CN114978614A - IP asset rapid scanning processing system - Google Patents
IP asset rapid scanning processing system Download PDFInfo
- Publication number
- CN114978614A CN114978614A CN202210474016.0A CN202210474016A CN114978614A CN 114978614 A CN114978614 A CN 114978614A CN 202210474016 A CN202210474016 A CN 202210474016A CN 114978614 A CN114978614 A CN 114978614A
- Authority
- CN
- China
- Prior art keywords
- asset
- data
- assets
- module
- layer
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012545 processing Methods 0.000 title claims abstract description 54
- 238000012544 monitoring process Methods 0.000 claims abstract description 18
- 230000008859 change Effects 0.000 claims abstract description 11
- 238000000034 method Methods 0.000 claims description 27
- 238000013480 data collection Methods 0.000 claims description 12
- 238000001514 detection method Methods 0.000 claims description 9
- 238000011156 evaluation Methods 0.000 claims description 9
- 230000008569 process Effects 0.000 claims description 8
- 238000004458 analytical method Methods 0.000 claims description 6
- 238000011835 investigation Methods 0.000 claims description 6
- 238000012360 testing method Methods 0.000 claims description 6
- 238000005211 surface analysis Methods 0.000 claims description 5
- 238000001764 infiltration Methods 0.000 claims description 3
- 230000008595 infiltration Effects 0.000 claims description 3
- 210000001503 joint Anatomy 0.000 claims description 3
- 230000004044 response Effects 0.000 claims description 3
- 230000004083 survival effect Effects 0.000 claims description 3
- 238000012937 correction Methods 0.000 claims description 2
- 238000011017 operating method Methods 0.000 claims 1
- 230000000007 visual effect Effects 0.000 abstract description 4
- 238000013461 design Methods 0.000 abstract description 3
- 238000012423 maintenance Methods 0.000 abstract description 3
- 230000006870 function Effects 0.000 description 13
- 230000002159 abnormal effect Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000006467 substitution reaction Methods 0.000 description 2
- 238000012800 visualization Methods 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 1
- 230000003111 delayed effect Effects 0.000 description 1
- 238000002474 experimental method Methods 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 230000000737 periodic effect Effects 0.000 description 1
- 238000012038 vulnerability analysis Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The application discloses a rapid scanning processing system for IP assets, which comprises a display module configured to display asset archive information, a data processing module configured to analyze asset states, and an object module configured to be a collected object, wherein the rapid scanning processing system automatically collects asset archive information related to an operating system, a version, an equipment type, a service system, a region where the operating system is located, positions of departments and the like in a network through scanning, identifies an open port, a high-risk port, a vulnerability and a weak password of each IP asset, and can check whether the IP asset is online or not through monitoring the change of the asset, so that the asset information can be known at any time and asset risk can be analyzed. Meanwhile, the system between the asset areas can establish complete asset file information, manage asset grouping and domain-divided unified maintenance, and realize humanized design and enhancement from many aspects such as lists and the like based on the display module so as to meet the requirements of users on visual, simple, comprehensive and flexible management operation and expansibility and the like.
Description
Technical Field
The invention relates to the technical field of IP asset management, in particular to a rapid scanning processing system for IP assets.
Background
Most of the existing asset scanning methods cannot comprehensively investigate the current internet asset situation and continuously monitor the online state and change condition of key assets, so that the abnormal conditions of an asset operating system and a port can be timely found, and the asset dynamics can be mastered in real time. And the distributed asset scanning engine cannot well and rapidly scan the asset information of the network space, so as to provide asset exposure surface analysis for administrative units and group companies. On a macroscopic level, the functions of industry asset base number touch inspection, asset classification, asset region distribution, statistics and the like are not complete; in technical terms, the technologies of asset component detection, fingerprint identification, system exposure analysis and the like are not yet mature.
Therefore, the conventional asset system has several problems:
(1) the function is single: only the number of assets can be counted, the state of the equipment can be monitored, and a simple topological graph can be generated. Detailed attributes (fingerprints, versions, technical features and the like), bugs and configuration information of the assets cannot be obtained, changes of the attributes and the configuration cannot be monitored, and potential security risks cannot be found in time.
(2) The relevance is poor: in view of the importance of assets in an enterprise, some enterprises deploy similar products to manage assets. However, due to functional limitations, there are often many systems, and the systems are independent from each other and cannot be managed in a unified manner; configuration, vulnerability, asset, personnel, organization, area, etc. can not be directly related.
(3) The support types are few: only common assets such as routers, switches, servers and the like can be identified; inability to identify mobile devices, printers, etc.; the method is not supported by the equipment of some domestic small-scale manufacturers, and the type of the equipment cannot be identified and cannot be monitored.
(4) Visualization difference: the display contents such as asset display, topology display, report display and the like are not rich enough.
Therefore, the application provides a rapid scanning processing system for the IP assets.
Disclosure of Invention
The application aims to provide a rapid scanning processing system for IP assets, and the system is used for solving the problems that an existing asset system provided in the background technology is single in function, poor in relevance, few in support types and poor in visualization.
In order to achieve the above purpose, the present application provides the following technical solutions: an IP asset rapid scanning processing system comprises a display module configured to display asset archive information, a data processing module configured to analyze asset states, and an object module configured to be a collected object, wherein the display module, the data processing module and the object module are connected in sequence.
Preferably, the object module includes any one of a network device, a server, a storage device, a database, a WEB application, a network printer, a network camera, a mobile phone, a PAD, and a PDA.
Preferably, the data acquisition module comprises an acquisition layer and a data layer, wherein the acquisition layer comprises an asset attribute identification engine, an asset monitoring engine, a configuration identification engine and a vulnerability identification engine, and the data layer comprises asset detection data, configuration identification data, a vulnerability characteristic library, a knowledge base and a risk modifying library.
Preferably, the display module comprises one or more of an asset statistics display unit, an asset list display unit, an asset monitoring display unit, a network area display unit, a business system display unit, a department display unit, a system identification policy display unit and a type and port management display unit.
Preferably, the working method of the IP asset rapid scanning processing system comprises the following steps:
the method comprises the following steps: after the object module is in butt joint with the data processing module, the data processing module carries out asset discovery and data acquisition on the acquired object in the object module to complete comprehensive investigation of asset base numbers;
step two: according to the comprehensive investigation result of the asset base number in the step one, exposed surface analysis and evaluation are carried out on the existing assets, intelligent asset analysis is carried out through the data processing module, and the enterprise internet exposed surface is comprehensively identified;
step three: the data processing module analyzes the hidden danger risks of the assets, comprehensively and safely detects and tests the collected objects through field evaluation and/or remote infiltration, finds out the existing security holes and hidden dangers and identifies the security risks;
step four: the data processing module monitors and processes the state change of the assets, and the display module displays asset archive information.
Preferably, the asset discovery in the first step specifically includes: the method comprises the steps that a collection layer of a data collection module scans a host of a collected object in a TCP SYN scanning or UDP scanning mode, if a port of the host of the collected object is open and in a survival state, the host of the collected object returns a data packet as a response, a data processing module matches the received data packet with a stored file, and therefore asset information of the collected object is identified, wherein the asset information at least comprises operating system information, equipment type information, open port information and application program information.
Preferably, the analysis and evaluation of the exposed surface in the second step specifically comprises:
vulnerability scanning: the method comprises the following steps that a collection layer of a data collection module conducts vulnerability scanning on assets according to an operating system and a version of the assets, traversal matching is conducted on the assets and vulnerability database data stored in a data layer of the data collection module so as to identify and discover possible vulnerabilities in the assets, and when the vulnerabilities are discovered, the vulnerabilities which may exist in the assets are stored in the data layer of the data collection module;
POC scanning: the acquisition layer of the data acquisition module acquires vulnerability attack codes stored in the data layer, performs traversal vulnerability attack test on the assets, and stores the vulnerability existing in the assets into the data layer of the data acquisition module when the attack is successful;
celestial mirror/Nessus scan: the acquisition layer of the data acquisition module performs traversal scanning on the assets through a built-in celestial mirror/Nessus, and when a corresponding leak is found, the leak is stored in the data layer of the data acquisition module;
weak password scanning: and the acquisition layer of the data acquisition module performs traversal matching on the assets through the weak password dictionary stored in the data layer of the data acquisition module according to the application program information corresponding to the asset open port, and stores the weak password in the data layer of the data acquisition module when the weak password exposed by the asset application program is matched.
Preferably, the analyzing the potential risk of the asset in the third step specifically includes: and the acquisition layer of the data acquisition module deducts corresponding scores of the basic scores of each asset based on the grade of the vulnerability, the number of the vulnerabilities and the number of the weak passwords according to the vulnerabilities and the weak passwords analyzed from the exposure surface, calculates the score of each asset, and calculates the total score through the scores of all the assets so as to calculate the risk score of the hidden danger of the system.
Preferably, the four monitoring processes for monitoring the state change of the asset specifically include: and the acquisition layer of the data acquisition module sends a detection packet to the monitored assets at regular time and judges whether the assets are on line or not according to the data packet responded by the assets.
According to the IP asset rapid scanning processing system, relevant asset archive information of an operating system, a version, an equipment type, a service system, a located area, positions of various departments and the like in a network is automatically collected through scanning, an open port, a high-risk port, a leak and a weak password of each IP asset are identified, whether the IP asset is online or not can be checked through monitoring the change of the asset, and the asset information and the asset risk can be known and analyzed at any time. Meanwhile, the system between the asset areas can establish complete asset file information, manage asset grouping and domain-divided unified maintenance, and realize humanized design and enhancement from many aspects such as lists and the like based on the display module so as to meet the requirements of users on visual, simple, comprehensive and flexible management operation and expansibility and the like. On the other hand, the IP asset rapid scanning processing system provides a plurality of visual angles for asset management, such as IP assets, ports, business departments and the like, realizes asset maintenance and management from different dimensions through definition of different visual angles, simultaneously realizes information comparison conditions between different IP assets through asset comparison, and improves the efficiency of asset management and the practicability of the system.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present application, and other drawings can be obtained by those skilled in the art without creative efforts.
FIG. 1 is a block diagram of an embodiment of a system for processing IP asset rapid scanning;
fig. 2 is a diagram of a hierarchical architecture of an IP asset rapid scan processing system in an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be obtained by a person skilled in the art without making any creative effort based on the embodiments in the present invention, belong to the protection scope of the present invention.
It should be noted that the components, modules and mechanisms that are not described in detail in this application are all general standard components or components known to those skilled in the art, and the structure and principle of the components can be known to those skilled in the art through technical manuals or through routine experiments. The terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
Example (b): as shown in fig. 1, the IP asset rapid scanning processing system includes a presentation module configured to present asset archive information, a data processing module configured to analyze asset states, and an object module configured to be an object to be collected, where the presentation module, the data processing module, and the object module are connected in sequence.
As shown in fig. 2, in this embodiment, the object module may be any one in the prior art, in the present system, the object module may be presented in the form of a structural layer, and the object module may correspond to the object layer in fig. 2, and include any one of a network device, a server, a storage device, a database, a WEB application, a network printer, a webcam, a mobile phone, a PAD, and a PDA. The data acquisition module comprises an acquisition layer and a data layer, wherein the acquisition layer comprises an asset attribute identification engine, an asset monitoring engine, a configuration identification engine and a vulnerability identification engine, the asset attribute identification engine is defined as a functional unit with an asset attribute identification function, the asset monitoring engine is defined as a functional unit with an asset monitoring function, the configuration identification engine is defined as a functional unit with an identification configuration function, and the vulnerability identification engine is defined as a functional unit with a vulnerability identification function. The data layer comprises asset detection data, configuration identification data, a vulnerability characteristic library, a knowledge base and a risk rectification library, wherein the asset detection data refers to data for detecting and identifying archive information of assets, the configuration identification data refers to data for identifying the configuration of a collected object, the vulnerability characteristic library refers to a storage area for storing data with known vulnerability characteristics, the knowledge base refers to a storage area for storing related data about asset management, asset risk judgment, vulnerability analysis and the like, the risk rectification library refers to a storage area for storing risks such as vulnerabilities and the like identified on assets and temporarily stores the data, and particularly, the data stored in the risk rectification library mostly have risk contents to be processed, after each risk processing is completed, the data in the risk correction library is emptied so as to distinguish and accurately identify the risk identified in the next asset traversal process. The display module may correspond to the display layer in fig. 2, and specifically includes one or more of an asset statistics display unit, an asset list display unit, an asset monitoring display unit, a network area display unit, a business system display unit, a department display unit, a system identification policy display unit, and a type and port management display unit. The asset statistics display unit is a unit for displaying related data such as asset quantity, the asset list display unit is a unit for displaying a list with all asset contents, the asset monitoring display unit is a unit for displaying data logs and monitoring results generated in an asset monitoring process, the network area display unit is a unit for displaying a network area of assets, the service system display unit is a unit for displaying attribution of assets on a service system, the affiliated department display unit is a unit for displaying affiliated departments of assets, the system identification strategy display unit is a unit for displaying identification strategies adopted in an asset management process of a system, and the type and port management display unit is a unit for displaying and managing types and ports of collected objects.
In this embodiment, the working method of the IP asset rapid scanning processing system includes the following steps:
the method comprises the following steps: after the object module is in butt joint with the data processing module, the data processing module carries out asset discovery and data acquisition on the acquired object in the object module to complete comprehensive investigation of asset base numbers;
step two: according to the comprehensive investigation result of the asset base number in the step one, exposed surface analysis and evaluation are carried out on the existing assets, intelligent asset analysis is carried out through the data processing module, and the enterprise internet exposed surface is comprehensively identified;
step three: the data processing module analyzes the hidden danger risks of the assets, comprehensively and safely detects and tests the collected objects through field evaluation and/or remote infiltration, finds out the existing security holes and hidden dangers and identifies the security risks;
step four: the data processing module monitors and processes the state change of the assets, and the display module displays asset archive information.
Wherein the asset discovery in the first step specifically includes: the method comprises the steps that a collection layer of a data collection module scans a host of a collected object in a TCP SYN scanning or UDP scanning mode, if a port of the host of the collected object is open and in a survival state, the host of the collected object returns a data packet as a response, a data processing module matches the received data packet with a stored file, and therefore asset information of the collected object is identified, wherein the asset information at least comprises operating system information, equipment type information, open port information and application program information.
Wherein, the analysis and evaluation of the exposed surface in the second step specifically comprises:
vulnerability scanning: the method comprises the following steps that a collection layer of a data collection module conducts vulnerability scanning on assets according to an operating system and a version of the assets, traversal matching is conducted on the assets and vulnerability database data stored in a data layer of the data collection module so as to identify and discover possible vulnerabilities in the assets, and when the vulnerabilities are discovered, the vulnerabilities which may exist in the assets are stored in the data layer of the data collection module;
POC scanning: the method comprises the following steps that a collecting layer of a data collecting module obtains vulnerability attack codes stored in a data layer, traversal vulnerability attack tests are carried out on assets, and when attacks are successful, vulnerabilities existing in the assets are stored in the data layer of the data collecting module;
celestial mirror/Nessus scan: the acquisition layer of the data acquisition module performs traversal scanning on the assets through a built-in celestial mirror/Nessus, and when a corresponding leak is found, the leak is stored in the data layer of the data acquisition module;
weak password scanning: and the acquisition layer of the data acquisition module performs traversal matching on the assets through the weak password dictionary stored in the data layer of the data acquisition module according to the application program information corresponding to the asset open port, and stores the weak password in the data layer of the data acquisition module when the weak password exposed by the asset application program is matched.
Wherein, the step three of analyzing the hidden danger risk of the assets specifically comprises: the acquisition layer of the data acquisition module analyzes the vulnerability and the weak password according to the exposure surface based on leakageAnd subtracting the corresponding score from the basic score of each asset according to the hole grade, the number of the holes and the number of the weak passwords, and calculating the score of each asset, and then calculating the total score according to the scores of all the assets so as to calculate the risk score of the hidden danger of the system. Specifically, a base score of each asset is defined as 100 points, an asset score is defined as a base score and a risk deduction, the score of each asset is respectively an asset score 1 and an asset score 2 … …, and after calculation, the single score of the detected asset is calculated as
The field score of the detected object asset is asset score 1+ asset score 2+ … + asset score n, meanwhile, the comprehensive score of the detected object asset can be calculated, and the comprehensive score is as follows: domain score 1 score weight 1+ domain score 2 score weight 2+ … + domain score n score weight n.
The four steps of monitoring and processing the state change of the assets specifically comprise: and the acquisition layer of the data acquisition module sends a detection packet to the monitored assets at regular time and judges whether the assets are on line or not according to the data packet responded by the assets.
The IP asset rapid scanning processing system has the following characteristics:
(1) based on the distributed scanning technology, the system has ultrahigh scanning efficiency, a large number of nodes can be deployed during configuration, the scanning of large-batch assets can be realized rapidly, meanwhile, the node load can be scheduled, and the full utilization of resources is realized. The technical design of distributed scanning realizes the ultra-strong extension function of the system, realizes the random combination of scanning function nodes according to requirements, can customize and develop the function nodes, has higher reliability, is based on a large number of node settings, does not influence the whole function when part of the nodes are abnormal, and simultaneously can realize the function of restoring and continuously executing the task at the breakpoint under the condition of abnormal power failure through configuration, thereby realizing the real-time monitoring of the cluster state;
(2) the system adopts a plurality of scanning modes to discover assets, and has the functions of supporting immediate, delayed and periodic scanning task execution, circulating task execution and comprehensive asset scanning so as to discover the assets and monitor the change of the assets at any time;
(3) the system supports rapid scanning, and by filling the IP or IP section to be scanned, the system can rapidly scan the living assets and various risks under the simultaneous scanning of the built-in ports of various types, thereby accelerating the efficiency of scanning and operation;
(4) the system supports accurate scanning, provides various scanning modes based on SYN half connection, TCP full connection and the like, and can quickly and accurately scan targets;
(5) through the expansion and enrichment of data, the system has abundant fingerprints, has up to tens of thousands of basic fingerprints and WEB fingerprints, can identify various port services, applications, operating systems, equipment types, WEB frames/components and the like, can perform all-around detection, and simultaneously supports customized fingerprints to improve the identification capability;
(6) the system can carry abundant interfaces, manage all nodes and tasks through the interfaces based on the provision of various interfaces, and simultaneously support the online and offline of remote control nodes and the scanning speed of dynamic control nodes;
(7) after further expansion, the system can support ipv6 asset scanning, and support the fact that ipv6 addresses are used in a small number, the randomness of address distribution is large, and the scanning of ipv6 assets is increased under the condition that the scanning difficulty is increased.
Moreover, the IP asset rapid scanning processing system can also scan different network areas; different network segments in an enterprise can be automatically scanned to discover assets; the system can react to the change of the assets in time; the method can monitor the use conditions of the CPU, the memory, the disk and the flow of the assets, and know the running state of the assets in real time.
Finally, it should be noted that: although the present invention has been described in detail with reference to the foregoing embodiments, those skilled in the art can still make modifications to the technical solutions described in the foregoing embodiments, or make equivalent substitutions and improvements to part of the technical features of the foregoing embodiments, and any modifications, equivalent substitutions and improvements made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (9)
1. An IP asset rapid scanning processing system is characterized by comprising a display module configured to display asset archive information, a data processing module configured to analyze asset states, and an object module configured to be a collected object, wherein the display module, the data processing module and the object module are sequentially connected.
2. The IP asset rapid scanning processing system of claim 1, wherein the object module comprises any one of a network device, a server, a storage device, a database, a WEB application, a network printer, a WEB camera, a mobile phone, a PAD, and a PDA.
3. The IP asset rapid scanning processing system according to claim 2, wherein the data acquisition module comprises an acquisition layer and a data layer, the acquisition layer comprises an asset attribute identification engine, an asset monitoring engine, a configuration identification engine and a vulnerability identification engine, and the data layer comprises asset detection data, configuration identification data, a vulnerability feature library, a knowledge base and a risk correction library.
4. The IP asset rapid scanning processing system of claim 3, wherein the presentation module comprises one or more of an asset statistics presentation unit, an asset list presentation unit, an asset monitoring presentation unit, a network area presentation unit, a business system presentation unit, a department of affiliation presentation unit, a system identification policy presentation unit, and a type and port management presentation unit.
5. The IP asset rapid scanning processing system according to any one of claims 1 to 4, wherein the operating method of the IP asset rapid scanning processing system comprises the following steps:
the method comprises the following steps: after the object module is in butt joint with the data processing module, the data processing module carries out asset discovery and data acquisition on the acquired object in the object module to complete comprehensive investigation of asset base numbers;
step two: according to the comprehensive investigation result of the asset base number in the step one, exposed surface analysis and evaluation are carried out on the existing assets, intelligent asset analysis is carried out through the data processing module, and the enterprise internet exposed surface is comprehensively identified;
step three: the data processing module analyzes the hidden danger risks of the assets, comprehensively and safely detects and tests the collected objects through field evaluation and/or remote infiltration, finds out the existing security holes and hidden dangers and identifies the security risks;
step four: the data processing module monitors and processes the state change of the assets, and the display module displays asset archive information.
6. The IP asset rapid scanning processing system according to claim 5, wherein the asset discovery in the first step specifically comprises: the method comprises the steps that a collection layer of a data collection module scans a host of a collected object in a TCP SYN scanning or UDP scanning mode, if a port of the host of the collected object is open and in a survival state, the host of the collected object returns a data packet as a response, a data processing module matches the received data packet with a stored file, and therefore asset information of the collected object is identified, wherein the asset information at least comprises operating system information, equipment type information, open port information and application program information.
7. The IP asset rapid scanning processing system of claim 5, wherein the exposed surface analysis and evaluation in the second step specifically comprises:
vulnerability scanning: the method comprises the following steps that a collection layer of a data collection module conducts vulnerability scanning on assets according to an operating system and a version of the assets, traversal matching is conducted on the assets and vulnerability database data stored in a data layer of the data collection module so as to identify and discover possible vulnerabilities in the assets, and when the vulnerabilities are discovered, the vulnerabilities which may exist in the assets are stored in the data layer of the data collection module;
POC scanning: the method comprises the following steps that a collecting layer of a data collecting module obtains vulnerability attack codes stored in a data layer, traversal vulnerability attack tests are carried out on assets, and when attacks are successful, vulnerabilities existing in the assets are stored in the data layer of the data collecting module;
celestial mirror/Nessus scan: the acquisition layer of the data acquisition module performs traversal scanning on the assets through a built-in celestial mirror/Nessus, and when a corresponding leak is found, the leak is stored in the data layer of the data acquisition module;
weak password scanning: and the acquisition layer of the data acquisition module performs traversal matching on the assets through the weak password dictionary stored in the data layer of the data acquisition module according to the application program information corresponding to the asset open port, and stores the weak password in the data layer of the data acquisition module when the weak password exposed by the asset application program is matched.
8. The IP asset rapid scanning processing system according to claim 5, wherein the analyzing the risk of hidden danger existing in the asset in the third step specifically comprises: and the acquisition layer of the data acquisition module deducts corresponding scores of the basic scores of each asset based on the grade of the vulnerability, the number of the vulnerabilities and the number of the weak passwords according to the vulnerabilities and the weak passwords analyzed from the exposure surface, calculates the score of each asset, and calculates the total score through the scores of all the assets so as to calculate the risk score of the hidden danger of the system.
9. The IP asset rapid scanning processing system according to claim 5, wherein the four steps of monitoring the status change of the asset specifically comprise: and the acquisition layer of the data acquisition module sends a detection packet to the monitored assets at regular time and judges whether the assets are on line or not according to the data packet responded by the assets.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210474016.0A CN114978614A (en) | 2022-04-29 | 2022-04-29 | IP asset rapid scanning processing system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210474016.0A CN114978614A (en) | 2022-04-29 | 2022-04-29 | IP asset rapid scanning processing system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114978614A true CN114978614A (en) | 2022-08-30 |
Family
ID=82980026
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210474016.0A Pending CN114978614A (en) | 2022-04-29 | 2022-04-29 | IP asset rapid scanning processing system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114978614A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112905288A (en) * | 2021-03-08 | 2021-06-04 | 北京华顺信安信息技术有限公司 | Method for hierarchically displaying asset attributes |
| US20210409440A1 (en) * | 2020-06-30 | 2021-12-30 | Honeywell International Inc. | Cybersecurity compliance engine for networked systems |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101436967A (en) * | 2008-12-23 | 2009-05-20 | 北京邮电大学 | Method and system for evaluating network safety situation |
| US8201257B1 (en) * | 2004-03-31 | 2012-06-12 | Mcafee, Inc. | System and method of managing network security risks |
| US20120304300A1 (en) * | 2011-05-23 | 2012-11-29 | Lockheed Martin Corporation | Enterprise vulnerability management |
| CN103118003A (en) * | 2012-12-27 | 2013-05-22 | 北京神州绿盟信息安全科技股份有限公司 | Risk scanning method, device and system based on assets |
| US20140075564A1 (en) * | 2011-06-01 | 2014-03-13 | Anurag Singla | Network asset information management |
| CN106453432A (en) * | 2016-12-20 | 2017-02-22 | 国网江西省电力公司信息通信分公司 | Vulnerability scanning and threat intelligence based unified vulnerability management and warning platform |
| CN109167799A (en) * | 2018-11-06 | 2019-01-08 | 北京华顺信安科技有限公司 | A kind of vulnerability monitoring detection system for intelligent network information system |
| CN109613899A (en) * | 2018-12-21 | 2019-04-12 | 国家计算机网络与信息安全管理中心 | A method of the industrial control system security risk assessment based on allocation list |
| CN111125712A (en) * | 2019-12-06 | 2020-05-08 | 苏州浪潮智能科技有限公司 | Vulnerability scanning method and device |
-
2022
- 2022-04-29 CN CN202210474016.0A patent/CN114978614A/en active Pending
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8201257B1 (en) * | 2004-03-31 | 2012-06-12 | Mcafee, Inc. | System and method of managing network security risks |
| CN101436967A (en) * | 2008-12-23 | 2009-05-20 | 北京邮电大学 | Method and system for evaluating network safety situation |
| US20120304300A1 (en) * | 2011-05-23 | 2012-11-29 | Lockheed Martin Corporation | Enterprise vulnerability management |
| US20140075564A1 (en) * | 2011-06-01 | 2014-03-13 | Anurag Singla | Network asset information management |
| CN103118003A (en) * | 2012-12-27 | 2013-05-22 | 北京神州绿盟信息安全科技股份有限公司 | Risk scanning method, device and system based on assets |
| CN106453432A (en) * | 2016-12-20 | 2017-02-22 | 国网江西省电力公司信息通信分公司 | Vulnerability scanning and threat intelligence based unified vulnerability management and warning platform |
| CN109167799A (en) * | 2018-11-06 | 2019-01-08 | 北京华顺信安科技有限公司 | A kind of vulnerability monitoring detection system for intelligent network information system |
| CN109613899A (en) * | 2018-12-21 | 2019-04-12 | 国家计算机网络与信息安全管理中心 | A method of the industrial control system security risk assessment based on allocation list |
| CN111125712A (en) * | 2019-12-06 | 2020-05-08 | 苏州浪潮智能科技有限公司 | Vulnerability scanning method and device |
Non-Patent Citations (2)
| Title |
|---|
| 李建华: "《信息系统安全检测与风险评估》", 31 January 2021, 机械工业出版社, pages: 150 - 151 * |
| 高伟中;李玉龙;刘月馨;徐军杨;: "远程资产管理系统架构解析", 浙江水利水电学院学报, no. 01 * |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20210409440A1 (en) * | 2020-06-30 | 2021-12-30 | Honeywell International Inc. | Cybersecurity compliance engine for networked systems |
| US12058162B2 (en) * | 2020-06-30 | 2024-08-06 | Honeywell International Inc. | Cybersecurity compliance engine for networked systems |
| CN112905288A (en) * | 2021-03-08 | 2021-06-04 | 北京华顺信安信息技术有限公司 | Method for hierarchically displaying asset attributes |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112651006B (en) | Power grid security situation sensing system | |
| CN110620759B (en) | Multi-dimensional association-based network security event hazard index evaluation method and system | |
| CN108183895B (en) | Network asset information acquisition system | |
| CN112637159A (en) | Network asset scanning method, device and equipment based on active detection technology | |
| CN110149327B (en) | Network security threat warning method and device, computer equipment and storage medium | |
| CN111859393B (en) | Risk assessment system and method based on situation awareness alarm | |
| CN108712396A (en) | Networked asset management and loophole governing system | |
| Bryant et al. | Improving SIEM alert metadata aggregation with a novel kill-chain based classification model | |
| CN114978614A (en) | IP asset rapid scanning processing system | |
| Stevanovic et al. | On the ground truth problem of malicious DNS traffic analysis | |
| CN106888106A (en) | The extensive detecting system of IT assets in intelligent grid | |
| US8856315B2 (en) | Device classification system | |
| CN111865982B (en) | Threat assessment system and method based on situation awareness alarm | |
| CN110766329B (en) | Risk analysis method, device, equipment and medium for information assets | |
| CN113642023A (en) | Data security detection model training method, data security detection device and equipment | |
| CN111159702B (en) | Process list generation method and device | |
| Zhuge et al. | Efficient event log mining with LogClusterC | |
| CN110061854A (en) | A kind of non-boundary network intelligence operation management method and system | |
| Sen et al. | Towards an approach to contextual detection of multi-stage cyber attacks in smart grids | |
| CN114298558A (en) | Electric power network safety studying and judging system and studying and judging method thereof | |
| Mobilio et al. | Anomaly detection as-a-service | |
| Matta et al. | A dashboard for cyber situational awareness and decision support in network security management | |
| Schulter et al. | Intrusion detection for computational grids | |
| Ouiazzane et al. | A Suricata and Machine Learning Based Hybrid Network Intrusion Detection System | |
| Li et al. | The research on network security visualization key technology |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |