CN114915431A - State detection method, node, system and storage medium - Google Patents
State detection method, node, system and storage medium Download PDFInfo
- Publication number
- CN114915431A CN114915431A CN202110127456.4A CN202110127456A CN114915431A CN 114915431 A CN114915431 A CN 114915431A CN 202110127456 A CN202110127456 A CN 202110127456A CN 114915431 A CN114915431 A CN 114915431A
- Authority
- CN
- China
- Prior art keywords
- node
- state detection
- baseline
- security baseline
- detection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 446
- 238000000034 method Methods 0.000 claims abstract description 52
- 230000015654 memory Effects 0.000 claims description 36
- 238000004891 communication Methods 0.000 claims description 26
- 238000012545 processing Methods 0.000 claims description 24
- 238000004590 computer program Methods 0.000 claims description 18
- 238000005516 engineering process Methods 0.000 abstract description 4
- 238000013515 script Methods 0.000 description 69
- 238000012795 verification Methods 0.000 description 44
- 238000010586 diagram Methods 0.000 description 16
- 238000007689 inspection Methods 0.000 description 7
- 238000012217 deletion Methods 0.000 description 5
- 230000037430 deletion Effects 0.000 description 5
- 230000006870 function Effects 0.000 description 5
- 238000012360 testing method Methods 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 2
- 239000002699 waste material Substances 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 230000003044 adaptive effect Effects 0.000 description 1
- 230000002457 bidirectional effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004422 calculation algorithm Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 238000004806 packaging method and process Methods 0.000 description 1
- 230000001105 regulatory effect Effects 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/50—Testing arrangements
Abstract
The application discloses a state detection method, which is applied to a first node, wherein the first node can provide a safety baseline for at least one second node; the safety baseline is used for the second node to execute state detection; the method comprises the following steps: acquiring a first configuration parameter; the first configuration parameters comprise condition configuration parameters for detecting the state of each second node; determining a security baseline based on the first configuration parameter; providing a security baseline to the second node; the safety baseline is used for the second node to execute state detection to obtain state detection data; acquiring state detection data of a second node; and generating a state detection result of the second node based on the state detection data. The application also discloses a state detection method applied to the second node, the first node, the second node, a state detection system and a storage medium. The state detection method disclosed by the application solves the problem that the safety standard of each branch network of an enterprise and public institution can not be popularized in the related technology.
Description
Technical Field
The present disclosure relates to the field of information technologies, and in particular, to a state detection method, a first node, a second node, a state detection system, and a computer-readable storage medium.
Background
The network Security state of the network of the enterprise and public institution generally needs various types of Security standards issued based on the country or a regulatory structure, such as Comprehensive Intranet Security (CIS), level protection of 2.0, and Security detection of related device nodes in the network of the enterprise and public institution. In the related art, the security baseline on which each branch network in the enterprise and public institution network performs security detection is usually flexibly determined by the administrator of each branch network according to the security standard in combination with the actual operating state of the branch network.
The safety inspection based on the safety baseline can realize the real-time monitoring of software version, environment configuration and the like. However, in practical applications, the standards of the security baselines of the respective branch networks are not uniform, and the inspection flows when performing security inspection are also not uniform, so that the security specifications of the respective branch networks can only be applied to the inside of the respective sub-networks, cannot be widely popularized in the enterprises and public institutions, and cannot acquire the overall state of the enterprise and public institution networks.
Disclosure of Invention
The application provides a state detection method, a first node, a second node, a state detection system and a computer readable storage medium.
In the state detection method provided by the application, the first node can obtain the condition configuration parameters of the state detection of each second node, uniformly determine the safety base line based on the condition configuration parameters, then send the safety base line to the second nodes for the second nodes to execute the state detection, and also can obtain the state detection data obtained by the second nodes to execute the state detection, and generate the state detection result of the second nodes according to the second state detection data, so that the problem that the safety standards of each branch network of an enterprise and public institution in the related technology cannot be popularized is solved, the method can determine the safety base line suitable for each node in the network of the enterprise and public institution, and a foundation is laid for the popularization of the safety base line; and each node can execute state detection based on the safety baseline and send state detection data to the first node, so that the safety state of the enterprise and public institution network can be generally grasped.
The technical scheme provided by the application is as follows:
a state detection method is applied to a first node, and the first node can provide a safety baseline for at least one second node; the security baseline is used for the second node to execute state detection; the method comprises the following steps:
acquiring a first configuration parameter; the first configuration parameter comprises a condition configuration parameter for detecting the state of each second node;
determining the security baseline based on the first configuration parameter;
providing the security baseline to the second node; the safety baseline is used for the second node to execute state detection to obtain state detection data;
acquiring state detection data of the second node;
and generating a state detection result of the second node based on the state detection data.
The application also provides a state detection method, which is applied to a second node, wherein the second node can obtain a safety baseline provided by a first node; the security baseline is for use by the second node in performing status detection, the method comprising:
acquiring the security baseline provided by the first node; the safety baseline is determined based on first configuration parameters after the first node acquires the first configuration parameters; the first configuration parameters comprise condition configuration parameters for carrying out state detection on the second node;
the application also provides a first node which can provide a safety baseline for at least one second node; the security baseline is used for the second node to execute state detection; the first node comprises: the system comprises a first acquisition module, a first processing module and a first sharing module; wherein:
the first obtaining module is used for obtaining a first configuration parameter; the first configuration parameter comprises a condition configuration parameter for detecting the state of each second node;
the first processing module is configured to determine the security baseline based on the first configuration parameter;
the first sharing module is configured to provide the security baseline to the second node; the safety baseline is used for the second node to execute state detection to obtain state detection data;
the first obtaining module is further configured to obtain status detection data of the second node;
the first processing module is further configured to generate a state detection result of the second node based on the state detection data; wherein the state detection data represents data obtained by the second node performing state detection based on the security baseline.
The application also provides another first node, which can provide a safety baseline for at least one second node; the security baseline is used for the second node to execute state detection; the first node comprises: a first processor, a first memory, and a first communication bus, wherein:
the first communication bus is used for realizing communication connection between the first processor and the first memory; the first processor is configured to implement a computer program stored in the first memory to implement a state detection method as applied to the first node as described in any of the preceding.
The application also provides a second node, wherein the second node can acquire the security baseline provided by the first node; the security baseline is used for the second node to execute state detection; the second node comprises: the system comprises a second acquisition module, a second processing module and a second sharing module; wherein:
the second obtaining module is configured to obtain the security baseline provided by the first node; the safety baseline is determined based on first configuration parameters after the first node acquires the first configuration parameters; the first configuration parameter comprises a condition configuration parameter for carrying out state detection on the second node;
the second processing module is used for executing the state detection based on the safety baseline to obtain state detection data;
the second sharing module is configured to provide the status detection data to the first node.
The application also provides another second node, wherein the second node can acquire the security baseline provided by the first node; the security baseline is used for the second node to execute state detection; the second node comprises: a second processor, a second memory, and a second communication bus, wherein:
the second communication bus is used for realizing communication connection between the second processor and the second memory; the second processor is configured to implement a computer program stored in the second memory to implement the state detection method applied to the second node as described in any of the previous paragraphs.
The present application also provides a state detection system comprising a first node as described above and at least one second node as described above.
The present application further provides a computer-readable storage medium having a computer program stored therein; the computer program is executable by a processor to implement a state detection method as applied to a first node as described in any one of the preceding claims or a state detection method as applied to a second node as described in any one of the preceding claims.
As can be seen from the above, in the state detection method applied to the first node, the security baseline is determined based on the condition configuration parameters for performing the state detection on each second node, the first node can not only uniformly provide the security baseline for at least one second node, but also can send the security baseline to the second node for the second node to perform the state detection, and after receiving the state detection data sent by the second node, the state detection result of the second node can be generated according to the state detection data.
Therefore, in the state detection method applied to the first node, the first node can determine the safety baseline meeting the state detection requirement of each second node, so that the unified establishment of the safety baselines in the enterprises and public institutions is realized, and the comprehensive popularization of the safety baselines in the network of the enterprises and public institutions is facilitated; after the state detection of each second node is finished, the security detection result of the second node can be obtained according to the state detection data of the second node, so that the overall security state of the enterprise and public institution network can be mastered.
Drawings
Fig. 1 is a schematic flowchart of a state detection method applied to a first node according to the present application;
fig. 2 is a schematic flowchart of a first verification operation performed by a first node for a second node according to the present application;
FIG. 3 is a schematic flow chart illustrating a process for a second node to perform identity verification on a first node according to the present application;
fig. 4 is a schematic flow diagram illustrating a first node pushing inspection script provided in the present application;
fig. 5 is a schematic flowchart of a process in which a first node pushes a detection item to a second node according to the present application;
fig. 6 is a schematic flow chart of acquiring state detection data by a first node according to the present application;
fig. 7 is a schematic flow diagram illustrating a process that a first node provides a detection result JavaScript Object Notation (JSON) file to a second node according to the present application;
fig. 8 is a schematic flow chart illustrating a process of providing a state detection result from a first node to a second node according to the present application;
fig. 9 is a schematic flow chart of a state detection method applied to a second node according to the present application;
fig. 10 is a schematic diagram illustrating an offline state detection execution and offline state detection data uploading process provided in the present application;
FIG. 11 is a block diagram illustrating a compliance check architecture between headquarters and branches of an enterprise platform, according to the teachings of the present application;
fig. 12 is a schematic structural diagram of a first node provided in the present application;
fig. 13 is a schematic structural diagram of a first second node provided in the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application.
It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
The present application relates to the field of information technology, and in particular, to a state detection method, a first node, a second node, a state detection system, and a computer-readable storage medium.
In the detection method, the first node can acquire condition configuration parameters for performing state detection on any second node in the current network, and determine a unified security baseline based on the condition configuration parameters so as to perform security check on any second node, and the first node can also generate a security detection result of any second node according to the security check data of any second node, so that the security state of each node in the whole network can be integrally controlled.
In an embodiment of the present application, a first node can provide a security baseline for at least one second node, where the security baseline is used for the second node to perform status detection.
In one embodiment, the first node may be a node where a headquarters compliance platform of a certain enterprise and public institution is located, and is also referred to as a primary node. Accordingly, the second node may be a node where the branch compliance platform of the enterprise and public institution is located, and may also be referred to as a secondary node.
In one embodiment, the security baseline may be generated by the first node according to the configuration parameters of each second node; the security baseline, for example, may include rules for performing state detection for each second node, and scripts for implementing the rules.
In one embodiment, the state detection performed by the second node may be performed with respect to all or part of the environment of the second node, where the environment may include a software environment and/or a hardware environment. Wherein, the software environment and/or the hardware environment may include at least one of the following: the software environment and/or hardware environment of the specified type in the second node, the software environment and/or hardware environment with higher resource utilization rate in the specified operation period in the second node, and the software environment and/or hardware environment with longer operation time in the second node.
In one embodiment, a network of an enterprise may include at least one first node and a plurality of second nodes, and a communication connection may be established between each first node and any one of the second nodes, and through the communication connection, the first node may provide a security baseline to the second nodes.
The state detection method applied to the first node according to the embodiment of the present Application may be implemented by a Processor of the first node, where the Processor may be at least one of an Application Specific Integrated Circuit (ASIC), a Digital Signal Processor (DSP), a Digital Signal Processing Device (DSPD), a Programmable Logic Device (PLD), a Field Programmable Gate Array (FPGA), a Central Processing Unit (CPU), a controller, a microcontroller, and a microprocessor.
Fig. 1 is a schematic flowchart of a state detection method applied to a first node according to an embodiment of the present disclosure. As shown in fig. 1, the method may include the following processes:
The first configuration parameters comprise condition configuration parameters for detecting the state of each second node.
In one embodiment, the first configuration parameter may be determined according to any one of the following conditions: the configuration of the software environment and/or the hardware environment of each second node; the type of traffic or data processed by each second node; the operating load rate of each second node; the requirements of the client object to which each second node is directed.
In one embodiment, the security baseline may be a rule for performing state detection on a software environment and/or a hardware environment of a specified type in each second node based on the first configuration parameter. Illustratively, in the safety baseline, the time, condition, etc. of performing the status detection may be included; illustratively, a security baseline may include a detection script for each second node to perform status detection, and a detection item.
In one embodiment, the security baseline may be determined after a security specification is subjected to standardized discussion and standardized suggestion by a security expert team and security interface persons designated by each branch unit in the enterprise and public institution on the basis of the first configuration parameter, a reasonable version is formulated, and a high-strength pressure test is performed by means of software and hardware resources in the enterprise and public institution. Therefore, the authority of the safety baseline determined in the above way is enough, and the version is unique, so that the method can be quickly applied to the state detection of each second node.
In the embodiment of the application, because the condition configuration parameters of each second node for state detection are fully considered in the process of determining the safety baseline, the safety baseline determined by the method can meet the state detection requirement of each second node in the enterprise and public institution network.
And step 103, providing a safety baseline for the second node.
And the safety baseline is used for the second node to execute state detection to obtain state detection data.
In one embodiment, providing the security baseline to the second node may be performed in any of the following cases: under the condition that a first node receives a security baseline acquisition request sent by a second node; and immediately transmitting to the second node in case of the safety baseline determination.
In one embodiment, providing the security baseline to the second node may be achieved by:
the first node stores the safety baseline under the first path, and sends the address of the first path to the second node, and the second node obtains the safety baseline from the first path. Illustratively, the security baseline may be a security baseline pushed by the first node to the second node through a Secure File Transfer Protocol (SFTP). Illustratively, the first node may store the security baseline under the second path through SFTP and transmit the second path to the second node, and the second node may acquire the security baseline from under the second path and perform data warehousing to store the security baseline in the database.
And 104, acquiring state detection data of the second node.
In one embodiment, the status detection data of the second node may include at least one of the following data: the second node performs state detection based on the safety baseline to obtain detection data corresponding to each inspection item; the second node performs state detection on the specified detection items based on the safety base line to obtain detection data corresponding to each detection item; after the second node receives the safety baseline, under the condition that the state detection condition is met, executing data obtained by state detection based on the safety baseline; and after the second node successfully executes the warehousing operation, acquiring the security baseline from the database, and performing state detection on the detection items defined in the security baseline based on the detection script in the security baseline to obtain data.
And 105, generating a state detection result of the second node based on the state detection data.
In one embodiment, the status detection result may include any one of the following information: information whether the second node is currently in a safe state; whether the software and/or hardware environment in the second node is set to have information which is not in accordance with the specification; information instructing the second node to perform a state improvement of the software and/or hardware.
Accordingly, the state detection result of the second node may be obtained by any one of the following methods:
after the first node acquires the state detection data of the second node, the first node compares and judges the state detection data of the second node based on the standard reaching standard of each device in the safety baseline, and thus the state detection result of the second node is obtained;
after the first node acquires the state detection data of the second node, the state detection data of the second node is compared and calculated based on rules and algorithms contained in the safety baseline, and therefore the state detection result of the second node is obtained.
Therefore, in the state detection method applied to the first node, the first node can determine the safety baseline meeting the state detection requirement of each second node, so that the unified establishment of the safety baselines in the enterprises and public institutions is realized, and the comprehensive popularization of the safety baselines in the network of the enterprises and public institutions is facilitated; after the state detection of each second node is finished, the security detection result of the second node can be obtained according to the state detection data of the second node, so that the overall security state of the enterprise and public institution network can be mastered.
Illustratively, the first node may also perform an authentication operation prior to step 103. Wherein, the authentication operation can be realized through step a 1-step a 2:
step A1, executing a first verification operation to obtain a first verification result.
The first authentication operation is used for authenticating the second node.
In one embodiment, the second node may send an authentication request to the first node when it needs to acquire data managed by the first node, such as a detection script or a detection item in a security baseline, so that the first node performs a first authentication operation on the second node.
In one embodiment, the first verification operation may be used to verify any of the following: whether the second node is a legal node in the enterprise and public institution network or not; whether the second node is in a safe state at present, namely whether the second node is attacked by virus or Trojan horse; any one of the user name, the password, the system number and the like of the second node, wherein the system number can be used for representing a network mark allocated to each second node in the enterprise and public institution. Illustratively, the system number may be the number of the province where a certain branch company is located.
In one embodiment, after the first verification operation passes, the first node can assign tokens to the second node and assign a validity period to each Token. During the validity period, any data request sent by the second node to the first node may carry Token for fast authentication.
Correspondingly, if the first verification operation does not pass, a failure reason is returned to the second node.
And step A2, sending the first verification result to the second node.
In one embodiment, the first verification result may include a result of the first verification operation passing or failing. Exemplarily, if the first verification operation passes, the Token allocated for the second node is carried in the first verification result. If the first verification operation does not pass, the first verification result carries the reason of the verification failure.
Table 1 illustrates the relevant parameters in the first verification result. Table 1 includes six columns of data including data type, data flow direction, parameter name, parameter type, parameter meaning, and parameter necessity.
In table 1, the data type is authToken, which can be implemented by the authority verification interface stored in the path/bms/v 1/authToken based on POST manner; the data flow from the second node to the first node may indicate that the second node sends an authentication request to the first node, and the data flow from the first node to the second node may indicate that the first node sends a first authentication result to the second node, where the parameter name corresponding to the data flow from the second node to the first node may include three parameters, provCode, userName, and password.
Wherein, the provCode parameter type is String, which represents the fractional coding, which is the necessary parameter, i.e. M; the userName parameter type is String, which represents the user name, and the parameter necessity is M; the password parameter type is String, the parameter meaning is password (md5 encryption), and the parameter necessity is M.
In table 1, the parameter names corresponding to the data flows from the first node to the second node may include: token, expiryTime, and errorMsg. Wherein the parameter type of Token is String, the parameter meaning is Token, and the Token is an unnecessary parameter; the parameter type of expiryTime is long, the parameter meaning is Token validity period, the time length of the default validity period of Token is 30 minutes, the validity period can be self-defined and is an unnecessary parameter; the parameter type of the errorMsg is String, and the parameter means error information and is an unnecessary parameter.
TABLE 1
Fig. 2 is a flowchart illustrating a first verification operation performed by a first node with respect to a second node according to an embodiment of the present application.
In fig. 2, the second node sends an authentication request to the first node, where the authentication request may carry parameters userName, passcode, and provCode, and after receiving the request, the first node searches for a corresponding second node user according to the provCode, and verifies a userName and a password of the second node. If the verification passes, constructing a first token, adding the validity period of the first token into the first token, caching the relation between the first token and the second node, and then returning the first token to the second node; and if the verification fails, returning a verification failure result to the second node.
When the first node sends a data request to the second node, the authentication operation may be implemented by step B:
and step B, receiving a second verification result sent by the second node.
The second verification result is obtained by executing second verification operation on the second node; a second authentication operation, an authentication operation of the first node for the second node.
In an embodiment, the second authentication result may be obtained by performing a second authentication operation on the first node by the second node when the second node receives the authentication request sent by the first node. The data structure of the second verification result is the same as the data structure of the first verification result in table 1, and is not described herein again.
Fig. 3 is a schematic flowchart of a process of a second node performing identity authentication on a first node according to an embodiment of the present application. The first node sends an identity authentication request carrying the userName, the password and the provCode to the second node, and the second node authenticates the provCode, the userName and the password after receiving the request. Exemplarily, if the verification passes, constructing a second token, adding the validity period of the second token into the second token, caching the relationship between the second token and the first node, and then returning the second token to the first node; and if the verification fails, returning the reason of the failure of the verification to the first node.
Through the operation, the bidirectional equipment identity authentication can be realized between the first node and the second node, so that a foundation is laid for the safe and stable transmission of subsequent detection scripts, detection items and state detection data.
Illustratively, before step 104, the state detection method provided in this embodiment of the present application may further include the following operations:
acquiring second information; second information is provided to the second node for the second node to perform state detection based on the second information and the security baseline. And the second information comprises option information for detecting any item in the software and/or hardware environment of the second node.
In one embodiment, the second information may be provided by the first node to the second node via SFTP. Wherein the first node may provide the second information to the second node according to a preset period. The second information may be specified by the first node according to an actual operating state of each of the second nodes, for example. Wherein, the first node executes the operation of acquiring the second information after finishing the pushing of the detection script
In one embodiment, the second node performs the status detection based on the second information and the security baseline, and may be implemented by:
and the second node determines at least one target script from the plurality of inspection scripts of the safety baseline based on the second information, and executes the at least one target detection script based on the detection script starting and executing mode defined by the safety baseline so as to realize state detection.
Various parameters and parameter descriptions required in the process of pushing the detection script are summarized in table 2.
Table 2 includes six columns of data including data type, data flow direction, parameter name, parameter type, parameter meaning, and parameter necessity.
The data type is a POST type, and can be realized through a detection script push interface stored in a path/bms/v 1/pushScript.
In table 2, a data flow direction from the first node to the first node may indicate that the first node initiates a detection script push request to the second node, and a data flow direction from the second node to the first node may indicate that the second node returns a script push result to the first node.
In table 2, the data flow in the direction from the first node to the second node may include pushType, filePath, and scriptId. The parameter types of the respective parameters are shown in table 2, and are not described herein again. The pushType represents a push type, when the pushType is 0, all detection scripts are pushed to a second node, when the pushType is 1, newly-added detection scripts are pushed to the second node, when the pushType is 2, modified detection scripts are pushed to the second node, and when the pushType is 3, information for deleting the detection scripts is pushed to the second node; the parameter necessity is M.
filePath represents the file path of the SFTP file server of the first node, and the parameter necessity is C, namely the condition is optional, namely if the pushType has a value not 3, the filePath is an optional parameter, otherwise, the filePath is an optional parameter. The script id represents the detection script identification, and the parameter necessity is C, i.e. if the push type is 3, this parameter is a necessary parameter or an optional parameter.
TABLE 2
The data flow from the second node to the first node to the corresponding parameter name may include: success and errorMsg. If success is true, the detection script of the first node is pushed successfully, if the success value is false, the detection script of the first node is pushed unsuccessfully, the parameter necessity is a necessary parameter M, the error Msg represents error information, and the parameter necessity is O.
Fig. 4 is a schematic flow chart of a first node push check script according to an embodiment of the present application.
In fig. 4, a group user of an enterprise and public institution executes a new detection script and modifies the detection script, and uploads the new detection script and the modified detection script to a first node, and after receiving the new detection script and the modified detection script, the first node executes data storage to upload the detection script to a first node file server, and then pushes a detection script interface to a second node through an https request, so that the second node can obtain a path and a name of the detection script; and after receiving the detection script pushing message, the second node acquires a detection script file according to the path, executes the data warehousing operation of the detection script, and simultaneously returns a detection script pushing result to the first node. After a group user of an enterprise and public institution executes detection script deletion operation, pushing a detection script deletion result to a first node, executing data warehousing operation by the first node, updating a detection script, and pushing a detection script deletion operation to a second node through a pushing detection script interface so that the second node deletes a corresponding detection script; and after deleting the corresponding detection script, the second node executes data warehousing operation and returns a detection script deletion result to the first node.
Table 3 is a parameter summary table for the first node providing the second information to the second node according to the embodiment of the present application. Table 3 includes six columns of data including data type, data flow, parameter name, parameter type, parameter description, and parameter necessity.
The request type is POST, and the request type can be realized through a check item pushing interface stored under a path/bms/v 1/pushCheckitem; the data flow may include a pushed test item request in the direction from the first node to the second node, and a returned test item push result in the direction from the second node to the first node.
In table 3, the data flow in the direction from the first node to the second node may include a pushType, a filePath, and a checkitemld.
In table 3, the data flow returned by the second node to the first node may include the parameter name corresponding to the data flow: success and errorMsg. If the success value is true, the detection item of the first node is successfully pushed, and if the success value is false, the detection item of the first node is failed to be pushed, and the parameter necessity is M, namely a necessary parameter; if the success value is false, error msg represents error information, and the parameter necessity is an optional parameter O.
Wherein, pushType represents the detection item, and the type of the pushed detection item includes the following: when the pushType is 0, all detection items are pushed to the second node, when the pushType is 1, the newly added detection items are pushed to the second node, when the pushType is 2, the modified detection items are pushed to the second node, and when the pushType is 3, the information of the detection items is pushed to the second node; the parameter necessity is M. The checkitemId parameter is the detection item identification; the parameter necessity is conditional C, that is, if the pushType pushed by the detection item is 3, the parameter is M. filePath is the file path of the SFTP file server of the first node, and the parameter necessity is C, that is, if the pushType has a value other than 3, filePath is the necessary parameter, otherwise, it is the optional parameter.
TABLE 3
Fig. 5 is a schematic flowchart of a process that a first node pushes a detection item to a second node according to the embodiment of the present application.
In fig. 5, after performing operations of adding and modifying a detection item, a group user of an enterprise and public institution synchronizes the added and modified detection item to a first node, the first node receives a message of the added and modified detection item pushed by the group user, executes data warehousing to upload the detection item to a first node file server, and sends an https request to push the updated detection item to a second node through a detection item pushing interface, where the https request carries an updated detection item file path and a file name; after receiving the https request, the second node may obtain the detection item according to the path, execute a data warehousing operation of the detection item, and then send a pushing result of the detection item to the first node. The first node file server may be the first node itself, or may be another device that establishes a communication connection with the first node.
In fig. 5, after a group user executes an operation of deleting a detection item, a deletion result is synchronized to a first node, the first node executes an operation of putting detection item data into a database, and sends an https request to push an updated detection item to a second node based on a detection item interface, where the https request carries an updated detection item file path and a file name; after receiving the https request, the second node may direct to a detection item file path to obtain a check item, execute a detection item data warehousing operation, and then send a detection item push result to the first node. In the process of deleting the detection item, because a new detection item is not generated, the result of deleting the detection item is directly sent to the second node so that the second node can delete the corresponding detection item.
Illustratively, the state detection data of the second node may be implemented by:
the second node executes state detection based on the detection script and the second information, after the state detection is finished, state detection data can be automatically generated through the detection script, and after the state detection data are generated, the second node can send the state detection data to the first node through the SFTP.
Exemplarily, table 4 is a parameter description set used in a process of reporting the state detection data to the first node by the second node according to the embodiment of the present application.
Table 4 includes six columns of data including data type, data flow, parameter name, parameter type, parameter description, and parameter necessity.
The data type is a POST type, and can be realized through a detection script execution result pushing interface stored under a path/bms/v 1/UploadScriptExecuteResult/{ provCode }.
In table 4, the data flow is to the detection item request which may include a push from the first node to the first node, and the detection item push result is returned to the first node from the second node to the first node.
In table 4, the data flow in the direction from the second node to the first node may include: success and errorMsg. The description of these two parameters is the same as that in table 3, and will not be described herein again. The parameters corresponding to the data flow in the direction from the first node to the second node may include checkType, checkplan id, filePath, and assetCount. The checkType parameter type is int, which represents a check type, and the check type may include the following: when the checkType is 1, the compliance detection is indicated; when the checkType is 2, a weak password is indicated; the parameter checkPlanId is a detection batch identifier, and the parameter is provided by the second node for judging the uniqueness of the detection operation corresponding to the current detection data; the parameter necessity is M; the parameter filePath is the second node SFTP file server file path (with file name), and the parameter necessity is C; the parameter assetCount represents the number of devices and needs to be consistent with the number of devices in the JSON file.
TABLE 4
The JSON file in the embodiment of the present application may be in a file format agreed between the first node and any second node. For example, when the second node performs the status detection based on the security baseline and the detection item, the number of devices specified in the detection item may be added to the JSON file, and the status detection data may be filled in the specified field of the JSON file according to the JSON file format, so that after the first node acquires the status detection data from the JSON file, the status detection data of the second node may be acquired conveniently and quickly from the JSON file according to the agreed rule.
Fig. 6 is a schematic flow chart of acquiring state detection data by a first node according to an embodiment of the present application.
In fig. 6, a second node user creates a detection plan and uploads the detection plan to a second node, the second node performs state detection according to the detection plan and a security baseline and/or an inspection item, constructs a JSON file, uploads the JSON file to a second node file server, calls a reporting script execution result interface through an https request, and informs a path and a file name of the JSON file to the first node, the first node logs in the second node file server to obtain the JSON file according to the path and the file name of the JSON file, and returns a JSON file acquisition result to the second node, and the second node can also send the JSON file acquisition result of the first node to the second node user. The second node file server may be the second node itself, or may be another device that establishes a communication connection with the second node. For example, in the process of performing state detection by the second node, after the execution of the detection script corresponding to any device is finished, the second node may determine whether all device detections have been completed, or whether a specified number of device detections have been completed; before uploading the JSON file to a second node server, compressing and packaging the JSON file; after the first node acquires the JSON file, the JSON file can be analyzed to determine whether the number of devices performing state detection in the JSON file is consistent with the assetCount.
Illustratively, the state detection method applied to the first node provided in the embodiment of the present application may further include step C:
and step C, providing a state detection result for the second node.
Illustratively, providing the status detection result to the second node may be performed by SFTP.
Illustratively, Table 5 provides a summary of parameters for the first node to provide the status detection results to the second node. Table 5 includes six columns of data including data type, data flow, parameter name, parameter type, parameter description, and parameter necessity. In table 5, the parameters consistent with those in table 3 are not described again. The data type is a POST type and can be sent through a state detection result push interface stored under a path/bms/v 1/pushCheckResult.
In table 5, the data flow direction may include the status detection result pushed by the first node to the second node, and the second node pushes the status detection result to the first node. The parameters corresponding to the data flow in the direction from the first node to the second node may include checkType, checkplan id, filePath, and assetCount. The checkType represents a detection type, and when the checkType is 1, the compliance detection is represented; the parameter checkPlanId is a detection batch identifier, and the parameter is provided by the second node and is used for judging the uniqueness of the detection operation corresponding to the current detection result; the parameter necessity is M; the parameter filePath represents the second node SFTP file server file path (with file name), and the parameter necessity is C; the parameter assetCount represents the number of devices, and the parameter value of the parameter should be consistent with the number of devices in the JSON file.
TABLE 5
Fig. 7 is a schematic flowchart of a process that a first node provides a detection result JSON file to a second node according to the embodiment of the present application. In fig. 7, after acquiring a JSON file carrying state detection data of a second node, a first node parses the JSON file, determines whether a detection result is compliant, constructs the JSON file according to the determination result, uploads the JSON file to a first node file server, sends an https request to the second node through a detection result push interface, sends a path and a file name of the JSON file of the detection result to the second node, and after receiving the path and the file name of the JSON file of the detection result, the second node logs in the first node file server to acquire the JSON file of the detection result, and sends an acquisition result of the JSON file to the first node.
Therefore, in the state detection method applied to the first node provided by the embodiment of the application, the first node can acquire the state detection data of any second node, and can also obtain the state detection result of the second node based on the state detection data of the second node, so that the overall control of the state detection result of any second node by the first node is realized, and the enterprise group can be facilitated to integrally control the security state of the enterprise network.
Exemplarily, the step C may also be realized by the step D1-the step D2:
and D1, receiving a state detection result acquisition request sent by the second node.
The state detection result acquisition request is sent by the second node when the state detection result provided by the first node is not acquired within the specified time.
In an embodiment, the second node does not acquire the state detection result provided by the first node within a specified time, which may occur when the first node or a file server of the first node fails, or when a communication link state communication link between the first node and the second node is congested. The specified time may be a time length set by the enterprise.
And D2, providing the second node with the state detection result of the second node.
Table 6 is a parameter summary of the second node sending the status detection result acquisition request to the first node and the first node sending the status detection result to the second node in this embodiment of the application.
Table 6 includes six columns of data including data type, data flow, parameter name, parameter type, parameter description, and parameter necessity. In table 6, the same parameters as those in table 5 are not described again.
The data type is a GET type, and can be realized through a state detection result push interface stored under a path/bms/v 1/queryCheckResult/{ provCode }. In table 6, the data flow may include a status detection result acquisition request sent by the second node to the second node and a status detection result sent by the first node to the second node.
In table 6, the parameters of the data flow from the first node to the second node may include: success and errorMsg and fileDirectory. Wherein, the descriptions of the parameters of success and errorMsg are consistent with those in table 5, which is not described herein again; if the success value is true, the fileDirectory represents the STPF file path of the first node, and if the fileDirectory is empty, the state detection result is not generated, and the parameter necessity is O.
TABLE 6
Fig. 8 is a schematic flowchart of a process that a first node provides a state detection result to a second node according to an embodiment of the present application. In fig. 8, the second node sends a request for obtaining the state detection result to the first node through the interface for querying the state detection result, so that the first node queries the state detection result of the corresponding batch identifier, determines the batch requested by the second node to query all JSON files of the batch, packages the JSON files into a compressed file, uploads the compressed file to the first node file server, and then returns the path and the file name of the JSON compressed file to the second node; and finally, returning a processing result of obtaining the state detection result to the second node.
Illustratively, the https request sent by the second node to the first node may carry a token and a batch identifier locally cached by the second node.
Therefore, according to the state detection method applied to the first node provided by the embodiment of the application, the first node can acquire the condition configuration parameters for state detection of any second node, and uniformly determine the safety baseline applicable to each second node based on the condition configuration parameters, so that the safety baseline can be popularized in the enterprise and public institution network in the horizontal and longitudinal directions, and the state detection requirement of each second node can be grasped on the whole; in addition, after the first node provides the security baseline to the second node, the second node can also be provided with option information of state detection, so that the second node can perform targeted state detection according to the security baseline and the option information of state detection, on one hand, the state detection of the second node is more flexible, on the other hand, the double waste of time and resources caused by comprehensive state detection is reduced, and the first node can flexibly control the state detection focus of each second node; after the state detection of the second nodes is finished, the first node can generate the state detection results of the second nodes according to the acquired state detection data of the second nodes, so that the first node can generally grasp the safety state of each second node.
Based on the foregoing embodiments, the present application provides a first state detection method applied to a second node, where the second node can obtain a security baseline provided by the first node, and the security baseline is used for the second node to perform state detection.
It should be noted that the state detection method applied to the second node may be implemented by a processor of the second node. The processor may be at least one of ASIC, DSP, DSPD, PLD, FPGA, CPU, controller, microcontroller, and microprocessor.
Fig. 9 is a schematic flowchart of a first state detection method applied to a second node according to an embodiment of the present application, where the method includes the following steps:
The safety baseline is determined based on the first configuration parameter after the first node acquires the first configuration parameter; the first configuration parameters comprise condition configuration parameters for carrying out state detection on the second node.
And step 902, executing state detection based on the safety baseline to obtain state detection data.
As can be seen from the above, the second node in the state detection method applied to the second node according to the embodiment of the present application can obtain the condition configuration parameters of the first node based on the state detection performed on each second node, determine the security baseline applicable to each second node, and can also perform the state detection based on the security baseline received from the first node, obtain the state detection data, and provide the state detection data to the first node. Therefore, any second node in the enterprise and public institution can acquire the safety baseline adaptive to the second node, so that the safety baseline of the enterprise and public institution can be widely popularized, the state detection data is uniformly processed by the first node, and the first node can master the safety state of each second node in real time.
For example, before step 901, the method for detecting a state applied to a second node provided in the embodiment of the present application may further include the following steps:
receiving a first verification result sent by a first node; wherein the first verification result represents a result of an authentication operation performed by the first node with respect to the second node; alternatively, the first and second electrodes may be,
executing a second verification operation to obtain a second verification result; sending the second verification result to the first node; the second verification operation is used for performing identity verification on the first node; and the second verification result is the result of the authentication of the second node aiming at the first node.
Illustratively, step 902 may be implemented by:
acquiring second information sent by a first node; and executing state detection based on the second information and the safety baseline to obtain state detection data.
And the second information comprises option information for detecting any item in the software and/or hardware environment of the second node.
For example, the state detection method applied to the second node provided in the embodiment of the present application may further include step E1 to step E2:
step E1, sending a status detection result acquisition request to the first node when the status detection result of the second node provided by the first node is not acquired within the specified time.
And E2, acquiring the state detection result of the second node sent by the first node.
For example, in the state detection method applied to the second node provided in the embodiment of the present application, for a device in the second node that is not configured with an environment for automatically performing state detection, state detection is performed based on a security baseline to obtain state detection data, and further, the method may further include steps F1 to F2:
step F1, when at least one of the second nodes satisfies a specified condition, obtaining a second configuration parameter.
Specifying a condition indicating that an execution environment for state detection is not set in at least one child node; and the second configuration parameters comprise parameters for carrying out state detection on at least one child node.
In one embodiment, at least one child node may be any software and/or hardware device in the second node.
In one embodiment, an execution environment not provided with status detection may indicate that no relevant detection script acquisition and execution environment is installed in the child node.
In one embodiment, the second configuration parameter may be constructed by a user of the child node based on a status detection requirement of the child node.
And F2, performing state detection on at least one child node based on the second configuration parameters and the safety baseline to obtain state detection data.
In one embodiment, the security baseline may be obtained based on a communication connection between a child node which is not currently configured with status detection and a child node which is configured with status detection.
In an embodiment, based on the second configuration parameter and the security baseline, performing state detection on at least one child node to obtain state detection data, which may be configuring a detection script execution environment by a user of the at least one child node, loading the second configuration parameter into a detection script of the security baseline, and starting the detection script to execute state detection.
The status detection process of the child node corresponding to step F1 to step F2 may be referred to as offline status detection. And after the offline state detection is finished, state detection data is obtained and can be provided to the first node through the communication connection between the child node configured with the state detection environment and the first node.
Illustratively, table 7 provides a summary of parameters required for the offline status detection provided by the embodiment of the present application to the first node.
In table 7, the data type is POST type, and may be sent through the offline state detection result pushing interface stored under path/bms/v 1/uploadoffflinsescriptrult/{ provCode }.
In table 7, the data flow direction may include that the second node pushes the offline state detection result to the first node, and the first node may send its acquisition result of the offline state detection result to the second node in the direction of the second node.
The fileCount in table 7 indicates the number of files corresponding to the offline detection, and is used for the first node to check the number of files of the offline state detection result, and the parameter is M.
TABLE 7
The other parameters in table 7 are consistent with the description of the same parameters in the previous embodiments, and are not repeated herein.
Fig. 10 is a schematic diagram of a process of performing offline state detection and uploading offline state detection data according to an embodiment of the present application.
In fig. 10, a second node user creates an offline detection configuration parameter and uploads the offline detection configuration parameter to a second node not configured with a state detection environment, the second node acquires and executes an offline detection script, then uploads an offline state detection result to a file server of the second node, and then calls an offline state detection result reporting interface through an https request to notify a path and a file name of an offline state detection result file of a first node, so that the first node acquires a corresponding offline state detection result file, determines whether the number of the offline state detection result files is consistent with the number of the offline file detection result files uploaded by the second node, and then returns file number information to the second node.
Therefore, according to the state detection method applied to the second node provided by the embodiment of the application, after the second node acquires the corresponding security baseline, the state detection can be executed based on the state detection option information sent by the first node, so that double waste of time and resources caused by all-around detection of each state detection is reduced, and the first node can be facilitated to pertinently grasp the security state information of each second node.
Based on the foregoing embodiments, the embodiments of the present application further provide a compliance checking structure between headquarters and branches of an enterprise platform. FIG. 11 is a block diagram of a compliance check structure between headquarters and branches of an enterprise platform according to an embodiment of the present disclosure.
In fig. 11, the structure between the headquarters and the branches may be the structure between the first node and the second node in the embodiment of the present application. In fig. 11, a compliance structure is arranged between the headquarters and the branches, and the compliance script/detection item full push can be realized through the compliance structure. When the headquarters needs to notify the branch scripts and the detection item file paths and the compliance scripts/detection items are newly added or modified, the relevant interface notification branches for notifying the branch scripts and the detection item file paths can be called.
In fig. 11, when the headquarter notifies the branch script and the detection item file path, it may further perform a headquarter permission verification operation, and feed back the permission verification operation to the headquarter, and when the permission verification operation passes, the branch may download a file from SFTP of the headquarter, analyze the file for warehousing, and return a success message to the headquarter, and the branch may perform an online/offline execution script, and then report an online/offline execution result of the script to notify the headquarter of the execution result file path, and when the headquarter obtains the execution result file, it may further perform a branch permission verification operation, and when the permission verification passes, it may obtain the execution result file.
When receiving an execution result file path carried in an execution result file message, a headquarter can download the file from a branch SFTP and analyze the file, when a branch does not receive a state detection result of the headquarter beyond a preset time, a state detection result acquisition request can be initiated to the headquarter, after receiving the request, the headquarter can push the state detection result and inform the branch SFTP path and the file name, when the branch acquires the state detection result, the branch permission verification operation can be executed again, and when the permission verification passes, the branch downloads the file from the headquarter SFTP and analyzes the file to be stored in a warehouse.
In FIG. 11, when a compliance script/detected item is deleted, the push interface notification branch may be invoked directly, which may delete the relevant data according to the push message of the headquarters.
Therefore, when the state detection method applied to the first node and the second node is applied to the headquarters and the branch structures of the enterprise and public institution network, the headquarters can push the compliance scripts and the detection items to the branches, the branches can provide script execution results to the headquarters, the headquarters can also determine the state detection results of the branches according to the script execution results of the branches and send the state detection results to the branches, so that the compliance scripts, the detection items and the script execution results can be pushed randomly between the branches and the headquarters, the wide popularization of the compliance scripts is realized, and the first node can flexibly master the safety state of the second node.
Based on the foregoing embodiments, the present application embodiment further provides a first node 12, and fig. 12 is a schematic structural diagram of the first node 12 provided in the present application. The first node 12 is capable of providing a security baseline for at least one second node; the safety baseline is used for the second node to execute state detection; the first node 12 includes: a first obtaining module 1201, a first processing module 1202, and a first sharing module 1203; wherein:
a first obtaining module 1201, configured to obtain a first configuration parameter; the first configuration parameters comprise condition configuration parameters for detecting the state of each second node;
a first processing module 1202 for determining a security baseline based on a first configuration parameter;
a first sharing module 1203, configured to provide a security baseline for the second node; and the safety baseline is used for the second node to execute state detection to obtain state detection data.
A first obtaining module 1201, configured to obtain state detection data of a second node;
the first processing module 1202 is further configured to generate a state detection result of the second node based on the state detection data; and the state detection data represents data obtained by the second node executing state detection based on the safety baseline.
It should be noted that the first obtaining module 1201, the first processing module 1202, and the first sharing module 1203 may be implemented by a processor in a first node, where the processor may be at least one of an ASIC, a DSP, a DSPD, a PLD, an FPGA, a CPU, a controller, a microcontroller, and a microprocessor.
The first node 12 provided by the embodiment of the application can determine the security baseline meeting the state detection requirement of each second node, so that the uniform establishment of the security baselines in the enterprises and public institutions is realized, and the comprehensive popularization of the security baselines in the network of the enterprises and public institutions is facilitated; after the state detection of each second node is finished, the security detection result of the second node can be obtained according to the state detection data of the second node, so that the overall security state of the enterprise and public institution network can be mastered.
Based on the foregoing embodiments, the embodiment of the present application further provides a second type of first node. The first node is capable of providing a security baseline for the at least one second node; the safety baseline is used for the second node to execute state detection; the first node includes: a first processor, a first memory, and a first communication bus, wherein: the first communication bus is used for realizing communication connection between the first processor and the first memory; a first processor for implementing a computer program stored in the first memory for implementing a state detection method as claimed in any preceding claim applied to the first node.
The first processor may be at least one of an application specific integrated circuit ASIC, a DSP, a DSPD, a PLD, an FPGA, a CPU, a controller, a microcontroller, and a microprocessor. It is understood that the electronic device for implementing the first processor function may be other electronic devices, and the embodiments of the present application are not limited in particular. The first memory may be a volatile memory (RAM); or a non-volatile memory (non-volatile memory) such as a ROM, a flash memory (flash memory, Hard Disk Drive (HDD) or Solid-State Drive (SSD)), or a combination of such types of memory, and provides instructions and data to the processor.
Based on the foregoing embodiments, the embodiment of the present application further provides a first type of second node 13, and fig. 13 is a schematic structural diagram of the second node 13 provided in the present application.
The second node 13 can obtain the security baseline provided by the first node 12; the security baseline is used for the second node 13 to perform status detection; the second node 13 includes: a second obtaining module 1301, a second processing module 1302, and a second sharing module 1303; wherein:
a second obtaining module 1301, configured to obtain a security baseline provided by the first node 12; the security baseline is determined based on the first configuration parameter after the first node 12 acquires the first configuration parameter; the first configuration parameters comprise condition configuration parameters for carrying out state detection on the second node;
a second processing module 1302, configured to perform status detection based on the security baseline to obtain status detection data;
the second sharing module 1303 is configured to provide the status detection data to the first node 12.
It should be noted that the second obtaining module 1301, the second processing module 1302, and the second sharing module 1303 may be implemented by a processor in a second node, where the processor may be at least one of an ASIC, a DSP, a DSPD, a PLD, an FPGA, a CPU, a controller, a microcontroller, and a microprocessor.
As can be seen from the above, the second node 13 provided in the embodiment of the present application can acquire the condition configuration parameters of the first node 12 based on the status detection performed on each second node 13, determine the security baseline applicable to each second node 13, and can also perform the status detection based on the security baseline received from the first node 12, obtain the status detection data, and provide the status detection data to the first node 12. In this way, any second node 13 in the enterprise and public institution can acquire the security baseline adapted to the second node, so that the security baseline of the enterprise and public institution can be widely popularized, and the state detection data is uniformly processed by the first node 12, so that the first node 12 can grasp the security state of each second node 13 in real time.
Based on the foregoing embodiments, the embodiments of the present application further provide a second node. The second node is able to obtain the security baseline provided by the first node 13; the safety baseline is used for the second node to execute state detection; the second node includes: a second processor, a second memory, and a second communication bus, wherein:
the second communication bus is used for realizing communication connection between the second processor and the second memory;
a second processor for implementing a computer program stored in the second memory for implementing a state detection method as previously applied to the second node.
Based on the foregoing embodiments, the present application further provides a state detection system. The system may comprise a first node as described in the previous embodiments and a second node as described in the previous embodiments.
Based on the foregoing embodiments, the present application further provides a computer-readable storage medium, in which a computer program is stored, and when the computer program is executed, the computer program can implement the state detection method applied to the first node or the state detection method applied to the second node as described in any of the foregoing embodiments.
The foregoing description of the various embodiments is intended to highlight various differences between the embodiments, and the same or similar parts may be referred to each other, and for brevity, will not be described again herein.
The methods disclosed in the method embodiments provided by the present application can be combined arbitrarily without conflict to obtain new method embodiments. Features disclosed in various product embodiments provided by the application can be combined arbitrarily to obtain new product embodiments without conflict. The features disclosed in the method or apparatus embodiments provided in the present application may be combined arbitrarily, without conflict, to arrive at new method embodiments or apparatus embodiments.
The computer-readable storage medium may be a Read Only Memory (ROM), a Programmable Read Only Memory (PROM), an Erasable Programmable Read Only Memory (EPROM), an Electrically Erasable Programmable Read Only Memory (EEPROM), a magnetic Random Access Memory (FRAM), a Flash Memory (Flash Memory), a magnetic surface Memory, an optical Disc, or a Compact Disc Read-Only Memory (CD-ROM); and may be various electronic devices such as mobile phones, computers, tablet devices, personal digital assistants, etc., including one or any combination of the above-mentioned memories.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The above-mentioned serial numbers of the embodiments of the present application are merely for description and do not represent the merits of the embodiments.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus necessary general hardware nodes, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation. Based on such understanding, the technical solutions of the present application or portions thereof that contribute to the prior art may be embodied in the form of a software product, where the computer software product is stored in a storage medium (such as a ROM/RAM, a magnetic disk, and an optical disk), and includes several instructions for enabling a terminal device (which may be a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the method described in the embodiments of the present application.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The above description is only a preferred embodiment of the present application, and not intended to limit the scope of the present application, and all modifications of equivalent structures and equivalent processes, which are made by the contents of the specification and the drawings of the present application, or which are directly or indirectly applied to other related technical fields, are included in the scope of the present application.
Claims (13)
1. A state detection method is applied to a first node, and the first node can provide a safety baseline for at least one second node; the security baseline is used for the second node to execute state detection; the method comprises the following steps:
acquiring a first configuration parameter; the first configuration parameter comprises a condition configuration parameter for detecting the state of each second node;
determining the security baseline based on the first configuration parameter;
providing the security baseline to the second node; the security baseline is used for the second node to execute state detection to obtain state detection data;
acquiring state detection data of the second node;
and generating a state detection result of the second node based on the state detection data.
2. The method of claim 1, wherein prior to said obtaining the state detection data for the second node, the method further comprises:
acquiring second information; the second information comprises option information for detecting any item in the software and/or hardware environment of the second node;
providing the second information to the second node for the second node to perform the status detection based on the second information and the security baseline.
3. The method of claim 1, further comprising:
receiving a state detection result acquisition request sent by the second node; the state detection result acquisition request is sent by the second node when the state detection result provided by the first node is not acquired within a specified time;
providing the state detection result to the second node.
4. A state detection method is applied to a second node, and the second node can acquire a safety baseline provided by a first node; the security baseline is for use by the second node in performing state detection, the method comprising:
acquiring the security baseline provided by the first node; the safety baseline is determined based on first configuration parameters after the first node acquires the first configuration parameters; the first configuration parameters comprise condition configuration parameters for carrying out state detection on the second node;
executing the state detection based on the safety baseline to obtain state detection data;
providing the status detection data to the first node.
5. The method of claim 4, wherein performing the condition detection based on the security baseline to obtain condition detection data comprises:
acquiring second information sent by the first node; the second information comprises option information for detecting any item in the software and/or hardware environment of the second node;
and executing the state detection based on the second information and the safety baseline to obtain the state detection data.
6. The method of claim 4, further comprising:
sending a state detection result acquisition request to the first node under the condition that a state detection result of the second node provided by the first node is not acquired within a specified time;
and acquiring a state detection result of the second node sent by the first node.
7. The method of claim 4, wherein performing the condition detection based on the security baseline to obtain condition detection data comprises:
when at least one sub-node in the second node meets a specified condition, acquiring a second configuration parameter; the specified condition represents that the execution environment of the state detection is not set in at least one child node; the second configuration parameter comprises a parameter for performing state detection on at least one child node;
and performing state detection on at least one child node based on the second configuration parameters and the safety baseline to obtain the state detection data.
8. A first node, wherein the first node is capable of providing a security baseline for at least one second node; the security baseline is used for the second node to execute state detection; the first node comprises: the device comprises a first acquisition module, a first processing module and a first sharing module; wherein:
the first obtaining module is used for obtaining a first configuration parameter; the first configuration parameters comprise condition configuration parameters for detecting the state of each second node;
the first processing module is configured to determine the security baseline based on the first configuration parameter;
the first sharing module is configured to provide the security baseline to the second node; the safety baseline is used for the second node to execute state detection to obtain state detection data;
the first obtaining module is further configured to obtain state detection data of the second node;
the first processing module is further configured to generate a state detection result of the second node based on the state detection data; wherein the status detection data represents data obtained by the second node performing status detection based on the security baseline.
9. A first node capable of providing a security baseline for at least one second node; the security baseline is used for the second node to execute state detection; the first node comprises: a first processor, a first memory, and a first communication bus, wherein:
the first communication bus is used for realizing communication connection between the first processor and the first memory;
the first processor is configured to implement a computer program stored in the first memory to implement the state detection method of any of claims 1-3.
10. A second node, wherein the second node is capable of obtaining a security baseline provided by the first node; the security baseline is used for the second node to execute state detection; the second node comprises: the system comprises a second acquisition module, a second processing module and a second sharing module; wherein:
the second obtaining module is configured to obtain the security baseline provided by the first node; the security baseline is determined based on first configuration parameters after the first node acquires the first configuration parameters; the first configuration parameters comprise condition configuration parameters for carrying out state detection on the second node;
the second processing module is used for executing the state detection based on the safety baseline to obtain state detection data;
the second sharing module is configured to provide the status detection data to the first node.
11. A second node, wherein the second node is capable of obtaining a security baseline provided by the first node; the security baseline is used for the second node to execute state detection; the second node comprises: a second processor, a second memory, and a second communication bus, wherein:
the second communication bus is used for realizing communication connection between the second processor and the second memory;
the second processor for implementing a computer program stored in the second memory for implementing the state detection method of any of claims 4-7.
12. A condition detection system, characterized in that the system comprises a first node according to claim 8 or 9 and at least one second node according to claim 10 or 11.
13. A computer-readable storage medium, characterized in that a computer program is stored in the computer-readable storage medium; the computer program is executable by a processor to implement a state detection method as claimed in any of claims 1-3 applied to a first node, or a state detection method as claimed in any of claims 4-7 applied to a second node.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110127456.4A CN114915431A (en) | 2021-01-29 | 2021-01-29 | State detection method, node, system and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110127456.4A CN114915431A (en) | 2021-01-29 | 2021-01-29 | State detection method, node, system and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114915431A true CN114915431A (en) | 2022-08-16 |
Family
ID=82760760
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110127456.4A Pending CN114915431A (en) | 2021-01-29 | 2021-01-29 | State detection method, node, system and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114915431A (en) |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7849495B1 (en) * | 2002-08-22 | 2010-12-07 | Cisco Technology, Inc. | Method and apparatus for passing security configuration information between a client and a security policy server |
| CN103905270A (en) * | 2014-03-11 | 2014-07-02 | 国网湖北省电力公司信息通信公司 | Smart grid android system safety base line automatic checking system and method |
| CN105740723A (en) * | 2016-01-28 | 2016-07-06 | 浪潮电子信息产业股份有限公司 | Security baseline management method and system |
| CN106470115A (en) * | 2015-08-20 | 2017-03-01 | 阿里巴巴集团控股有限公司 | A kind of security configuration method, relevant apparatus and system |
| CN106933819A (en) * | 2015-12-29 | 2017-07-07 | 大唐高鸿信安(浙江)信息科技有限公司 | Security baseline storehouse dynamic fixing method based on metadata |
| CN109344621A (en) * | 2018-09-17 | 2019-02-15 | 郑州云海信息技术有限公司 | A kind of security baseline detection method, device, equipment and readable storage medium storing program for executing |
| CN110348201A (en) * | 2019-05-22 | 2019-10-18 | 中国科学院信息工程研究所 | A kind of configuration method and device of device security policy |
| CN110414237A (en) * | 2019-06-12 | 2019-11-05 | 武汉青藤时代网络科技有限公司 | A kind of automation baseline inspection method based on terminal device |
| CN110855652A (en) * | 2019-11-05 | 2020-02-28 | 南方电网数字电网研究院有限公司 | Safety baseline configuration compliance detection method and device, computer equipment and medium |
| WO2020177632A1 (en) * | 2019-03-01 | 2020-09-10 | 华为技术有限公司 | Security protection method and apparatus |
-
2021
- 2021-01-29 CN CN202110127456.4A patent/CN114915431A/en active Pending
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7849495B1 (en) * | 2002-08-22 | 2010-12-07 | Cisco Technology, Inc. | Method and apparatus for passing security configuration information between a client and a security policy server |
| CN103905270A (en) * | 2014-03-11 | 2014-07-02 | 国网湖北省电力公司信息通信公司 | Smart grid android system safety base line automatic checking system and method |
| CN106470115A (en) * | 2015-08-20 | 2017-03-01 | 阿里巴巴集团控股有限公司 | A kind of security configuration method, relevant apparatus and system |
| CN106933819A (en) * | 2015-12-29 | 2017-07-07 | 大唐高鸿信安(浙江)信息科技有限公司 | Security baseline storehouse dynamic fixing method based on metadata |
| CN105740723A (en) * | 2016-01-28 | 2016-07-06 | 浪潮电子信息产业股份有限公司 | Security baseline management method and system |
| CN109344621A (en) * | 2018-09-17 | 2019-02-15 | 郑州云海信息技术有限公司 | A kind of security baseline detection method, device, equipment and readable storage medium storing program for executing |
| WO2020177632A1 (en) * | 2019-03-01 | 2020-09-10 | 华为技术有限公司 | Security protection method and apparatus |
| CN110348201A (en) * | 2019-05-22 | 2019-10-18 | 中国科学院信息工程研究所 | A kind of configuration method and device of device security policy |
| CN110414237A (en) * | 2019-06-12 | 2019-11-05 | 武汉青藤时代网络科技有限公司 | A kind of automation baseline inspection method based on terminal device |
| CN110855652A (en) * | 2019-11-05 | 2020-02-28 | 南方电网数字电网研究院有限公司 | Safety baseline configuration compliance detection method and device, computer equipment and medium |
Non-Patent Citations (1)
| Title |
|---|
| 李小雪;皇甫涛;陈涛;吴鹏;: "电信运营商系统安全状态基线研究及应用", 电信工程技术与标准化, no. 12, 15 December 2012 (2012-12-15) * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109728954B (en) | Federation node point management system and method | |
| CN110727712B (en) | Data processing method and device based on block chain network, electronic equipment and storage medium | |
| CN110365670B (en) | Blacklist sharing method and device, computer equipment and storage medium | |
| CN113691597B (en) | Block chain contract deployment method, device, equipment and storage medium | |
| CN108932189B (en) | Method and device for saving server log | |
| CN108710681B (en) | File acquisition method, device, equipment and storage medium | |
| CN110944046B (en) | Control method of consensus mechanism and related equipment | |
| US20190280872A1 (en) | Secure configuration of a device | |
| CN110855777B (en) | Node management method and device based on block chain | |
| WO2014106489A1 (en) | Method and system for processing browser crash information | |
| CN109391673A (en) | A kind of method, system and the terminal device of management update file | |
| CN112860778B (en) | Database management method, device, equipment and medium for desktop application program | |
| CN110597541A (en) | Interface updating processing method, device, equipment and storage medium based on block chain | |
| KR102393913B1 (en) | Apparatus and method for detecting abnormal behavior and system having the same | |
| CN114915431A (en) | State detection method, node, system and storage medium | |
| CN106778227A (en) | Applied program processing method, application program launching method and device | |
| CN110968413A (en) | Data management method and device and server | |
| CN112217770B (en) | Security detection method, security detection device, computer equipment and storage medium | |
| CN111935251A (en) | Block chain network management method, network, device, equipment and storage medium | |
| CN115829186B (en) | ERP management method based on artificial intelligence and data processing AI system | |
| CN113742696B (en) | User login method, device, equipment and medium based on distributed login component | |
| CN117040929B (en) | Access processing method, device, equipment, medium and program product | |
| CN116305218B (en) | Data link tracking and data updating method, device and data management system | |
| CN112532577B (en) | Mirror image creation cloud hard disk certificate verification method and device and storage medium | |
| CN112398849B (en) | Method and device for updating embedded threat information data set |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |