CN115801620A - Terminal safety management system and method - Google Patents
Terminal safety management system and method Download PDFInfo
- Publication number
- CN115801620A CN115801620A CN202211441546.1A CN202211441546A CN115801620A CN 115801620 A CN115801620 A CN 115801620A CN 202211441546 A CN202211441546 A CN 202211441546A CN 115801620 A CN115801620 A CN 115801620A
- Authority
- CN
- China
- Prior art keywords
- network access
- access terminal
- management
- terminal
- security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 66
- 230000008569 process Effects 0.000 claims abstract description 39
- 238000012544 monitoring process Methods 0.000 claims abstract description 37
- 230000008859 change Effects 0.000 claims abstract description 19
- 238000007726 management method Methods 0.000 claims description 187
- 238000004422 calculation algorithm Methods 0.000 claims description 27
- 239000002245 particle Substances 0.000 claims description 18
- 238000012423 maintenance Methods 0.000 claims description 15
- 238000013475 authorization Methods 0.000 claims description 8
- 238000012550 audit Methods 0.000 claims description 7
- 230000007246 mechanism Effects 0.000 claims description 7
- 238000005457 optimization Methods 0.000 claims description 7
- 206010000117 Abnormal behaviour Diseases 0.000 claims description 4
- 230000000007 visual effect Effects 0.000 claims description 3
- GNFTZDOKVXKIBK-UHFFFAOYSA-N 3-(2-methoxyethoxy)benzohydrazide Chemical compound COCCOC1=CC=CC(C(=O)NN)=C1 GNFTZDOKVXKIBK-UHFFFAOYSA-N 0.000 claims description 2
- 230000006399 behavior Effects 0.000 description 38
- 238000003860 storage Methods 0.000 description 20
- 230000006870 function Effects 0.000 description 18
- 238000004590 computer program Methods 0.000 description 13
- 238000010586 diagram Methods 0.000 description 9
- 238000004891 communication Methods 0.000 description 8
- 238000012545 processing Methods 0.000 description 7
- 238000005516 engineering process Methods 0.000 description 6
- 230000002155 anti-virotic effect Effects 0.000 description 5
- 238000009434 installation Methods 0.000 description 5
- 230000006855 networking Effects 0.000 description 5
- 230000003287 optical effect Effects 0.000 description 5
- 230000008439 repair process Effects 0.000 description 5
- 238000012384 transportation and delivery Methods 0.000 description 5
- 230000002159 abnormal effect Effects 0.000 description 4
- 230000003993 interaction Effects 0.000 description 4
- 239000011159 matrix material Substances 0.000 description 4
- 230000000903 blocking effect Effects 0.000 description 3
- 206010048669 Terminal state Diseases 0.000 description 2
- 238000012098 association analyses Methods 0.000 description 2
- 230000003542 behavioural effect Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000007689 inspection Methods 0.000 description 2
- 238000013507 mapping Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000008520 organization Effects 0.000 description 2
- 238000007639 printing Methods 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 238000013519 translation Methods 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 230000009471 action Effects 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 238000013473 artificial intelligence Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 238000011217 control strategy Methods 0.000 description 1
- 238000010219 correlation analysis Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000009826 distribution Methods 0.000 description 1
- 239000011521 glass Substances 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000012804 iterative process Methods 0.000 description 1
- 238000005304 joining Methods 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 238000005259 measurement Methods 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 238000012502 risk assessment Methods 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 230000001953 sensory effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Landscapes
- Computer And Data Communications (AREA)
Abstract
The embodiment of the invention discloses a terminal safety management system and a method, wherein the system comprises: the system comprises a safety management and control module, an asset management module and an operation supervision module; the system comprises a security management and control module, a network access terminal and a network management and control module, wherein the security management and control module is used for carrying out security management on management and control elements of the network access terminal at each stage; the asset management module is used for establishing resource information of the network access terminal and carrying out change reminding when the resource information of the network access terminal changes; and the operation monitoring module is used for monitoring the network process of the network access terminal and the software installation condition of the network access terminal. The system is different from manual safety management in the prior art, can perform safety management, asset management and operation monitoring on the network access terminal in real time on line, realizes effective multi-directional real-time safety management on the network access terminal, ensures stable operation of an enterprise intranet network and an information system, ensures safety compliance of information assets, and saves labor cost.
Description
Technical Field
The invention relates to the technical field of terminal security management, in particular to a terminal security management system and a terminal security management method.
Background
With the progress of the times, the informatization degree of each company and enterprise and public institution is higher and higher, and the information and network security is more and more severe. The terminal in the enterprise is used as basic equipment for staffs to work and process data, the development and progress of the enterprise are directly influenced by the security management of the terminal, and in the operation process of the enterprise, strict regulations are provided for the security management of the terminal, such as the network connection limitation of the terminal, the downloading authority of the terminal, the replacement of software and hardware of the terminal, the terminal must be provided with corresponding security products and be in a controllable state, the terminal asset management, the terminal operation monitoring management and other security requirements.
In the terminal security management, a lot of manpower and time are required to be invested to periodically check the intranet terminal, but if a manager performs manual check, illegal operation may occur. With the development of the information era, the size of the local area network is larger and larger, the number of terminals in an enterprise is larger and larger, and how to solve the problem of terminal security management in the enterprise becomes the work key point of the enterprise. In order to meet the requirement of terminal safety management, the traditional scheme mostly adopts terminal access type and host auditing software to realize network setting of a user terminal, verifies through antivirus software setting and patch setting, and manages the terminal in modes of rectifying and modifying non-compliant terminal configuration and the like.
Disclosure of Invention
The invention provides a terminal safety management system and a terminal safety management method, which are used for realizing real-time online multi-directional safety management of a network access terminal, ensuring the stable operation of an enterprise intranet network and an informatization system and saving labor cost.
In a first aspect, this embodiment provides a terminal security management system, where the system includes: the system comprises a safety management and control module, an asset management module and an operation supervision module; wherein,
the safety management and control module is used for carrying out safety management on the management and control elements of the network access terminal at each stage;
the asset management module is used for establishing resource information of the network access terminal and carrying out change reminding when the resource information of the network access terminal changes;
and the operation monitoring module is used for monitoring the network process of the network access terminal and the software installation condition of the network access terminal.
In a second aspect, this embodiment provides a terminal security management method, where the method is executed by the terminal security management system in the first aspect, and the method includes:
the method comprises the steps that safety management is conducted on management and control elements of a network access terminal in each stage through a safety management and control module;
establishing resource information of the network access terminal through an asset management module, and carrying out change reminding when the resource information of the network access terminal changes;
and monitoring the network process of the network access terminal and the software installation condition of the network access terminal through an operation monitoring module.
The embodiment of the invention discloses a terminal safety management system and a method, wherein the system comprises: the system comprises a safety management and control module, an asset management module and an operation supervision module; the system comprises a security management and control module, a network access terminal and a network management and control module, wherein the security management and control module is used for carrying out security management on management and control elements of the network access terminal at each stage; the asset management module is used for establishing resource information of the network access terminal and carrying out change reminding when the resource information of the network access terminal changes; and the operation monitoring module is used for monitoring the network process of the network access terminal and the software installation condition of the network access terminal. The system is different from manual safety management in the prior art, can perform safety management, asset management and operation monitoring on the network access terminal in real time on line, realizes effective multi-directional real-time safety management on the network access terminal, ensures stable operation of an enterprise intranet network and an information system, ensures safety compliance of information assets, and saves labor cost.
It should be understood that the statements in this section are not intended to identify key or critical features of the embodiments of the present invention, nor are they intended to limit the scope of the invention. Other features of the present invention will become apparent from the following description.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a schematic structural diagram of a terminal security management system according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of another terminal security management system according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of another terminal security management system according to an embodiment of the present invention;
fig. 4 is a schematic flowchart of a terminal security management method according to a second embodiment of the present invention;
fig. 5 is a schematic structural diagram of an electronic device according to a third embodiment of the present invention.
Detailed Description
In order to make those skilled in the art better understand the technical solutions of the present invention, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that the terms "target," "original," and the like in the description and claims of the present invention and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the invention described herein are capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
It can be understood that, before the technical solutions of the embodiments of the present invention are used, the type, the use range, the use scene, etc. of the personal information related to the present invention should be informed to the user and authorized by the user in a proper manner according to relevant laws and regulations.
For example, in response to receiving an active request from a user, a prompt message is sent to the user to explicitly prompt the user that the requested operation to be performed would require the acquisition and use of personal information to the user. Therefore, the user can select whether to provide personal information to the software or hardware such as electronic equipment, application program, server or storage medium for executing the operation of the technical scheme of the invention according to the prompt information.
As an optional but non-limiting implementation manner, in response to receiving an active request from the user, the manner of sending the prompt information to the user may be, for example, a pop-up window, and the prompt information may be presented in a text manner in the pop-up window. In addition, a selection control for providing personal information to the electronic device by the user's selection of "agreeing" or "disagreeing" can be carried in the pop-up window.
It is understood that the above notification and user authorization process is only illustrative and is not intended to limit the implementation of the present invention, and other ways of satisfying the relevant laws and regulations may be applied to the implementation of the present invention.
It will be appreciated that the data referred to in this disclosure, including but not limited to the data itself, the acquisition or use of the data, should comply with the requirements of the applicable laws and regulations and related regulations.
The existing terminal security management has the following problems for the security management of the terminals due to the fact that the types of the terminals are complicated and the number of the terminals is large: 1) The terminal safety state is unknown: the number and type of terminals in the network cannot be accurately queried, the terminals can access the network after acquiring Internet Protocol (IP), and whether the terminals are legally compliant cannot be judged. 2) With the continuous expansion of network scale, complex dependency relationships can be formed among various user authorities, a network access control strategy is configured in a traditional manual-based mode and is mainly distributed according to the actual requirements of a service system and the principle of minimum authority, the dependency relationships among the authorities are ignored in the distribution mode, the phenomenon of over-authorization is easily generated, and therefore potential safety hazards are brought to the network. 3) The running state of the terminal is unknown: at present, the hardware assets of the terminal and the operation state of the terminal are recorded in a manual counting and manual routing inspection mode, the working efficiency is low, the asset change cannot be found in time, the real-time performance is poor, and the overdue terminal and the abnormal terminal are difficult to count. 4) The operation and maintenance state of the terminal is unknown: the low working efficiency, the difficult statistics of operation and maintenance work and the repeated operation and maintenance work are caused. In view of the above problems, there is a need for a terminal security management system that can solve the above problems.
Example one
Fig. 1 is a schematic structural diagram of a terminal security management system according to an embodiment of the present invention, where the present embodiment is suitable for a situation of performing security management on a network access terminal, and the system may be implemented by hardware and/or software and is generally integrated in an electronic device.
The system comprises: a security management module 10, an asset management module 20, and an operation supervision module 30; the security management and control module 10 is configured to perform security management on management and control elements of the network access terminal at each stage; the asset management module 20 is configured to establish resource information of the network access terminal, and perform change reminding when the resource information of the network access terminal changes; and the operation monitoring module 30 is configured to monitor a network process of the network access terminal and a software installation condition of the network access terminal.
The terminal security management system provided by the embodiment can perform online security management on the network access terminal in various aspects in real time. It is understood that an enterprise, an organization or other organization having a lan arrangement may install a terminal security management system that can securely manage terminals that are networked within the lan. The terminal security management system provided by the embodiment mainly includes a security management and control module 10, an asset management module 20, and an operation supervision module 30.
The security management and control module 10 is configured to perform security management on management and control elements of the network access terminal at each stage.
In this embodiment, the security management and control module 10 performs security management on the management and control elements of the network access terminal at each stage, and fully covers all the elements of security management and control in the installation, delivery and use processes of the terminal. Exemplary, the method may specifically include: the method comprises the steps of accurately tracing the source of the network access terminal, acquiring the equipment condition of the network access terminal, carrying out security check on the equipment condition, and carrying out software distribution, remote maintenance, sensitive information check and the like on the network access terminal in daily use.
The Network access terminal may be specifically understood as a terminal connected to a local area Network, and the Network access terminal may be all Network devices or terminal devices connected in the local area Network, for example, a switch, a router, a firewall, a Network Address Translation (NAT) device, a multiport repeater HUB, a Personal Computer (PC), a mobile terminal, a printer, an IP phone, a camera, a notebook Computer, an intelligent mobile device, a cloud terminal, and various dumb terminals. The network access terminal is an object managed and controlled by the terminal security management system provided in this embodiment. For the management of the network access terminal, the management of the full life cycle of the network access terminal is required, including the installation, delivery and safety management and control in the use process of the terminal.
Specifically, the security management and control module 10 provides a network access control mechanism in a networking environment, and is used to manage whether a network access terminal can enter the networking environment, allow an access behavior of a legal or authorized device, and perform real-time blocking, alarming, and auditing on an access behavior of an illegal or unauthorized device. In addition, in the use process of the network access device, the security management and control module 10 is further configured to automatically discover all network devices and terminal devices in the network, that is, connected network access terminals, and perform classification statistics on the connected network access terminals. And meanwhile, setting a safe login mode of the terminal, such as safe login through UKEY, user name and password. The UKEY is a small storage device which is directly connected with a computer through a universal serial bus interface, has a password verification function and is reliable and high-speed.
As described above, the security management and control module 10 is further configured to perform security inspection and repair on the terminal, inspect antivirus software, system patch, and entry condition of the terminal, prohibit the illegal terminal from accessing the network, and support one-key repair on the terminal whose antivirus software, system patch, and entry condition is inspected and is illegal.
Further, the security management and control module 10 has a file watermark tracing function, and adds a watermark to an illegal file stored on the network access terminal by using technologies such as deep content identification. Aiming at the behavior of file leakage violation, the watermarks on all the network access terminals can be set to be different by extracting the specific watermarks on the files, and corresponding security-related personnel can be positioned. Through various watermark technologies such as file watermark, printing watermark, vector watermark and the like, effective deterrence is formed for the behavior that employees maliciously steal the core data of the enterprise.
And the asset management module 20 is configured to establish resource information of the network access terminal, and perform change reminding when the resource information of the network access terminal changes.
The asset management module 20 may collect software and hardware assets and specific information of the network access terminal in the intranet. Specifically, the asset management module 20 is configured to collect assets of the network access terminal, and specifically includes automatically collecting terminal hardware asset information, which includes information of a manufacturer, a model, a central processing unit, a memory, a hard disk, a network card, an optical drive, a display, a keyboard, a mouse, and the like, establishing a mapping relationship between the terminal and the fixed asset system, and providing a data basis for clearing invalid assets. And when the assets change, alarm information is sent according to the assets change condition, the loss of internal assets is avoided, hardware assets change alarm and audit are supported, and an assets change audit report is supported to be exported.
Further, the asset management module 20 is further configured to perform terminal information query, where the query condition may include an asset management number, a terminal unique identifier, an IP, a Media Access Control (MAC), a user, a use department, whether the terminal is registered, whether the terminal state is valid or disabled, a start date, a terminal use, an access client state, hardware configuration information, and the like.
And the operation monitoring module 30 is configured to monitor a network process of the network access terminal and a software installation condition of the network access terminal.
In this embodiment, the operation monitoring module 30 performs monitoring management on the operation condition of the network access terminal, including monitoring management on the real-time operation state, terminal performance, service life, terminal allocation, and online condition of the network access terminal.
Specifically, the operation monitoring module 30 monitors the operation condition of the network access terminal, including network process monitoring and black and white list control of installed software. Wherein, the network process monitoring includes: the processes of the terminals of the network are collected and monitored uniformly. Illustratively, the new processes in the network may be displayed incrementally, or the processes that run most frequently in the network may be counted, so as to count the usage of the network client software, and the operation monitoring module 30 may locate and alarm the abnormal processes that occur in the network, and may directly block, for example, virus processes when necessary.
In addition, the software installation black-and-white list control comprises black-and-white list control over the software installation condition of the network access terminal, a software installation black-and-white list can be established, software which is forbidden to install and must be installed is appointed, and measures such as alarm prompt, terminal prompt, networking blocking and the like can be carried out on the illegal network access terminal.
Meanwhile, the operation supervision module 30 may analyze the idle terminals, and analyze the number and list of the idle terminals according to the identification standard of the idle terminals, so as to provide a basis for checking the idle assets. Furthermore, the operation monitoring module 30 can also count the terminal report, and count the number of normally used terminals, the number of idle terminals, the number of failed terminals, the number of hardware risk alarms, the number of terminal hardware risk alarms, and the like according to the month, the department, the terminal application, the terminal type, and the manufacturer. The terminal types may be classified into a desktop, a notebook, a virtual terminal, and the like. Through the arrangement of the operation supervision module 30, the operation state of the network access terminal can be effectively and timely acquired, the real-time performance is good, and the administrator can conveniently count overdue terminals and abnormal terminals in time.
The embodiment of the invention discloses a terminal safety management system, which comprises: the system comprises a safety management and control module, an asset management module and an operation supervision module; the system comprises a security management and control module, a network access terminal and a network management and control module, wherein the security management and control module is used for carrying out security management on management and control elements of the network access terminal at each stage; the asset management module is used for establishing resource information of the network access terminal and carrying out change reminding when the resource information of the network access terminal changes; and the operation monitoring module is used for monitoring the network process of the network access terminal and the software installation condition of the network access terminal. The system is different from manual safety management in the prior art, can perform safety management, asset management and operation monitoring on the network access terminal in real time on line, realizes effective multi-directional real-time safety management on the network access terminal, ensures stable operation of an enterprise intranet network and an information system, ensures safety compliance of information assets, and saves labor cost.
Fig. 2 is a schematic structural diagram of another terminal security management system according to an embodiment of the present invention, where the optional embodiment is optimized based on the first embodiment, in this embodiment, the security management and control module 10 includes: the network access control unit 11 is configured to, when a network access terminal applies for network access, perform network access control on the network access terminal and repair an illegal network access terminal according to a network access mechanism; and the use control unit 12 is used for marking the violation files stored on the network access terminal in the use process of the network access terminal so as to position the violation behaviors according to the marks.
The network access control unit 11 is mainly used for managing the network access application stage of the network access terminal. The network admission mechanism may be specifically understood as a preset discrimination mechanism about whether the terminal can be connected to the network. Specifically, when the network access terminal applies for network access, the network access control unit 11 determines whether the terminal can access the network according to a network access mechanism, so as to perform network access control. The Network environment applied for joining may be a networking environment such as a router, a switch, a HUB, an Access Point (AP), a Virtual Private Network (VPN), and an NAT. The terminal applying for network access can at least comprise a PC (personal computer), a notebook computer, intelligent mobile equipment, a cloud terminal, various dumb terminals and the like. The network access control unit 11 allows access to the access behavior of the legal or authorized device according to the network access mechanism, and blocks, alarms and audits the access behavior of the illegal or unauthorized device in real time.
The network access control unit 11 can automatically discover all network devices and terminal devices in the networking environment, perform classification statistics, including switches, routers, firewalls, NAT devices, HUBs, PCs, mobile terminals, printers, IP phones, cameras, and the like, and set a secure login mode of the terminal, such as secure login through a UKEY, a user name, and a password.
The network access control unit 11 is further configured to perform security check and repair on the terminal, check antivirus software, system patches, and domain access conditions of the terminal, prohibit the access of the illegal terminal, and support one-key repair on the terminal which is checked for the illegal antivirus software, system patches, and domain access conditions.
The usage management and control unit 12 is used for tracing the watermark of the file in the usage process of the network access terminal. For example, a technology such as deep content recognition may be used to add a watermark to an illegal file stored on the network-accessing terminal. Aiming at the illegal act of leakage of the file, a specific watermark on the file is extracted, and a corresponding unique watermark on each network access terminal can be set. By tracing the file watermark, the corresponding security-related personnel can be positioned. Through various watermarking technologies such as file watermarking, printing watermarking, vector watermarking and the like, the effective deterrent is formed for the behavior that employees maliciously steal the core data of the enterprise.
With continuing reference to fig. 2, further, the security management module further includes a policy management unit 13, where the policy management unit 13 is specifically configured to:
a1, respectively determining the entitled authority and the actual authority of an accessor according to the characteristic information and the security configuration information of the accessor of the network access terminal.
Wherein the characteristic information of the visitor includes basic characteristics and behavior characteristics of the visitor. The basic characteristics are basic attributes of the visitor, including age, gender, occupation, IP address and the like, and the behavior characteristics include visitor terminal address level, visitor internet environment information, visitor internet time period information and the like.
In this embodiment, when performing network security risk assessment on the network access terminal, authority allocation should be performed according to the optimal security policy. In this embodiment, the policy management unit 13 is configured to determine an optimal security policy, so as to perform permission assignment on an visitor according to the optimal security policy. When the security policy is distributed, the authority of the visitor comprises the acquired authority of the visitor, the initial authority of the visitor and the actual authority of the visitor. Wherein the visitor entitled rights refers to the rights that the visitor is definitely entitled to according to the attribute information of the visitor. The initial authority of the visitor refers to the authority definitely allocated to personnel according to the security policies of the physical domain and the information domain of the network space, and the authorities can be obtained by analyzing the related security configuration; the actual permissions of the visitors are the permissions of the visitors acquired by the visitors according to the initial network permissions, and the permissions are obtained by deducing the initial permissions of the visitors according to the dependency relationship among the network permissions.
b1, determining a security risk value according to the acquired authority and the actual authority of the visitor and the set security risk function.
In this step, the network risk security of the current visitor is evaluated, and the measurement is mainly performed according to the difference between the acquired authority of the visitor and the actual authority of the visitor, and the authority weight of the visitor is set as follows: ω = (ω =) 1 ,ω 2 ,…,ω n ) Wherein, ω is 1 ,ω 2 ,…,ω n Respectively represent the access authority weighted values of the visitors to the network access terminals. Under this security configuration, the security risk may be expressed as:
wherein, PA is the actual authority matrix of the visitor, PD is the acquired authority matrix of the visitor, the function abs (S) represents the absolute value of each element in the calculation vector or matrix, | | | | calving is carried out 1 Representing the L1 norm of the matrix.
And c1, aiming at the configuration parameters in the safety configuration information, calculating the safety risk value based on a particle swarm optimization algorithm until the safety risk value meets a preset safety risk condition so as to determine target parameter values of the configuration parameters.
In this embodiment, by calculating security risk values corresponding to different security configuration information, an optimal security policy is automatically generated by using a particle swarm algorithm, and may also be understood as security configuration information under the optimal security policy. The preset safety risk condition may be understood as that the safety risk value is smaller than a set threshold, and the set threshold may be determined according to a historical experience value. In this step, the security configuration information is optimized by using a particle swarm optimization algorithm. The particle swarm optimization algorithm is an evolutionary computing technology and is derived from the research on the behavior of bird group predation, and the basic idea of the particle swarm optimization algorithm is as follows: the optimal solution is found through cooperation and information sharing among individuals in the group. The reasonable configuration of network security equipment is an important task for network security management and is also an inevitable requirement for avoiding potential security risks.
In consideration of the traditional mode of manually configuring network security equipment, the configuration of a plurality of security equipment is difficult to reasonably match when the network scale is continuously enlarged, and configuration errors and policy conflicts are easy to occur. In the embodiment, the actual authority of the user is inferred under different security configurations by collecting the user attribute information, and the network security device configuration is automatically generated by utilizing the particle swarm algorithm, so that the reasonable network security device configuration can be automatically generated according to the network security strategy, and the potential security risk of the network is effectively reduced.
The principle of performing optimal setting by using the particle swarm algorithm is as follows:
s1: and initializing the population, namely firstly generating an initial population, randomly initializing the speed and the position of each particle in a search space, calculating a fitness function value, and obtaining the historical optimal position of the particle and the global optimal position of the population.
S2: and updating the speed and the position of each particle, and updating the speed and the position of each particle according to the historical optimal position and the global position of each particle.
S3: and evaluating the fitness function value of the particle, and updating the historical optimal position and the global optimal position of the particle.
S4: and if the end condition is met, outputting a global optimal result and ending the program, otherwise, turning to S2 to continue execution. The security policy corresponding to the global optimal result is the found optimal policy.
In the embodiment, the characteristic information of the visitor is collected, the actual authority of the visitor is inferred under different security configurations, the network security equipment configuration is automatically generated by utilizing the particle swarm algorithm, the reasonable network security equipment configuration can be automatically generated according to the network security strategy, and the potential security risk of the network is effectively reduced.
Further, the policy management unit is configured to perform the step of determining a target parameter value of the configuration parameter, including:
a. an iteration variable is set and the value of the iteration variable is initialized to zero.
Illustratively, the particle swarm optimization algorithm is an iterative solution algorithm, and therefore, an iterative variable needs to be set and the value of the iterative variable is initially zero at the beginning of the algorithm.
b. Candidate sets of configuration parameters in the security configuration information are determined.
For convenience of description, the present embodiment refers to a set of parameter values as algorithm input values as a set of candidate parameter values, and adds the set of candidate configuration parameter values to the set of candidate configuration parameter values.
c. A respective update coefficient is determined for each set of candidate parameter values in the set of candidate configuration parameters.
In this embodiment, it is further required to determine a corresponding update coefficient for each group of candidate parameter values in the candidate configuration parameter set, so as to update the corresponding candidate parameter values based on the update coefficient in an iterative process.
d. And calculating the safety risk value corresponding to at least one group of candidate parameter values in the candidate configuration parameter set based on the safety risk function.
e. And determining the minimum value of the at least one safety risk value, recording the minimum value as a candidate safety risk value, and storing the candidate safety risk value and the corresponding candidate configuration parameter value in a set cache.
In this embodiment, the current optimal value of the algorithm at the current iteration can be determined based on steps d and e. For example, the current optimal value may be a minimum value among the safety risk values calculated in this embodiment, and the minimum value is recorded as a candidate cost value.
Generally, for the particle swarm optimization algorithm, the current optimal value determined in each iteration needs to be stored in a set buffer so as to determine the final target optimal value. Therefore, the present embodiment stores the candidate cost values and the corresponding candidate parameter values in a setting buffer.
f. Judging whether the set safety risk condition is met or not, if not, executing the step g; if yes, executing step h.
In general, loop iterations of the algorithm need to be ended based on the security risk condition. The present embodiment takes the set safety risk value condition as an end condition.
g. And c, performing self-increment operation on the iteration variable, updating corresponding candidate configuration parameter values in the candidate configuration parameter set based on the updating coefficient to form a new candidate configuration parameter set, and then returning to the step c.
h. And determining the minimum value of the candidate security risk values in the set cache, outputting the candidate configuration parameter value corresponding to the minimum value as the target parameter value of the configuration parameter, and ending the cycle operation.
With continued reference to fig. 2, further, the security management module 10 further includes a mobile device management unit 14, where the mobile device management unit 14 is configured to:
and a2, setting the access network terminal of the mobile equipment according to the authorization information of the mobile equipment.
The mobile device refers to a mobile storage medium such as a U disk and a mobile hard disk. Further, the security management and control module 10 further includes a mobile device management unit 14, where the mobile device management unit 14 has a mobile storage device management function, and performs registration and authorization of a mobile storage device, and writes a protection tag in a mobile storage medium, and first protects information existing in a device such as a USB or a mobile hard disk, and then allocates, through an authorization policy, a right of a terminal that can identify the tag, where an allocation object may be a computer, or may be an area, a department, or a customized computer group.
Before the mobile device is used, the mobile device must be uniformly registered and authorized through an authorization center, wherein the registration includes real-name registration, designation of an authorized computer, adoption of password protection and the like. The administrator can realize mobile equipment identification and medium tracking through the registration information. Specifically, the mobile device management unit 14 sets the access control authority of the mobile device, the authorized mobile device can be normally used on the intranet computer of the enterprise, when the unauthorized mobile device accesses the computer, the system automatically closes the USB port of the access terminal, the unauthorized mobile device cannot be used on the computer, and the problems of management confusion of the USB storage device and data leakage caused by illegal use of the USB storage device can be effectively prevented.
And b2, encrypting the data in the mobile equipment to realize data display according to the authorization information of the mobile equipment.
Specifically, data in the mobile device is protected in an encryption manner. Illustratively, the data copy automatic encryption and decryption is realized by adopting a transparent encryption technology. The encrypted data can only be used on a network access terminal (such as a computer) provided with an engine, and the data can exist in a ciphertext form and cannot be used by a user when a mobile device is used on an unauthorized network access terminal. The function adopts an open encryption algorithm, and the encryption algorithm can be replaced according to the actual requirements of users.
And c2, setting the access type of the network access terminal to the file in the mobile equipment.
Specifically, a file access control function is set, and a file extension type that the network access terminal only allows access to the mobile device is set, for example, only files of an office type can be accessed, files of other types cannot be accessed, and in addition, all file access records are audited.
d2, setting a data copying function.
Specifically, an outgoing copy function is set. Illustratively, when a user needs to carry a USB flash disk to go out for data interaction, an outgoing copy function can be used. The outgoing copy function is to perform data interaction use on data which is copied into the U disk and is safely stored and an external computer which is not provided with a client program.
And e2, setting the access authority and the access range of the mobile equipment.
Specifically, a specific mobile device usage control rule is set, so that the usage control of the mobile device can be identified, the mobile device to be accessed to the network access terminal is classified and labeled, the mobile device with the specified label is allowed to access, and the access of other mobile devices is forbidden. Meanwhile, the use range of the mobile storage device is set, and which mobile devices can be used in which range is clear. For example, the USB flash disk authentication device is arranged to authenticate USB flash disks of different companies or different departments of a unit, and mobile equipment is prevented from being used in series.
With continued reference to fig. 2, further, the security management module 10 further includes an auditing unit 15, which is configured to:
and a3, determining the primary behavior authority of the network access terminal according to the historical legal behavior associated with the network access terminal and by combining a set algorithm.
Specifically, the auditing unit 15 is configured to audit a behavior of the network access terminal, where the terminal behavior may specifically include a specific website accessed by the terminal, an email behavior, an access flow, a shared directory, an account authority, and the like, and is not specifically limited herein. The set algorithm is a correlation analysis algorithm, such as FP-Growth algorithm. An unsupervised learning model is established based on historical legal behavior data of the network access terminals, and the primary behavior authority of the behavior of each network access terminal is analyzed in a multi-dimensional mode according to specific websites, mail behaviors, access flow, shared directories, account authority and the like accessed by the terminals by using an association analysis algorithm. The primary behavioral right may be understood as a primary behavioral threshold baseline.
And b3, correcting the primary behavior authority to obtain a behavior threshold baseline of the network access terminal.
Specifically, after the primary behavior authority, namely the primary behavior threshold baseline, is determined, the administrator can screen the magnitude of the behavior authority of each terminal one by one or sample according to the algorithm analysis result, and data is corrected. It can be understood that each network access terminal has a corresponding behavior threshold baseline.
And c3, comparing the current behavior of the network access terminal with the behavior threshold baseline, and judging whether the current behavior is abnormal behavior.
Specifically, the step is used for identifying whether the access terminal has an abnormal behavior when the access terminal has a new behavior. The behavior of each network access terminal has a corresponding behavior threshold baseline, and when the terminal generates a new behavior, the behavior threshold baseline is automatically compared with the behavior threshold baseline to determine whether the behavior exceeds the standard.
d3, if yes, giving an alarm.
Specifically, when the auditing unit 15 identifies an over-standard behavior, an alarm is automatically generated.
When the optional embodiment is used for examining the terminal behaviors, the unsupervised learning model is established by adopting the association analysis algorithm, whether the network access terminal has abnormal behaviors or not is analyzed, the problem of huge workload caused by a large number of terminals is effectively solved, the workload of an administrator is reduced, the labor cost is saved, and the management efficiency is improved.
Fig. 3 is a schematic structural diagram of another terminal security management system according to an embodiment of the present invention, and this optional embodiment is optimized based on the first embodiment, where the system further includes an operation and maintenance support module 40, configured to: and carrying out remote maintenance, remote file management and remote control operation on the network access terminal.
Specifically, the operation and maintenance support module 40 is configured to perform remote maintenance on the network access terminal, and the remote maintenance is performed only after the controlled network access terminal agrees, and the controlled network access terminal is prompted when the network access terminal exits, so that all operations of the remote maintenance are visible to the controlled terminal.
Meanwhile, the operation and maintenance support module 40 has a remote file management function, and may specifically include: all files of the network access terminal can be checked; the file copying method can be used for copying files of a management end (local) and a managed end (remote) mutually; the management terminal and the managed terminal can create and delete folders; the files of the management end and the managed end can be deleted; for security, the end user has the right to decide whether to accept the remote file management request.
With continued reference to fig. 3, the alternative embodiment is optimized based on the first embodiment, and the system further includes a download management module 50 for: and recommending, downloading and managing the software for the network access terminal.
Specifically, the download management module 50 is configured to perform software recommendation, download, and software management on the network access terminal, and quickly and conveniently locate software to be downloaded according to classification, name, update, hot, and other manners, so as to support intelligent software recommendation and breakpoint retransmission.
With continued reference to fig. 3, this alternative embodiment is optimized based on the first embodiment described above, and the system further includes a display module 60 for: and presenting the associated configuration information and prompt information in the whole life cycle of the network access terminal in a visual mode.
Specifically, the display module 60 is configured to present, to an administrator, the function configuration and various security alarm events associated with the network access terminal in the full life cycle, so that the administrator can conveniently and quickly know the security event of the network access terminal, and perform comprehensive management on the network access terminal.
The optional embodiment embodies that the terminal security management system further comprises an operation and maintenance support module, a download management module and a display module. The working process of the terminal safety management system can comprehensively cover all elements in the installation, delivery and use processes of the terminal, real-name network access detection can be realized, a manager can master the operation condition of the terminal in time, and safety and comprehensive management of each terminal can be realized without better.
Example two
Fig. 4 is a flowchart illustrating a terminal security management method according to a second embodiment of the present invention, where the method is suitable for performing security management on a network access terminal. The method may be executed by the terminal security management system provided in the above embodiment, and the system may be implemented by hardware and/or software and is generally integrated in an electronic device. As shown in fig. 4, the second embodiment of the present invention provides a terminal security management method, which specifically includes the following steps:
and S410, carrying out safety management on the management and control elements of the network access terminal at each stage through a safety management and control module.
In this embodiment, the security management and control module performs security management on the management and control elements of the network access terminal at each stage, so as to comprehensively cover all the elements of security management and control in the installation, delivery and use processes of the terminal. Exemplary, the method may specifically include: the method comprises the steps of accurately tracing the source of the access terminal, obtaining the equipment condition of the access terminal, carrying out security check on the equipment condition, and carrying out software distribution, remote maintenance, sensitive information check and the like on the access terminal in daily use.
The Network access terminal may be all Network devices or terminal devices connected in the lan, for example, a switch, a router, a firewall, a Network Address Translation (NAT) device, a multiport repeater HUB, a Personal Computer (PC), a mobile terminal, a printer, an IP phone, a camera, a notebook Computer, an intelligent mobile device, a cloud terminal, various dumb terminals, and the like. The network access terminal is an object managed and controlled by the terminal security management system provided in this embodiment. For the management of the network access terminal, the whole life cycle of the network access terminal needs to be managed, including the installation and delivery of the terminal and the safety management and control in the using process.
And S420, establishing resource information of the network access terminal through the asset management module, and performing change reminding when the resource information of the network access terminal changes.
The asset management module can be used for acquiring software and hardware assets and specific information of the network access terminal in the intranet. Specifically, the method comprises the steps of collecting assets of the network access terminal through an asset management module, automatically collecting terminal hardware asset information which comprises information of manufacturers, models, a central processing unit, a memory, a hard disk, a network card, an optical drive, a display, a keyboard, a mouse and the like, establishing a mapping relation between the terminal and a fixed asset system, and providing data basis for clearing invalid assets. And when the asset changes, alarm information is sent according to the asset change condition, the loss of internal assets is avoided, hardware asset change alarm and audit are supported, and the export of an asset change audit report is supported.
Further, the asset management module is used for inquiring terminal information, and the inquiry conditions can comprise asset management numbers, terminal unique identifiers, IP, MAC, users, use departments, whether the terminal is registered or not, whether the terminal state is valid or scrapped, start dates, terminal purposes, access client states, hardware configuration information and the like.
And S430, monitoring the network process of the network access terminal and the software installation condition of the network access terminal through the operation monitoring module.
In this embodiment, the operation condition of the network access terminal is monitored and managed by the operation supervision module, which includes monitoring and managing a real-time operation state, a terminal performance, a service life, a terminal allocation, and an online condition of the network access terminal.
Specifically, the operation condition of the network access terminal is monitored through an operation monitoring module, and the operation condition comprises network process monitoring and black and white list control of installed software. Wherein, the network process monitoring includes: the processes of the terminals of the network are collected and monitored uniformly. Illustratively, the new processes in the network can be incrementally displayed, and the processes which are most frequently operated in the network can also be counted, so that the service condition of the network client software can be counted.
In addition, the software installation black-and-white list control comprises black-and-white list control over the software installation condition of the network access terminal, the black-and-white list of software installation can be set, software which is forbidden to install and needs to be installed is specified, and measures such as alarm prompt, terminal prompt, network blocking and the like can be carried out on illegal network access terminals.
Meanwhile, the operation supervision module can analyze the idle terminals, and the number and the list of the idle terminals are analyzed according to the identification standard of the idle terminals, so that a basis is provided for checking the idle assets. Moreover, the operation supervision module can also count the terminal report, and count the number of normally used terminals, the number of idle terminals, the number of fault terminals, the hardware risk warning times, the number of terminal hardware risk warning stations and the like according to the month, the department, the terminal application, the terminal type and the manufacturer. The terminal types may be classified into a desktop, a notebook, a virtual terminal, and the like. Through the setting of operation supervision module, the running state of the terminal of network entry can be effectively and timely obtained, the real-time is good, and the administrator can conveniently count overdue terminals and abnormal terminals in time.
The embodiment of the invention discloses a terminal safety management method, which comprises the following steps: the method comprises the steps that safety management is conducted on management and control elements of a network access terminal in each stage through a safety management and control module; establishing resource information of the network access terminal through an asset management module, and carrying out change reminding when the resource information of the network access terminal changes; and monitoring the network process of the network access terminal and the software installation condition of the network access terminal by an operation monitoring module. The system is different from manual safety management in the prior art, can perform safety management, asset management and operation monitoring on the network access terminal in real time on line, realizes effective multi-azimuth real-time safety management on the network access terminal, ensures stable operation of an enterprise intranet network and an information system, ensures safety compliance of information assets, and saves labor cost.
The method can be executed by the terminal security management system provided by the embodiment of the invention, and has the beneficial effect of the terminal security management system.
EXAMPLE III
Fig. 5 is a schematic structural diagram of an electronic device according to a third embodiment of the present invention. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. The electronic device may also represent various forms of mobile devices, such as personal digital assistants, cellular phones, smart phones, wearable devices (e.g., helmets, glasses, watches, etc.), and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be exemplary only, and are not meant to limit implementations of the inventions described and/or claimed herein.
As shown in fig. 5, the electronic device 50 includes at least one processor 51, and a memory communicatively connected to the at least one processor 51, such as a Read Only Memory (ROM) 52, a Random Access Memory (RAM) 53, and the like, wherein the memory stores a computer program executable by the at least one processor, and the processor 51 may perform various suitable actions and processes according to the computer program stored in the Read Only Memory (ROM) 52 or the computer program loaded from the storage unit 58 into the Random Access Memory (RAM) 53. In the RAM 53, various programs and data necessary for the operation of the electronic apparatus 50 can also be stored. The processor 51, the ROM 52, and the RAM 53 are connected to each other via a bus 54. An input/output (I/O) interface 55 is also connected to the bus 54.
A plurality of components in the electronic apparatus 50 are connected to the I/O interface 55, including: an input unit 56 such as a keyboard, a mouse, or the like; an output unit 57 such as various types of displays, speakers, and the like; a storage unit 58 such as a magnetic disk, optical disk, or the like; and a communication unit 59 such as a network card, modem, wireless communication transceiver, etc. The communication unit 59 allows the electronic device 50 to exchange information/data with other devices via a computer network such as the internet and/or various telecommunication networks.
The processor 51 may be any of a variety of general purpose and/or special purpose processing components having processing and computing capabilities. Some examples of the processor 51 include, but are not limited to, a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), various dedicated Artificial Intelligence (AI) computing chips, various processors running machine learning model algorithms, a Digital Signal Processor (DSP), and any suitable processor, controller, microcontroller, or the like. The processor 51 performs the various methods and processes described above, e.g., based on a terminal security management method.
In some embodiments, the terminal-based security management method may be implemented as a computer program tangibly embodied in a computer-readable storage medium, such as storage unit 58. In some embodiments, part or all of the computer program may be loaded and/or installed onto the electronic device 50 via the ROM 52 and/or the communication unit 59. When the computer program is loaded into the RAM 53 and executed by the processor 51, one or more steps of the terminal-based security management method described above may be performed. Alternatively, in other embodiments, the processor 51 may be configured to perform the terminal-based security management method by any other suitable means (e.g., by means of firmware).
Various implementations of the systems and techniques described here above may be implemented in digital electronic circuitry, integrated circuitry, field Programmable Gate Arrays (FPGAs), application Specific Integrated Circuits (ASICs), application Specific Standard Products (ASSPs), system on a chip (SOCs), load programmable logic devices (CPLDs), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs that are executable and/or interpretable on a programmable system including at least one programmable processor, which may be special or general purpose, receiving data and instructions from, and transmitting data and instructions to, a storage system, at least one input device, and at least one output device.
A computer program for implementing the methods of the present invention may be written in any combination of one or more programming languages. These computer programs may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the computer programs, when executed by the processor, cause the functions/acts specified in the flowchart and/or block diagram block or blocks to be performed. A computer program can execute entirely on a machine, partly on the machine, as a stand-alone software package, partly on the machine and partly on a remote machine or entirely on the remote machine or server.
In the context of the present invention, a computer-readable storage medium may be a tangible medium that can contain, or store a computer program for use by or in connection with an instruction execution system, apparatus, or device. A computer readable storage medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. Alternatively, the computer readable storage medium may be a machine readable signal medium. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
To provide for interaction with a user, the systems and techniques described here can be implemented on an electronic device having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and a pointing device (e.g., a mouse or a trackball) by which a user may provide input to the electronic device. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user can be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic, speech, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a back-end component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such back-end, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), wide Area Networks (WANs), blockchain networks, and the internet.
The computing system may include clients and servers. A client and server are generally remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other. The server can be a cloud server, also called a cloud computing server or a cloud host, and is a host product in a cloud computing service system, so that the defects of high management difficulty and weak service expansibility in the traditional physical host and VPS service are overcome.
It should be understood that various forms of the flows shown above, reordering, adding or deleting steps, may be used. For example, the steps described in the present invention may be executed in parallel, sequentially, or in different orders, and are not limited herein as long as the desired results of the technical solution of the present invention can be achieved.
The above-described embodiments should not be construed as limiting the scope of the invention. It should be understood by those skilled in the art that various modifications, combinations, sub-combinations and substitutions may be made in accordance with design requirements and other factors. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (10)
1. A terminal security management system, comprising: the system comprises a safety management and control module, an asset management module and an operation supervision module; wherein,
the safety management and control module is used for carrying out safety management on the management and control elements of the network access terminal at each stage;
the asset management module is used for establishing resource information of the network access terminal and carrying out change reminding when the resource information of the network access terminal changes;
and the operation monitoring module is used for monitoring the network process of the network access terminal and the software installation condition of the network access terminal.
2. The system of claim 1, wherein the security administration module comprises:
the network access control unit is used for performing network access control on the network access terminal and repairing the illegal network access terminal according to a network access mechanism when the network access terminal applies for network access;
and the use control unit is used for marking the illegal file stored on the network access terminal in the use process of the network access terminal so as to position the illegal behavior according to the mark.
3. The system according to claim 1, wherein the security management and control module further comprises a policy management unit, and the policy management unit is specifically configured to:
respectively determining the acquired authority and the actual authority of the visitor according to the characteristic information and the security configuration information of the visitor of the network access terminal;
determining a security risk value according to the acquired authority and the actual authority of the visitor and by combining a set security risk function;
and aiming at the configuration parameters in the safety configuration information, calculating the safety risk value based on a particle swarm optimization algorithm until the safety risk value meets a preset safety risk condition so as to determine the target parameter values of the configuration parameters.
4. The system of claim 3, wherein the policy management unit is configured to perform the step of determining the target parameter value of the configuration parameter, and comprises:
a. setting an iteration variable, and initializing the value of the iteration variable to zero;
b. determining a candidate configuration parameter set in the security configuration information;
c. determining a corresponding update coefficient for each set of candidate parameter values in the candidate configuration parameter set;
d. calculating safety risk values corresponding to at least one group of candidate parameter values in the candidate configuration parameter set based on the safety risk function;
e. determining the minimum value in the at least one safety risk value, recording the minimum value as a candidate safety risk value, and storing the candidate safety risk value and a corresponding candidate configuration parameter value in a set cache;
f. judging whether the set safety risk condition is met, if not, executing the step g; if yes, executing step h;
g. performing self-increasing operation on the iteration variable, performing updating operation on corresponding candidate configuration parameter values in the candidate configuration parameter set based on the updating coefficient to form a new candidate configuration parameter set, and then returning to the step c;
h. and determining the minimum value of the candidate security risk values in the set cache, outputting the candidate configuration parameter value corresponding to the minimum value as the target parameter value of the configuration parameter, and ending the cycle operation.
5. The system of claim 1, wherein the security management module further comprises a mobile device management unit configured to:
setting the access of the mobile equipment to the network access terminal according to the authorization information of the mobile equipment;
encrypting the data in the mobile equipment to realize the display of the data according to the authorization information of the mobile equipment;
setting the access type of the network access terminal to the file in the mobile equipment;
setting a data copying function;
and setting the access authority and the access range of the mobile equipment.
6. The system of claim 1, wherein the security management module further comprises an audit unit configured to:
determining the primary behavior authority of the network access terminal according to the historical legal behavior associated with the network access terminal by combining a set algorithm;
correcting the primary behavior authority to obtain a behavior threshold baseline of the network access terminal;
comparing the current behavior of the network access terminal with the behavior threshold baseline, and judging whether the current behavior is abnormal behavior;
if yes, alarming and prompting are carried out.
7. The system of claim 1, further comprising an operation and maintenance support module configured to:
and performing remote maintenance, remote file management and remote control operation on the network access terminal.
8. The system of claim 1, further comprising a download management module to:
and recommending, downloading and managing the software for the network access terminal.
9. The system of claim 1, further comprising a display module to:
and presenting the associated configuration information and prompt information in the whole life cycle of the network access terminal in a visual mode.
10. A terminal security management method, performed by the terminal security management system of any one of claims 1 to 9, the method comprising:
the method comprises the steps that safety management is conducted on management and control elements of a network access terminal in each stage through a safety management and control module;
establishing resource information of the network access terminal through an asset management module, and carrying out change reminding when the resource information of the network access terminal changes;
and monitoring the network process of the network access terminal and the software installation condition of the network access terminal through an operation monitoring module.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211441546.1A CN115801620A (en) | 2022-11-17 | 2022-11-17 | Terminal safety management system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211441546.1A CN115801620A (en) | 2022-11-17 | 2022-11-17 | Terminal safety management system and method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115801620A true CN115801620A (en) | 2023-03-14 |
Family
ID=85438598
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211441546.1A Pending CN115801620A (en) | 2022-11-17 | 2022-11-17 | Terminal safety management system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115801620A (en) |
-
2022
- 2022-11-17 CN CN202211441546.1A patent/CN115801620A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11727333B2 (en) | Endpoint with remotely programmable data recorder | |
| US11483334B2 (en) | Automated asset criticality assessment | |
| US11755770B2 (en) | Dynamic management of data with context-based processing | |
| US12050715B2 (en) | Live discovery of enterprise threats based on security query activity | |
| US10154066B1 (en) | Context-aware compromise assessment | |
| CN107409126B (en) | System and method for securing an enterprise computing environment | |
| US10462148B2 (en) | Dynamic data masking for mainframe application | |
| CN101751535B (en) | Data loss protection through application data access classification | |
| CN111343173B (en) | Data access abnormity monitoring method and device | |
| US10986117B1 (en) | Systems and methods for providing an integrated cyber threat defense exchange platform | |
| US20190342324A1 (en) | Computer vulnerability assessment and remediation | |
| CN112491779B (en) | Abnormal behavior detection method and device and electronic equipment | |
| US11689576B2 (en) | Cloud native discovery and protection | |
| US20170214711A1 (en) | Creating a security report for a customer network | |
| US20220217148A1 (en) | Techniques for protecting cloud native environments based on cloud resource access | |
| CN115801620A (en) | Terminal safety management system and method | |
| US10033764B1 (en) | Systems and methods for providing supply-chain trust networks | |
| US11822916B2 (en) | Correlation engine for detecting security vulnerabilities in continuous integration/continuous delivery pipelines | |
| US20230336591A1 (en) | Centralized management of policies for network-accessible devices | |
| US11876834B1 (en) | Secure verification of detection rules on test sensors | |
| Lee et al. | PCA in ERP environment using the misuse detection system design and implementation of RBAC permissions |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |