management and control strictly. Therefore, in step S2, the method for scanning the remote connection port of the power distribution terminal for detection is as follows: the detection tool respectively sends data packets to all remote connection ports of the power distribution terminal and checks data returned by the power distribution terminal to detect the opening condition of each remote connection port;
if an unsafe remote connection port is opened by detection, the detection result is unqualified; if the remote connection port is not opened; the output is qualified.
The transmitted data packet is a data packet of a TCP protocol or a UDP protocol. The TCP protocol is a connection-oriented, reliable, byte stream-based transport layer communication protocol, and data can be smoothly transmitted only by establishing a connection between a detection tool and a power distribution terminal before transmission. TCP and UDP (user datagram protocol) are two of the most common data transfer protocols, and both use a method of setting a listening port to complete data transfer. The returned data comprises effective TCP connection or UDP connection in the power distribution terminal system, whether the risk remote connection port is successfully connected or not is observed, the risk remote connection port is opened if the risk remote connection port is successfully connected, and the risk remote connection port is not opened if the risk remote connection port is not connected.
In step S3, the operation and maintenance personnel provides an uncertain right account password, and may provide an incorrect account password, or may log in but not know whether there is Root right. Therefore, when the operation and maintenance personnel provide the account password, the operation and maintenance personnel try to log in with the Root authority, send a login request to the power distribution terminal, judge the state of the account password through whether the login is successful, and most intuitively detect whether the remote login with the Root authority is available. The results returned will have two possibilities: and the login is failed due to the fact that the authority is not opened, and the Root authority is opened and successfully logged in. If the login is successful, the provided account password has Root authority and can be remotely logged in, the detection is unqualified, and the login is failed, so that the account password can be a common account password or an error account password, and the next test needs to be carried out continuously.
In step S4, after login with Root authority fails, subsequent authentication is performed with normal account login. If the login fails, the operation and maintenance personnel provides wrong account passwords and needs to provide correct account passwords again for detection; if the login is successful, the account password is a correct common account password, and the system file is further consulted.
The method for checking the system file comprises the following steps: the method comprises the steps that a detection person remotely logs in a power distribution terminal through a common account, checks parameter values of parameters related to remote login in a system file of the power distribution terminal, and confirms whether remote login with Root permission is available or not from returned data.
Preferably, when the parameter value is Yes and the parameter value is valid, the terminal is allowed to remotely log in with Root authority, and the detection result is unqualified; if the parameter value is other values or the parameter is not effective, the terminal is prohibited from remote login with Root authority, and the detection result is qualified.
Preferably, the path of the system file is/etc/ssh/sshd _ config, and the parameter is a permittologin.
The above are merely embodiments of the present invention, which are described in detail and with particularity, and therefore should not be construed as limiting the scope of the invention. It should be noted that, for those skilled in the art, various changes and modifications can be made without departing from the spirit of the present invention, and these changes and modifications are within the scope of the present invention.
Claims (8)
1. A remote login permission detection method for a Root account of a distribution automation terminal is characterized by comprising the following steps:
s1, connecting the terminal with the detection tool into the network of the power distribution terminal;
s2, scanning remote connection ports of the power distribution terminal, and detecting the safety of all the remote connection ports;
s3, obtaining an account password of the safe remote connection power distribution terminal, inputting the account password into a detection tool, trying to remotely log in the power distribution terminal with Root authority, and checking whether the account password is logged in successfully; if the login fails, the account password is regarded as a common account password for subsequent verification;
s4, remotely logging the account password in the power distribution terminal with a common authority, and checking whether the account password is logged in successfully;
and S5, checking the parameter values of the parameters related to the remote login in the power distribution terminal system file.
2. The distribution automation terminal Root account remote login permission detection method according to claim 1, characterized in that:
in step S2, the method for scanning the remote connection port of the power distribution terminal for detection is as follows: the detection tool respectively sends data packets to all remote connection ports of the power distribution terminal and checks data returned by the power distribution terminal to detect the opening condition of each remote connection port;
if the risk remote connection port is opened, the detection result is unqualified; if the risk remote connection port is not opened; the output is qualified.
3. The distribution automation terminal Root account remote login permission detection method according to claim 2, characterized in that: the transmitted data packet is a data packet of a TCP protocol or a UDP protocol.
4. The distribution automation terminal Root account remote login permission detection method according to claim 2, characterized in that: the open condition of each remote connection port is detected by,
the returned data comprises effective TCP connection or UDP connection in the power distribution terminal system, whether the risk remote connection port is successfully connected or not is observed, the risk remote connection port is opened if the risk remote connection port is successfully connected, and the risk remote connection port is not opened if the risk remote connection port is not connected.
5. The distribution automation terminal Root account remote login permission detection method according to claim 1, characterized in that: in step S3, when the account password attempts to remotely log in to a power distribution terminal with Root authority, a Root login request is sent to the power distribution terminal; if the login is successful, the detection is unqualified.
6. The distribution automation terminal Root account remote login permission detection method according to claim 1, characterized in that: in step S4, the method for checking the system file includes:
and the detection personnel remotely logs in the power distribution terminal by using the common account and checks the parameter values of the parameters related to remote login in the system file of the power distribution terminal.
7. The distribution automation terminal Root account remote login permission detection method according to claim 6, characterized in that: when the parameter value is Yes and the parameter value is effective, the detection result is unqualified; and if the parameter value is other values or the parameter is not effective, the detection result is qualified.
8. The distribution automation terminal Root account remote login permission detection method according to claim 6, characterized in that: the path of the system file is/etc/ssh/sshd _ config, and the parameter is PermitRootLogin.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111315199.3A CN114338072B (en) | 2021-11-08 | 2021-11-08 | Remote login permission detection method for Root account of power distribution automation terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111315199.3A CN114338072B (en) | 2021-11-08 | 2021-11-08 | Remote login permission detection method for Root account of power distribution automation terminal |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114338072A true CN114338072A (en) | 2022-04-12 |
| CN114338072B CN114338072B (en) | 2023-09-22 |
Family
ID=81045407
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111315199.3A Active CN114338072B (en) | 2021-11-08 | 2021-11-08 | Remote login permission detection method for Root account of power distribution automation terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114338072B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105703925A (en) * | 2014-11-25 | 2016-06-22 | 上海天脉聚源文化传媒有限公司 | Security reinforcement method and system for Linux system |
| US20160321450A1 (en) * | 2013-12-25 | 2016-11-03 | Beijing Qihoo Technology Company Limited | Method and Apparatus for Managing Super User Password on Smart Mobile Terminal |
| US20170195349A1 (en) * | 2015-12-31 | 2017-07-06 | Deutsche Telekom Ag | Platform for protecting small and medium enterprises from cyber security threats |
| CN107590253A (en) * | 2017-09-19 | 2018-01-16 | 郑州云海信息技术有限公司 | A kind of automated detection method for MySQL database configuration security |
| CN111049817A (en) * | 2019-12-05 | 2020-04-21 | 紫光云(南京)数字技术有限公司 | Automatic deployment method for improving remote login security of elastic cloud host |
| CN111628973A (en) * | 2020-05-09 | 2020-09-04 | 深信服科技股份有限公司 | Remote login control method and device, computer equipment and storage medium |
-
2021
- 2021-11-08 CN CN202111315199.3A patent/CN114338072B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20160321450A1 (en) * | 2013-12-25 | 2016-11-03 | Beijing Qihoo Technology Company Limited | Method and Apparatus for Managing Super User Password on Smart Mobile Terminal |
| CN105703925A (en) * | 2014-11-25 | 2016-06-22 | 上海天脉聚源文化传媒有限公司 | Security reinforcement method and system for Linux system |
| US20170195349A1 (en) * | 2015-12-31 | 2017-07-06 | Deutsche Telekom Ag | Platform for protecting small and medium enterprises from cyber security threats |
| CN107590253A (en) * | 2017-09-19 | 2018-01-16 | 郑州云海信息技术有限公司 | A kind of automated detection method for MySQL database configuration security |
| CN111049817A (en) * | 2019-12-05 | 2020-04-21 | 紫光云(南京)数字技术有限公司 | Automatic deployment method for improving remote login security of elastic cloud host |
| CN111628973A (en) * | 2020-05-09 | 2020-09-04 | 深信服科技股份有限公司 | Remote login control method and device, computer equipment and storage medium |
Non-Patent Citations (2)
| Title |
|---|
| 丁琳;: "电力系统网络中UDP端口的攻击与防护", no. 10 * |
| 唐芸;周学君;: "网络扫描技术与安全防御策略研究", no. 04 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114338072B (en) | 2023-09-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11595396B2 (en) | Enhanced smart process control switch port lockdown | |
| US11652809B2 (en) | System and method for securely changing network configuration settings to multiplexers in an industrial control system | |
| RU2523927C2 (en) | Checking configuration modification for ied | |
| CN114598540B (en) | Access control system, method, device and storage medium | |
| Carter et al. | Cyber security assessment of distributed energy resources | |
| CN103903187A (en) | Fast detection method for potential safety hazards of power distribution automation system information | |
| CN107222508B (en) | Security access control method, device and system | |
| CN111277607A (en) | Communication tunnel module, application monitoring module and mobile terminal security access system | |
| Erdődi et al. | Attacking power grid substations: An experiment demonstrating how to attack the scada protocol iec 60870-5-104 | |
| CN114338072B (en) | Remote login permission detection method for Root account of power distribution automation terminal | |
| CN110808848A (en) | Power data network security test method | |
| Robinson et al. | A cyber-defensive industrial control system with redundancy and intrusion detection | |
| Chan et al. | Defining attack patterns for industrial control systems | |
| CN114338085B (en) | Method for improving information security and networking efficiency of microgrid system | |
| GB2568145A (en) | Poisoning protection for process control switches | |
| CN102857508B (en) | A kind of method of Radius certification | |
| CN116318873B (en) | Remote security terminal management method and system for hardware equipment of Internet of things | |
| Biham et al. | K7: A Protected Protocol for Industrial Control Systems that Fits Large Organizations | |
| CN117395241A (en) | System and method for safely and remotely debugging machine | |
| CN114244589A (en) | Intelligent firewall and method based on AAA authentication and authorization information | |
| Merry et al. | Survivable Systems Analysis of the North American Power Grid Communications Infrastructure. | |
| Lemaire et al. | Secure remote access to industrial control systems with mobile devices | |
| CN112465322A (en) | User management device applied to substation automation system | |
| GB2567556A (en) | Enhanced smart process control switch port lockdown | |
| Kong et al. | Architecturing a secured network: Communications and setting up a secure VPN channel |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |