CN114491561A - Method and device for evaluating security vulnerability processing priority - Google Patents
Method and device for evaluating security vulnerability processing priority Download PDFInfo
- Publication number
- CN114491561A CN114491561A CN202210106545.5A CN202210106545A CN114491561A CN 114491561 A CN114491561 A CN 114491561A CN 202210106545 A CN202210106545 A CN 202210106545A CN 114491561 A CN114491561 A CN 114491561A
- Authority
- CN
- China
- Prior art keywords
- level
- carrier
- target
- target carrier
- security vulnerability
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
Abstract
The application provides a method and a device for evaluating security vulnerability processing priority, wherein the method is applied to evaluating the security vulnerability processing priority in an enterprise intranet, and comprises the steps of obtaining the self risk level of a security vulnerability to be evaluated; acquiring the exposure path risk level of the target carrier; acquiring an opening coefficient of a target port; and determining the processing priority of the security vulnerability to be evaluated according to the self risk level, the exposure path risk level and the target port opening coefficient. When the method is used for evaluating the processing priority of the security vulnerabilities, not only the risk level of the vulnerabilities is considered, but also the exposure path risk level of a target carrier where the security vulnerabilities are located in the network structure of each intranet of the enterprises and the port opening condition of the security vulnerabilities on the target carrier are considered, so that a network administrator can concentrate on the security vulnerabilities forming the maximum risk to the network, and the possibility of being attacked is reduced.
Description
Technical Field
The present application relates to the field of network security technologies, and in particular, to a method and an apparatus for evaluating security vulnerability processing priority.
Background
A security hole is a defect in the hardware, software, specific implementation of a protocol, or system security policy, which may enable an attacker to access or destroy the system without authorization. Often behind a significant network attack, there are one or more vulnerabilities that are not fixed. Therefore, timely and accurate processing of security vulnerabilities is crucial to identifying and reducing network risks.
And a network administrator scans the enterprise network by adopting a vulnerability scanning tool, acquires the security vulnerability information in the enterprise intranet and then repairs the security vulnerability. However, as the network is expanded and diversified, the number of vulnerabilities detected by the vulnerability scanning tool often exceeds the operation and maintenance processing capability of the network administrator. Therefore, the repair processing is carried out in a targeted manner according to the danger degree of the security loophole.
Currently, CVSS (Common virtualization Scoring System) is generally used to evaluate the risk level of a security breach and determine a corresponding processing priority. But the CVSS rating only considers the technical risks that the security vulnerabilities may introduce, neglects other factors such as the importance of the assets where the security vulnerabilities are located, the network area, the development port, the exposure surface, etc., so that the network administrator cannot concentrate on the security vulnerabilities that constitute the greatest risk to the present network when dealing with the security vulnerabilities.
Disclosure of Invention
In order to solve the problem that in the prior art, only the technical risk possibly introduced by a security vulnerability is considered when evaluating the processing priority of the security vulnerability, and other factors such as the importance of a carrier where the security vulnerability is located, a network area, an open port and an exposed surface are ignored, so that a network administrator cannot concentrate on the security vulnerability forming the maximum risk to the network when processing the security vulnerability, the application provides a method and a device for evaluating the processing priority of the security vulnerability through the following aspects.
The first aspect of the application provides a method for evaluating security vulnerability processing priority, which is applied to evaluating the security vulnerability processing priority in an enterprise intranet and comprises the steps of obtaining the self risk level of a security vulnerability to be evaluated; acquiring the exposure path risk level of the target carrier; the target carrier is a carrier where the security vulnerabilities to be evaluated are located; acquiring an opening coefficient of a target port; the target port opening coefficient is determined according to the opening condition of a port aiming at the security vulnerability to be evaluated on a target carrier; and determining the processing priority of the security vulnerability to be evaluated according to the risk level of the security vulnerability, the risk level of the exposed path and the target port opening coefficient.
Optionally, obtaining the risk level of the security vulnerability to be evaluated includes: acquiring a CVSS (variable value service) score of the security vulnerability to be evaluated, and converting to obtain the vulnerability level of the security vulnerability to be evaluated; acquiring the carrier importance level of the target carrier; wherein, the importance level of the carrier is determined according to the importance degree of the service or application carried by the target carrier; and determining the risk level of the user according to the vulnerability level and the carrier importance level.
Optionally, obtaining the target port opening coefficient includes: when a port aiming at the security vulnerability to be evaluated on the target carrier is opened, setting the opening coefficient of the target port as 1; and when the port aiming at the security vulnerability to be evaluated on the target carrier is closed, the target port opening coefficient is set to be 0.4.
Optionally, obtaining the exposure path risk level of the target carrier includes: determining each access path between the source object and the target carrier according to the address range of the source object and the address of the target carrier; wherein the source object is an external carrier allowing access to the target carrier; acquiring a single path risk value of each access path; and calculating according to the risk values of all the single paths to obtain the exposure path risk level of the target carrier.
Optionally, obtaining a single path risk value of each access path includes: determining the loose grade of the source object according to the address range of the source object; determining the loose grade of the target carrier according to the port number of the target carrier; obtaining an access path loose grade according to the source object loose grade and the target carrier loose grade; determining the inter-domain risk level of the access path according to the region where the source object is located; and obtaining a single path risk value according to the inter-domain risk level and the loose level of the access path.
A second aspect of the present application provides an apparatus for evaluating security vulnerability handling priority, which is used to implement the steps of the method for evaluating security vulnerability handling priority of the first aspect of the present application, and the apparatus includes: the self risk level obtaining module is used for obtaining the self risk level of the security vulnerability to be evaluated; the exposure path risk level acquisition module is used for acquiring the exposure path risk level of the target carrier; the target carrier is a carrier where the security vulnerability to be evaluated is located; the target port opening coefficient acquisition module is used for acquiring a target port opening coefficient; the target port opening coefficient is determined according to the opening condition of a port aiming at the security vulnerability to be evaluated on a target carrier; and the processing priority evaluation module is used for determining the processing priority of the security vulnerability to be evaluated according to the risk level of the processing priority evaluation module, the risk level of the exposed path and the target port opening coefficient.
Optionally, the risk level obtaining module of the mobile terminal comprises a vulnerability level obtaining unit, a carrier importance level obtaining unit and a first calculating unit; the vulnerability level obtaining unit is used for obtaining and converting a CVSS (constant value classification) score of the security vulnerability to be evaluated to obtain a vulnerability level of the security vulnerability to be evaluated; the carrier importance level acquiring unit is used for acquiring the carrier importance level of the target carrier; the first computing unit is used for determining the risk level of the first computing unit according to the vulnerability level and the carrier importance level.
Optionally, the target port opening coefficient obtaining module is configured to perform the following functions: when a port aiming at the security vulnerability to be evaluated on the target carrier is opened, the opening coefficient of the target port is equal to 1; and when the port aiming at the security vulnerability to be evaluated on the target carrier is closed, the target port opening coefficient is equal to 0.4.
Optionally, the exposure path risk level obtaining module includes an access path obtaining unit, a single path risk value calculating unit, and a second calculating unit; the access path acquiring unit is used for determining each access path between the source object and the target carrier according to the address range of the source object and the address of the target carrier; wherein, the source object is an external address allowing to access the target carrier; the single path risk value calculation unit is used for acquiring a single path risk value of each access path; and the second calculating unit is used for calculating according to all the single path risk values to obtain the exposure path risk level of the target carrier.
Optionally, the single path risk value calculating unit includes a source object loose grade obtaining subunit, a target carrier loose grade obtaining subunit, an access path inter-domain risk grade obtaining subunit, and a third calculating unit; the source object loose grade acquiring subunit is used for determining the loose grade of the source object according to the address range of the source object; the target carrier loose grade acquiring subunit is used for determining the target carrier loose grade according to the port number of the target carrier; the access path loose grade obtaining subunit is used for obtaining an access path loose grade according to the source object loose grade and the target carrier loose grade; the inter-access path risk level acquiring subunit is used for determining the inter-access path risk level according to the area where the source object is located; and the third calculation unit is used for obtaining a single path risk value according to the access path inter-domain risk level and the access path loose level.
The application provides a method and a device for evaluating security vulnerability processing priority, wherein the method is applied to evaluating the security vulnerability processing priority in an enterprise intranet, and comprises the steps of obtaining the self risk level of a security vulnerability to be evaluated; acquiring the exposure path risk level of the target carrier; acquiring an opening coefficient of a target port; and determining the processing priority of the security vulnerability to be evaluated according to the self risk level, the exposure path risk level and the target port opening coefficient. When the method is used for evaluating the processing priority of the security vulnerabilities, not only the risk level of the vulnerabilities is considered, but also the exposure path risk level of a target carrier where the security vulnerabilities are located in the network structure of each intranet of the enterprises and the port opening condition of the security vulnerabilities on the target carrier are considered, so that a network administrator can concentrate on the security vulnerabilities forming the maximum risk to the network, and the possibility of being attacked is reduced.
Drawings
Fig. 1 is a schematic workflow diagram of a method for evaluating security vulnerability processing priority according to an embodiment of the present application;
fig. 2 is a schematic view of a workflow for determining a risk level of a security vulnerability processing priority in a method for evaluating a security vulnerability processing priority according to an embodiment of the present application;
fig. 3 is a schematic view of a workflow for obtaining a risk level of an exposure path of a target carrier in a method for evaluating a security vulnerability processing priority according to an embodiment of the present application;
fig. 4 is a schematic diagram of a workflow for obtaining a single path risk value in a method for evaluating security vulnerability processing priority according to an embodiment of the present application;
fig. 5 is a schematic diagram illustrating a calculation process of a method for evaluating security vulnerability processing priority according to an embodiment of the present application;
fig. 6 is a schematic structural diagram of an apparatus for evaluating security vulnerability processing priority according to an embodiment of the present disclosure.
Detailed Description
To facilitate the description of the technical solutions of the present application, some concepts related to the present application will be described below.
The carrier where the security vulnerability is located refers to all network-connected devices in the intranet; according to the specific situation of the enterprise, the system may be a host computer in an intranet of the enterprise, or a server, or a network security device, which is not specifically limited in this application.
In order to solve the problem that in the prior art, only the technical risk possibly introduced by a security vulnerability is considered when evaluating the processing priority of the security vulnerability, and other factors such as the importance of a carrier where the security vulnerability is located, a network area, an open port and an exposed surface are ignored, so that a network administrator cannot concentrate on the security vulnerability forming the maximum risk to the network when processing the security vulnerability, the method and the device for evaluating the processing priority of the security vulnerability are provided through the following aspects.
Please refer to fig. 1, which schematically illustrates a flowchart corresponding to a method for evaluating security vulnerability processing priority according to a first embodiment of the present application. As shown in fig. 1, the method is applied to evaluating the processing priority of a security vulnerability in an intranet, and specifically includes steps 1 to 4.
Step 1, obtaining the self risk level of the security vulnerability to be evaluated. In one implementation mode, the risk level of the security vulnerability to be evaluated is determined according to the CVSS value of the security vulnerability to be evaluated and the importance degree of the carrier where the security vulnerability to be evaluated is located. The higher the CVSS value of the security vulnerability is, the higher the importance degree of the carrier is, the higher the self risk level of the security vulnerability to be evaluated is, and vice versa. As shown in fig. 2, step 1 further comprises steps 101-103.
In the embodiment, the score of the vulnerability level is divided into 1-5, so the CVSS score is converted. As shown in table 1, the correspondence between CVSS scores and vulnerability levels in the method is exemplarily given. When the CVSS score is 0, the vulnerability has no risk, and the corresponding vulnerability level is 1; when the CVSS score is 0.1-3.9, the vulnerability is a low-risk vulnerability, and the corresponding vulnerability grade is 2; when the CVSS score is 4.0-6.9, the vulnerability is a medium-risk vulnerability, and the corresponding vulnerability grade is 3; when the CVSS score is 7.0-8.9, the vulnerability is a high-risk vulnerability, and the corresponding vulnerability grade is 4; when the CVSS score is 9.0-10.0, the vulnerability is an ultra-dangerous vulnerability, and the corresponding vulnerability grade is 5.
Table 1: example of correspondence of CVSS score to vulnerability level
CVSS score | Degree of danger | Vulnerability classes |
0 | WindlessDanger (Risk) | 1 |
0.1-3.9 | |
2 |
4.0-6.9 | Middle- |
3 |
7.0-8.9 | |
4 |
9.0-10.0 | Super danger | 5 |
And 102, acquiring the carrier importance level of the target carrier. For different enterprises, the importance levels of the bearers are different, and a general network administrator determines the importance of the service or application carried by the bearer when adding the bearer. In this example, the carrier importance rating is given in 1-5 points. Illustratively, in a network system of a banking enterprise, the importance level of a host used by a banking business core system is the highest, the importance level of a corresponding carrier is set to 5, the importance levels of mail and office systems are sequentially set to 4 and 3, the importance level of a carrier used by an internal forum is set to 2, and the importance levels of carriers of other carriers are set to 1.
And 103, determining the self risk level according to the vulnerability level and the carrier importance level. In this embodiment, the vulnerability grade is multiplied by the carrier importance grade, the obtained result (the result score interval is 1-25 points) is divided into one grade every 5, and the result is converted into 1-5 points to obtain the self risk grade. Exemplarily, the self risk level of the security vulnerability to be evaluated is 1 to 5 points, which represents low risk; the risk grade of the security vulnerability to be evaluated is 2 according to the 6-10 points, which represents general; the self risk grade of the security loophole to be evaluated is 3 according to the 11-15 points, and medium danger is represented; the risk grade of the 16-20 points corresponding to the security loophole to be evaluated is 4 points, which represents high risk; the 21-25 points correspond to the 5 points of the self risk level of the security loophole to be evaluated, and represent ultra-high risk. In other embodiments, the vulnerability level and the carrier importance level can be calculated by other mathematical methods to obtain the vulnerability self risk level. The present application does not specifically limit the calculation method.
And 2, step: and acquiring the exposure path risk level of the target carrier. And the target carrier is the carrier where the security vulnerability to be evaluated is located. In one implementation, the exposure path risk level of a carrier depends on the network location of the target carrier, the number of ports on the carrier, the address range of the source object, the area in which the source object is located, and so on, in the enterprise-wide environment. The source object is an external carrier allowing access to the target carrier and can be obtained through calculation of a network simulation environment. As shown in fig. 3, step 2 further comprises step 201 and step 203.
In this embodiment, by extracting the relevant configuration of the three-layer network device that affects the network access path and the data flow passing through in the current network environment of the enterprise, and by using the big data analysis technology, the connection and mutual access relationship between the network devices is automatically constructed, so as to form a set of network-wide simulation environment consistent with the network configuration and access control relationship of the current network environment. And analyzing the network simulation environment to obtain the address of the source object. And determining each access path between the source object and the target carrier according to the address range of the source object and the address of the target carrier.
As shown in table 2, an example of the correspondence between the address range of the source object and the loose level of the source object is shown. When the address range of the source object is 1, the corresponding loose grade of the source object is 1 level; when the address range of the source object is less than or equal to 32, the corresponding loose grade of the source object is level 2; when the address range of the source object is less than or equal to 128, the corresponding loose grade of the source object is 3 grade; when the address range of the source object is less than or equal to the C-type address field, the corresponding loose grade of the source object is level 4; when the address range of the source object is larger than or equal to the address range of the source object, the corresponding loose level of the source object is 5 levels.
Table 2: example of correspondence between Address Range of Source object and Loose level of Source object
Address range of source object | Source object relaxed level |
1 | 1 |
≤32 | 2 |
≤128 | 3 |
Class C address field not more than | 4 |
Class > C address segment | 5 |
As shown in table 3, an example of the correspondence between the number of ports of the target bearer and the target bearer loose grade is shown. When the port number of the target carrier is less than or equal to 4, the corresponding target carrier loose grade is level 1; when the port number of the target carrier is more than 4 and less than or equal to 8, the corresponding target carrier loose grade is 2 grade; when the port number of the target carrier is more than 8 and less than or equal to 16, the corresponding loose grade is 3 grade; when the port number of the target carrier is more than 16 and less than or equal to 32, the corresponding target carrier loose grade is 4 grade; when the number of ports of the target carrier is more than 32, the corresponding target carrier loose grade is 5 grades.
Table 3: example of correspondence of port number of target carrier and loose level of target carrier
Number of ports of target carrier | Relaxed grade of target vector |
(0,4] | 1 |
(4,8] | 2 |
(8,16] | 3 |
(16,32] | 4 |
(32,+∞) | 5 |
And 203, calculating according to all the single path risk values to obtain the exposure path risk level of the target carrier. In this embodiment, the risk values of all the single paths are summed up, and the obtained result is converted to obtain the exposure path risk level of the target carrier with 1-5 divisions.
And step 3, acquiring the opening coefficient of the target port. The target port opening coefficient is determined according to the opening condition of a port aiming at the security vulnerability to be evaluated on the target carrier; in practical application, the opening condition of the port aiming at the security vulnerability to be evaluated on the target carrier can be obtained from the vulnerability list information obtained by the vulnerability scanning system. In this embodiment, when a port for the security vulnerability to be evaluated on the target carrier is opened, the target port opening coefficient is set to 1; and when the port aiming at the security vulnerability to be evaluated on the target carrier is closed, setting the target port opening coefficient to be 0.4. In other embodiments, when the port for the security vulnerability to be evaluated on the target carrier is closed, the target port opening coefficient may also be set to other values smaller than 1 and greater than 0, which is not specifically limited in this application.
It should be noted that, in this embodiment, the sequence of steps 1-3 is not fixed, and step 1 may be executed first, step 2 may be executed, step 3 may be executed, and step 4 may be executed according to the result of steps 1-3; or step 2, step 3, step 1 and step 4 according to the results of steps 1, 2 and 3. It is sufficient that steps 1, 2 and 3 are performed before step 4.
And 4, determining the processing priority of the security vulnerability to be evaluated according to the self risk level, the exposure path risk level and the target port opening coefficient. In this embodiment, the self risk level of the security vulnerability to be evaluated, the exposure path risk level and the target port opening coefficient are multiplied, and the obtained result is distributed in a region with a value of 1-5 levels. The processing priorities that correspond to the zones with evaluated security holes in order from low to high are low risk (level 1, corresponding to 0-5 points), general (level 2, corresponding to 6-10 points), medium risk (level 3, corresponding to 11-15 points), high risk (level 4, corresponding to 16-20 points), and severe (level 5, corresponding to 21-25 points). In other embodiments, the self risk level, the exposure path risk level, and the target port opening coefficient may also be calculated by other mathematical methods, so as to obtain the processing priority of the security vulnerability to be evaluated. The present application does not specifically limit the calculation method.
As shown in table 4, an example of processing priority evaluation results in two different enterprise networks for the same security hole. For the scene 1, because the exposure path risk level of the security vulnerability is low, the vulnerability priority evaluation result is low-risk; for scenario 2, because the exposure path risk level of the security vulnerability is higher, the vulnerability priority evaluation result is at high risk.
Table 4: example of processing priority evaluation results of the same security vulnerability in two different enterprise networks
Application scenarios | Self risk rating | Exposure path risk rating | Target port opening coefficient | Evaluation results |
Scene 1 | High risk (4) | Low (1) | Open (1.0) | Low risk (4X 1) |
|
High risk (4) | High (5) | Open (1.0) | High risk (4X 5X 1) |
Therefore, the processing priority of the same vulnerability on the same target carrier is different in different enterprises or different network areas. According to the method provided by the embodiment, the processing priority of the security vulnerabilities in the enterprise network is reevaluated, so that a network administrator can concentrate on processing the security vulnerabilities forming the maximum risk to the network, and the possibility that the enterprise network is attacked more is reduced.
Referring to fig. 5, an example of the calculation process of the embodiment is to quantize the scores of the influencing factors influencing the processing priority of the security vulnerability to be evaluated to 1-5 levels. In other embodiments, the influencing factors may be quantified to other numerical ranges, which is not specifically limited in this application.
The embodiment provides a method for evaluating security vulnerability processing priority. The method is applied to the evaluation of the processing priority of the security vulnerabilities in the enterprise intranet, and comprises the steps of obtaining the self risk level of the security vulnerabilities to be evaluated; acquiring the exposure path risk level of the target carrier; acquiring an opening coefficient of a target port; and determining the processing priority of the security vulnerability to be evaluated according to the self risk level, the exposure path risk level and the target port opening coefficient. When the method is used for evaluating the processing priority of the security vulnerabilities, not only the risk level of the vulnerabilities is considered, but also the exposure path risk level of a target carrier where the security vulnerabilities are located in the network structure of each enterprise intranet is combined with the exposure path risk level of the target carrier, and the port opening condition of the security vulnerabilities on the target carrier are considered, so that a network administrator can concentrate on the security vulnerabilities forming the maximum risk to the network, and the possibility that the enterprise network is attacked more is reduced.
The following are embodiments of the apparatus of the present application that may be used to perform embodiments of the method of the present application. For details which are not disclosed in the embodiments of the apparatus of the present application, reference is made to the embodiments of the method of the present application.
Fig. 6 is a schematic structural diagram illustrating an apparatus for evaluating security vulnerability processing priority according to a second embodiment of the present application. As shown in fig. 6, the apparatus has a function of implementing the above method for evaluating security vulnerability processing priority, and the function may be implemented by hardware, or may be implemented by hardware executing corresponding software. The apparatus may include: the system comprises a self risk level acquisition module, an exposure path risk level acquisition module, a target port opening coefficient acquisition module and a processing priority evaluation module.
The self risk level obtaining module is used for obtaining the self risk level of the security vulnerability to be evaluated.
The exposure path risk level acquisition module is used for acquiring the exposure path risk level of the target carrier; and the target carrier is the carrier where the security vulnerability to be evaluated is located.
The target port opening coefficient acquisition module is used for acquiring a target port opening coefficient; and the target port opening coefficient is determined according to the opening condition of the port aiming at the security vulnerability to be evaluated on the target carrier.
And the processing priority evaluation module is used for determining the processing priority of the security vulnerability to be evaluated according to the self risk level, the exposure path risk level and the target port opening coefficient.
Further, the risk level obtaining module comprises a vulnerability level obtaining unit, a carrier importance level obtaining unit and a first calculating unit.
The vulnerability level obtaining unit is used for obtaining and converting the CVSS score of the security vulnerability to be evaluated to obtain the vulnerability level of the security vulnerability to be evaluated.
The carrier importance level acquiring unit is used for acquiring the carrier importance level of the target carrier.
The first computing unit is used for determining the self risk level according to the vulnerability level and the carrier importance level.
Further, the target port opening coefficient obtaining module is configured to perform the following functions: when a port aiming at the security vulnerability to be evaluated on the target carrier is opened, the opening coefficient of the target port is equal to 1; and when the port aiming at the security vulnerability to be evaluated on the target carrier is closed, the target port opening coefficient is equal to 0.4.
Further, the exposure path risk level obtaining module comprises an access path obtaining unit, a single path risk value calculating unit and a second calculating unit.
The access path acquiring unit is used for determining each access path between a source object and the target carrier according to the address range of the source object and the address of the target carrier; wherein the source object is an external carrier allowing access to the target carrier.
The single path risk value calculation unit is used for acquiring a single path risk value of each access path.
And the second calculating unit is used for calculating according to all the single path risk values to obtain the exposure path risk level of the target carrier.
Further, the single path risk value calculation unit includes a source object loose grade acquisition subunit, a target carrier loose grade acquisition subunit, an access path inter-domain risk grade acquisition subunit, and a third calculation unit.
The source object loose grade obtaining subunit is configured to determine a source object loose grade according to the address of the source object.
And the target carrier loose grade obtaining subunit is used for determining the target carrier loose grade according to the port number of the target carrier.
And the access path loose grade obtaining subunit is used for obtaining an access path loose grade according to the source object loose grade and the target carrier loose grade.
And the inter-access path domain risk level acquiring subunit is used for determining the inter-access path domain risk level according to the region where the source object is located.
And the third calculation unit is used for obtaining a single path risk value according to the inter-domain risk level of the access path and the loose level of the access path.
The present application has been described in detail with reference to specific embodiments and illustrative examples, but the description is not intended to limit the application. Those skilled in the art will appreciate that various equivalent substitutions, modifications or improvements may be made to the presently disclosed embodiments and implementations thereof without departing from the spirit and scope of the present disclosure, and these fall within the scope of the present disclosure. The protection scope of this application is subject to the appended claims.
Claims (10)
1. A method for evaluating security vulnerability processing priority is applied to evaluating the security vulnerability processing priority in an enterprise intranet, and comprises the following steps:
acquiring the self risk level of the security vulnerability to be evaluated;
acquiring the exposure path risk level of the target carrier; the target carrier is a carrier where the security vulnerability to be evaluated is located;
acquiring an opening coefficient of a target port; the target port opening coefficient is determined according to the opening condition of a port aiming at the security vulnerability to be evaluated on the target carrier;
and determining the processing priority of the security vulnerability to be evaluated according to the self risk level, the exposure path risk level and the target port opening coefficient.
2. The method according to claim 1, wherein the obtaining of the self risk level of the security vulnerability to be evaluated comprises:
acquiring the CVSS value of the security vulnerability to be evaluated and converting the CVSS value to obtain the vulnerability level of the security vulnerability to be evaluated;
acquiring the carrier importance level of the target carrier; wherein, the importance level of the carrier is determined according to the importance degree of the service or application carried by the target carrier;
and determining the self risk level according to the vulnerability level and the carrier importance level.
3. The method of claim 1, wherein obtaining the target port opening coefficient comprises:
when a port aiming at the security vulnerability to be evaluated on the target carrier is opened, setting the opening coefficient of the target port to be 1;
and when the port aiming at the security vulnerability to be evaluated on the target carrier is closed, setting the target port opening coefficient to be 0.4.
4. The method of claim 1, wherein obtaining the exposure path risk level of the object carrier comprises:
determining each access path between a source object and a target carrier according to the address range of the source object and the address of the target carrier; wherein the source object is an external carrier allowing access to the target carrier;
acquiring a single path risk value of each access path;
and calculating according to all the single path risk values to obtain the exposure path risk level of the target carrier.
5. The method of claim 4, wherein obtaining the single path risk value for each access path comprises:
determining the loose grade of the source object according to the address of the source object;
determining the target carrier loose grade according to the port number of the target carrier;
obtaining an access path loose grade according to the source object loose grade and the target carrier loose grade;
determining the inter-domain risk level of the access path according to the region where the source object is located;
and obtaining a single path risk value according to the inter-domain risk level of the access path and the loose level of the access path.
6. An apparatus for evaluating security vulnerability processing priority, for implementing the steps of the method for evaluating security vulnerability processing priority of claims 1-5, the apparatus comprising:
the self risk level obtaining module is used for obtaining the self risk level of the security vulnerability to be evaluated;
the exposure path risk level acquisition module is used for acquiring the exposure path risk level of the target carrier; the target carrier is a carrier where the security vulnerability to be evaluated is located;
the target port opening coefficient acquisition module is used for acquiring a target port opening coefficient; the target port opening coefficient is determined according to the opening condition of a port aiming at the security vulnerability to be evaluated on the target carrier;
and the processing priority evaluation module is used for determining the processing priority of the security vulnerability to be evaluated according to the self risk level, the exposure path risk level and the target port opening coefficient.
7. The apparatus according to claim 6, wherein the self risk level obtaining module includes a vulnerability level obtaining unit, a carrier importance level obtaining unit and a first calculating unit;
the vulnerability level obtaining unit is used for obtaining and converting the CVSS score of the security vulnerability to be evaluated to obtain the vulnerability level of the security vulnerability to be evaluated;
the carrier importance level acquiring unit is used for acquiring the carrier importance level of the target carrier;
the first computing unit is used for determining the self risk level according to the vulnerability level and the carrier importance level.
8. The apparatus of claim 6, wherein the target port opening coefficient obtaining module is configured to perform the following functions:
when a port aiming at the security vulnerability to be evaluated on the target carrier is opened, the opening coefficient of the target port is equal to 1;
and when the port aiming at the security vulnerability to be evaluated on the target carrier is closed, the target port opening coefficient is equal to 0.4.
9. The apparatus of claim 6, wherein the exposure path risk level obtaining module comprises an access path obtaining unit, a single path risk value calculating unit, and a second calculating unit; wherein the content of the first and second substances,
the access path acquiring unit is used for determining each access path between a source object and the target carrier according to the address range of the source object and the address of the target carrier; wherein the source object is an external address allowing access to the target carrier;
the single path risk value calculation unit is used for acquiring a single path risk value of each access path;
and the second calculating unit is used for calculating according to all the single path risk values to obtain the exposure path risk level of the target carrier.
10. The apparatus of claim 9, wherein the single path risk value calculation unit comprises a source object loose level obtaining sub-unit, a destination carrier loose level obtaining sub-unit, an access path inter-domain risk level obtaining sub-unit, and a third calculation unit; wherein the content of the first and second substances,
the source object loose grade obtaining subunit is used for determining a source object loose grade according to the address of the source object;
the target carrier loose grade obtaining subunit is used for determining a target carrier loose grade according to the port number of the target carrier;
the access path loose grade obtaining subunit is configured to obtain an access path loose grade according to the source object loose grade and the target carrier loose grade;
the access path inter-domain risk level obtaining subunit is used for determining an access path inter-domain risk level according to the region where the source object is located;
and the third calculation unit is used for obtaining a single path risk value according to the inter-domain risk level of the access path and the loose level of the access path.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210106545.5A CN114491561A (en) | 2022-01-28 | 2022-01-28 | Method and device for evaluating security vulnerability processing priority |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210106545.5A CN114491561A (en) | 2022-01-28 | 2022-01-28 | Method and device for evaluating security vulnerability processing priority |
Publications (1)
Publication Number | Publication Date |
---|---|
CN114491561A true CN114491561A (en) | 2022-05-13 |
Family
ID=81477689
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210106545.5A Pending CN114491561A (en) | 2022-01-28 | 2022-01-28 | Method and device for evaluating security vulnerability processing priority |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114491561A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116781426A (en) * | 2023-08-21 | 2023-09-19 | 北京安天网络安全技术有限公司 | Port repairing method and device, storage medium and electronic equipment |
-
2022
- 2022-01-28 CN CN202210106545.5A patent/CN114491561A/en active Pending
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116781426A (en) * | 2023-08-21 | 2023-09-19 | 北京安天网络安全技术有限公司 | Port repairing method and device, storage medium and electronic equipment |
CN116781426B (en) * | 2023-08-21 | 2023-11-10 | 北京安天网络安全技术有限公司 | Port repairing method and device, storage medium and electronic equipment |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11637853B2 (en) | Operational network risk mitigation system and method | |
EP3128459B1 (en) | System and method of utilizing a dedicated computer security service | |
RU2536663C2 (en) | System and method of protecting cloud infrastructure from illegal use | |
US20170155683A1 (en) | Remedial action for release of threat data | |
US20210234889A1 (en) | Reachability graph-based safe remediations for security of on-premise and cloud computing environments | |
Hu et al. | Method for cyberincidents network-centric monitoring in critical information infrastructure | |
US9729505B2 (en) | Security threat analysis | |
Banga | Why is cybersecurity not a human-scale problem anymore? | |
CN114491561A (en) | Method and device for evaluating security vulnerability processing priority | |
EP4327220A1 (en) | Automated contextual understanding of unstructured security documents | |
US8646025B2 (en) | Automated local exception rule generation system, method and computer program product | |
Mohaisen et al. | Rethinking information sharing for actionable threat intelligence | |
Leahovcenco | Cybersecurity as a fundamental element of the digital economy. | |
CN115567237A (en) | Network security assessment method based on knowledge graph | |
CN116132132A (en) | Network asset management method, device, electronic equipment and medium | |
CN114697052B (en) | Network protection method and device | |
CN112487419A (en) | Computer network information security event processing method | |
US11811823B2 (en) | Complete data exfiltration profile and model (CODAEX) | |
US11750371B1 (en) | Web domain correlation hashing method | |
CN115065509B (en) | Risk identification method and device for statistical inference attack based on deviation function | |
Kumazaki et al. | Cyber Attack Stage Tracing System based on Attack Scenario Comparison. | |
Shalabi et al. | Enhancing financial system resilience against cyber threats via SWIFT customer security framework | |
CN111724261B (en) | Multi-user asset virtualization management method and system | |
CN114598509B (en) | Method and device for determining vulnerability result | |
CN116260637B (en) | Path planning method and device for penetration test, electronic equipment and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |