CN115314276A - Security check management system, method and terminal equipment - Google Patents

Security check management system, method and terminal equipment Download PDF

Info

Publication number
CN115314276A
CN115314276A CN202210925403.1A CN202210925403A CN115314276A CN 115314276 A CN115314276 A CN 115314276A CN 202210925403 A CN202210925403 A CN 202210925403A CN 115314276 A CN115314276 A CN 115314276A
Authority
CN
China
Prior art keywords
vulnerability
data
module
host
target
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210925403.1A
Other languages
Chinese (zh)
Other versions
CN115314276B (en
Inventor
黄梅芬
姜科
刘伟旭
林建庭
曾竹
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xiamen International Bank Co ltd
Original Assignee
Xiamen International Bank Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xiamen International Bank Co ltd filed Critical Xiamen International Bank Co ltd
Priority to CN202210925403.1A priority Critical patent/CN115314276B/en
Publication of CN115314276A publication Critical patent/CN115314276A/en
Application granted granted Critical
Publication of CN115314276B publication Critical patent/CN115314276B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/0823Configuration setting characterised by the purposes of a change of settings, e.g. optimising configuration for enhancing reliability
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention provides a safety check management system, a method and a terminal device, wherein the system comprises: the system comprises a basic data layer, a data processing layer and an interactive display layer; the basic data layer comprises a vulnerability information module, a security test module, a manual entry module, a cloud module, an IT service management module and a scanner; the data processing layer comprises a data storage module and a data processing and analyzing module; the interactive display layer comprises an asset management module, a vulnerability management module, a risk management module and a vulnerability identification module. Based on the vulnerability management module, the risk management module, the vulnerability identification module and the scanner, the vulnerability condition discovered in the security check such as online security test, periodic security scanning, penetration test and the like can be effectively summarized and displayed, the security test vulnerability repair condition is tracked in time, the lifecycle management flow of the vulnerability is established, and the security detection management efficiency is effectively improved.

Description

Security check management system, method and terminal equipment
Technical Field
The present invention relates to the field of network security technologies, and in particular, to a security check management system, a security check management method, and a terminal device.
Background
With the advent of the network security law, the national emphasis on network security is becoming more and more important, and the breadth and depth of various network security inspection work is also expanding. The security inspection of the information security administration organization, which is mainly implemented by the information security level protection system, and the security inspection work of the key fields and key information infrastructures, which are mainly held by the industry and network trust departments, gradually become the standardized inspection of the implementation of the careful organization of each enterprise unit.
Various security checks, such as security tests, periodic vulnerability scans, permeability tests and the like, are developed by each enterprise unit for network security, and currently, the security risks discovered by each enterprise for various security checks are handled in a follow-up manner in a manual manner, so that the management efficiency of the security checks is reduced.
Disclosure of Invention
The embodiment of the invention aims to provide a security check management system, a security check management method and terminal equipment, and aims to solve the problem of low management efficiency of the existing security check.
The embodiment of the present invention is implemented as follows, and a security check management system includes: the system comprises a basic data layer, a data processing layer and an interactive display layer;
the basic data layer comprises a vulnerability information module, a safety test module, a manual entry module, a cloud end module, an IT service management module and a scanner, wherein the vulnerability information module is used for acquiring information of vulnerabilities, the safety test module is used for carrying out safety test on a host and a system in a target enterprise, and the manual entry module is used for manually entering vulnerability data;
the data processing layer comprises a data storage module and a data processing and analyzing module;
the interactive display layer comprises an asset management module, a vulnerability management module, a risk management module and a vulnerability identification module, wherein the asset management module is used for acquiring asset data of a target enterprise, associating systems and personnel in the asset data to generate a system personnel association table, the vulnerability management module is used for acquiring and managing vulnerability data, the vulnerability identification module is used for identifying vulnerabilities in the vulnerability data, and the risk management module is used for carrying out risk analysis on vulnerabilities in the vulnerability data.
Still further, the risk management module is further configured to:
acquiring weak password data of each host in the target enterprise, and sending a weak password prompt to the target enterprise according to the weak password data and the system personnel association table;
acquiring vulnerability data of each host and each system in the target system to obtain network vulnerability data, and associating the network vulnerability data with the system personnel association table;
and carrying out vulnerability analysis on the target enterprise according to the network vulnerability data, and sending vulnerability reminding to target managers according to vulnerability analysis results.
Further, the vulnerability management module is further configured to:
acquiring a vulnerability list of vulnerability detection in intrusion detection equipment, wherein the vulnerability list comprises risk names, influence applications, risk types, discovery time, vulnerability information and host ip of all vulnerabilities, and the intrusion detection equipment is used for carrying out vulnerability detection on network real-time connection and files of all hosts;
the scanner is further used for scanning vulnerabilities of the hosts and the systems to obtain scanning vulnerability data, and the scanning vulnerability data comprises vulnerability grades, vulnerability names, vulnerability positions, vulnerability types, vulnerability states and repairing time of the vulnerabilities;
an application security detection system in the security test module performs vulnerability detection on applications in each host to obtain application vulnerability data, wherein the application vulnerability data comprises vulnerability grades, vulnerability names, application names, vulnerability types, detection times and vulnerability states of various vulnerabilities;
the security testing module is also used for carrying out security testing before each system is online to obtain system bug data, and the system bug data comprises a system name, a system development room, a bug grade, a bug name, a bug quantity, a bug state and repair time corresponding to each bug;
the security testing module is further used for performing penetration testing on each system to obtain penetration vulnerability data, and the penetration vulnerability data comprises a domain name, a system name, a vulnerability grade, a repair condition, repair time and discovery time corresponding to each vulnerability;
wherein the network vulnerability data includes the vulnerability list, the application vulnerability data, the system vulnerability data, and the penetration vulnerability data.
Furthermore, the data processing and analyzing module is further configured to:
respectively obtaining the vulnerability number of each vulnerability type in the network vulnerability data, and generating a vulnerability type graph according to the vulnerability number of each vulnerability type, wherein the vulnerability type graph is used for representing the proportion of the vulnerability number among the vulnerability types;
respectively obtaining the vulnerability number of each vulnerability grade in the network vulnerability data, and generating a vulnerability grade graph according to the vulnerability number of each vulnerability grade, wherein the vulnerability grade graph is used for representing the proportion of the vulnerability number between each vulnerability grade;
respectively acquiring the number of newly added bugs, the number of repaired bugs, the total number of bugs and the number of unrepaired bugs in a preset time length every day according to the network bug data;
respectively drawing quantity change images according to the number of newly added bugs, the number of repaired bugs, the total number of bugs and the number of unrepaired bugs every day to obtain newly added bug images, repaired bug images, bug total number images and unrepaired bug images corresponding to every day;
and respectively querying system names corresponding to the vulnerabilities in the network vulnerability data, and drawing a system vulnerability graph according to the number of the queried system names, wherein the system vulnerability graph is used for representing the proportion of the number of holes among the systems.
Still further, the risk management module is further configured to:
determining a target vulnerability type according to the vulnerability type graph, and determining a target vulnerability grade according to the vulnerability grade graph;
determining a maximum newly added date and a minimum newly added date according to the newly added bug image, and determining a maximum repairing date and a minimum repairing date according to the repairing bug image;
determining a maximum vulnerability date and a minimum vulnerability date according to the total vulnerability image, and determining a maximum unrepaired date and a minimum unrepaired date according to the unrepaired vulnerability image;
determining a target system according to the system vulnerability map, and generating vulnerability reminding information according to the target vulnerability type, the target vulnerability grade, the maximum newly increased date, the minimum newly increased date, the maximum repairing date, the minimum repairing date, the maximum vulnerability date, the minimum un-repairing date and the target system;
and sending the vulnerability reminding information to the target management personnel for vulnerability reminding.
Still further, the asset management module is further configured to:
respectively acquiring the name and the host ip of each host in the target enterprise to obtain the host data;
respectively acquiring the name, system grade, system type, system administrator, development administrator and department information of each system in the target enterprise to obtain the system data;
and according to the host ip of each host, associating each host with the corresponding system by name, system level, system type, system administrator, development administrator and department information to obtain the system personnel association table.
Still further, the risk management module is further configured to:
respectively inquiring the user name, the account state, the weak password type, the number of unmodified days of the password and the host ip corresponding to each weak password in the weak password data;
matching the host ip of each weak password with the host ip in the system personnel association table, and determining target prompt personnel according to the matched system administrator, development administrator and department information;
and generating password prompt information according to the user name, the account state, the weak password type, the number of unmodified days of the password and the host ip of each weak password, and sending the password prompt information to the target prompt personnel corresponding to each weak password.
Further, the vulnerability identification module is further configured to:
respectively determining the number and the type of each object to be displayed according to the asset data, wherein the object to be displayed comprises a host, a system, a port service, a software application, a web site, a database application, a jar package, an installation package and/or a web frame;
and respectively generating an information display diagram of each object to be displayed according to the number and the type of each object to be displayed, wherein the information display diagram is used for representing the occupation ratio and/or the number sequence between different types of objects in the corresponding objects to be displayed.
Another objective of an embodiment of the present invention is to provide a security check management method, where the method includes:
acquiring asset data of a target enterprise, associating a system in the asset data with personnel, and generating a system personnel association table, wherein the asset data comprises host data and system data;
acquiring weak password data of each host in the target enterprise, and sending a weak password prompt to the target enterprise according to the weak password data and the system personnel association table;
acquiring vulnerability data of each host and each system in the target system to obtain network vulnerability data, and associating the network vulnerability data with the system personnel association table;
and carrying out vulnerability analysis on the target enterprise according to the network vulnerability data, and sending vulnerability reminding to target managers according to vulnerability analysis results.
It is another object of the embodiments of the present invention to provide a terminal device, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, and when the processor executes the computer program, the steps of the method are implemented.
According to the embodiment of the invention, based on the asset management module, the uniform collection management of asset information is realized, basic asset data is provided for vulnerability response, the rapid asset positioning is realized, the response time is prolonged, and meanwhile, a data basis is provided for safety protection strategy adjustment.
Drawings
Fig. 1 is a schematic structural diagram of a security check management system according to a first embodiment of the present invention;
FIG. 2 is a flowchart of a security check management method according to a second embodiment of the present invention;
fig. 3 is a flowchart of a security check management method according to a third embodiment of the present invention;
fig. 4 is a schematic structural diagram of a terminal device according to a fourth embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
In order to illustrate the technical means of the present invention, the following description is given by way of specific examples.
Example one
Referring to fig. 1, a schematic structural diagram of a security check management system 100 according to a first embodiment of the present invention is shown, including: basic data layer 10, data processing layer 11 and interaction display layer 12, wherein:
the basic data layer 10 comprises a vulnerability information module 101, a security test module 102, a manual entry module 103, a cloud module 104, an IT service management module 105 and a scanner 106, wherein the vulnerability information module 101 is used for acquiring information of vulnerabilities, the security test module 102 is used for performing security tests on a host and a system in a target enterprise, and the manual entry module 103 is used for manually entering vulnerability data.
The data processing layer 11 comprises a data storage module 111 and a data processing and analyzing module 112; the interactive display layer 12 comprises an asset management module 131, a vulnerability management module 132, a risk management module 133 and a vulnerability identification module 134, wherein the asset management module 131 is used for acquiring asset data of a target enterprise, associating systems and personnel in the asset data to generate a System personnel association table, specifically, in the asset management module 131, an api interface, syslog and other modes are firstly adopted to acquire an asset list of the target enterprise from Host-based Intrusion Detection equipment (HIDS), an IT service management (itsm System) and other basic information based on all systems, mainly acquiring port services, software applications, web sites, database applications, jar package information, installation package information, web frames and other information of all systems, and then associating the System names, the System managers and the development personnel through the Host, providing basic data for vulnerability response, realizing rapid asset location and asset response time improvement; and meanwhile, data basis is provided for safety protection strategy adjustment.
In this embodiment, the vulnerability management module 132 is configured to obtain and manage vulnerability data, the vulnerability identification module 134 is configured to identify vulnerabilities in the vulnerability data, and the risk management module 133 is configured to perform risk analysis on vulnerabilities in the vulnerability data.
Further, the data processing and analyzing module 112 is configured to perform statistical analysis on all asset data acquired by the asset management module 131, output approximate distribution conditions of the existing hosts, the system quantity, the port services, the software applications, the web sites, the database applications, the jar packages, the installation packages, the web frameworks, and the like of the enterprise, and display the quantity and the proportion of top 10, so that the approximate distribution conditions of the existing assets can be visually seen.
Preferably, in this embodiment, the risk management module 133 is further configured to: the method comprises the steps of obtaining weak password data of each host in a target enterprise, and sending weak password reminding to the target enterprise according to the weak password data and a system personnel association table, wherein the weak password means a hacking machine which is easy to become, so that the method is particularly important for paying attention to weak password conditions of the enterprise, when the obtained weak password data of the enterprise can count the number of weak passwords existing in the enterprise, common weak password passwords, types of the existing weak passwords and the like can be found, corresponding account numbers can be found, relevant personnel can be timely notified to modify the passwords, the relevant personnel can be timely found and notified to modify the passwords, and loss caused by the weak passwords can be greatly reduced.
Acquiring vulnerability data of each host and each system in a target system to obtain network vulnerability data, and associating the network vulnerability data with a system personnel association table;
and performing vulnerability analysis on the target enterprise according to the network vulnerability data, and sending vulnerability alerts to target managers according to vulnerability analysis results, wherein the target managers can set according to the requirements of the target enterprise, for example, the target managers can set as security managers or corresponding department responsible persons in the target enterprise.
Further, the vulnerability management module 132 is further configured to: acquiring a vulnerability list of vulnerability detection in the intrusion detection equipment, wherein the vulnerability list comprises risk names, influence applications, risk types, discovery time, vulnerability information and host ip of all vulnerabilities, and the intrusion detection equipment is used for carrying out vulnerability detection on network real-time connection and files of all hosts;
the scanner 106 is further configured to perform vulnerability scanning on each host and each system to obtain scanning vulnerability data, where the scanning vulnerability data includes vulnerability grades, vulnerability names, vulnerability positions, vulnerability types, vulnerability states, and repair time of each vulnerability;
an application security detection system in the security test module 102 performs vulnerability detection on applications in each host to obtain application vulnerability data, wherein the application vulnerability data comprises vulnerability grades, vulnerability names, application names, vulnerability types, detection times and vulnerability states of each vulnerability;
the security testing module 102 is further configured to perform security testing (vulnerability scanning, code scanning, and web scanning) before each system is online to obtain system vulnerability data, where the system vulnerability data includes a system name, a system development room, a vulnerability class, a vulnerability name, a vulnerability number, a vulnerability state, and a repair time corresponding to each vulnerability;
the security testing module 102 is further configured to perform penetration testing on each system to obtain penetration vulnerability data, where the penetration vulnerability data includes a domain name, a system name, a vulnerability grade, a repair situation, repair time, and discovery time corresponding to each vulnerability; the network vulnerability data comprises a vulnerability list, application vulnerability data, system vulnerability data and penetration vulnerability data.
In this embodiment, the data processing and analyzing module 112 is further configured to: respectively acquiring the vulnerability number of each vulnerability type in the network vulnerability data, and generating a vulnerability type graph according to the vulnerability number of each vulnerability type, wherein the vulnerability type graph is used for representing the proportion of the vulnerability number between each vulnerability type;
respectively obtaining the quantity of the vulnerabilities of each vulnerability level in the network vulnerability data, and generating a vulnerability level graph according to the quantity of the vulnerabilities of each vulnerability level, wherein the vulnerability level graph is used for representing the proportion of the vulnerability quantity between each vulnerability level;
respectively acquiring the number of newly added bugs, the number of repaired bugs, the total number of bugs and the number of unrepaired bugs in a preset time length every day according to the network bug data;
respectively drawing quantity change images according to the number of newly added bugs, the number of repaired bugs, the total number of bugs and the number of unrepaired bugs every day to obtain newly added bug images, repaired bug images, bug total number images and unrepaired bug images corresponding to every day;
and respectively inquiring system names corresponding to the vulnerabilities in the network vulnerability data, and drawing a system vulnerability graph according to the number of the inquired system names, wherein the system vulnerability graph is used for representing the proportion of the number of holes between systems.
In this embodiment, the data processing and analyzing module 112 can remind developers in a targeted manner, so that the re-generation of conventional vulnerabilities can be avoided as much as possible during system development, the development quality of an enterprise can be integrally reflected through the hierarchical distribution of vulnerabilities, meanwhile, from the perspective of the system, the system with more vulnerabilities is analyzed, relevant systems are required to be rectified in a targeted manner, the development teams with the most vulnerabilities can be counted, and the relevant personnel are required to improve the development quality.
In addition, the risk management module 133 is further configured to: determining a target vulnerability type according to the vulnerability type graph, and determining a target vulnerability grade according to the vulnerability grade graph;
determining a maximum newly added date and a minimum newly added date according to the newly added bug images, and determining a maximum repairing date and a minimum repairing date according to the repairing bug images;
determining a maximum vulnerability date and a minimum vulnerability date according to the total vulnerability image, and determining a maximum unrepaired date and a minimum unrepaired date according to the unrepaired vulnerability image;
determining a target system according to a system vulnerability graph, and generating vulnerability reminding information according to the type of the target vulnerability, the grade of the target vulnerability, the maximum newly added date, the minimum newly added date, the maximum repairing date, the minimum repairing date, the maximum repairing date, the minimum vulnerability date, the maximum un-repairing date, the minimum un-repairing date and the target system;
and sending the vulnerability reminding information to a target manager for vulnerability reminding.
Further, the asset management module 131 is further configured to: respectively obtaining the name and the host ip of each host in a target enterprise to obtain host data;
respectively acquiring the name, system grade, system type, system administrator, development administrator and department information of each system in a target enterprise to obtain system data;
and according to the host ip of each host, associating each host with a corresponding system by name, system level, system type, system administrator, development administrator and department information to obtain a system personnel association table.
Still further, the risk management module 133 is further configured to: respectively inquiring the user name, the account state, the weak password type, the number of unmodified days of the password and the host ip corresponding to each weak password in the weak password data;
matching the host ip of each weak password with the host ip in the system personnel association table, and determining target prompt personnel according to the matched system administrator, development administrator and department information;
and generating password prompt information according to the user name, the account state, the weak password type, the number of unmodified days of the password and the host ip of each weak password, and sending the password prompt information to target prompt personnel corresponding to each weak password.
Preferably, the vulnerability identification module 134 is further configured to: respectively determining the number and the type of each object to be displayed, a host, a system, a port service, a software application, a web site, a database application, a jar package, an installation package and/or a web frame of the object to be displayed according to the asset data;
and respectively generating an information display diagram of each object to be displayed according to the number and the type of each object to be displayed, wherein the information display diagram is used for representing the occupation ratio and/or the number sequence between different types of objects in the corresponding objects to be displayed.
In the embodiment, the linkage with the scanner 106 is realized, scanning tasks can be directly added to the system, regular asset discovery tasks, vulnerability scanning tasks, vulnerability re-inspection tasks and the like can be added, automatic vulnerability detection is realized, unified collection and management of asset information are realized by acquiring information asset basic information, basic asset data are provided for vulnerability response, rapid asset positioning is realized, and response time is prolonged; meanwhile, a data basis is provided for safety protection strategy adjustment, vulnerability conditions found in safety check such as online safety test, regular safety scanning and penetration test are collected and displayed, the vulnerability repairing condition of the safety test is tracked in time, a lifecycle management flow of the vulnerability is established, an asset and vulnerability management system associates asset information with the vulnerability information, the current vulnerability risk condition of bank information assets is displayed visually, meanwhile, the use condition of software can be quickly retrieved by using an information asset view, affected information assets are accurately checked, vulnerability emergency response efficiency is improved, automatic asset risk assessment is realized by remotely invoking tools such as a vulnerability scanner 106 through an api interface, and the like, the automatic asset risk assessment comprises regular asset discovery tasks, vulnerability scanning tasks, vulnerability re-examination verification tasks and the like, a certain degree of automatic management is realized, and the detection and management efficiency of the assets and the vulnerability is improved.
Example two
Referring to fig. 2, a flowchart of a security check management method according to a second embodiment of the present invention is shown, where the security check management method can be applied to any terminal device or system, and the security check management method includes the steps of:
step S10, acquiring asset data of a target enterprise, associating a system and personnel in the asset data, and generating a system personnel association table;
the asset data comprises host data and system data, and the relationship between each host, each system and corresponding personnel can be effectively inquired by associating the system and personnel in the asset data based on the generated system personnel association table;
optionally, in this step, the acquiring asset data of the target enterprise, and associating the system in the asset data with the personnel to generate a system personnel association table includes:
respectively acquiring the name and the host ip of each host in the target enterprise to obtain the host data;
respectively acquiring the name, system grade, system type, system administrator, development administrator and department information of each system in the target enterprise to obtain the system data;
according to the host ip of each host, associating each host with a corresponding system by name, system level, system type, system administrator, development administrator and department information to obtain the system personnel association table;
the method comprises the steps of associating the host with the corresponding system according to the host ip of each host, wherein the association of the name, the system level, the system class, the system administrator, the development administrator and the department information is carried out on each host and the corresponding system based on the host ip of each host, so that the corresponding system administrator, the development administrator and the department information can be effectively inquired based on the host ip, the system name, the system level and/or the system class, and the tracking inquiry of the corresponding personnel of each host or system is facilitated.
Further, in this step, after acquiring the asset data of the target enterprise, the method further includes:
respectively determining the number and the type of each object to be displayed according to the asset data, wherein the object to be displayed comprises a host, a system, a port service, a software application, a web site, a database application, a jar package, an installation package and/or a web frame;
and respectively generating an information display diagram of each object to be displayed according to the number and the type of each object to be displayed, wherein the information display diagram is used for representing the occupation ratio and/or the number sequence between different types of objects in the corresponding objects to be displayed, and based on the information display diagram, the method is intuitively convenient for a user to view the types and the occupation ratios of a host, a system, a port service, a software application, a web site, a database application, a jar package, an installation package and/or a web frame in a target enterprise.
Step S20, weak password data of each host in the target enterprise are obtained, and a weak password prompt is sent to the target enterprise according to the weak password data and the system personnel association table;
optionally, in this step, sending a weak password reminder to the target enterprise according to the weak password data and the system personnel association table includes:
respectively inquiring the user name, the account state, the weak password type, the number of unmodified days of the password and the host ip corresponding to each weak password in the weak password data;
matching the host ip of each weak password with the host ip in the system personnel association table, and determining target prompt personnel according to the matched system administrator, development administrator and department information; respectively determining system administrators, development administrators and department information corresponding to the hosts ip of the weak passwords as target prompting personnel;
and password prompt information is generated according to the user name, the account state, the weak password type, the number of unmodified days of the password and the host ip of each weak password, and is sent to the target prompt personnel corresponding to each weak password, wherein the password prompt information is sent to the target prompt personnel corresponding to each weak password, so that the host network risk existing prompt can be effectively carried out on the corresponding system administrator, the development administrator and the administrator corresponding to department information.
Optionally, in this step, password data of each host and system in the target enterprise is obtained respectively, account names, passwords, and user information corresponding to each account in the password data are queried respectively, where the user information includes information such as a user's name, an identity card number, a phone number, and a birthday, and for each account, the corresponding account name, password, and user information are matched in pairs, and similarities between the account name and the password, between the account name and the user information, and between the password and the user information are calculated respectively, so as to obtain information similarities, where the information similarities are used to represent similarities between the corresponding account name and the password, between the account name and the user information, and between the password and the user information, and if any one of the information similarities is greater than a similarity threshold, it is determined that the password corresponding to the information similarity is a weak password, and the similarity threshold may be set as required, for example, the similarity threshold may be set to be 80%, 85%, or 90%, and the like.
Step S30, acquiring vulnerability data of each host and each system in the target system to obtain network vulnerability data, and associating the network vulnerability data with the system personnel association table;
in the method, by associating the network vulnerability data with the system personnel association table, query of managers corresponding to the network vulnerability data is effectively facilitated, and optionally, in this step, the vulnerability data of each host and each system in the target system is obtained to obtain the network vulnerability data, including:
acquiring a vulnerability list of vulnerability detection in intrusion detection equipment, wherein the vulnerability list comprises risk names, influence applications, risk types, discovery time, vulnerability information and host ip of all vulnerabilities, and the intrusion detection equipment is used for carrying out vulnerability detection on network real-time connection and files of all hosts;
acquiring scanning vulnerability data in a scanner, wherein the scanning vulnerability data comprises vulnerability grades, vulnerability names, vulnerability positions, vulnerability types, vulnerability states and repair time of all vulnerabilities, and the scanner is used for conducting vulnerability scanning on all hosts and all systems;
acquiring application vulnerability data of an application security detection system, wherein the application vulnerability data comprises vulnerability grades, vulnerability names, application names, vulnerability types, detection times and vulnerability states of all vulnerabilities, and the application security detection system is used for detecting vulnerabilities applied in all hosts;
acquiring loopholes of security testing before each system is online to obtain system loophole data, wherein the system loophole data comprises a system name, a system development room, a loophole grade, a loophole name, a loophole quantity, a loophole state and repair time corresponding to each loophole;
acquiring vulnerability data of each system penetration test to obtain penetration vulnerability data, wherein the penetration vulnerability data comprises a domain name, a system name, a vulnerability grade, a repair condition, repair time and discovery time corresponding to each vulnerability, and the network vulnerability data comprises a vulnerability list, application vulnerability data, system vulnerability data and penetration vulnerability data;
s40, analyzing the vulnerability of the target enterprise according to the network vulnerability data, and sending vulnerability reminding to target managers according to vulnerability analysis results;
the vulnerability analysis is carried out on the target enterprise through the network vulnerability data so as to analyze the security risks of all current hosts and systems in the target enterprise, output the number of the existing hosts and systems of the target enterprise, port service, software application, web sites, database application, jar packages, installation packages, web frames and the like, display the number and proportion of top 10, visually see the approximate distribution situation of the existing assets, and send vulnerability alerts to target managers through vulnerability analysis results so as to prompt users to repair and process the hosts and/or systems with high security risks.
According to the embodiment, the uniform collection and management of asset information are realized, basic asset data are provided for vulnerability response, rapid asset positioning is realized, the response time is prolonged, data basis is provided for safety protection strategy adjustment, vulnerability conditions found in safety inspection such as online safety test, periodic safety scanning and penetration test are summarized and displayed, the vulnerability repairing condition of the safety test is tracked in time, the life cycle management flow of the vulnerability is established, and the safety detection management efficiency is effectively improved.
EXAMPLE III
Referring to fig. 3, it is a flowchart of a security check management method according to a third embodiment of the present invention, which is used to further refine the step of step S40, and includes the steps of:
step S41, respectively obtaining the vulnerability number of each vulnerability type in the network vulnerability data, and generating a vulnerability type graph according to the vulnerability number of each vulnerability type;
the vulnerability type graph is used for representing the proportion of the vulnerability number among the vulnerability types, and the quantity proportion among the vulnerability types can be intuitively reflected on the basis of the vulnerability type graph, so that a user can conveniently check the proportion of the vulnerability types in a target enterprise;
step S42, respectively obtaining the vulnerability number of each vulnerability grade in the network vulnerability data, and generating a vulnerability grade graph according to the vulnerability number of each vulnerability grade;
the vulnerability level graph is used for representing the proportion of the vulnerability number among the vulnerability levels, and the quantity proportion among the vulnerability levels can be intuitively reflected on the basis of the vulnerability level graph, so that a user can conveniently check the proportion of the vulnerability levels in a target enterprise;
step S43, respectively acquiring the number of newly added bugs, the number of repaired bugs, the total number of bugs and the number of unrepaired bugs in a preset time length every day according to the network bug data;
the preset duration may be set according to a requirement, for example, the preset duration may be set to a specified half month, a quarter, a year, or the like;
step S44, respectively drawing quantity change images according to the number of newly added bugs, the number of repaired bugs, the total number of bugs and the number of unrepaired bugs every day to obtain newly added bug images, repaired bug images, total number of bugs images and unrepaired bug images corresponding to every day;
the method comprises the steps of drawing a newly-added vulnerability image, a repaired vulnerability image, a total vulnerability image and an unrepaired vulnerability image which correspond to each day, and visually reflecting the change state of the newly-added vulnerability, the change state of the repaired vulnerability, the change state of the total vulnerability and the change state of the unrepaired vulnerability of a target enterprise each day;
step S45, respectively inquiring system names corresponding to the vulnerabilities in the network vulnerability data, and drawing a system vulnerability map according to the number of the inquired system names;
wherein, the system vulnerability graph is used for representing the proportion of the number of holes between the systems, optionally, in this embodiment, sending a vulnerability prompt to a target administrator according to a vulnerability analysis result includes:
determining a target vulnerability type according to the vulnerability type graph, and determining a target vulnerability grade according to the vulnerability grade graph; the target vulnerability type and the target vulnerability grade are determined, so that a user can conveniently know the maximum number of vulnerability types and vulnerability grades in a target enterprise;
determining a maximum newly added date and a minimum newly added date according to the newly added bug image, and determining a maximum repairing date and a minimum repairing date according to the repairing bug image; the maximum new date, the minimum new date, the maximum repair date and the minimum repair date are determined, so that a user can conveniently trace the maximum new date, the minimum new date, the maximum repair time and the minimum repair time in a target enterprise;
determining a maximum vulnerability date and a minimum vulnerability date according to the total vulnerability image, and determining a maximum unrepaired date and a minimum unrepaired date according to the unrepaired vulnerability image;
determining a target system according to the system vulnerability map, and generating vulnerability reminding information according to the target vulnerability type, the target vulnerability grade, the maximum newly increased date, the minimum newly increased date, the maximum repairing date, the minimum repairing date, the maximum vulnerability date, the minimum un-repairing date and the target system;
and sending the vulnerability reminding information to the target management personnel for vulnerability reminding.
According to the embodiment, developers can be reminded in a targeted manner, the re-generation of conventional bugs is avoided as far as possible during system development, the development quality condition of an enterprise can be integrally reflected through the grade distribution of the bugs, meanwhile, from the perspective of the system, the system with more bugs is analyzed, relevant systems are required to be rectified in a targeted manner, the development teams with the most bugs can be counted, and the development quality is required to be improved by the relevant personnel.
Example four
Fig. 4 is a block diagram of a terminal device 2 according to a fourth embodiment of the present application. As shown in fig. 4, the terminal device 2 of this embodiment includes: a processor 20, a memory 21 and a computer program 22, such as a program of a security check management method, stored in said memory 21 and executable on said processor 20. The steps in the various embodiments of the security check management method described above are implemented when the computer program 22 is executed by the processor 20.
Illustratively, the computer program 22 may be divided into one or more units, which are stored in the memory 21 and executed by the processor 20 to accomplish the present application. The one or more units may be a series of computer program instruction segments capable of performing specific functions, which are used to describe the execution of the computer program 22 in the terminal device 2.
The terminal device may include, but is not limited to, a processor 20, a memory 21. Those skilled in the art will appreciate that fig. 3 is merely an example of a terminal device 2 and does not constitute a limitation of terminal device 2 and may include more or fewer components than shown, or some components may be combined, or different components, e.g., the terminal device may also include input-output devices, network access devices, buses, etc.
The above-mentioned embodiments are only used for illustrating the technical solutions of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; such modifications and substitutions do not substantially depart from the spirit and scope of the embodiments of the present application and are intended to be included within the scope of the present application.

Claims (10)

1. A security check management system, the system comprising: the system comprises a basic data layer, a data processing layer and an interactive display layer;
the basic data layer comprises a vulnerability information module, a safety test module, a manual entry module, a cloud end module, an IT service management module and a scanner, wherein the vulnerability information module is used for acquiring information of vulnerabilities, the safety test module is used for carrying out safety test on a host and a system in a target enterprise, and the manual entry module is used for manually entering vulnerability data;
the data processing layer comprises a data storage module and a data processing and analyzing module;
the interactive display layer comprises an asset management module, a vulnerability management module, a risk management module and a vulnerability identification module, wherein the asset management module is used for acquiring asset data of a target enterprise, associating systems and personnel in the asset data to generate a system personnel association table, the vulnerability management module is used for acquiring and managing vulnerability data, the vulnerability identification module is used for identifying vulnerabilities in the vulnerability data, and the risk management module is used for carrying out risk analysis on vulnerabilities in the vulnerability data.
2. The security check management system of claim 1, wherein the risk management module is further to:
acquiring weak password data of each host in the target enterprise, and sending a weak password prompt to the target enterprise according to the weak password data and the system personnel association table;
acquiring vulnerability data of each host and each system in the target system to obtain network vulnerability data, and associating the network vulnerability data with the system personnel association table;
and carrying out vulnerability analysis on the target enterprise according to the network vulnerability data, and sending vulnerability reminding to target management personnel according to vulnerability analysis results.
3. The security check management system of claim 2, wherein the vulnerability management module is further to:
acquiring a vulnerability list of vulnerability detection in an intrusion detection device, wherein the vulnerability list comprises risk names, influence applications, risk types, discovery time, vulnerability information and host ip of all vulnerabilities, and the intrusion detection device is used for carrying out vulnerability detection on network real-time connection and files of all hosts;
the scanner is further used for carrying out vulnerability scanning on each host and each system to obtain scanning vulnerability data, and the scanning vulnerability data comprises vulnerability grades, vulnerability names, vulnerability positions, vulnerability types, vulnerability states and repair time of each vulnerability;
an application security detection system in the security test module performs vulnerability detection on applications in each host to obtain application vulnerability data, wherein the application vulnerability data comprises vulnerability grades, vulnerability names, application names, vulnerability types, detection times and vulnerability states of various vulnerabilities;
the security testing module is also used for performing security testing before each system is online to obtain system vulnerability data, and the system vulnerability data comprises a system name, a system development room, a vulnerability grade, a vulnerability name, a vulnerability number, a vulnerability state and repairing time corresponding to each vulnerability;
the security testing module is further used for performing penetration testing on each system to obtain penetration vulnerability data, and the penetration vulnerability data comprises a domain name, a system name, a vulnerability grade, a repair condition, repair time and discovery time corresponding to each vulnerability;
wherein the network vulnerability data includes the vulnerability list, the application vulnerability data, the system vulnerability data, and the penetration vulnerability data.
4. The security check management system of claim 3, wherein the data processing analysis module is further to:
respectively obtaining the vulnerability number of each vulnerability type in the network vulnerability data, and generating a vulnerability type graph according to the vulnerability number of each vulnerability type, wherein the vulnerability type graph is used for representing the proportion of the vulnerability number among the vulnerability types;
respectively obtaining the vulnerability number of each vulnerability grade in the network vulnerability data, and generating a vulnerability grade graph according to the vulnerability number of each vulnerability grade, wherein the vulnerability grade graph is used for representing the proportion of the vulnerability number between each vulnerability grade;
respectively acquiring the number of newly added bugs, the number of repaired bugs, the total number of bugs and the number of unrepaired bugs in a preset time length every day according to the network bug data;
respectively drawing quantity change images according to the number of newly added bugs, the number of repaired bugs, the total number of bugs and the number of unrepaired bugs every day to obtain newly added bug images, repaired bug images, bug total number images and unrepaired bug images corresponding to every day;
and respectively inquiring system names corresponding to the vulnerabilities in the network vulnerability data, and drawing a system vulnerability graph according to the number of the inquired system names, wherein the system vulnerability graph is used for representing the proportion of the number of holes among the systems.
5. The security check management system of claim 4, wherein the risk management module is further to:
determining a target vulnerability type according to the vulnerability type graph, and determining a target vulnerability grade according to the vulnerability grade graph;
determining a maximum newly added date and a minimum newly added date according to the newly added bug image, and determining a maximum repairing date and a minimum repairing date according to the repairing bug image;
determining a maximum vulnerability date and a minimum vulnerability date according to the total vulnerability image, and determining a maximum unrepaired date and a minimum unrepaired date according to the unrepaired vulnerability image;
determining a target system according to the system vulnerability map, and generating vulnerability reminding information according to the target vulnerability type, the target vulnerability grade, the maximum newly increased date, the minimum newly increased date, the maximum repairing date, the minimum repairing date, the maximum vulnerability date, the minimum un-repairing date and the target system;
and sending the vulnerability reminding information to the target management personnel for vulnerability reminding.
6. The security check management system of claim 1, wherein the asset management module is further to:
respectively acquiring the name and the host ip of each host in the target enterprise to obtain the host data;
respectively acquiring the name, system grade, system type, system administrator, development administrator and department information of each system in the target enterprise to obtain the system data;
and according to the host ip of each host, associating each host with the corresponding system by name, system level, system type, system administrator, development administrator and department information to obtain the system personnel association table.
7. The security check management system of claim 2, wherein the risk management module is further to:
respectively inquiring the user name, the account state, the weak password type, the number of unmodified days of the password and the host ip corresponding to each weak password in the weak password data;
matching the host ip of each weak password with the host ip in the system personnel association table, and determining target prompt personnel according to the matched system administrator, development administrator and department information;
and generating password prompt information according to the user name, the account state, the weak password type, the number of unmodified days of the password and the host ip of each weak password, and sending the password prompt information to the target prompt personnel corresponding to each weak password.
8. The security check management system of any of claims 1 to 7, wherein the vulnerability identification module is further to:
respectively determining the number and the type of each object to be displayed according to the asset data, wherein the objects to be displayed comprise a host, a system, a port service, a software application, a web site, a database application, a jar package, an installation package and/or a web frame;
and respectively generating an information display diagram of each object to be displayed according to the number and the type of each object to be displayed, wherein the information display diagram is used for representing the occupation ratio and/or the number sequence between different types of objects in the corresponding objects to be displayed.
9. A security check management method, the method comprising:
acquiring asset data of a target enterprise, associating a system in the asset data with personnel, and generating a system personnel association table, wherein the asset data comprises host data and system data;
acquiring weak password data of each host in the target enterprise, and sending a weak password prompt to the target enterprise according to the weak password data and the system personnel association table;
acquiring vulnerability data of each host and each system in the target system to obtain network vulnerability data, and associating the network vulnerability data with the system personnel association table;
and carrying out vulnerability analysis on the target enterprise according to the network vulnerability data, and sending vulnerability reminding to target management personnel according to vulnerability analysis results.
10. A terminal device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, characterized in that the processor implements the steps of the method as claimed in claim 9 when executing the computer program.
CN202210925403.1A 2022-08-03 2022-08-03 Security check management system, method and terminal equipment Active CN115314276B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210925403.1A CN115314276B (en) 2022-08-03 2022-08-03 Security check management system, method and terminal equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210925403.1A CN115314276B (en) 2022-08-03 2022-08-03 Security check management system, method and terminal equipment

Publications (2)

Publication Number Publication Date
CN115314276A true CN115314276A (en) 2022-11-08
CN115314276B CN115314276B (en) 2023-07-04

Family

ID=83858876

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210925403.1A Active CN115314276B (en) 2022-08-03 2022-08-03 Security check management system, method and terminal equipment

Country Status (1)

Country Link
CN (1) CN115314276B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116760716A (en) * 2023-08-18 2023-09-15 南京天谷电气科技有限公司 Intelligent network topology management system and method for new energy station
CN117217697A (en) * 2023-09-18 2023-12-12 卫士通(广州)信息安全技术有限公司 Equipment asset vulnerability tracking management platform

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105760748A (en) * 2016-02-26 2016-07-13 北京齐尔布莱特科技有限公司 Weak password detection method and device and server
CN108712396A (en) * 2018-04-27 2018-10-26 广东省信息安全测评中心 Networked asset management and loophole governing system
CN109361518A (en) * 2018-10-16 2019-02-19 杭州安恒信息技术股份有限公司 A kind of weak passwurd detection method, device and computer readable storage medium
CN109728946A (en) * 2018-12-25 2019-05-07 北京奇安信科技有限公司 A kind of vulnerability information automatic sending method, equipment, system and medium
CN111695120A (en) * 2020-06-12 2020-09-22 公安部第三研究所 Information system safety deep threat early warning system and method
CN112000719A (en) * 2020-08-18 2020-11-27 中国建设银行股份有限公司 Data security situation awareness system, method, device and storage medium
US20210297441A1 (en) * 2020-03-18 2021-09-23 Cyberlab Inc. System and method for determining cybersecurity rating and risk scoring
CN113872831A (en) * 2021-09-28 2021-12-31 北京永信至诚科技股份有限公司 Network test visualization system and method
CN114329486A (en) * 2021-12-24 2022-04-12 中电信数智科技有限公司 Asset vulnerability management method and device, electronic equipment and storage medium

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105760748A (en) * 2016-02-26 2016-07-13 北京齐尔布莱特科技有限公司 Weak password detection method and device and server
CN108712396A (en) * 2018-04-27 2018-10-26 广东省信息安全测评中心 Networked asset management and loophole governing system
CN109361518A (en) * 2018-10-16 2019-02-19 杭州安恒信息技术股份有限公司 A kind of weak passwurd detection method, device and computer readable storage medium
CN109728946A (en) * 2018-12-25 2019-05-07 北京奇安信科技有限公司 A kind of vulnerability information automatic sending method, equipment, system and medium
US20210297441A1 (en) * 2020-03-18 2021-09-23 Cyberlab Inc. System and method for determining cybersecurity rating and risk scoring
CN111695120A (en) * 2020-06-12 2020-09-22 公安部第三研究所 Information system safety deep threat early warning system and method
CN112000719A (en) * 2020-08-18 2020-11-27 中国建设银行股份有限公司 Data security situation awareness system, method, device and storage medium
CN113872831A (en) * 2021-09-28 2021-12-31 北京永信至诚科技股份有限公司 Network test visualization system and method
CN114329486A (en) * 2021-12-24 2022-04-12 中电信数智科技有限公司 Asset vulnerability management method and device, electronic equipment and storage medium

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
王红;刘明峰;刘明;: "信息安全评估在青岛重大活动电力保障中的应用" *
祝咏升: "铁路网络安全威胁及漏洞管理平台研究" *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116760716A (en) * 2023-08-18 2023-09-15 南京天谷电气科技有限公司 Intelligent network topology management system and method for new energy station
CN116760716B (en) * 2023-08-18 2023-11-03 南京天谷电气科技有限公司 Intelligent network topology management system and method for new energy station
CN117217697A (en) * 2023-09-18 2023-12-12 卫士通(广州)信息安全技术有限公司 Equipment asset vulnerability tracking management platform

Also Published As

Publication number Publication date
CN115314276B (en) 2023-07-04

Similar Documents

Publication Publication Date Title
CN109165856B (en) Dynamic configuration method, device and storage medium of approval chain
CN115314276A (en) Security check management system, method and terminal equipment
CN103026345B (en) For the dynamic multidimensional pattern of event monitoring priority
US20100218256A1 (en) System and method of integrating and managing information system assessments
US8266701B2 (en) Systems and methods for measuring cyber based risks in an enterprise organization
US20070266420A1 (en) Privacy modeling framework for software applications
CN108632089B (en) Management method, device and equipment of test terminal and computer storage medium
CN111240994A (en) Vulnerability processing method and device, electronic equipment and readable storage medium
CN109684863B (en) Data leakage prevention method, device, equipment and storage medium
US20050131818A1 (en) Method for performing Due diligence and legal, financial and other types of audits
WO2020190309A1 (en) Method and system for managing personal digital identifiers of a user in a plurality of data elements
US20150213272A1 (en) Conjoint vulnerability identifiers
KR100898867B1 (en) System and method for enterprise it security management
US8090994B2 (en) System, method, and computer readable media for identifying a log file record in a log file
KR102304231B1 (en) compliance management support system using hierarchical structure and method therefor
CN109491733B (en) Interface display method based on visualization and related equipment
Candra et al. ISMS planning based on ISO/IEC 27001: 2013 using analytical hierarchy process at gap analysis phase (Case study: XYZ institute)
US20120151581A1 (en) Method and system for information property management
US20080270216A1 (en) System and method for standards and governance evaluation framework
Ahmadian et al. Supporting model-based privacy analysis by exploiting privacy level agreements
KR102589662B1 (en) compliance management system through automatic diagnosis of infrastructure asset threat and method therefor
CN111241547A (en) Detection method, device and system for unauthorized vulnerability
Ravenel Effective operational security metrics
JP7026921B1 (en) Diagnosis and management device for compliance with cloud security compliance
CN114428955A (en) Method and system for judging abnormal risk based on operation information and electronic equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant