CN115277204A - Portable network security configuration of electric power monitored control system checks reinforced apparatus - Google Patents
Portable network security configuration of electric power monitored control system checks reinforced apparatus Download PDFInfo
- Publication number
- CN115277204A CN115277204A CN202210899081.8A CN202210899081A CN115277204A CN 115277204 A CN115277204 A CN 115277204A CN 202210899081 A CN202210899081 A CN 202210899081A CN 115277204 A CN115277204 A CN 115277204A
- Authority
- CN
- China
- Prior art keywords
- network security
- engine
- power monitoring
- layer
- security configuration
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 239000010410 layer Substances 0.000 claims abstract description 51
- 230000003014 reinforcing effect Effects 0.000 claims abstract description 44
- 238000012544 monitoring process Methods 0.000 claims abstract description 37
- 230000002787 reinforcement Effects 0.000 claims abstract description 37
- 239000012792 core layer Substances 0.000 claims abstract description 25
- 238000012545 processing Methods 0.000 claims description 16
- 238000001514 detection method Methods 0.000 claims description 7
- 230000003993 interaction Effects 0.000 claims description 7
- 238000012423 maintenance Methods 0.000 claims description 7
- 238000012795 verification Methods 0.000 claims description 6
- 238000013475 authorization Methods 0.000 claims description 3
- 230000002860 competitive effect Effects 0.000 claims description 3
- 230000008676 import Effects 0.000 claims description 3
- 238000004458 analytical method Methods 0.000 abstract description 7
- 238000012550 audit Methods 0.000 abstract description 7
- 230000008439 repair process Effects 0.000 abstract description 7
- 238000007726 management method Methods 0.000 description 19
- 230000008602 contraction Effects 0.000 description 14
- 238000009434 installation Methods 0.000 description 14
- 238000010586 diagram Methods 0.000 description 10
- 238000000034 method Methods 0.000 description 7
- 230000008569 process Effects 0.000 description 6
- 230000007246 mechanism Effects 0.000 description 4
- 230000000694 effects Effects 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 2
- 230000006872 improvement Effects 0.000 description 2
- 238000007689 inspection Methods 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000011156 evaluation Methods 0.000 description 1
- 230000012447 hatching Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000001737 promoting effect Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 238000012502 risk assessment Methods 0.000 description 1
- 238000000926 separation method Methods 0.000 description 1
- 238000005728 strengthening Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/04—Network management architectures or arrangements
- H04L41/044—Network management architectures or arrangements comprising hierarchical management structures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/28—Restricting access to network management systems or functions, e.g. using authorisation function to access network configuration
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention provides portable network security configuration checking and reinforcing equipment for a power monitoring system. The portable network security configuration of power monitoring system checks reinforcement equipment includes: the network security configuration checking and reinforcing system comprises a basic platform layer, a system service layer, a system core layer, a system access layer, an upgrading system and a certificate system. The portable network security configuration checking and reinforcing equipment for the power monitoring system can efficiently and comprehensively detect the configuration risks of various systems, provide professional and effective security analysis and repair suggestions, perform security reinforcement on the existing configuration risks, automatically block high-risk ports, automatically configure password strategies, account strategies, file authorities, system services and log audits, avoid network security events such as illegal external connection and high-risk port access of the system and improve the security protection level of the power monitoring system.
Description
Technical Field
The invention relates to the technical field of power system monitoring, in particular to portable network security configuration checking and reinforcing equipment for a power monitoring system.
Background
With the change of network attack means and targets, system attack events under a Linux system and an industrial control operating system tend to increase explosively, network security boundary protection of a power monitoring system is mainly completed by means of various boundary protection devices, but the protection of various hosts and servers in an intranet of a main station is weak, and related network security problems are rare.
For example, 12-month 23-year 2020, when a transformer operation and maintenance worker of a certain power supply company debugs an in-station system in a 220 kv east-lake dragon substation, the driver downloaded by the mobile phone is wrongly accessed to an adjacent anti-misoperation host (production control area i), and illegal external connection occurs; a work station of an OMS (operation management system) in a II area of a wind power plant of a certain province in 12 months in 2021 triggers and starts a wireless network port to alarm, and the problems of omission and the like exist in host strengthening measures.
According to research and analysis, electric power companies above the grade are not provided with system detection and configuration reinforcement related safety equipment, potential safety hazards existing in the system cannot be effectively detected, professional safety reinforcement operation cannot be carried out on the potential safety hazards, the pain point lies in that rapid automatic safety reinforcement cannot be carried out, and all operation systems related to the electric power monitoring system cannot be reinforced.
Therefore, it is necessary to provide a portable network security configuration check reinforcement device for a power monitoring system to solve the above technical problems.
Disclosure of Invention
The invention provides portable network security configuration checking and reinforcing equipment for an electric power monitoring system, which solves the problem that rapid automatic security reinforcement of the system needs to be optimized.
In order to solve the above technical problem, the portable network security configuration checking and reinforcing device for the power monitoring system provided by the invention comprises:
the network security configuration checking and reinforcing system comprises a basic platform layer, a system service layer, a system core layer, a system access layer, an upgrading system and a certificate system, wherein the basic platform layer provides support for the system service layer, the system service layer provides support for the system core layer, the system core layer provides support for the system access layer, the system access layer provides support for data interaction and access for the network security configuration checking and reinforcing system, the upgrading system provides upgrading support for the system service layer and the system core layer, and the certificate system provides system resource certificate information for the system service layer and the system core layer.
Preferably, the basic platform layer includes a dedicated hardware platform and a basic software platform, and the dedicated hardware platform is used for installing system core hardware devices and providing support for system operation.
Preferably, the basic software platform comprises an operating system, a file system, a hard disk encryption and decryption, an application program encryption and decryption, an input and output encryption and decryption, an IPv4/IPv6 network service, a built-in database, a Web service, and a program running environment.
Preferably, the system service layer comprises a data processing engine and a system service engine, wherein the data processing engine is a data interface inside the system and provides database access, data caching and data synchronization.
Preferably, the data processing engine shields details of database system operation, reduces database connection, optimizes database access, caches frequently-used and computationally complex data, centralizes logic of processing data, and reduces maintenance workload of other functional modules.
Preferably, the system service engine is a functional interface inside the system, and provides a task data import and export function.
Preferably, the system service engine decouples foreground operation and background operation, and the background function runs in a specific authority, so that the safety of the system is improved.
Preferably, the system core layer is a core of a product, provides the most competitive functions, and includes host discovery, service identification, operating system identification, and weak password detection, and further includes a Web scan engine, a vulnerability scan engine, and a configuration check engine, which are used for configuration check and configuration verification of the system, and add extensible modules and plug-ins.
Preferably, the system core layer further includes a report engine, a scheduling engine and a state engine, the report engine is a core processing module for report display, and can provide various report formats of HTML, WORD, EXCEL, PDF and XML, the scheduling engine is a coordination center for scanning work, and detects the type and priority of a task according to different user operations, which may have an immediately executed task, a regularly executed task and a periodically executed task, and performs configuration check and password guess, and the state engine is a coordination center for system state, and mainly includes system resource state information, system authorization certificate information, BDB configuration items, task execution progress information and upgrade progress information.
Preferably, the system access layer comprises a Web management interface, a console and a data interface, and a user accesses the Web management interface through a browser, accesses the console through a serial port, and performs data interaction through the data interface, wherein the data interface comprises a third party platform management data interface and an SNMP Trap.
Compared with the related art, the portable network security configuration checking and reinforcing equipment of the power monitoring system provided by the invention has the following beneficial effects:
the invention provides portable network security configuration checking and reinforcing equipment for an electric power monitoring system, which can perform configuration checking and risk discovery on a direct connection host, a server, network equipment, security equipment and the like, can efficiently and comprehensively detect configuration risks of various systems, provides professional and effective security analysis and repair suggestions, performs security reinforcement on the existing configuration risks, automatically blocks high-risk ports, automatically configures a password strategy, an account strategy, file authority, system service and log audit, avoids network security events such as illegal external connection, high-risk port access and the like of the system, and improves the security protection level of the electric power monitoring system.
Drawings
FIG. 1 is a system diagram of a portable network security configuration verification reinforcement device for a power monitoring system according to the present invention;
FIG. 2 is a system block diagram of the base platform layer portion shown in FIG. 1;
FIG. 3 is a system block diagram of a service layer portion of the system shown in FIG. 1;
FIG. 4 is a system block diagram of a core layer portion of the system shown in FIG. 1;
FIG. 5 is a system block diagram of an access layer portion of the system shown in FIG. 1;
FIG. 6 is a three-dimensional view of an installation structure of a portable network security configuration verification reinforcement device of the power monitoring system provided by the present invention;
FIG. 7 is a front elevational view of the whole of FIG. 6;
FIG. 8 is a schematic view of the connection structure of the body portion of the reinforcement device shown in FIG. 7;
fig. 9 is a schematic structural view of the cover plate shown in fig. 6 in an upwardly raised state.
The reference numbers in the figures:
100. a network security configuration checking and reinforcing system;
110. a basic platform layer 111, a special hardware platform 112 and a basic software platform;
120. a system service layer 121, a data processing engine 122, a system service engine;
130. a system core layer, 1301, a report engine, 1302, a scheduling engine, 1303, a state engine, 131, host discovery, 132, service identification, 133, operating system identification, 134, weak password detection, 135, a Web scanning engine, 136, a vulnerability scanning engine, 137 and a configuration checking engine;
140. a system access layer 141, a Web management interface 142, a console 143 and a data interface;
150. upgrading the system;
160. a certificate system;
1. the device comprises a reinforcing device body 11, an installation sliding groove 12, a rotating groove 13 and a connecting groove;
2. a cover plate;
3. connecting a sliding rod;
4. a contraction mechanism 41, a contraction spring 42, a contraction sliding plate 43 and a support rotating shaft.
Detailed Description
The invention is further described below with reference to the drawings and the embodiments.
Please refer to fig. 1, fig. 2, fig. 3, fig. 4, fig. 5, fig. 6, fig. 7, fig. 8, and fig. 9 in combination, where fig. 1 is a system block diagram of a portable network security configuration checking and reinforcing device of a power monitoring system according to the present invention; FIG. 2 is a system block diagram of the base platform layer portion shown in FIG. 1; FIG. 3 is a system block diagram of a service layer portion of the system shown in FIG. 1; FIG. 4 is a system block diagram of a core layer portion of the system shown in FIG. 1; FIG. 5 is a system block diagram of an access layer portion of the system shown in FIG. 1; FIG. 6 is a three-dimensional view of an installation structure of a portable network security configuration verification reinforcement device of the power monitoring system provided by the present invention; FIG. 7 is a front view of the whole shown in FIG. 6; FIG. 8 is a schematic view of the connection structure of the body portion of the reinforcement device shown in FIG. 7; fig. 9 is a schematic structural view illustrating a state where the cover plate shown in fig. 6 is lifted upward.
Referring to fig. 1 to 5, the portable network security configuration checking and reinforcing device for a power monitoring system according to the present invention includes:
the network security configuration checking and reinforcing system 100 is composed of a base platform layer 110, a system service layer 120, a system core layer 130, a system access layer 140, an upgrade system 150 and a certificate system 160, wherein the base platform layer 110 provides support for the system service layer 120, the system service layer 120 provides support for the system core layer 130, the system core layer 130 provides support for the system access layer 140 to support the system access layer 140 to provide data interaction and access for the network security configuration checking and reinforcing system 100, the upgrade system 150 provides upgrade support for the system service layer 120 and the system core layer 130, and the certificate system 160 provides system resource certificate information for the system service layer 120 and the system core layer 130.
The method can comprehensively and automatically discover various vulnerability problems of the power monitoring system, including high risk configuration problems, application system security vulnerabilities, weak passwords existing in the checking system, unnecessary open accounts, services and ports of the system are collected to form an integral security risk report, risk types, regions and severity can be quickly positioned, security risks can be visually displayed, a security management system can be combined to support security risk early warning, checking, hierarchical management, repair and audit processes, execution of the processes is supervised, the vulnerability can be deployed and detected in a virtual environment and an IPv6 environment, and identified security risks can be rectified and improved.
The system can carry out configuration check and risk discovery on a direct connection host, a server, network equipment, safety equipment and the like, can efficiently and comprehensively detect configuration risks of various systems, provides professional and effective safety analysis and repair suggestions, carries out safety reinforcement on the existing configuration risks, automatically plugs high-risk ports (23, 80, 443, 445 and the like), automatically configures a password strategy, an account strategy, file authority, system service and log audit, avoids network safety events such as illegal external connection and high-risk port access of the system, and improves the safety protection level of the power monitoring system.
The portable equipment is convenient to carry, quick to install and humanized in operation.
The system comprises a standardized hardware module, a unified software architecture, a standardized data interface and a simple human-computer interaction interface, can be mechanically produced, and can be automatically operated and maintained by a user after a project is implemented.
The base platform layer 110 includes a dedicated hardware platform 111 and a base software platform 112, and the dedicated hardware platform is used for installing system core hardware devices and providing support for running of the system.
The basic software platform 112 includes an operating system, a file system, a hard disk encryption and decryption, an application program encryption and decryption, an input and output encryption and decryption, an IPv4/IPv6 network service, a built-in database, a Web service, and a program running environment.
The system services layer 120 includes a data processing engine 121 and a system services engine 122, where the data processing engine 121 is a data interface inside the system, and provides database access, data caching, and data synchronization.
The data processing engine 121 shields details of database system operation, reduces database connections, optimizes database access, caches frequently used and computationally complex data, centralizes logic of processing data, and reduces maintenance workload of other functional modules.
The system service engine 122 is a functional interface inside the system, and provides a task data import and export function.
The system service engine 122 decouples foreground operation and background operation, and the background function runs in a specific authority, so that the security of the system is improved.
The system core layer 130 is the core of a product, provides the most competitive functions, and includes host discovery 131, service identification 132, operating system identification 133, and weak password detection 134, and the system core layer 130 further includes a Web scan engine 135, a vulnerability scan engine 136, and a configuration check engine, which are used for configuration check and configuration verification of the system, and add extensible modules and plug-ins.
The system core layer 130 further includes a report engine 1301, a scheduling engine 1302 and a state engine 1303, the report engine 1301 is a core processing module for report display, and can provide various report formats such as HTML, WORD, EXCEL, PDF and XML, the scheduling engine 1302 is a coordination center for scanning work, and detects the types and priorities of tasks according to different user operations, which may be executed immediately, regularly, and periodically, and performs configuration check and password guess, and the state engine 1303 is a coordination center for system state, and mainly includes system resource state information, system authorization certificate information, BDB configuration items, task execution progress information, and upgrade progress information.
The system access layer 140 includes a Web management interface 141, a console 142 and a data interface 143, and a user accesses the Web management interface 141 through a browser, accesses the console 142 through a serial port, and performs data interaction through the data interface 143, where the data interface 143 includes a third party platform management data interface and an SNMP Trap.
Promote automatic safe reinforcement speed and efficiency:
aiming at the problems of large workload, low efficiency, slow manual inspection, difficult manual reinforcement and the like, the speed and the efficiency of automatic reinforcement are improved, the defect of manual reinforcement is overcome through configuration hidden danger of the automatic reinforcement, and a host and a server are improved;
the scope of the automatic reinforcing system is enlarged:
on the basis of supporting windows operation and ubuntu operation systems, developing automatic reinforcement templates of other operation systems, wherein the safety reinforcement range not only covers the configuration requirements of Linux systems such as the concretio pan, the ubuntu, the redhat and the centos4, but also supports assets such as database plug-ins, network equipment and safety equipment;
and developing a function extension module:
on the basis of the grade protection configuration template, a national network configuration baseline template is added, so that the safety reinforcement effect is improved;
the upgrading function of the hoisting equipment is as follows:
adding an off-line upgrading mode on the basis of the original on-line upgrading, and expanding the use scene of the hatching product;
product implementation and maintainability improvement:
the system has the capacity of large-scale use and implementation after productization and later-stage autonomous operation and maintenance of users.
And (4) function support:
and (3) risk analysis:
the portable network security configuration checking and reinforcing device supports omnibearing high-risk configuration scanning, and through a security risk calculation method, security vulnerabilities in multiple aspects in a network system are uniformly analyzed and risk evaluated, overall security state evaluation is given, and security risks of an electric power monitoring system are comprehensively mastered;
merging and promoting a security management process:
safety management is not only technology, but also more important is that safety vulnerability risks are controlled through a flow system, many companies make a safety flow system, safety accidents still occur, personnel play a key role in the execution of the flow system, how to integrate the management flow, and the promotion of the execution of the flow is the problem to be solved by safety vulnerability management products;
the safety management process system generally comprises several links such as early warning, detection, analysis management, repair, audit and the like, the system can participate in the early warning, detection, analysis management and audit links in the safety process, and safety management personnel are supervised and urged to carry out risk repair through event warning.
Scene application:
1) Supervision and inspection or small-scale network security operation and maintenance:
the portable network security configuration checking and reinforcing device is independently deployed in a small-scale network, and risk identification and reinforcement of the whole network can be realized in an IP address network access mode, so that security check of all networks is completed;
2) And (3) multi-subnet safe operation and maintenance:
for a network architecture divided into a plurality of service subnets, each subnet has risk identification requirements, a single portable network security configuration checking and reinforcing device can meet the service requirements of the plurality of subnets, the system provides a plurality of scanning ports, each scanning port can be accessed to different subnets through configuration, a firewall is not required to open rules independently, the cost is saved, and the risk is avoided.
The application field is as follows:
the portable network security configuration checking and reinforcing device is connected into the network switch in a bypass mode, is suitable for an I area and an II area of a production control area of a dispatching master station, a transformer substation and a power plant and a management information area, can be popularized to the internet area, and can be used for carrying out configuration identification and security reinforcing work on various hosts, servers and workstations.
Referring to fig. 6 to 9, in an alternative manner, the portable network security configuration checking and reinforcing device for an electric power monitoring system may include the network security configuration checking and reinforcing system, when the network security configuration checking and reinforcing system is installed and used, the network security configuration checking and reinforcing system is mainly installed on a reinforcing device body 1, an installation sliding groove 11 and a rotating groove 12 are formed in the reinforcing device body 1, and the installation sliding groove 11 is communicated with the rotating groove 12;
further comprising:
the cover plate 2 is sleeved on the outer surface of the wiring end of the reinforcing equipment body 1, is used for increasing the protection of a port when the reinforcing equipment body 1 moves or is carried, and has a dustproof effect;
two sets of connection slide bar 3, the one end fixed mounting of connecting slide bar 3 is in on the reinforcement equipment body 1, and two sets of connect 3 symmetries of slide bar and install reinforcement equipment body 1's both sides, connect slide bar 3 and be L type structure, just connect the cross-section of slide bar 3 and be square structure, the other end of connecting slide bar 3 stretches into in the installation spout 11, just the other end of connecting slide bar 3 passes through installation spout 11 with the surface sliding connection of reinforcement equipment body 1, the size of connecting the slide bar 3 other end and the size phase-match of swivelling chute 12.
Through installing cover plate 2 in the port direction at reinforcement equipment body 1, cover plate 2 can increase the partial sheltering from and the protection of port when equipment does not use, can pull out cover plate 2 when equipment uses and then upwards rotate cover plate 2 is whole again after the cover plate 2 is drawn out to the level for the port part is normally opened and is used.
When the reinforcing equipment body 1 needs to be used normally, the cover plate 2 is preferentially pulled towards the direction far away from the reinforcing equipment body 1, so that the cover plate 2 is completely separated from the surface of the reinforcing equipment body 1;
connect the slide bar 3 other end and slide to the within range of swivelling chute 12 from installation spout 11, when the other end of connecting slide bar 3 gets into in the swivelling chute 12 completely, with the complete separation between the installation spout 11, upwards rotate cover plate 2, make cover plate 2 rotate 90 back, because the interface of connecting slide bar 3 is square structure, connect slide bar 3 other end and aim at installation spout 11 once more, the level promotes cover plate 2, make cover plate 2 drive connecting slide bar 3 wholly to the direction removal of installation spout 11, the other end of connecting slide bar 3 gets into installation spout 11 once more and slides, provide support for opening of 1 port part of reinforcement equipment body.
The reinforced device body 1 is provided with a connecting groove 13, the connecting groove 13 is communicated with the mounting groove 11, and the reinforced device body further comprises a contraction mechanism 4, the contraction mechanism 4 comprises a contraction spring 41, a contraction sliding plate 42 and a supporting rotating shaft 43, one end of the contraction spring 41 is passed through the connecting groove 13 and fixedly mounted on the reinforced device body 1, the other end of the contraction spring 41 is fixedly mounted with the contraction sliding plate 42, the contraction sliding plate 42 is passed through the connecting groove 13 and the mounting groove 11 are slidably connected with the reinforced device body 1, the supporting rotating shaft 43 is fixedly mounted on the contraction sliding plate 42, and the other end of the connecting sliding rod 3 is rotatably mounted on the supporting rotating shaft 43.
The contraction mechanism 4 provides elastic contraction acting force for installation of the connecting sliding rod 3, so that the cover plate 2 can be stably contracted on the reinforcing equipment body 1 when not being adjusted, and the stability of the cover plate 2 when being adjusted to different use states is maintained.
In optional mode, the cover plate 2 is provided with two sets ofly, two sets of 2 symmetries of cover plate are installed the both sides of reinforcement equipment body 1, and two sets of the cover plate 2 with connection structure between the reinforcement equipment body 1 is the same for shrink the protection to port part and operation interface part, improve equipment prevents mistake and touches the performance, when two sets of cover plates 2 all rotate downwards and open, can provide the support of supplementary lifting for reinforcement equipment body 1, increase the clearance between reinforcement equipment body 1 and the installation table surface on the one hand, radiating efficiency when can effectual improvement equipment operating condition.
In another optional manner, the power monitoring system portable network security configuration checking hardened device may not include the network security configuration checking hardened system. The portable network security configuration of the power monitoring system checks elements formed by the reinforcing equipment, and the shielding and protection effects of the port part when the equipment is not used can be increased.
Compared with the related art, the portable network security configuration checking and reinforcing equipment of the power monitoring system provided by the invention has the following beneficial effects:
the system can carry out configuration check and risk discovery on a direct connection host, a server, network equipment, safety equipment and the like, can efficiently and comprehensively detect configuration risks of various systems, provides professional and effective safety analysis and repair suggestions, carries out safety reinforcement on the existing configuration risks, automatically plugs high-risk ports, automatically configures password strategies, account strategies, file authorities, system services and log audit, avoids network safety events such as illegal external connection and high-risk port access of the system, and improves the safety protection level of the power monitoring system.
The above description is only an embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.
Claims (10)
1. A portable network security configuration checking and reinforcing device for a power monitoring system is characterized by comprising:
the network security configuration checking and reinforcing system comprises a basic platform layer, a system service layer, a system core layer, a system access layer, an upgrading system and a certificate system, wherein the basic platform layer provides support for the system service layer, the system service layer provides support for the system core layer, the system core layer provides support for the system access layer, the system access layer provides support for data interaction and access for the network security configuration checking and reinforcing system, the upgrading system provides upgrading support for the system service layer and the system core layer, and the certificate system provides system resource certificate information for the system service layer and the system core layer.
2. The portable network security configuration checking and reinforcing device for the power monitoring system according to claim 1, wherein the base platform layer comprises a dedicated hardware platform and a base software platform, and the dedicated hardware platform is used for installing a system core hardware device and providing support for running of the system.
3. The portable network security configuration check reinforcement device for the power monitoring system according to claim 2, wherein the basic software platform comprises an operating system, a file system, a hard disk encryption and decryption, an application encryption and decryption, an input and output encryption and decryption, an IPv4/IPv6 network service, a built-in database, a Web service, and a program running environment.
4. The portable network security configuration check reinforcement device for power monitoring systems of claim 3, wherein the system service layer comprises a data processing engine and a system service engine, wherein the data processing engine is a data interface inside the system and provides database access, data caching and data synchronization.
5. The portable network security configuration checking and reinforcing device for the power monitoring system according to claim 4, wherein the data processing engine shields details of database system operation, reduces connection of databases, optimizes access to databases, caches frequently used and computationally complex data, centralizes logic for processing data, and reduces maintenance workload of other functional modules.
6. The portable network security configuration check reinforcement device for power monitoring systems according to claim 5, wherein the system service engine is a functional interface inside the system, and provides a task data import and export function.
7. The portable network security configuration checking and reinforcing device for power monitoring systems of claim 6, wherein the system service engine decouples foreground operation and background operation, and the background function runs in a specific authority, thereby increasing the security of the system.
8. The portable network security configuration check reinforcement device for the power monitoring system according to claim 7, wherein the system kernel is a kernel of a product, provides most competitive functions including host discovery, service identification, operating system identification, and weak password detection, and further comprises a Web scan engine, a vulnerability scan engine, and a configuration check engine, which are used for configuration check and configuration verification of the system, and add extensible modules and plug-ins.
9. The portable network security configuration checking and reinforcing device for power monitoring system of claim 8, wherein the system core layer further includes a report engine, a scheduling engine and a state engine, the report engine is a core processing module for report display and can provide HTML, WORD, EXCEL, PDF and XML in various report formats, the scheduling engine is a coordination center for scanning work, and may detect types and priorities of tasks according to different user operations, such as tasks executed immediately, tasks executed regularly and tasks executed periodically, and perform configuration checking and password guessing, and the state engine is a coordination center for system state and mainly includes system resource state information, authorization certificate information of the system, BDB configuration items, task execution progress information and upgrade progress information.
10. The portable network security configuration checking and reinforcing device for the power monitoring system according to claim 9, wherein the system access layer comprises a Web management interface, a console and a data interface, a user accesses the Web management interface through a browser, accesses the console through a serial port, and performs a data interaction mode through the data interface, and the data interface comprises a third party platform management data interface and an SNMP Trap.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210899081.8A CN115277204A (en) | 2022-07-28 | 2022-07-28 | Portable network security configuration of electric power monitored control system checks reinforced apparatus |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210899081.8A CN115277204A (en) | 2022-07-28 | 2022-07-28 | Portable network security configuration of electric power monitored control system checks reinforced apparatus |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115277204A true CN115277204A (en) | 2022-11-01 |
Family
ID=83771252
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210899081.8A Pending CN115277204A (en) | 2022-07-28 | 2022-07-28 | Portable network security configuration of electric power monitored control system checks reinforced apparatus |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115277204A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115941326A (en) * | 2022-12-07 | 2023-04-07 | 贵州电网有限责任公司 | Background monitor reinforcement method |
| CN116257266A (en) * | 2022-11-22 | 2023-06-13 | 浙江御安信息技术有限公司 | Automatic safety reinforcement method and equipment for Linux system host |
| CN116723123A (en) * | 2023-07-13 | 2023-09-08 | 浙江齐安信息科技有限公司 | Method, terminal and storage medium for checking and managing safety configuration of industrial control host |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102306258A (en) * | 2011-09-23 | 2012-01-04 | 国网电力科学研究院 | UNIX host safety configuration auditing method based on configurable knowledge base |
| CN105119750A (en) * | 2015-09-08 | 2015-12-02 | 南京联成科技发展有限公司 | Distributed information security operation and maintenance management platform based on massive data |
| CN108600260A (en) * | 2018-05-09 | 2018-09-28 | 国家计算机网络与信息安全管理中心 | A kind of industry Internet of Things security configuration check method |
| CN109040037A (en) * | 2018-07-20 | 2018-12-18 | 南京方恒信息技术有限公司 | A kind of safety auditing system based on strategy and rule |
| CN109327471A (en) * | 2018-11-29 | 2019-02-12 | 广东电网有限责任公司信息中心 | A kind of loophole discovery and verifying implementation method of meeting an urgent need |
| CN110575641A (en) * | 2018-06-09 | 2019-12-17 | 智慧式有限公司 | Indoor intelligent fire-fighting product integrated fire control and safety guarantee system |
| CN212256204U (en) * | 2020-07-13 | 2020-12-29 | 山东海联讯信息科技有限公司 | Big data storage server |
| CN112591289A (en) * | 2020-12-17 | 2021-04-02 | 安徽文香信息技术有限公司 | Self-adaptive transportation device and method for intelligent blackboard transportation |
| CN113591096A (en) * | 2021-08-10 | 2021-11-02 | 北京凌云信安科技有限公司 | Vulnerability scanning system for comprehensively detecting big data bugs and unsafe configurations |
| CN216647847U (en) * | 2021-08-24 | 2022-05-31 | 成都太焱科技有限公司 | Information storage equipment for big data acquisition |
-
2022
- 2022-07-28 CN CN202210899081.8A patent/CN115277204A/en active Pending
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102306258A (en) * | 2011-09-23 | 2012-01-04 | 国网电力科学研究院 | UNIX host safety configuration auditing method based on configurable knowledge base |
| CN105119750A (en) * | 2015-09-08 | 2015-12-02 | 南京联成科技发展有限公司 | Distributed information security operation and maintenance management platform based on massive data |
| CN108600260A (en) * | 2018-05-09 | 2018-09-28 | 国家计算机网络与信息安全管理中心 | A kind of industry Internet of Things security configuration check method |
| CN110575641A (en) * | 2018-06-09 | 2019-12-17 | 智慧式有限公司 | Indoor intelligent fire-fighting product integrated fire control and safety guarantee system |
| CN109040037A (en) * | 2018-07-20 | 2018-12-18 | 南京方恒信息技术有限公司 | A kind of safety auditing system based on strategy and rule |
| CN109327471A (en) * | 2018-11-29 | 2019-02-12 | 广东电网有限责任公司信息中心 | A kind of loophole discovery and verifying implementation method of meeting an urgent need |
| CN212256204U (en) * | 2020-07-13 | 2020-12-29 | 山东海联讯信息科技有限公司 | Big data storage server |
| CN112591289A (en) * | 2020-12-17 | 2021-04-02 | 安徽文香信息技术有限公司 | Self-adaptive transportation device and method for intelligent blackboard transportation |
| CN113591096A (en) * | 2021-08-10 | 2021-11-02 | 北京凌云信安科技有限公司 | Vulnerability scanning system for comprehensively detecting big data bugs and unsafe configurations |
| CN216647847U (en) * | 2021-08-24 | 2022-05-31 | 成都太焱科技有限公司 | Information storage equipment for big data acquisition |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116257266A (en) * | 2022-11-22 | 2023-06-13 | 浙江御安信息技术有限公司 | Automatic safety reinforcement method and equipment for Linux system host |
| CN115941326A (en) * | 2022-12-07 | 2023-04-07 | 贵州电网有限责任公司 | Background monitor reinforcement method |
| CN116723123A (en) * | 2023-07-13 | 2023-09-08 | 浙江齐安信息科技有限公司 | Method, terminal and storage medium for checking and managing safety configuration of industrial control host |
| CN116723123B (en) * | 2023-07-13 | 2024-03-08 | 浙江齐安信息科技有限公司 | Method, terminal and storage medium for checking and managing safety configuration of industrial control host |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN115277204A (en) | Portable network security configuration of electric power monitored control system checks reinforced apparatus | |
| CN109995138B (en) | Misoperation-preventive locking management system and overhauling isolation locking management method for transformer substation | |
| CN106462137B (en) | System and method for ensureing industrial control system | |
| CN105139139A (en) | Data processing method, device and system for operation and maintenance audit | |
| CN104270467B (en) | A kind of virtual machine management-control method for mixed cloud | |
| CN109583711B (en) | Safety risk assessment overall process management system | |
| CN106656987A (en) | Computer information security management system | |
| CN106375134A (en) | Computer room IT device operation and maintenance method and system | |
| CN112799358A (en) | Industrial control safety defense system | |
| CN110350664A (en) | A kind of electric power monitoring system main station simulation system | |
| CN111832027A (en) | Network intrusion safety early warning system based on cloud computing | |
| CN106790270A (en) | A kind of safety system of cloud operating system | |
| CN202363972U (en) | Remote operation and maintenance platform of substation secondary system | |
| CN114625074A (en) | Safety protection system and method for DCS (distributed control System) of thermal power generating unit | |
| CN113965355A (en) | SOC-based illegal IP (Internet protocol) provincial network plugging method and device | |
| CN104240137A (en) | Intelligent management method for electrical equipment | |
| CN101488203A (en) | Method and system for real-time browsing production technique document in production field | |
| CN104915762A (en) | Safe control method and platform based on electrical secondary system of nuclear power station | |
| CN202904322U (en) | Network type operation ticket system | |
| CN100367230C (en) | Action control method based on LSM programme | |
| CN114844676A (en) | Network security threat emergency disposal system and method for power monitoring system | |
| CN108011749B (en) | Auditing method for debugging configuration information of transformer substation debugging management and control device | |
| CN103778696A (en) | System and method for preventing electric equipment from incorrect operation | |
| CN117240763A (en) | Comprehensive debugging platform for switch | |
| CN110580761A (en) | high-speed railway business turn over net operation management system and be used for intelligent lock of this system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |