CN114866315A - Digital safety management method for IT assets - Google Patents
Digital safety management method for IT assets Download PDFInfo
- Publication number
- CN114866315A CN114866315A CN202210475513.2A CN202210475513A CN114866315A CN 114866315 A CN114866315 A CN 114866315A CN 202210475513 A CN202210475513 A CN 202210475513A CN 114866315 A CN114866315 A CN 114866315A
- Authority
- CN
- China
- Prior art keywords
- assets
- fingerprint
- management
- scanning
- risk
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000007726 management method Methods 0.000 title claims abstract description 86
- 238000001514 detection method Methods 0.000 claims description 21
- 238000005516 engineering process Methods 0.000 claims description 18
- 238000000034 method Methods 0.000 claims description 18
- 230000004044 response Effects 0.000 claims description 18
- 230000008569 process Effects 0.000 claims description 9
- 238000013475 authorization Methods 0.000 claims description 7
- 238000012937 correction Methods 0.000 claims description 6
- 230000003993 interaction Effects 0.000 claims description 6
- 230000008520 organization Effects 0.000 claims description 5
- 238000012360 testing method Methods 0.000 claims description 4
- 238000004891 communication Methods 0.000 claims description 3
- 230000006855 networking Effects 0.000 claims description 3
- 239000003607 modifier Substances 0.000 claims description 2
- 239000000126 substance Substances 0.000 claims description 2
- 238000012544 monitoring process Methods 0.000 abstract description 7
- 238000011161 development Methods 0.000 description 3
- 239000000523 sample Substances 0.000 description 3
- 230000006872 improvement Effects 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000006467 substitution reaction Methods 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000007123 defense Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000004141 dimensional analysis Methods 0.000 description 1
- 238000002474 experimental method Methods 0.000 description 1
- 230000008439 repair process Effects 0.000 description 1
- 238000004088 simulation Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
- 238000012038 vulnerability analysis Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Abstract
The application discloses a digital safety management method for IT assets, which comprises the following steps: asset scanning: scanning the object through a management system to discover assets, and transmitting the scanned and discovered assets to an IT asset management library; closed-loop management of risk disposition: based on the acquired assets, discovering and submitting the IT assets, and assigning, receiving and checking the discovered vulnerabilities; and (3) result display: through the closed-loop control of risk disposal, risk situation and trend, risk digital statistics and risk management results are displayed; the management system comprises a front-end presentation module, a rear-end micro-service module and a bottom layer scanning assembly. The digital IT asset safety management method has the advantages of simple system architecture, deployment of the prescription and the bosin, simple asset management steps and capability of realizing unified management and dynamic monitoring of the IT assets.
Description
Technical Field
The invention relates to the technical field of IT asset management, in particular to a digital safety management method for IT assets.
Background
With the wide application of computer network technology, the degree of dependence of government departments, enterprises and public institutions and the like on information systems is increasing day by day. However, the types of network space assets are numerous, and in addition, the users lack network security awareness, so that many private servers, databases and the like are exposed to the four-to-eight internet without defense, and system vulnerabilities, malicious software, viruses and the like threaten network security. The traditional IT asset management has complex system architecture, is difficult to deploy, has complex asset management steps, and is difficult to realize the unified management and dynamic monitoring of IT assets.
Disclosure of Invention
The application aims to provide a digital IT asset safety management method to solve the problems that the existing IT asset management in the background technology is complex in system architecture, difficult to deploy and difficult to realize unified management and dynamic monitoring of IT assets.
In order to achieve the above purpose, the present application provides the following technical solutions: a digital security management method for IT assets comprises the following steps:
asset scanning and discovery: scanning the object through a management system to discover assets, and transmitting the scanned and discovered assets to an IT asset management library;
closed-loop management of risk disposition: based on the acquired assets, discovering and submitting the IT assets, and assigning, receiving and checking the discovered vulnerabilities;
and (3) result display: through the closed-loop control of risk disposal, risk situation and trend, risk digital statistics and risk management results are displayed; wherein the content of the first and second substances,
the management system comprises a front-end presentation module, a rear-end micro-service module and a bottom scanning assembly, wherein the front-end presentation module comprises an NGINX server, a UI layer and an interaction layer, the rear-end micro-service module comprises an asset management unit, a risk discovery unit, a risk rectification unit, a statistical report unit, a large-screen presentation unit, a data statistical unit, a vulnerability management unit, a system management unit, a user service unit, an organization service unit, a view service unit, a menu service unit, an API authorization service unit, a data authorization service unit, a log service unit and a service center, and the bottom scanning assembly comprises a scanning API interface service unit, a management center, a fingerprint center, a log center, a task scheduling center, a PRC communication engine and a scanning assembly.
In one embodiment, the asset scanning and discovery includes basic information collection and application component fingerprint collection, and the bottom scanning component sends a series of TCP and UDP packets to the target host, receives a response packet returned by the target host, detects each data item in the response packet, compares the data item with the fingerprint center, and obtains the operating system type of the target host according to the comparison result.
In one embodiment, the basic information collection comprises host discovery, system fingerprint information collection, service fingerprint information collection; the host computer finds that the address, the protocol, the port range, the used scanning technology and the used evasion technology of the target host computer are scanned according to the strategy set by the user and a plurality of scanning threads set by the user; the system fingerprint information collection is to detect TCP and UDP response data packets of a target host by utilizing fingerprint databases establishing different operating systems and different protocol stacks and identify the fingerprint information of the system and the protocol stacks; and the service fingerprint information collection is to select a corresponding detection fingerprint from the fingerprint center, send the detection fingerprint to a corresponding port, and judge whether a corresponding component is contained or not through fingerprint matching in a returned response packet.
In one embodiment, the scanning of the port in the host discovery specifically includes: detecting the corresponding port of the target host, wherein the management system receives a response packet which is fed back by the port and accords with the rules, at the moment, the port is in an open state, when only one port of each host is in the open state, the host survives, and the IP, the open port and the protocol information of the host are stored in an IT asset management library.
In one embodiment, the system fingerprint information collection specifically includes:
analyzing various system characteristics, establishing fingerprint characteristics of a known system, and storing the fingerprint characteristics into the fingerprint center as a fingerprint comparison sample library;
the user sets a system detection task, selects a detected target host, then starts the management system and executes the detection task, sends a TCP/UDP/ICMP data packet to the target host, generates a host fingerprint according to a returned response packet, compares the generated host fingerprint with the fingerprint of the fingerprint center, and matches with a known system corresponding to the target host.
In one embodiment, the application component fingerprinting module is used to discover the fingerprint information of the version, service port, protocol interaction characteristics of a networking application or component.
In one embodiment, the discovery of vulnerabilities in closed-loop management of risk handling specifically includes:
vulnerability scanning: the back-end micro-service module conducts traversal matching on the IT assets and vulnerability data stored in the vulnerability management module according to the operating system and the version of the assets to find possible vulnerabilities in the IT assets, and when the possible vulnerabilities are found, the possible vulnerabilities in the IT assets are stored in the risk rectification unit;
POC scanning: the back-end micro-service module performs traversal vulnerability attack test on the IT assets according to the stored vulnerability attack codes, and stores the vulnerabilities existing in the IT assets into the risk rectification unit when the attack is successful;
celestial mirror or Nessus scanning: the management system performs traversal scanning on the IT assets through the sky mirror scanning component or the Nessus scanning component, and when a vulnerability is found, the vulnerability is stored in the risk rectification unit;
weak password scanning: and the back-end micro-service module performs traversal matching on the IT assets through a pre-stored weak password dictionary according to the application program information corresponding to the IT asset open port, and stores the weak password into the risk rectification unit when the weak password exposed by the IT asset application program is matched.
In one embodiment, the vulnerability correction in closed-loop management of risk handling specifically comprises: and the back-end micro-service module acquires the loophole, the threat and the weak password from the risk rectification unit to rectify the risk.
In one embodiment, the task status in the risk rectification process includes to-be-assigned, to-be-received, in rectification, to-be-accepted, and acceptance completion; when the bug assignment modifier is not modified, the task is in a state of waiting for assignment; when the loophole is assigned to an embellisher for embellisher, the task is in a state of waiting to be received; when the bug truer receives the truing of the bug, the state of the task is in truing; when the loophole truer finishes the truing of the loophole, the state of the task is to be checked and accepted; and when the acceptance person successfully accepts the vulnerability correction result, the task is in the state of acceptance completion.
The digital IT asset safety management method is based on a primary micro-service design, a framework with a front end and a rear end separated is adopted, each functional component at the rear end can provide services to the outside through REST API, the front end can obtain data through AJAX request interfaces, each service API interface is controlled by API authorization and data authorization service restriction, data are returned according to the authorization interfaces, each service module is deployed on the basis of a container, application is issued to the outside through NGINX reverse proxy, deployment is simple and convenient, and capacity expansion is facilitated. By utilizing a distributed scanning technology, the assets of the enterprise are comprehensively researched, information such as an open port of the assets, the type of an operating system, middleware and the like is obtained, and the enterprise can timely and accurately master the asset dynamics; on the other hand, vulnerability threat information is quickly acquired and integrated, vulnerabilities, weak passwords and threats hidden in assets are picked up in time, dangerous assets are accurately positioned, a vulnerability management closed-loop mechanism is formed, and the enterprise information security management dilemma is broken.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present application, and other drawings can be obtained by those skilled in the art without creative efforts.
Fig. 1 is an architecture diagram of a management system in an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that the components, modules and mechanisms that are not described in detail in this application are all general standard components or components known to those skilled in the art, and the structure and principle of the components can be known to those skilled in the art through technical manuals or through routine experiments. The terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
Example (b): as shown in fig. 1, a digital security management method for IT assets is applicable to an IT asset management system, and in this embodiment, the management system includes a front-end presentation module for displaying related management information, a back-end micro-service module for providing services for security management of IT assets, and a bottom-layer scanning component for supporting scanning of targets, where the front-end presentation module includes an NGINX server, a UI layer, and an interaction layer, the back-end micro-service module includes an asset management unit, a risk discovery unit, a risk rectification unit, a statistical report unit, a large-screen presentation unit, a data statistics unit, a vulnerability management unit, a system management unit, a user service unit, an organization service unit, a view service unit, a menu service unit, an API signing service unit, a data signing service unit, a log service unit, and a service center, and the bottom-layer scanning component includes a scanning API interface service unit, an API signing service unit, a system management unit, a user service unit, an organization service unit, a view service unit, a menu service unit, an API signing service unit, a data signing service unit, a service center, a log service unit, and a service center, The system comprises a management center, a fingerprint center, a log center, a task scheduling center, a PRC communication engine and a scanning component.
By means of the management system, the embodiment discloses a digital security management method for IT assets, which sequentially comprises asset scanning, closed-loop management and control of risk disposal and result display.
In this embodiment, the content of the asset scan is: the asset scanning and finding comprises basic information collection and application component fingerprint collection, the bottom layer scanning component sends a series of TCP and UDP data packets to a target host, receives response data packets returned by the target host, detects each data item in the response data packets, compares the data items with the fingerprint center, and acquires the operating system type of the target host according to the comparison result.
The basic information collection comprises host discovery, system fingerprint information collection and service fingerprint information collection; the host finds that the address, the protocol, the port range, the used scanning technology and the used evasion technology of the target host are scanned according to the strategy set by the user and the plurality of scanning threads set by the user. The scanning of the port in the host discovery specifically includes: detecting the corresponding port of the target host, wherein the management system receives a response packet which is fed back by the port and accords with the rules, at the moment, the port is in an open state, when only one port of each host is in the open state, the host survives, and the IP, the open port and the protocol information of the host are stored in an IT asset management library. The system fingerprint information collection is to detect TCP and UDP response data packets of a target host by utilizing fingerprint databases which are established with different operating systems and different protocol stacks, and identify the fingerprint information of the system and the protocol stacks. The scheme is designed to use TCP/IP protocol stack fingerprints to identify different operating systems and devices. The TCP/IP protocol stack technology is only described in RFC documents, and does not have a uniform industry standard, and when various companies write the TCP/IP protocol stacks applied to their own operating systems, the RFC documents are interpreted differently, so that the operating systems are different in implementation of the TCP/IP protocol. The patent determines the type of operating system based primarily on differences in these details. The specific implementation mode is as follows: firstly, analyzing various system characteristics, establishing fingerprint characteristics of a known system, and storing the fingerprint characteristics into the fingerprint center as a fingerprint comparison sample library; the user sets a system detection task, selects a detected target host, then starts the management system and executes the detection task, sends a TCP/UDP/ICMP data packet to the target host, generates a host fingerprint according to a returned response packet, compares the generated host fingerprint with the fingerprint of the fingerprint center, and matches with a known system corresponding to the target host. And the service fingerprint information collection is to select a corresponding detection fingerprint from the fingerprint center, send the detection fingerprint to a corresponding port, and judge whether a corresponding component is contained or not through fingerprint matching in a returned response packet.
The application component fingerprint collection module is used for discovering the fingerprint information of the version, service port and protocol interaction characteristics of the networking application program or component. And the identification based on Web service, server language, Web development framework, Web application, front-end library, third-party components and the like is supported.
The Web development framework is a service program, and a server provides a service to the outside through a certain port, and processes a request sent from a client, such as a Tomcat container in JAVA, an IIS or PWS of ASP is a framework, and the Web development framework can be identified by using a component service detection technology, for example, by sending fingerprint information: the "URI/status" probes the Tomcat framework. The specific method for detecting the language adopted by the Web site background by the application component page detection technology and the service component service detection technology is to judge by meta information, script tags, header information, session, error page, fingerprints including certain contents of the Web page and the like. The detection of the Web application mainly adopts a service component page detection technology. Corresponding Web application programs can be distinguished by matching one or more pages of the captured website with the fingerprints of the fingerprint library. The detection of the Web space mainly adopts a page detection technology. Identified by the classsid of the page or the like.
In this embodiment, the content of the closed-loop regulation of risk handling is: and based on the acquired assets, discovering and submitting the IT assets, and assigning, receiving and checking the discovered vulnerabilities. Vulnerability scanning technology is based on port scanning technology. According to the embodiment, the IT assets are scanned in multiple scanning modes so as to comprehensively obtain risks such as vulnerabilities possibly existing in the IT assets. From the viewpoint of vulnerability analysis and collection of attack behaviors, most of the vulnerabilities are targeted at a certain network service, that is, at a certain specific port. The vulnerability scanning technique is also developed in the same way as the port scanning technique. The principle of the vulnerability discovery technology is to check whether a target host has a vulnerability by the following methods: and after the port is scanned, the port opened by the target host and the network service on the port are known, the related information is matched with the vulnerability library, and whether the vulnerability meeting the matching condition exists is checked. And (4) simulating the target host system to perform aggressive security vulnerability scanning, such as testing weak passwords and the like. If the simulation attack is successful, the target host system is indicated to have a security vulnerability, and the vulnerability is submitted to a risk rectification library. And when the risk rectification is carried out, acquiring the loophole, the threat and the weak password from the risk rectification library to carry out the risk rectification. Specifically, the vulnerability discovery in this embodiment specifically includes: vulnerability scanning, POC scanning, celestial or Nessus scanning, weak password scanning. The vulnerability scanning specifically comprises the following contents: the back-end micro-service module conducts traversal matching on the IT assets and vulnerability data stored in the vulnerability management module according to the operating system and the version of the assets to find possible vulnerabilities in the IT assets, and when the possible vulnerabilities are found, the possible vulnerabilities in the IT assets are stored in the risk rectification unit. The specific contents of the POC scanning are: and the back-end micro-service module performs traversal vulnerability attack test on the IT assets according to the stored vulnerability attack codes, and stores the vulnerability existing in the IT assets into the risk rectification unit when the attack is successful. The specific contents of the celestial mirror or the Nessus scanning are as follows: the management system performs traversal scanning on the IT assets through the sky mirror scanning component or the Nessus scanning component, and when a vulnerability is found, the vulnerability is stored in the risk rectification unit. The specific contents of weak password scanning are as follows: and the back-end micro-service module performs traversal matching on the IT assets through a pre-stored weak password dictionary according to the application program information corresponding to the IT asset open port, and stores the weak password into the risk rectification unit when the weak password exposed by the IT asset application program is matched. On the other hand, the vulnerability correction specifically comprises: and the back-end micro-service module acquires the loophole, the threat and the weak password from the risk rectification unit to rectify the risk. More specifically, the task state in the risk rectification process includes waiting for assignment, waiting for reception, rectification, waiting for acceptance, and acceptance completion; when the bug assignment correcting person is not corrected, the task is in a state of waiting for assignment; when the loophole is assigned to an embellisher for embellisher, the task is in a state of waiting to be received; when the bug truer receives the truing of the bug, the state of the task is in truing; when the loophole truer finishes the truing of the loophole, the state of the task is to be checked and accepted; and when the acceptance person successfully accepts the vulnerability correction result, the task is in the state of acceptance completion.
In this embodiment, the content of the achievement display is: and (4) through closed-loop management and control of risk disposal, displaying the risk situation and trend, risk digital statistics and risk management results.
To sum up, the management system and the IT asset digital safety management method have the following characteristics:
(1) and (3) comprehensively monitoring assets: the assets are managed in a unified mode, all-dimensional safe dynamic monitoring is provided, the asset change condition is mastered in real time, and the availability of the assets and the continuity of business are guaranteed; the monitoring of various software and hardware assets is supported, and the monitoring comprises a switch, a router, a server, a desktop terminal, a mobile terminal, a network printer and the like; various approaches which may cause asset safety leakage are managed and controlled, including application software, configuration files, ports, databases, WEB information and the like, so that the overall safety is fully guaranteed;
(2) overall discovery of system risks: the platform provides a plurality of scanning engines, is compatible with a plurality of vulnerability libraries, has rich weak password dictionaries, can carry out physical examination on assets in all directions and detect various possible risk problems of the assets; the user-defined scanning task is supported, the detection target and the detection type are selected in a targeted manner, and the individual requirements are met;
(3) risk closed-loop treatment: after the risks are found, establishing a work order, assigning, receiving, rectifying and checking, providing a standardized treatment process and treatment steps, distributing treatment tasks to specific rectifying and checking persons, determining the finishing time of rectification, controlling treatment processes in real time and ensuring that all the risks are treated in a track-following manner;
(4) and (3) displaying in a multi-dimensional analysis mode: a platform home page, an asset overview, a risk overview, the number of risks, the number of unsafe assets and the mastery of the asset general view, wherein the system overall score, the total number of assets, the leak existence ratio/repair rate, the number of risks and the unsafe assets are displayed in a visual mode; the statistical report page is used for counting asset, risk and work order data from organization dimensions and service system dimensions, and can be selected to generate a statistical chart in a self-defined mode, so that the management efficiency is improved, and the management cost is reduced.
(5) And (3) efficient data updating: the leak library, the weak password library and the POC data can be updated in real time/regularly in an online automatic upgrading or offline manual upgrading mode, and timeliness and comprehensiveness of the data are guaranteed.
Finally, it should be noted that: although the present invention has been described in detail with reference to the foregoing embodiments, those skilled in the art can still make modifications to the technical solutions described in the foregoing embodiments, or make equivalent substitutions and improvements to part of the technical features of the foregoing embodiments, and any modifications, equivalent substitutions and improvements made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (9)
1. A digital security management method for IT assets is characterized by comprising the following steps:
asset scanning and discovery: scanning the object through a management system to discover assets, and transmitting the scanned and discovered assets to an IT asset management library;
closed-loop management of risk disposition: based on the acquired assets, discovering and submitting the IT assets, and assigning, receiving and checking the discovered vulnerabilities;
and (3) result display: through the closed-loop control of risk disposal, risk situation and trend, risk digital statistics and risk management results are displayed; wherein the content of the first and second substances,
the management system comprises a front-end presentation module, a rear-end micro-service module and a bottom scanning assembly, wherein the front-end presentation module comprises an NGINX server, a UI layer and an interaction layer, the rear-end micro-service module comprises an asset management unit, a risk discovery unit, a risk rectification unit, a statistical report unit, a large-screen presentation unit, a data statistical unit, a vulnerability management unit, a system management unit, a user service unit, an organization service unit, a view service unit, a menu service unit, an API authorization service unit, a data authorization service unit, a log service unit and a service center, and the bottom scanning assembly comprises a scanning API interface service unit, a management center, a fingerprint center, a log center, a task scheduling center, a PRC communication engine and a scanning assembly.
2. The IT asset digital safety management method according to claim 1, wherein the asset scanning and discovery comprises basic information collection and application component fingerprint collection, the underlying scanning component sends a series of TCP and UDP data packets to a target host, receives a response data packet returned by the target host, detects each data item in the response data packet, compares with the fingerprint center, and obtains the operating system type of the target host according to the comparison result.
3. The digital IT asset security management method of claim 2, wherein the basic information collection comprises host discovery, system fingerprint information collection, service fingerprint information collection; the host finds that the address, the protocol, the port range, the used scanning technology and the used evasion technology of the target host are scanned according to the strategy set by the user and the plurality of scanning threads set by the user; the system fingerprint information collection is to detect TCP and UDP response data packets of a target host by utilizing fingerprint databases establishing different operating systems and different protocol stacks and identify the fingerprint information of the system and the protocol stacks; and the service fingerprint information collection is to select a corresponding detection fingerprint from the fingerprint center, send the detection fingerprint to a corresponding port, and judge whether a corresponding component is contained or not through fingerprint matching in a returned response packet.
4. The IT asset digital security management method of claim 3, wherein the scanning of the ports in the host discovery specifically comprises: detecting the corresponding port of the target host, wherein the management system receives a response packet which is fed back by the port and accords with the rules, at the moment, the port is in an open state, when only one port of each host is in the open state, the host survives, and the IP, the open port and the protocol information of the host are stored in an IT asset management library.
5. The IT asset digital security management method of claim 3, wherein the system fingerprint information collection specifically comprises:
analyzing various system characteristics, establishing fingerprint characteristics of a known system, and storing the fingerprint characteristics into the fingerprint center as a fingerprint comparison sample library;
the user sets a system detection task, selects a detected target host, then starts the management system and executes the detection task, sends a TCP/UDP/ICMP data packet to the target host, generates a host fingerprint according to a returned response packet, compares the generated host fingerprint with the fingerprint of the fingerprint center, and matches with a known system corresponding to the target host.
6. The digital security management method of IT assets of claim 2 wherein the application component fingerprint collection module is used to discover fingerprint information of version, service port, protocol interaction features of networking applications or components.
7. The method of digital security management of IT assets of claim 1, wherein the discovery of vulnerabilities in closed-loop management of risk disposition specifically comprises:
vulnerability scanning: the back-end micro-service module conducts traversal matching on the IT assets and vulnerability data stored in the vulnerability management module according to the operating system and the version of the assets to find possible vulnerabilities in the IT assets, and when the possible vulnerabilities are found, the possible vulnerabilities in the IT assets are stored in the risk rectification unit;
POC scanning: the back-end micro-service module performs traversal vulnerability attack test on the IT assets according to the stored vulnerability attack codes, and stores the vulnerabilities existing in the IT assets into the risk rectification unit when the attack is successful;
celestial mirror or Nessus scanning: the management system performs traversal scanning on the IT assets through the sky mirror scanning component or the Nessus scanning component, and when a vulnerability is found, the vulnerability is stored in the risk rectification unit;
weak password scanning: and the back-end micro-service module performs traversal matching on the IT assets through a pre-stored weak password dictionary according to the application program information corresponding to the IT asset open port, and stores the weak password into the risk rectification unit when the weak password exposed by the IT asset application program is matched.
8. The method of digital security management of IT assets of claim 7, wherein the vulnerability correction in closed-loop management of risk disposition specifically comprises: and the back-end micro-service module acquires the loophole, the threat and the weak password from the risk rectification unit to rectify the risk.
9. The digital IT asset safety management method according to claim 8, wherein the task status in the risk rectification process includes waiting to be assigned, waiting to be received, in rectification, waiting to be accepted, and acceptance completion; when the bug assignment modifier is not modified, the task is in a state of waiting for assignment; when the loophole is assigned to an embellisher for embellisher, the task is in a state of waiting to be received; when the bug truer receives the truing of the bug, the state of the task is in truing; when the loophole truer finishes the truing of the loophole, the state of the task is to be checked and accepted; and when the acceptance person successfully accepts the vulnerability correction result, the task is in the state of acceptance completion.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210475513.2A CN114866315A (en) | 2022-04-29 | 2022-04-29 | Digital safety management method for IT assets |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210475513.2A CN114866315A (en) | 2022-04-29 | 2022-04-29 | Digital safety management method for IT assets |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114866315A true CN114866315A (en) | 2022-08-05 |
Family
ID=82635331
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210475513.2A Pending CN114866315A (en) | 2022-04-29 | 2022-04-29 | Digital safety management method for IT assets |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114866315A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115695044A (en) * | 2022-11-29 | 2023-02-03 | 贵州电网有限责任公司 | IT asset safety control platform and management method |
| CN116074214A (en) * | 2022-12-28 | 2023-05-05 | 四川新网银行股份有限公司 | Enterprise IT asset discovery and identification system and method based on network exposure surface |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140075564A1 (en) * | 2011-06-01 | 2014-03-13 | Anurag Singla | Network asset information management |
| CN106888194A (en) * | 2015-12-16 | 2017-06-23 | 国家电网公司 | Intelligent grid IT assets security monitoring systems based on distributed scheduling |
| CN106991035A (en) * | 2017-04-06 | 2017-07-28 | 北京计算机技术及应用研究所 | A kind of Host Supervision System based on micro services framework |
| CN108712396A (en) * | 2018-04-27 | 2018-10-26 | 广东省信息安全测评中心 | Networked asset management and loophole governing system |
| CN109391636A (en) * | 2018-12-20 | 2019-02-26 | 广东电网有限责任公司 | A kind of loophole administering method and device based on hierarchical protection asset tree |
| US20210105304A1 (en) * | 2019-10-04 | 2021-04-08 | Expanse, Inc. | Network asset lifecycle management |
-
2022
- 2022-04-29 CN CN202210475513.2A patent/CN114866315A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140075564A1 (en) * | 2011-06-01 | 2014-03-13 | Anurag Singla | Network asset information management |
| CN106888194A (en) * | 2015-12-16 | 2017-06-23 | 国家电网公司 | Intelligent grid IT assets security monitoring systems based on distributed scheduling |
| CN106991035A (en) * | 2017-04-06 | 2017-07-28 | 北京计算机技术及应用研究所 | A kind of Host Supervision System based on micro services framework |
| CN108712396A (en) * | 2018-04-27 | 2018-10-26 | 广东省信息安全测评中心 | Networked asset management and loophole governing system |
| CN109391636A (en) * | 2018-12-20 | 2019-02-26 | 广东电网有限责任公司 | A kind of loophole administering method and device based on hierarchical protection asset tree |
| US20210105304A1 (en) * | 2019-10-04 | 2021-04-08 | Expanse, Inc. | Network asset lifecycle management |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115695044A (en) * | 2022-11-29 | 2023-02-03 | 贵州电网有限责任公司 | IT asset safety control platform and management method |
| CN116074214A (en) * | 2022-12-28 | 2023-05-05 | 四川新网银行股份有限公司 | Enterprise IT asset discovery and identification system and method based on network exposure surface |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108183895B (en) | Network asset information acquisition system | |
| US8087088B1 (en) | Using fuzzy classification models to perform matching operations in a web application security scanner | |
| CN114866315A (en) | Digital safety management method for IT assets | |
| CN110730175B (en) | Botnet detection method and detection system based on threat information | |
| US10977587B2 (en) | System and method for providing impact modeling and prediction of attacks on cyber targets | |
| EP2132675B1 (en) | System and method for providing application penetration testing | |
| US11038913B2 (en) | Providing context associated with a potential security issue for an analyst | |
| US9178899B2 (en) | Detecting automated site scans | |
| EP3417590B1 (en) | Phishing attack detection and mitigation | |
| CN107277038A (en) | Access control method, device and system | |
| EP3251043A1 (en) | Methods and systems for identifying potential enterprise software threats based on visual and non-visual data | |
| US9106688B2 (en) | System, method and computer program product for sending information extracted from a potentially unwanted data sample to generate a signature | |
| JP6500086B2 (en) | Two-dimensional code analysis method and apparatus, computer-readable storage medium, computer program, and terminal device | |
| CN110071806A (en) | The method and system of data processing based on interface check | |
| US20150082442A1 (en) | System and method to perform secure web application testing based on a hybrid pipelined approach | |
| CN111221625B (en) | File detection method, device and equipment | |
| Setiawan et al. | Web vulnerability analysis and implementation | |
| US9910858B2 (en) | System and method for providing contextual analytics data | |
| CN108769063A (en) | A kind of method and device of automatic detection WebLogic known bugs | |
| Tang et al. | L-WMxD: Lexical based webmail XSS discoverer | |
| US8910281B1 (en) | Identifying malware sources using phishing kit templates | |
| CN106657096B (en) | WEB vulnerability detection method, device and system | |
| CN112118238A (en) | Method, device, system, equipment and storage medium for authentication login | |
| US9077745B1 (en) | Method of resolving port binding conflicts, and system and method of remote vulnerability assessment | |
| CN110837646A (en) | Risk investigation device of unstructured database |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |