CN115695044A - IT asset safety control platform and management method - Google Patents

IT asset safety control platform and management method Download PDF

Info

Publication number
CN115695044A
CN115695044A CN202211517250.3A CN202211517250A CN115695044A CN 115695044 A CN115695044 A CN 115695044A CN 202211517250 A CN202211517250 A CN 202211517250A CN 115695044 A CN115695044 A CN 115695044A
Authority
CN
China
Prior art keywords
data
asset
asset data
vulnerability
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202211517250.3A
Other languages
Chinese (zh)
Other versions
CN115695044B (en
Inventor
田钺
张克贤
汪浩
李文科
孔庆波
王益彰
缪新萍
周泽元
孙收余
董若烟
杨承南
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guizhou Power Grid Co Ltd
Original Assignee
Guizhou Power Grid Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guizhou Power Grid Co Ltd filed Critical Guizhou Power Grid Co Ltd
Priority to CN202211517250.3A priority Critical patent/CN115695044B/en
Publication of CN115695044A publication Critical patent/CN115695044A/en
Application granted granted Critical
Publication of CN115695044B publication Critical patent/CN115695044B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention discloses an IT asset safety control platform, which is characterized in that: the platform comprises an external link service module, a data verification module, an identity verification module, a data storage module, a data supervision module and a platform management and control module; the external link service module is connected with an external service port to perform IT asset data synchronization; the data verification module is used for verifying the data source of the input IT asset data; the identity authentication module is used for operating and controlling authentication login information; the data storage module is used for storing IT asset data in a distributed mode; the data supervision module is used for carrying out safety screening on IT asset data; the platform management and control module is used for making and executing platform operation rules, abnormal data screening rules, abnormal data processing strategies and data distributed storage rules; the invention has simple structure, easy deployment and simple asset management steps, and can realize the unified management and dynamic monitoring of IT asset data.

Description

IT asset safety control platform and management method
Technical Field
The invention belongs to the technical field of internet, and particularly relates to an IT asset safety control platform and a management method.
Background
With the wide application of computer network technology, the degree of dependence of government departments, enterprises and public institutions and the like on information systems is increasingly enhanced, especially in power system management, the amount of generated IT asset information is large, data is huge, and the IT asset data contains a large amount of important content. In the traditional IT asset management, the system architecture is complex, the deployment is difficult, the asset management steps are complicated, and the unified management and dynamic monitoring of the IT assets are difficult to realize.
Disclosure of Invention
The technical problem to be solved by the invention is as follows: the IT asset safety management and control platform and the management method are provided to solve the technical problems that the traditional IT asset management is complex in system architecture, difficult to deploy, complex in asset management steps, difficult to realize unified management and dynamic monitoring of IT assets and the like.
The technical scheme of the invention is as follows:
an IT asset safety control platform comprises an external link business module, a data verification module, an identity verification module, a data storage module, a data supervision module and a platform control module;
the external link service module is configured to be connected with an external service port to carry out IT asset data synchronization;
the data verification module is configured to perform data source verification on the input IT asset data;
the identity authentication module is configured to authenticate login information for operation management and control;
the data storage module is configured for distributed storage of IT asset data;
the data supervision module is configured to perform security screening on IT asset data;
the platform management and control module is configured to make and execute platform operation rules, abnormal data screening rules, abnormal data processing strategies and data distributed storage rules.
The external link business module is also configured to perform unified formatting processing on the IT asset data imported from the external business port, acquire the IT asset data in the JSON data format and perform packaging compression.
The data verification module is further configured to perform data source analysis and checking and abnormal data preliminary screening on the IT asset data in the JSON data format after unified formatting processing, match a data source analysis result with an IP address corresponding to a butted external service port, perform ID labeling on the IT asset data without data abnormality after screening based on an abnormal data screening rule, wherein the ID includes data receiving time, a data source IP address and content classification corresponding to the IT asset data, and the external link service module packs and compresses the IT asset data and the ID corresponding to the IT asset data.
The data storage module classifies and stores the IT asset data based on a data distributed storage rule, and stores each IT asset data in a storage space in a distributed mode, wherein the storage space comprises computer-readable storage media and/or block chain storage nodes in a plurality of storage servers.
And when the data source analysis checks, sending a series of TCP and UDP data packets to the external service port, receiving a response data packet returned by the external service port, detecting each data item in the response data packet, comparing with a preset port identity data set, and acquiring the IP address and the operating system type of the external service port according to the comparison result.
The identity verification module verifies and collects personnel information of the login platform, the personnel information comprises identity information, department information and identity levels, IT asset data contents viewed by the personnel based on the platform are collected, the IT asset data contents comprise IT asset data types and IT asset data levels, and login time, the collected personnel information and the viewed IT asset data contents are generated into corresponding safe browsing logs to be stored.
The data supervision module is also configured to monitor the IT asset data content viewed and retrieved by the personnel based on the identity level of the personnel logging in the platform, and send out alarm information and generate an alarm log when the IT asset data content which does not correspond to the identity level of the personnel is retrieved for multiple times.
The data supervision module regularly screens the IT asset data stored in the data storage module according to a screening period based on an abnormal data screening rule, wherein the abnormal data screening rule comprises a data storage time node, a last safety screening time node and a data change condition; and processing the IT asset data stored in the data storage module based on an abnormal data processing strategy, wherein the abnormal data processing strategy comprises the steps of cleaning the IT asset data with an earlier data storage time node or updating the storage time node of the IT asset data according to the IT asset life cycle, extracting the IT asset data with the time difference between the last security screening time and the current security screening time larger than the screening cycle and giving an alarm, extracting the IT asset data with unsuccessful matching when extracting and comparing the characteristic contents before and after change based on the data change condition and giving an alarm, and the data change comprises the steps of deleting and increasing the data through a platform by personnel and tampering the IT asset data in a security event.
The data administration module is further configured to perform vulnerability discovery on the IT asset data, the vulnerability discovery including:
vulnerability scanning: traversing and matching the IT asset data based on a preset vulnerability screening rule to find the vulnerability in the IT asset data, extracting the IT asset data and giving an alarm when the existing vulnerability is found, repairing the vulnerability of the IT asset data based on the vulnerability repairing rule, and packaging the IT asset data and a vulnerability repairing log and returning the IT asset data and the vulnerability repairing log to an original storage position for storage when the repeated scanning is carried out and the vulnerability is not found any more;
POC scanning: traversing vulnerability attack testing is carried out on IT asset data based on a preset vulnerability attack code, when attack succeeds, the IT asset data is extracted and an alarm is given, vulnerabilities of the IT asset data are repaired based on vulnerability repair rules, and after repeated attack testing is carried out and attack success does not occur any more, the IT asset data and vulnerability repair logs are packaged and then returned to an original storage position for storage;
nessus scanning: traversing and scanning IT asset data based on Nessus scanning, extracting the IT asset data and giving an alarm when finding a bug, repairing the bug of the IT asset data based on a bug repairing rule, and packaging the IT asset data and a bug repairing log and returning the packaged IT asset data and the bug repairing log to an original storage position for storage when repeated scanning does not occur any more and the bug is not found;
weak password scanning: traversing and matching the IT asset data based on a preset weak password dictionary, repairing the vulnerability of the IT asset data based on vulnerability repairing rules when the exposed weak password of an IT asset application program is matched, and packaging the IT asset data and a vulnerability repairing log and returning the IT asset data and the vulnerability repairing log to an original storage position for storage when the exposed weak password is not generated after repeated scanning.
The application also discloses an IT asset safety management method applied to the IT asset safety management and control platform, which comprises the following steps:
platform management: formulating a platform operation rule, an abnormal data screening rule, an abnormal data processing strategy and a data distributed storage rule;
acquiring data: a worker logs in a platform to import data or performs data interaction with an external service port by adopting an external link service module to realize IT asset data uploading, and performs uniform formatting processing on the imported IT asset data to obtain the IT asset data in a JSON data format;
primary screening of data: the data verification module verifies a data source of the input IT asset data and performs data exception preliminary screening on the input IT asset data based on an exception data processing strategy, wherein the exception data processing strategy comprises any one of vulnerability scanning, POC scanning, nessus scanning and weak password scanning;
data storage: the data verification module carries out ID labeling on the IT asset data which passes through the data primary screening, the ID comprises data receiving time, a data source IP address and content classification corresponding to the IT asset data, the external link business module packs and compresses the IT asset data and the ID corresponding to the IT asset data, the data storage module carries out classified storage on the IT asset data based on a data distributed storage rule, each IT asset data is stored in a storage space in a distributed mode, and the storage space comprises computer readable storage media and/or block chain storage nodes in a plurality of storage servers;
data supervision: the data supervision module regularly carries out security screening and vulnerability discovery on IT asset data stored in the data storage module according to a screening period based on an abnormal data screening rule, wherein the vulnerability discovery comprises one or more of vulnerability scanning, POC scanning, nessus scanning and weak password scanning, the vulnerability scanning comprises traversing and matching the IT asset data based on a preset vulnerability screening rule to discover vulnerabilities existing in the IT asset data, when the existing vulnerabilities are discovered, the IT asset data are extracted and alarmed, the vulnerabilities of the IT asset data are repaired based on a vulnerability repair rule, and when the vulnerabilities are repeatedly scanned and no longer discovered, the IT asset data and a vulnerability repair log are packaged and then returned to an original storage position for storage; the POC scanning comprises the steps of performing traversal vulnerability attack testing on IT asset data based on a preset vulnerability attack code, extracting the IT asset data and giving an alarm when attack is successful, repairing the vulnerability of the IT asset data based on a vulnerability repair rule, and packaging the IT asset data and a vulnerability repair log and returning the IT asset data and the vulnerability repair log to an original storage position for storage when attack is not successful after repeated attack testing; the Nessus scanning comprises traversing and scanning IT asset data based on the Nessus scanning, extracting the IT asset data and giving an alarm when finding a bug, repairing the bug of the IT asset data based on a bug repairing rule, and packaging the IT asset data and a bug repairing log and returning the packaged IT asset data and the bug repairing log to an original storage position for storage when repeated scanning does not occur any more and the bug is not found; the weak password scanning comprises traversing and matching IT asset data based on a preset weak password dictionary, repairing the vulnerability of the IT asset data based on vulnerability repairing rules when the weak password exposed by an IT asset application program is matched, and packaging the IT asset data and a vulnerability repairing log and returning the IT asset data and the vulnerability repairing log to an original storage position for storage when the exposed weak password is not generated after repeated scanning;
operation supervision: the identity authentication module acquires the personnel information of the login platform, supervises the operation content of the personnel and gives an alarm when abnormality occurs.
The invention has the beneficial effects that:
according to the invention, data source analysis and check and abnormal data preliminary screening are carried out on the IT asset data imported into the platform in a data preliminary screening mode, so that preliminary data security detection is completed in the first step of importing the IT asset data into the platform, and the situation that large-area data security threats are caused when unsafe data with attacking means and the like enter a database is avoided. During storage, the IT asset data are stored in a distributed mode, and the problems that data are slow to call and check due to the fact that a large amount of data are stored in one server, and data safety supervision and execution are difficult are solved.
In daily data supervision, a data supervision module regularly monitors IT asset data stored in a data storage module according to an abnormal data screening rule and an abnormal data processing strategy, dynamic safety management is achieved, and the situation that the safety of the whole data storage module is threatened due to data abnormality in the long-term storage, called and checked processes is avoided.
The platform provided by the invention has the advantages of simple structure, easiness in deployment and simple asset management steps, and can realize unified management and dynamic monitoring of IT asset data.
Drawings
FIG. 1 is a schematic diagram of the platform of the present invention.
Detailed Description
An IT asset safety management and control platform comprises an external link business module, a data verification module, an identity verification module, a data storage module, a data supervision module and a platform management and control module.
The platform management and control module is configured to make and execute platform operation rules, abnormal data screening rules, abnormal data processing strategies and data distributed storage rules.
The external link business module is configured to be connected with an external business port to synchronize IT asset data, and is also configured to perform unified formatting processing on the IT asset data imported by the external business port, acquire the IT asset data in the JSON data format and perform packing compression.
The data verification module is configured to verify a data source of input IT asset data, perform data source analysis and check and abnormal data preliminary screening on the IT asset data in the JSON data format after unified formatting processing, perform ID labeling on the IT asset data without data abnormality after a data source analysis result is matched with an IP address corresponding to a butted external service port and screening based on an abnormal data screening rule, wherein the ID comprises data receiving time, a data source IP address and content classification corresponding to the IT asset data, and pack and compress the IT asset data and the ID corresponding to the IT asset data when the external link service module packs.
The identity verification module is configured to verify login information to conduct operation management and control, and specifically, the identity verification module verifies and collects personnel information of a login platform, the personnel information comprises identity information, department information and identity levels, IT asset data content viewed by a person based on the platform is collected, the IT asset data content comprises an IT asset data type and an IT asset data level, and login time, the collected personnel information and the viewed IT asset data content are generated into corresponding safety browsing logs to be stored.
The data storage module is configured to store the IT asset data in a distributed manner, specifically, the IT asset data is stored in a classified manner based on a data distributed storage rule, and each IT asset data is stored in a storage space in a distributed manner, wherein the storage space comprises computer-readable storage media and/or block chain storage nodes in a plurality of storage servers. And when the data source analysis checks, sending a series of TCP and UDP data packets to the external service port, receiving a response data packet returned by the external service port, detecting each data item in the response data packet, comparing with a preset port identity data set, and acquiring the IP address and the operating system type of the external service port according to the comparison result.
The data monitoring module is configured to perform security screening on the IT asset data, and specifically, the data monitoring module performs security screening on the IT asset data stored in the data storage module periodically according to a screening period based on an abnormal data screening rule, where the abnormal data screening rule includes a data storage time node, a last security screening time node, and a data change condition; and processing the IT asset data stored in the data storage module based on an abnormal data processing strategy, wherein the abnormal data processing strategy comprises the steps of cleaning the IT asset data with an earlier data storage time node or updating the storage time node of the IT asset data according to the IT asset life cycle, extracting the IT asset data with the time difference between the last security screening time and the current security screening time larger than the screening cycle and giving an alarm, extracting the IT asset data with unsuccessful matching when extracting and comparing the characteristic contents before and after change based on the data change condition and giving an alarm, and the data change comprises the steps of deleting and increasing the data through a platform by personnel and tampering the IT asset data in a security event. Furthermore, the data supervision module is also configured to monitor the IT asset data content viewed and retrieved by the personnel based on the identity level of the personnel logging in the platform, and send out alarm information and generate an alarm log when the IT asset data content which does not correspond to the identity level of the personnel is retrieved for multiple times.
In this embodiment, the data administration module is further configured to perform vulnerability discovery on the IT asset data, where the vulnerability discovery includes:
vulnerability scanning: traversing and matching the IT asset data based on a preset vulnerability screening rule to find the vulnerability in the IT asset data, extracting the IT asset data and giving an alarm when the existing vulnerability is found, repairing the vulnerability of the IT asset data based on the vulnerability repairing rule, and packaging the IT asset data and a vulnerability repairing log and returning the IT asset data and the vulnerability repairing log to an original storage position for storage when the repeated scanning is carried out and the vulnerability is not found any more;
POC scanning: traversing vulnerability attack testing is carried out on IT asset data based on a preset vulnerability attack code, when attack succeeds, the IT asset data is extracted and an alarm is given, vulnerabilities of the IT asset data are repaired based on vulnerability repair rules, and after repeated attack testing is carried out and attack success does not occur any more, the IT asset data and vulnerability repair logs are packaged and then returned to an original storage position for storage;
nessus scanning: traversing and scanning IT asset data based on Nessus scanning, extracting the IT asset data and giving an alarm when finding a bug, repairing the bug of the IT asset data based on a bug repairing rule, and packaging the IT asset data and a bug repairing log and returning the packaged IT asset data and the bug repairing log to an original storage position for storage when repeated scanning does not occur any more and the bug is not found;
weak password scanning: traversing and matching the IT asset data based on a preset weak password dictionary, repairing the vulnerability of the IT asset data based on vulnerability repair rules when the exposed weak password of an IT asset application program is matched, and packaging the IT asset data and a vulnerability repair log and returning the packaged IT asset data and vulnerability repair log to an original storage position for storage when the exposed weak password does not appear any more after repeated scanning.
On the system architecture of the platform, corresponding to the above modules, the whole system architecture can be divided into a data display layer with functions of data security display, asset management operation, data linkage analysis, policy management operation, task management operation, risk management operation, report management and the like, and a security service layer which provides overall data security management and control and comprises functional modules of asset management, policy management, unified API, data risk analysis, data full-life cycle management, data security operation and maintenance, integration with other security platforms and the like, and correspondingly, an external link business module, a data verification module and an identity verification module are integrated in the data display layer, and a data storage module, a data supervision module and a platform management and control module are integrated in the security service layer.
Specifically, in the detailed functions, the data security display means that the data security display should provide functional views such as data asset situation, data risk situation, user behavior representation, operation and maintenance visualization, abnormal operation, abnormal access, unauthorized access, high-frequency access, data consanguinity and the like. The asset management operation refers to providing a global data asset management view, providing multi-dimensional data asset statistical analysis and graphic and image presentation, and realizing presentation of data assets in a category level, a security domain, an application and other dimensional modes. The data linkage analysis refers to providing data security check and policy query functions and providing overall security policy list display. Providing a strategy behavior template base line and providing a function of analyzing and matching the strategy. And formulating a special inspection analysis strategy according to the current service requirement, freely combining inspection strategy templates according to the special inspection requirement, performing data linkage analysis according to the inspection templates, and generating a corresponding analysis report according to an analysis result. The strategy management operation refers to that strategy management capacity is called in a combined mode, and an upper-layer panoramic strategy management module is provided. Task management operation refers to a task API based on a platform, data security management and control task scheduling management is provided, and a task state statistical analysis module is provided according to dimensions such as security components and time. The risk management operation refers to analyzing data events, flow directions, blood vessels and sensitive data leakage risks and providing a global data security risk monitoring and management module based on a data security risk strategy. The report management refers to calling a security component log based on a report unified API, carrying out normalization and integration on information, and providing a comprehensive and multidimensional report according to requirements. The asset management refers to that a data management standard suitable for a power grid is formulated according to the data safety law (draft) and the characteristics of power grid data, and the application assets and the data assets of the whole power grid are visually managed through a specific classification and classification method.
Further, in the specific implementation of asset management, there are specifically: asset overview-a cascaded data asset ledger is established and the storage locations of the data are presented in a visual manner. Providing multi-dimensional data asset statistical analysis and graphic and image presentation, and realizing presentation of data assets in a category level, a security domain, an application and other dimensional modes; and the classification and grading platform classifies and grades the data types according to the existing data types of the power grid company, so that classification and grading are realized according to the types of the sensitive data. The data classification is mainly a view for classified and classified display of current data. The data can be independently displayed aiming at the unstructured data and the structured data. The unstructured data can display the type of a system in which the data are stored, provide chart display, provide data field display for the unstructured data according to a hierarchical classification strategy, and visually display the using times of the unstructured data in the hierarchical classification strategy. The method can display the data classification levels of the unstructured data respectively, can provide various pictures for proportion display, can sort the classified and classified data with higher proportion and classification level data, and can visually know the classification view of the unstructured data. The structured data can display the type of a database system stored in the data and provide chart display, and the structured data can be displayed in a data domain according to a hierarchical classification strategy, so that the use times of the structured data in the hierarchical classification strategy can be visually displayed. The hierarchical data display method has the advantages that the hierarchical data display method can display the hierarchical classification levels of the data of the structure respectively, can provide various pictures for proportional display, can sort the classified and hierarchical data with higher proportion, and can visually know the classified hierarchical view of the structured data; the asset identification-platform determines the factors of a service area, a service system, an owner, a manager, a user and the like of the data asset while realizing discovery and import of the data asset, so that the safety management responsibility of the data asset is clarified; the asset positioning-platform generates a data asset list, records the state of the current data asset in detail, including a service area, a service system, an IP address, a library instance name, a resource type, a service name and the like, and can realize accurate positioning of the data asset. Data indexing-in order to conveniently inquire data asset information, realize data asset quick positioning, the platform establishes the metadata ledger to the data asset, supports efficient data asset inquiry.
The policy management refers to an important module serving as a data security management and control means, and includes data tags, application tags, user tags, tag classification, policy issuing, policy confirmation, service component policies, capability component policies, management and control component policies, and the like. The data risk analysis means that the data risk monitoring management is mainly used for monitoring and managing the global data risk, and comprises data event analysis, data risk analysis and data flow direction analysis. The data event analysis refers to counting according to the data asset events, graphically displaying the proportion of the data asset events of various levels and types, and selecting different display contents according to the data asset events of different levels and types, wherein the display contents comprise asset names, event time and the like. The data risk trend refers to providing a data security risk trend function, classifying and counting data security events, displaying the data security events in a graph, displaying the data security events according to different time dimensions, selectively displaying the data security events according to different event types, and distinguishing colors according to event occurrence intervals, so that the data security event risk is rapidly judged. Data flow analysis refers to data flow analysis for establishing an access relationship view of data assets and accounts. The invocation of the data asset can be exposed by the time and path of account access and can be selected according to a time range. And a global data asset flow direction display is established, a data path used by a certain data asset or a certain account can be highlighted, so that a business process that the account uses data is rapidly positioned, and a corresponding safety alarm can be given when abnormal access occurs. Full lifecycle management refers to providing full lifecycle security monitoring capabilities based on data acquisition, data transmission, and the like. Data security operation refers to providing operation and maintenance security supervision capabilities for both structured and unstructured.
Meanwhile, the system architecture can be integrated with other security platforms, for example, a data presentation layer of the platform is in butt joint integration with an information security operation monitoring and early warning system (IOS), and is in interconnection and intercommunication with data such as data security risks, data access analysis, data security policies and the like, and unified API integration is performed; through the management integration with a company headquarter data asset platform, the metadata information, the data classification grading information, the data attribution information, the data distribution information, the data account information, the sensitive data identification information, the data volume and other information on the data asset platform management are synchronously acquired, and basic data are provided for the data security management and control; the system is integrated with a company unified password service platform, and key authentication information, key management information, data certificate information, identification key information and the like are synchronized, so that the problem of intrusion caused by password leakage is solved; the user identity is subjected to unified authentication management by integrating with a company 4A platform and inheriting functions of unified account numbers, organizations, role authorization, single sign-on and the like.
Finally, the embodiment also discloses an IT asset security management method based on the above IT asset security management and control platform, which includes the following steps:
platform management: formulating a platform operation rule, an abnormal data screening rule, an abnormal data processing strategy and a data distributed storage rule;
acquiring data: a worker logs in a platform to import data or performs data interaction with an external service port by adopting an external link service module to realize IT asset data uploading, and performs uniform formatting processing on the imported IT asset data to obtain the IT asset data in a JSON data format;
primary screening of data: the data verification module verifies a data source of the input IT asset data and performs data exception preliminary screening on the input IT asset data based on an exception data processing strategy, wherein the exception data processing strategy comprises any one of vulnerability scanning, POC scanning, nessus scanning and weak password scanning;
data storage: the data verification module carries out ID labeling on the IT asset data which passes through the data primary screening, the ID comprises data receiving time, a data source IP address and content classification corresponding to the IT asset data, the external link business module packs and compresses the IT asset data and the ID corresponding to the IT asset data, the data storage module carries out classified storage on the IT asset data based on a data distributed storage rule, each IT asset data is stored in a storage space in a distributed mode, and the storage space comprises computer readable storage media and/or block chain storage nodes in a plurality of storage servers;
data supervision: the data supervision module regularly carries out security screening and vulnerability discovery on IT asset data stored in the data storage module according to a screening period based on an abnormal data screening rule, wherein the vulnerability discovery comprises one or more of vulnerability scanning, POC scanning, nessus scanning and weak password scanning, the vulnerability scanning comprises traversing and matching the IT asset data based on a preset vulnerability screening rule to discover vulnerabilities existing in the IT asset data, when the existing vulnerabilities are discovered, the IT asset data are extracted and alarmed, the vulnerabilities of the IT asset data are repaired based on a vulnerability repair rule, and when the vulnerabilities are repeatedly scanned and no longer discovered, the IT asset data and a vulnerability repair log are packaged and then returned to an original storage position for storage; the POC scanning comprises the steps of performing traversal vulnerability attack testing on IT asset data based on a preset vulnerability attack code, extracting the IT asset data and giving an alarm when attack is successful, repairing the vulnerability of the IT asset data based on a vulnerability repair rule, and packaging the IT asset data and a vulnerability repair log and returning the IT asset data and the vulnerability repair log to an original storage position for storage when attack is not successful after repeated attack testing; the Nessus scanning comprises traversing and scanning IT asset data based on the Nessus scanning, extracting the IT asset data and giving an alarm when finding a bug, repairing the bug of the IT asset data based on a bug repairing rule, and packaging the IT asset data and a bug repairing log and returning the packaged IT asset data and the bug repairing log to an original storage position for storage when repeated scanning does not occur any more and the bug is not found; the weak password scanning comprises traversing and matching IT asset data based on a preset weak password dictionary, repairing the vulnerability of the IT asset data based on vulnerability repair rules when the exposed weak password of an IT asset application program is matched, and packaging the IT asset data and a vulnerability repair log and returning the packaged IT asset data and vulnerability repair log to an original storage position for storage when the exposed weak password does not appear any more after repeated scanning;
operation supervision: the identity authentication module acquires the personnel information of the login platform, supervises the operation content of the personnel and gives an alarm when abnormality occurs.
In the embodiments provided in the present application, it should be understood that the disclosed platform and method may be implemented in other ways. For example, the above-described embodiments of a platform architecture or system architecture are merely illustrative, and for example, the division of the units is merely a logical division, and there may be other divisions when actually implemented, for example, multiple units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.

Claims (10)

1. The utility model provides a IT asset safety management and control platform which characterized in that: the platform comprises an external link service module, a data verification module, an identity verification module, a data storage module, a data supervision module and a platform management and control module;
the external link service module is connected with an external service port to perform IT asset data synchronization;
the data verification module is used for verifying the data source of the input IT asset data;
the identity authentication module is used for operating and controlling authentication login information;
the data storage module is used for storing IT asset data in a distributed mode;
the data supervision module is used for carrying out safety screening on IT asset data;
the platform management and control module is used for making and executing platform operation rules, abnormal data screening rules, abnormal data processing strategies and data distributed storage rules.
2. The IT asset security management and control platform of claim 1, wherein: the external link business module is also configured to perform unified formatting processing on the IT asset data imported from the external business port, acquire the IT asset data in the JSON data format and perform packing compression.
3. The IT asset security management and control platform of claim 2, wherein: the data verification module is also configured to perform data source analysis and check and abnormal data preliminary screening on the IT asset data in the JSON data format after unified formatting processing, match a data source analysis result with an IP address corresponding to a butted external service port, perform ID labeling on the IT asset data without data abnormality after screening based on an abnormal data screening rule, wherein the ID comprises data receiving time, a data source IP address and content classification corresponding to the IT asset data, and the external link service module packs and compresses the IT asset data and the ID corresponding to the IT asset data.
4. The IT asset security management and control platform of claim 1, wherein: the data storage module classifies and stores the IT asset data based on a data distributed storage rule, and stores each IT asset data in a storage space in a distributed manner, wherein the storage space comprises computer readable storage media, block chain storage nodes or readable storage media and block chain storage nodes in more than one storage server.
5. The IT asset security management and control platform of claim 3, wherein: when the data source analysis checks, a series of TCP and UDP data packets are sent to the external service port, response data packets returned by the external service port are received, each data item in the response data packets is detected and compared with a preset port identity data set, and the IP address and the operating system type of the external service port are obtained according to the comparison result.
6. The IT asset security management and control platform of claim 1, wherein: the identity verification module verifies and collects personnel information of the login platform, the personnel information comprises identity information, department information and identity levels, IT asset data contents viewed by the personnel based on the platform are collected, the IT asset data contents comprise IT asset data types and IT asset data levels, and login time, the collected personnel information and the viewed IT asset data contents are generated into corresponding safe browsing logs to be stored.
7. The IT asset security management and control platform of claim 6, wherein: the data supervision module is also configured to monitor the checked and retrieved IT asset data content based on the identity level of the personnel logging in the platform, and send out alarm information and generate an alarm log when the IT asset data content which does not correspond to the identity level is retrieved more than once.
8. The IT asset security management and control platform of claim 1, wherein: the data supervision module regularly screens the IT asset data stored in the data storage module according to a screening period based on an abnormal data screening rule, wherein the abnormal data screening rule comprises a data storage time node, a last safety screening time node and a data change condition; and processing the IT asset data stored in the data storage module based on an abnormal data processing strategy, wherein the abnormal data processing strategy comprises the steps of cleaning the IT asset data with an earlier data storage time node or updating the storage time node of the IT asset data according to the IT asset life cycle, extracting the IT asset data with the time difference between the last security screening time and the current security screening time larger than the screening cycle and giving an alarm, extracting the IT asset data which are unsuccessfully matched when extracting and comparing the characteristic contents before and after the change based on the data change condition and giving an alarm, and the data change comprises the steps of deleting and increasing the data through a platform and tampering the IT asset data which are appeared in the security event.
9. The IT asset security management and control platform of claim 1, wherein: the data administration module is further configured to perform vulnerability discovery on the IT asset data, the vulnerability discovery including:
vulnerability scanning: traversing and matching the IT asset data based on a preset vulnerability screening rule to find the vulnerability in the IT asset data, extracting the IT asset data and giving an alarm when the existing vulnerability is found, repairing the vulnerability of the IT asset data based on the vulnerability repairing rule, and packaging the IT asset data and the vulnerability repairing log and returning the IT asset data and the vulnerability repairing log to an original storage position for storage when repeated scanning is carried out and the vulnerability is not found any more;
POC scanning: traversing vulnerability attack testing is carried out on IT asset data based on a preset vulnerability attack code, when attack succeeds, the IT asset data is extracted and an alarm is given, vulnerabilities of the IT asset data are repaired based on vulnerability repair rules, and after repeated attack testing is carried out and attack success does not occur any more, the IT asset data and vulnerability repair logs are packaged and then returned to an original storage position for storage;
nessus scanning: traversing and scanning IT asset data based on Nessus scanning, extracting the IT asset data and giving an alarm when finding a bug, repairing the bug of the IT asset data based on a bug repairing rule, and packaging the IT asset data and a bug repairing log and returning the packaged IT asset data and the bug repairing log to an original storage position for storage when repeated scanning does not occur any more and the bug is not found;
weak password scanning: traversing and matching the IT asset data based on a preset weak password dictionary, repairing the vulnerability of the IT asset data based on vulnerability repairing rules when the exposed weak password of an IT asset application program is matched, and packaging the IT asset data and a vulnerability repairing log and returning the IT asset data and the vulnerability repairing log to an original storage position for storage when the exposed weak password is not generated after repeated scanning.
10. The IT asset security management method of the IT asset security management and control platform according to any one of claims 1 to 9, comprising the steps of:
platform management: making a platform operation rule, an abnormal data screening rule, an abnormal data processing strategy and a data distributed storage rule;
acquiring data: a worker logs in a platform to import data or performs data interaction with an external service port by adopting an external link service module to realize IT asset data uploading, and performs uniform formatting processing on the imported IT asset data to obtain the IT asset data in a JSON data format;
primary screening of data: the data verification module verifies a data source of the input IT asset data and performs data exception preliminary screening on the input IT asset data based on an exception data processing strategy, wherein the exception data processing strategy comprises any one of vulnerability scanning, POC scanning, nessus scanning and weak password scanning;
data storage: the data verification module carries out ID labeling on the IT asset data which passes through the data primary screening, the ID comprises data receiving time, a data source IP address and content classification corresponding to the IT asset data, the external link business module packs and compresses the IT asset data and the ID corresponding to the IT asset data, the data storage module carries out classified storage on the IT asset data based on a data distributed storage rule, each IT asset data is stored in a storage space in a distributed mode, and the storage space comprises computer readable storage media and/or block chain storage nodes in a plurality of storage servers;
data supervision: the data supervision module regularly carries out security screening and vulnerability discovery on IT asset data stored in the data storage module according to a screening period based on an abnormal data screening rule, wherein the vulnerability discovery comprises one or more of vulnerability scanning, POC scanning, nessus scanning and weak password scanning, the vulnerability scanning comprises traversing and matching the IT asset data based on a preset vulnerability screening rule to discover vulnerabilities existing in the IT asset data, when the existing vulnerabilities are discovered, the IT asset data are extracted and alarmed, the vulnerabilities of the IT asset data are repaired based on a vulnerability repair rule, and when the vulnerabilities are repeatedly scanned and no longer discovered, the IT asset data and a vulnerability repair log are packaged and then returned to an original storage position for storage; the POC scanning comprises the steps of performing traversal vulnerability attack testing on IT asset data based on a preset vulnerability attack code, extracting the IT asset data and giving an alarm when attack is successful, repairing the vulnerability of the IT asset data based on a vulnerability repair rule, and packaging the IT asset data and a vulnerability repair log and returning the IT asset data and the vulnerability repair log to an original storage position for storage when attack is not successful after repeated attack testing; nessus scanning comprises traversing and scanning IT asset data based on Nessus scanning, extracting the IT asset data and giving an alarm when finding a bug, repairing the bug of the IT asset data based on a bug repairing rule, packaging the IT asset data and a bug repairing log and returning the packaged IT asset data and bug repairing log to an original storage position for storage when repeated scanning does not occur any more; the weak password scanning comprises traversing and matching IT asset data based on a preset weak password dictionary, repairing the vulnerability of the IT asset data based on vulnerability repair rules when the exposed weak password of an IT asset application program is matched, and packaging the IT asset data and a vulnerability repair log and returning the packaged IT asset data and vulnerability repair log to an original storage position for storage when the exposed weak password does not appear any more after repeated scanning;
operation supervision: the identity authentication module acquires the personnel information of the login platform, supervises the operation content of the personnel and gives an alarm when abnormality occurs.
CN202211517250.3A 2022-11-29 2022-11-29 IT asset security management and control platform and management method Active CN115695044B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211517250.3A CN115695044B (en) 2022-11-29 2022-11-29 IT asset security management and control platform and management method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211517250.3A CN115695044B (en) 2022-11-29 2022-11-29 IT asset security management and control platform and management method

Publications (2)

Publication Number Publication Date
CN115695044A true CN115695044A (en) 2023-02-03
CN115695044B CN115695044B (en) 2024-07-12

Family

ID=85056543

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211517250.3A Active CN115695044B (en) 2022-11-29 2022-11-29 IT asset security management and control platform and management method

Country Status (1)

Country Link
CN (1) CN115695044B (en)

Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120304248A1 (en) * 2009-10-13 2012-11-29 Provance Technologies, Inc. Method and system for information technology asset management
CN105119750A (en) * 2015-09-08 2015-12-02 南京联成科技发展有限公司 Distributed information security operation and maintenance management platform based on massive data
CN106888194A (en) * 2015-12-16 2017-06-23 国家电网公司 Intelligent grid IT assets security monitoring systems based on distributed scheduling
CN108933754A (en) * 2017-05-19 2018-12-04 南京骏腾信息技术有限公司 Method for managing security based on the analysis of IT asset risk
CN109525427A (en) * 2018-11-12 2019-03-26 广东省信息安全测评中心 Distributed assets information detection method and system
KR20190119239A (en) * 2018-04-05 2019-10-22 주식회사 비즈프렌즈 Apparatus and method for managing IT security risk
KR20200041182A (en) * 2018-10-11 2020-04-21 제노테크주식회사 It asset management system using distributed ledger technology and method thereof
CN111586033A (en) * 2020-03-07 2020-08-25 浙江齐治科技股份有限公司 Asset data middle platform of data center
CN112883414A (en) * 2021-01-21 2021-06-01 贵州电网有限责任公司 IT asset management and renovation platform
CN112883413A (en) * 2021-01-21 2021-06-01 贵州电网有限责任公司 Intelligent management method for IT asset data in power grid enterprise
CN114153920A (en) * 2021-11-19 2022-03-08 国家电投集团新疆能源化工有限责任公司 Big data edge platform and method
CN114866315A (en) * 2022-04-29 2022-08-05 广州市昊恒信息科技有限公司 Digital safety management method for IT assets
CN115378734A (en) * 2022-10-11 2022-11-22 北京珞安科技有限责任公司 Vulnerability screening system and method based on industrial firewall

Patent Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120304248A1 (en) * 2009-10-13 2012-11-29 Provance Technologies, Inc. Method and system for information technology asset management
CN105119750A (en) * 2015-09-08 2015-12-02 南京联成科技发展有限公司 Distributed information security operation and maintenance management platform based on massive data
CN106888194A (en) * 2015-12-16 2017-06-23 国家电网公司 Intelligent grid IT assets security monitoring systems based on distributed scheduling
CN108933754A (en) * 2017-05-19 2018-12-04 南京骏腾信息技术有限公司 Method for managing security based on the analysis of IT asset risk
KR20190119239A (en) * 2018-04-05 2019-10-22 주식회사 비즈프렌즈 Apparatus and method for managing IT security risk
KR20200041182A (en) * 2018-10-11 2020-04-21 제노테크주식회사 It asset management system using distributed ledger technology and method thereof
CN109525427A (en) * 2018-11-12 2019-03-26 广东省信息安全测评中心 Distributed assets information detection method and system
CN111586033A (en) * 2020-03-07 2020-08-25 浙江齐治科技股份有限公司 Asset data middle platform of data center
CN112883414A (en) * 2021-01-21 2021-06-01 贵州电网有限责任公司 IT asset management and renovation platform
CN112883413A (en) * 2021-01-21 2021-06-01 贵州电网有限责任公司 Intelligent management method for IT asset data in power grid enterprise
CN114153920A (en) * 2021-11-19 2022-03-08 国家电投集团新疆能源化工有限责任公司 Big data edge platform and method
CN114866315A (en) * 2022-04-29 2022-08-05 广州市昊恒信息科技有限公司 Digital safety management method for IT assets
CN115378734A (en) * 2022-10-11 2022-11-22 北京珞安科技有限责任公司 Vulnerability screening system and method based on industrial firewall

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
V. C. WIJAYA等: ""A web-based IT Asset Management application using Fuzzy Logic in vendor selection process"", 《 2013 INTERNATIONAL CONFERENCE ON COMPUTER, CONTROL, INFORMATICS AND ITS APPLICATIONS (IC3INA)》, 22 May 2014 (2014-05-22) *
王红凯;郑生军;郭龙华;刘昀;: "海量数据下分布式IT资产安全监测系统", 信息网络安全, no. 02, 10 February 2016 (2016-02-10) *

Also Published As

Publication number Publication date
CN115695044B (en) 2024-07-12

Similar Documents

Publication Publication Date Title
CN106411578B (en) A kind of web publishing system and method being adapted to power industry
CN107835982B (en) Method and apparatus for managing security in a computer network
CN103026345B (en) For the dynamic multidimensional pattern of event monitoring priority
CN113486351A (en) Civil aviation air traffic control network safety detection early warning platform
US10140453B1 (en) Vulnerability management using taxonomy-based normalization
TW550913B (en) System and method for assessing the security posture of a network
WO2021017614A1 (en) Threat intelligence data collection and processing method and system, apparatus, and storage medium
US10027711B2 (en) Situational intelligence
Bryant et al. Improving SIEM alert metadata aggregation with a novel kill-chain based classification model
CN114372286A (en) Data security management method and device, computer equipment and storage medium
CN105812200B (en) Anomaly detection method and device
Singh et al. An approach to understand the end user behavior through log analysis
CN111274276A (en) Operation auditing method and device, electronic equipment and computer-readable storage medium
JP2002318734A (en) Method and system for processing communication log
CN113034028A (en) Responsibility traceability confirmation system
CN113709170A (en) Asset safe operation system, method and device
CN114329498A (en) Data center operation and maintenance safety management and control method and device
CN114491670A (en) Water pump remote quality detection technology based on Internet of things electronic evidence chain
US20230396640A1 (en) Security event management system and associated method
Miloslavskaya Information security management in SOCs and SICs
Dorigo Security information and event management
CN111078783A (en) Data management visualization method based on supervision and protection
Li et al. The research on network security visualization key technology
CN115695044B (en) IT asset security management and control platform and management method
Azmi Bin Mustafa Sulaiman et al. SIEM Network Behaviour Monitoring Framework using Deep Learning Approach for Campus Network Infrastructure

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant