CN115913756A - Network equipment vulnerability verification method based on known vulnerability entries - Google Patents
Network equipment vulnerability verification method based on known vulnerability entries Download PDFInfo
- Publication number
- CN115913756A CN115913756A CN202211574820.2A CN202211574820A CN115913756A CN 115913756 A CN115913756 A CN 115913756A CN 202211574820 A CN202211574820 A CN 202211574820A CN 115913756 A CN115913756 A CN 115913756A
- Authority
- CN
- China
- Prior art keywords
- vulnerability
- information
- network equipment
- vulnerabilities
- equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Computer And Data Communications (AREA)
Abstract
The invention relates to a network equipment vulnerability verification method based on known vulnerability entries, which is used for acquiring vulnerability information of network equipment timely and comprehensively by monitoring and collecting various common vulnerability information sources. And meanwhile, fingerprint information is extracted from the monitored network equipment, and vulnerability detection is carried out on the monitored network equipment by utilizing a vulnerability knowledge base so as to judge whether vulnerabilities exist. And for the discovered equipment vulnerability, collecting and self-researching utilization information, codes and tools of the vulnerability, and carrying out a penetration attack test to verify the real existence of the vulnerability. And providing a detailed vulnerability report and a security reinforcement scheme for the actual existing vulnerability. The system consists of modules of vulnerability information acquisition, vulnerability characteristic extraction, network asset monitoring, network equipment fingerprint, vulnerability detection comparison, vulnerability utilization acquisition, vulnerability penetration test and the like, solves the problems of low vulnerability detection accuracy and false report and missing report of the network equipment, and can realize accurate assessment and verification of whether the vulnerability exists in the network equipment.
Description
Technical Field
The invention belongs to the technical field of network security testing, and particularly relates to a network equipment vulnerability verification method based on known vulnerability entries, which is applied to penetration testing.
Background
Vulnerability exploitation is a common hacking means, and monitoring and management aiming at vulnerabilities are paid more and more attention in the field of network security. Since the network device is exposed on the internet, it cannot avoid being continuously scanned and detected by hackers, and is more vulnerable to hackers, so that vulnerability detection and evaluation for the network device is an important content in network security management.
At present, a plurality of technologies, systems and equipment for scanning the vulnerabilities of network equipment appear, and certain support is provided for vulnerability detection and assessment of the network equipment. However, as the network structure and the system deployment become more complex, the existing vulnerability scanning method has more and more prominent limitations. Firstly, the existing vulnerability scanning is not accurate enough and is difficult to verify, the vulnerability scanning technology adopts a traditional matching mode, whether the vulnerability exists is confirmed according to version information, and if the vulnerability is repaired, the version information cannot be updated synchronously, so that false report can be caused; secondly, the current vulnerability scanning is not careful enough, the understanding of specific network equipment is not deep enough, and the vulnerability risk of the network equipment cannot be found comprehensively under the influence of a scanning path and a scanning strategy; and thirdly, the updating of the vulnerability database is not timely and comprehensive enough, the research institutions in the world release vulnerability information discovered by themselves at any time, the summary of the vulnerability information, particularly the updating to the vulnerability scanning equipment has certain hysteresis, and the period from the vulnerability publishing to the updating hysteresis of the scanning equipment is the stage with the highest vulnerability utilization risk.
The method has important application value in solving the problems of vulnerability detection and judgment of false reporting and missing reporting and low accuracy of the network equipment, strengthening the safety protection of the network equipment for operation and maintenance of enterprises, timely and comprehensively finding out vulnerability information and deeply and accurately detecting, evaluating and verifying the vulnerability of the network equipment.
Disclosure of Invention
The invention provides a network equipment vulnerability verification method based on known vulnerability entries, which comprises the steps of monitoring various vulnerability information sources, timely and comprehensively obtaining vulnerability information, updating a local vulnerability knowledge base, simultaneously monitoring the asset information of network equipment of the enterprise in real time, comparing updated vulnerability information keywords with the monitored network equipment information to judge whether vulnerabilities exist, collecting vulnerability utilization information, codes and tools for matching discovered vulnerabilities, self-researching vulnerability utilization codes or tools as necessary, performing penetration testing to verify the real existence of the vulnerabilities, providing detailed vulnerability reports and a security reinforcement scheme aiming at the vulnerabilities, and preventing the vulnerabilities from being utilized maliciously; the whole system comprises a vulnerability information acquisition module, a vulnerability characteristic extraction module, a network asset monitoring module, a network equipment fingerprint module, a vulnerability detection and comparison module, a vulnerability utilization acquisition module, a vulnerability penetration testing module, a vulnerability security reinforcement module and the like; the method specifically comprises the following steps:
step 1, monitoring and collecting various network equipment vulnerability information sources to realize the collection of the vulnerability information of the network equipment, particularly the latest exposure vulnerability information;
step 2, extracting vulnerability characteristics on the basis of gathering multi-source vulnerability information of the network equipment to form keywords and indexes for representing vulnerabilities, so that subsequent detection and comparison are facilitated;
step 3, monitoring the asset operation and software and hardware version updating information of the network equipment of the enterprise operation and maintenance in real time, acquiring various detailed fingerprint information of the network equipment assets, and forming an equipment asset information base;
step 4, comparing the updated vulnerability information characteristics with the monitored network equipment information to judge whether corresponding vulnerabilities exist;
step 5, for the network equipment which is matched and found to have the vulnerability, collecting principle analysis, utilization information, code and tool of the corresponding vulnerability, and self-researching the vulnerability utilization code or tool if necessary;
step 6, formulating an infiltration strategy and an infiltration path, and carrying out infiltration test on the target equipment to verify the real existence of the corresponding loophole;
and 7, further writing a vulnerability detailed report for the network equipment with the real vulnerability, and providing security reinforcement for the vulnerability to prevent the vulnerability from being maliciously utilized.
1. Monitoring and acquiring various network equipment vulnerability information sources, and realizing acquisition of vulnerability information of network equipment, particularly newly exposed vulnerability information; the CVE vulnerability list is the most common vulnerability information source, the CNVD (national information security vulnerability sharing platform) is also an important vulnerability reference source, and a plurality of security institutions update and publish vulnerability research results in time; the common vulnerability publishing websites are regularly scanned and collected through crawlers and other modes to form timely and comprehensive network equipment vulnerability entries.
2. On the basis of gathering multi-source vulnerability information of the network equipment, vulnerability characteristics are extracted to form keywords and indexes for representing vulnerabilities, so that subsequent detection and comparison are facilitated; vulnerability information resources from different sources are updated into a vulnerability knowledge base after data processing fusion is carried out; and extracting features of different dimensions of the vulnerability information, wherein the features comprise keywords and index information such as an operating system, application version information, a trigger type, an influence degree, principle description and the like, and the features are used for facilitating vulnerability detection and comparison of subsequent network equipment.
3. Monitoring asset operation and software and hardware version updating information of the enterprise network equipment in real time, acquiring various detailed fingerprint information of the network equipment assets, and forming an equipment asset information base; aiming at the safety operation and maintenance requirements of enterprise network equipment, the asset management is uniformly carried out on all the network equipment, the running state of the equipment is monitored in real time, software and hardware version information and version updating and upgrading information which run on the equipment are sensed, and a network equipment fingerprint information knowledge base is formed through a network asset situation sensing platform and is used as the key point of equipment monitoring in network vulnerability monitoring.
4. Comparing the updated vulnerability information characteristics with the monitored network equipment information to judge whether corresponding vulnerabilities exist or not; by means of the network equipment vulnerability knowledge base and the characteristics extracted from each vulnerability entry, the relationship between the vulnerability and the opening service, the relationship between the service and the opening port, the relationship between the operating system and the vulnerability, the relationship between the system environment and the vulnerability and the like are determined, and therefore information comparison is conducted on enterprise network resources to determine whether the corresponding vulnerability exists in the enterprise network equipment or not and determine factors such as vulnerability hazard degree and the like.
5. For the network equipment which is matched and found to have the vulnerability, searching principle analysis, utilization information, codes and tools corresponding to the vulnerability, and self-researching vulnerability utilization codes or tools when necessary; in the existing penetration test evaluation technical scheme, through POC (point of sale, concept verification), in the publicly released vulnerability information, there may be a section of vulnerability-proven code, sometimes a section of description or an attack sample, and some may give out EXP (penetration utilization) code or tool; when the real existence of the vulnerability is verified, the information and the resources issued by different research institutions aiming at the vulnerability need to be collected; some vulnerabilities are only described very briefly, and have no POC and EXP resources, and in order to verify the existence of the vulnerabilities, the POC or the EXP needs to be developed by self.
6. An infiltration strategy and an infiltration path are formulated, and an infiltration test is carried out on the target equipment to verify the real existence of the corresponding leak; in a complex environment, particularly in the aspect of utilization of combined vulnerabilities, factors such as the sequence of infiltration steps and the selection of infiltration paths are very important; generally, a 0DAY vulnerability has strong attack utilization value, but the combination of a plurality of vulnerabilities can achieve stronger lethality; if the combination of 'weak password vulnerability' + 'privilege vulnerability' is adopted, an attacker can obtain the complete control right of the target equipment; however, if there is no weak password exploit, access rights cannot be obtained, the privilege escalation exploit cannot be exploited, and the attack sequence of the weak password exploit needs to be completed before the privilege escalation exploit.
7. For the network equipment with real vulnerabilities, further compiling detailed vulnerability reports, and providing a security reinforcement scheme aiming at the vulnerabilities to prevent the vulnerabilities from being utilized maliciously; aiming at the verified real existing loopholes, analyzing the loophole forming reasons, triggering conditions, influencing systems, hazard degrees, penetration modes, utilization modes, reinforcement modes and the like to form detailed loophole reports, providing a temporary security reinforcement scheme, and timely patching after an official provides patches.
The network equipment vulnerability verification method based on the known vulnerability entry includes the steps that vulnerability information is timely and comprehensively obtained by monitoring various vulnerability information sources, asset information of enterprise network equipment is monitored in real time, vulnerability information characteristics and monitored network equipment information characteristics are compared to judge whether vulnerability exists, and for the vulnerability found in a matching mode, penetration testing is conducted through collecting or self-research POC and EXP to verify the real existence of the vulnerability; the problem that the vulnerability of the network equipment is detected and the false alarm and missing alarm are judged, and the accuracy is low is solved, and a real and reliable basis is provided for the protection of the network equipment for operation and maintenance of enterprises through deep and accurate evaluation and verification of whether the vulnerability exists in the network equipment.
Drawings
FIG. 1 is a flowchart of a method for verifying vulnerabilities of network devices based on known vulnerability entries according to the present invention;
fig. 2 is a structural diagram of the vulnerability verification method of network devices based on known vulnerability entries according to the present invention.
Detailed Description
The invention is further explained below by way of example with reference to the accompanying drawings:
a network equipment vulnerability verification method based on known vulnerability entries is characterized in that a working flow is shown in figure 1, vulnerability information is timely and comprehensively obtained by monitoring various vulnerability information sources, a local vulnerability knowledge base is updated, meanwhile, the asset information of network equipment of an enterprise is monitored in real time, updated vulnerability information keywords are compared with the monitored network equipment information to judge whether vulnerabilities exist, vulnerability utilization information, codes and tools are collected for matching discovered vulnerabilities, vulnerability utilization codes or tools are self-researched if necessary, penetration testing is carried out to verify the real existence of vulnerabilities, detailed vulnerability reports and security reinforcement schemes are provided for vulnerabilities, and the vulnerabilities are prevented from being maliciously utilized. The whole authentication system is composed of a vulnerability information acquisition module, a vulnerability feature extraction module, a network asset monitoring module, a network equipment fingerprint module, a vulnerability detection and comparison module, a vulnerability utilization acquisition module, a vulnerability penetration testing module, a vulnerability security reinforcement module and the like, as shown in figure 2.
1. Monitoring and collecting various network equipment vulnerability information sources, and realizing the collection of vulnerability information of the network equipment, particularly newly exposed vulnerability information. The CVE vulnerability list is the most common vulnerability information source, the CNVD (national information security vulnerability sharing platform) is also an important vulnerability reference source, and a plurality of security institutions update and publish vulnerability research results in time. The common vulnerability publishing websites are regularly scanned and collected through crawlers and other modes to form timely and comprehensive network equipment vulnerability entries.
Common vulnerability information publishing websites include:
sametura's cave depot https:// www
National information security vulnerability library https:// nvd. Nist. Gov @
Com. Of global information security vulnerability fingerprint database and file detection service http:// cvescan
CVE (maintenance of MITRE, national safety funded) https:// cove
OffensiveSecurity's leak library https:// www
Russian safety laboratory: https:// www.securitylab. Ru/vulnerability
The national information security vulnerability sharing platform comprises: http:// www.cnvd.org.cn
Domestic safety manufacturers green alliance science and technology: http:// www.nsfocus.net
Knowing a space creating and leaking library: https:// www
By collecting and gathering the network equipment vulnerability information published by the resources and combining the self-excavated vulnerabilities, a network equipment vulnerability knowledge base can be built and completed.
2. On the basis of gathering multi-source vulnerability information of the network equipment, vulnerability characteristics are extracted, keywords and indexes representing vulnerabilities are formed, and follow-up detection and comparison are facilitated. And (4) after data processing and fusion are carried out on vulnerability information resources from different sources, updating the vulnerability information resources into a vulnerability knowledge base. For example, the vulnerability information provided by the CVE and the CNVD is crossed, but many CVEs do not cover several domestic manufacturers, for example, many domestic router manufacturers do not have the vulnerability information on the CVE. And extracting features of different dimensions of the vulnerability information, wherein the features comprise keywords and index information such as an operating system, application version information, a trigger type, an influence degree, principle description and the like, and the features are used for facilitating vulnerability detection and comparison of subsequent network equipment.
3. And monitoring asset operation and software and hardware version updating information of the enterprise network equipment in real time, acquiring various detailed fingerprint information of the network equipment assets, and forming an equipment asset fingerprint information base. Aiming at the safety operation and maintenance requirements of enterprise network equipment, the asset management is uniformly carried out on all the network equipment, the running state of the equipment is monitored in real time, software and hardware version information and version updating and upgrading information which run on the equipment are sensed, and a network equipment fingerprint information knowledge base is formed through a network asset situation sensing platform and is used as the key point of equipment monitoring in network vulnerability monitoring.
The network devices have various brands, and the device fingerprints are constructed according to the purchased device brands of the enterprise, for example, the brands include, by taking router devices as examples, the universal/TP-LINK, tengda/TENDA, huaji/HUAWEI, huashuo/ASUS, MERCURY, H3C, millet/MI, american net/NETGEAR, lead/LINKSYS, royal/HONOR and the like. And each brand and different models of network equipment have own unique fingerprint information, and the specific model, firmware version and other information of the network equipment can be acquired by identifying the fingerprint information.
4. Comparing the updated vulnerability information characteristics with the monitored network equipment information to judge whether corresponding vulnerabilities exist or not; by means of the network equipment vulnerability knowledge base and the characteristics extracted from each vulnerability entry, the relationship between the vulnerability and the opening service, the relationship between the service and the opening port, the relationship between the operating system and the vulnerability, the relationship between the system environment and the vulnerability and the like are determined, so that information comparison is carried out on enterprise network resources, and whether corresponding vulnerabilities exist in enterprise network equipment or not and factors such as vulnerability hazard degree are determined by combining the information matching result in the vulnerability knowledge base. And performing primary judgment on the vulnerability according to comprehensive factors such as vulnerability risk value evaluation, damage and influence evaluation on the target network and the like.
5. For the network equipment with the matching found loopholes, principle analysis, utilization information, utilization codes and utilization tools corresponding to the loopholes are collected, and loophole utilization codes or tools are self-researched if necessary. In the existing penetration test evaluation technical scheme, the POC (point of sale, concept verification) is mainly used, and in the publicly released vulnerability information, a section of vulnerability certificate code, sometimes an explanation or an attack example, and some EXP (penetration utilization) codes or tools are given. In verifying the real existence of the vulnerability, the information and resources issued by different research institutions for the vulnerability need to be collected. Some vulnerabilities are only described very briefly, and have no POC and EXP resources, and in order to verify the existence of the vulnerabilities, the POC or the EXP needs to be developed by self.
For example, kaliilinux provides an exploit tool routerslogin specially for embedded devices, and the exploit tool routerslogin includes a plurality of brands of exploit modules, and hundreds of devices such as routers and cameras are involved. When the router device loopholes are infiltrated, the corresponding scanning modules can be selected according to the brand of the target device so as to discover the loopholes. After the vulnerability is identified, the corresponding vulnerability utilization module can be used according to the prompt, and then the penetration attack can be carried out.
6. And (4) formulating an infiltration strategy and an infiltration path, and performing infiltration test on the target equipment to verify the real existence of the corresponding loophole. In a complex environment, particularly in terms of utilization of a combined vulnerability, factors such as the order of permeation steps and the selection of permeation paths are very important. Generally, the 0DAY vulnerability has strong attack utility value, but a combination of vulnerabilities may also achieve stronger lethality. Such as a combination of "weak password vulnerability" + "power-up vulnerability" so that an attacker can gain full control of the target device. However, if the weak password exploit does not exist, the access authority cannot be obtained, the privilege-granting exploit cannot be utilized, and the attack sequence of the weak password exploit needs to be completed before the privilege-granting exploit. The generation of the penetration strategy and the path is the key of penetration testing based on a vulnerability knowledge base, and manual testing steps of a simulation professional are needed, and manual adjustment or repeated penetration testing is sometimes needed to cover all penetration attack possibilities.
7. For the network equipment with real vulnerabilities, further compiling vulnerability detailed reports, and providing a security reinforcing scheme aiming at the vulnerabilities to prevent the vulnerabilities from being maliciously utilized. Aiming at the verified real existing loopholes, analyzing the loophole forming reasons, triggering conditions, influencing systems, hazard degrees, penetration modes, utilization modes, reinforcement modes and the like to form detailed loophole reports, providing a temporary security reinforcement scheme, and timely patching after an official provides patches.
The network equipment vulnerability verification method based on the known vulnerability entry includes the steps of timely and comprehensively obtaining vulnerability information by monitoring various vulnerability information sources, simultaneously monitoring asset information of the enterprise network equipment in real time, comparing vulnerability information characteristics with monitored network equipment information characteristics to judge whether vulnerabilities exist, and verifying the real existence of the vulnerabilities by collecting or self-research POC and EXP for penetration testing of vulnerabilities found in a matching mode. The problem that the vulnerability of the network equipment is detected and false alarm and missed alarm are judged, and the accuracy is low is solved, and a real and reliable basis is provided for protecting the network equipment of an enterprise by deeply and accurately evaluating and verifying whether the vulnerability exists in the network equipment.
Claims (8)
1. A network equipment vulnerability verification method based on known vulnerability entries is characterized by comprising the following steps: the method comprises the steps of acquiring vulnerability information timely and comprehensively by monitoring various vulnerability information sources, updating a local vulnerability knowledge base, monitoring asset information of enterprise network equipment in real time, extracting characteristics of the updated vulnerability information, comparing the characteristics with the monitored network equipment information to judge whether vulnerabilities exist, collecting vulnerability utilization information, codes and tools for matching discovered vulnerabilities, self-grinding the vulnerability utilization codes or tools if necessary, carrying out penetration test to verify the real existence of the vulnerabilities, and providing a safety reinforcement scheme for the equipment with the vulnerabilities to prevent the vulnerabilities from being utilized maliciously; the whole system comprises a vulnerability information acquisition module, a vulnerability feature extraction module, a network asset monitoring module, a network equipment fingerprint module, a vulnerability detection and comparison module, a vulnerability utilization tool module, a vulnerability penetration testing module, a vulnerability security reinforcement module and the like, and specifically comprises the following steps:
step 1, monitoring and collecting various network equipment vulnerability information sources to realize the collection of the vulnerability information of the network equipment, particularly the latest exposure vulnerability information;
step 2, extracting vulnerability characteristics on the basis of gathering multi-source vulnerability information of the network equipment to form keywords and indexes for representing vulnerabilities, so that subsequent detection and comparison are facilitated;
step 3, monitoring the asset operation and software and hardware version updating information of the enterprise network equipment in real time, acquiring various detailed fingerprint information of the network equipment assets, and forming an equipment asset information base;
step 4, comparing the updated vulnerability information characteristics with the monitored network equipment information to judge whether corresponding vulnerabilities exist;
step 5, for the network equipment which is matched and found to have the vulnerability, collecting principle analysis, utilization information, a utilization code and a utilization tool of the corresponding vulnerability, and self-researching the vulnerability utilization code or the tool if necessary;
step 6, formulating an infiltration strategy and an infiltration path, and performing infiltration test on the target equipment to verify the real existence of the corresponding loophole;
and 7, further compiling a vulnerability detailed report for the network equipment with the real vulnerability, and providing security reinforcement for the vulnerability to prevent the vulnerability from being maliciously utilized.
2. The method for verifying the vulnerability of the network equipment based on the known vulnerability entry according to claim 1, wherein in the step 1, a plurality of network equipment vulnerability information sources are monitored and collected, so that the collection of the vulnerability information of the network equipment, particularly the latest exposure vulnerability information is realized; the CVE vulnerability list is the most common vulnerability information source, the CNVD (national information security vulnerability sharing platform) is also an important vulnerability reference source, and a plurality of security institutions update and publish vulnerability research results in time; the common vulnerability publishing websites are regularly scanned and collected through crawlers and other modes to form timely and comprehensive network equipment vulnerability entries.
3. The method for verifying the vulnerability of the network equipment based on the known vulnerability entry as claimed in claim 1, wherein in the step 2, the vulnerability characteristics are extracted on the basis of converging the multi-source vulnerability information of the network equipment to form keywords and indexes for representing the vulnerability, thereby facilitating the subsequent detection and comparison; vulnerability information resources from different sources are updated into a vulnerability knowledge base after data processing and fusion are carried out; and extracting features of different dimensions of the vulnerability information, wherein the features comprise keywords and index information such as an operating system, application version information, a trigger type, an influence degree, principle description and the like, and the features are used for facilitating vulnerability detection and comparison of subsequent network equipment.
4. The method for verifying the vulnerability of the network equipment based on the known vulnerability entry as claimed in claim 1, wherein in the step 3, the asset operation and software and hardware version update information of the enterprise network equipment is monitored in real time, and various detailed fingerprint information of the network equipment asset is obtained to form an equipment asset fingerprint information base; aiming at the safety operation and maintenance requirements of enterprise network equipment, the asset management is uniformly carried out on all the network equipment, the running state of the equipment is monitored in real time, software and hardware version information and version updating and upgrading information which run on the equipment are sensed, and a network equipment fingerprint information knowledge base is formed through a network asset situation sensing platform and is used as the key point of equipment monitoring in network vulnerability monitoring.
5. The method according to claim 1, wherein in step 4, the updated vulnerability information characteristics are compared with the monitored network device fingerprint information to determine whether a corresponding vulnerability exists; by means of the network equipment vulnerability knowledge base and the characteristics extracted from each vulnerability entry, the relationship between the vulnerability and the opening service, the relationship between the service and the opening port, the relationship between the operating system and the vulnerability, the relationship between the system environment and the vulnerability and the like are determined, and therefore information comparison is conducted on enterprise network resources to determine whether the corresponding vulnerability exists in the enterprise network equipment or not and determine factors such as vulnerability hazard degree and the like.
6. The method for verifying the vulnerability of the network devices based on the known vulnerability entries according to claim 1, wherein in the step 5, for the network devices with the matching found vulnerabilities, principle analysis, exploitation information, exploitation codes and exploitation tools corresponding to the vulnerabilities are collected, and the vulnerability exploitation codes or tools are self-developed if necessary; in the existing penetration test evaluation technical scheme, through POC (point of sale, concept verification), in the publicly released vulnerability information, there may be a section of vulnerability-proven code, sometimes a section of description or an attack sample, and some may give out EXP (penetration utilization) code or tool; when the real existence of the vulnerability is verified, the information and the resources issued by different research institutions aiming at the vulnerability need to be collected; some vulnerabilities are only described very briefly, and have no POC and EXP resources, and in order to verify the existence of the vulnerabilities, the POC or the EXP needs to be developed by self-research.
7. The method for verifying the vulnerability of the network equipment based on the known vulnerability entry according to claim 1, wherein in the step 6, a penetration strategy and a penetration path are formulated, and a penetration test is performed on the target equipment to verify the real existence of the corresponding vulnerability; in a complex environment, particularly in the aspect of utilization of combined loopholes, factors such as the sequence of permeation steps and the selection of permeation paths are very important; generally, a 0DAY vulnerability has strong attack utilization value, but the combination of a plurality of vulnerabilities can achieve stronger lethality; if the combination of 'weak password vulnerability' + 'privilege vulnerability' is adopted, an attacker can obtain the complete control right of the target equipment; however, if there is no weak password exploit, access rights cannot be obtained, the privilege escalation exploit cannot be exploited, and the attack sequence of the weak password exploit needs to be completed before the privilege escalation exploit.
8. The method for verifying the vulnerability of the network equipment based on the known vulnerability entry as claimed in claim 1, wherein in the step 7, for the network equipment with the real vulnerability, a detailed vulnerability report is further written, and a security reinforcing scheme for the vulnerability is provided to prevent the vulnerability from being maliciously utilized; aiming at the verified real existing loopholes, analyzing the loophole forming reasons, triggering conditions, influencing systems, hazard degrees, penetration modes, utilization modes, reinforcement modes and the like to form detailed loophole reports, providing a temporary safety reinforcement scheme, and timely performing patch repair after an official provides patches;
the network equipment vulnerability verification method based on the known vulnerability entry includes the steps that vulnerability information is timely and comprehensively obtained by monitoring various vulnerability information sources, asset information of enterprise network equipment is monitored in real time, vulnerability information characteristics and monitored network equipment information characteristics are compared to judge whether vulnerabilities exist, penetration testing is conducted on vulnerabilities found in a matched mode through collecting or self-research POC and EXP, the actual existence of the vulnerabilities is verified, a security reinforcement scheme is provided for the vulnerabilities, and the vulnerabilities are prevented from being maliciously utilized; the problems of vulnerability detection and false alarm and missing judgment of the network equipment and low accuracy are solved, and a true and reliable basis is provided for protection of the enterprise network equipment by deeply and accurately evaluating and verifying whether the vulnerability exists in the network equipment.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211574820.2A CN115913756A (en) | 2022-12-08 | 2022-12-08 | Network equipment vulnerability verification method based on known vulnerability entries |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211574820.2A CN115913756A (en) | 2022-12-08 | 2022-12-08 | Network equipment vulnerability verification method based on known vulnerability entries |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115913756A true CN115913756A (en) | 2023-04-04 |
Family
ID=86477829
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211574820.2A Pending CN115913756A (en) | 2022-12-08 | 2022-12-08 | Network equipment vulnerability verification method based on known vulnerability entries |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115913756A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116401679A (en) * | 2023-06-08 | 2023-07-07 | 张家港金典软件有限公司 | Security management method and system based on enterprise software vulnerability recognition |
-
2022
- 2022-12-08 CN CN202211574820.2A patent/CN115913756A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116401679A (en) * | 2023-06-08 | 2023-07-07 | 张家港金典软件有限公司 | Security management method and system based on enterprise software vulnerability recognition |
| CN116401679B (en) * | 2023-06-08 | 2023-09-05 | 张家港金典软件有限公司 | Security management method and system based on enterprise software vulnerability recognition |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104077531B (en) | System vulnerability appraisal procedure, device and system based on open vulnerability assessment language | |
| CN111083126A (en) | Expert knowledge base-based penetration test risk assessment method and model | |
| CN106982194A (en) | Vulnerability scanning method and device | |
| CN101950338A (en) | Bug repair method based on hierarchical bug threat assessment | |
| CN117349843B (en) | Management software safety maintenance method and system based on internet information technology | |
| CN113434866B (en) | Unified risk quantitative evaluation method for instrument function safety and information safety strategies | |
| CN113315767B (en) | Electric power internet of things equipment safety detection system and method | |
| CN114398643A (en) | Penetration path planning method, device, computer and storage medium | |
| CN117592989B (en) | Payment information security management method and system based on blockchain | |
| CN108965251B (en) | A kind of safe mobile phone guard system that cloud combines | |
| CN114036059A (en) | Automatic penetration testing system and method for power grid system and computer equipment | |
| CN115361203A (en) | Vulnerability analysis method based on distributed scanning engine | |
| CN115913756A (en) | Network equipment vulnerability verification method based on known vulnerability entries | |
| CN116566674A (en) | Automated penetration test method, system, electronic equipment and storage medium | |
| CN116846619A (en) | Automatic network security risk assessment method, system and readable storage medium | |
| CN105825130B (en) | A kind of information security method for early warning and device | |
| CN104200162A (en) | Computer program product for information security monitoring and defense and method thereof | |
| CN117240628A (en) | Penetration test system for network security | |
| CN113094715B (en) | Network security dynamic early warning system based on knowledge graph | |
| CN115580426A (en) | 5G power service system threat detection method, system, memory and equipment | |
| CN117290823B (en) | APP intelligent detection and safety protection method, computer equipment and medium | |
| CN111898133A (en) | Penetration testing device and method based on automation | |
| Wu et al. | Research of Cross-Regional Vulnerability Governance for Power Grid Enterprise Information System | |
| Baláž et al. | Classification of security for system vulnerabilities | |
| Chen et al. | A mobile terminal operating environment security measurement framework |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |