CN117077149B - Plug-in-based custom security baseline checking method and device - Google Patents
Plug-in-based custom security baseline checking method and device Download PDFInfo
- Publication number
- CN117077149B CN117077149B CN202311319489.4A CN202311319489A CN117077149B CN 117077149 B CN117077149 B CN 117077149B CN 202311319489 A CN202311319489 A CN 202311319489A CN 117077149 B CN117077149 B CN 117077149B
- Authority
- CN
- China
- Prior art keywords
- safety
- baseline
- base line
- checking
- security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 56
- 238000007689 inspection Methods 0.000 claims abstract description 93
- 238000001914 filtration Methods 0.000 claims description 30
- 238000001514 detection method Methods 0.000 claims description 18
- 230000008569 process Effects 0.000 description 17
- 230000009471 action Effects 0.000 description 8
- 230000008859 change Effects 0.000 description 7
- 238000012545 processing Methods 0.000 description 7
- 230000009286 beneficial effect Effects 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 230000004044 response Effects 0.000 description 4
- 238000012216 screening Methods 0.000 description 4
- 230000000694 effects Effects 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 238000013507 mapping Methods 0.000 description 2
- 238000012805 post-processing Methods 0.000 description 2
- 238000000513 principal component analysis Methods 0.000 description 2
- 238000011076 safety test Methods 0.000 description 2
- 238000003339 best practice Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/445—Program loading or initiating
- G06F9/44521—Dynamic linking or loading; Link editing at or after load time, e.g. Java class loading
- G06F9/44526—Plug-ins; Add-ons
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Alarm Systems (AREA)
Abstract
The embodiment of the application provides a self-defined security baseline checking method and device based on a plug-in, which belong to the technical field of network security, and the method is applied to a front end and comprises the following steps: adding a custom security baseline to the baseline list; acquiring a baseline list, wherein the baseline list comprises a plurality of safety baselines including self-defined safety baselines; setting the weight of each safety baseline; the method comprises the steps of sending a base line list and weights of all safety base lines to a rear end, enabling the rear end to determine an inspection sequence of all the safety base lines according to the weights of all the safety base lines, sending the base line list and the inspection sequence to a base line plug-in unit by the rear end, dispatching corresponding inspection programs according to the inspection sequence through the base line plug-in unit, inspecting all the safety base lines, receiving inspection results of all the safety base lines reported by the base line plug-in unit by the rear end and transmitting the inspection results to the front end; a security baseline based inspection result is received.
Description
Technical Field
The embodiments of the application belong to the technical field of network security, and in particular relate to a plug-in-based custom security baseline checking method and device.
Background
The security baseline defines minimum requirements and criteria for security of a system or application. Typically, the security baseline includes a reasonable set of security configurations, settings, policies, and best practices to ensure that the initial deployment or operation of the system is run at a reasonable level of security.
On the one hand, the conventional security baseline framework usually adopts a predefined rule set, and in the actual inspection process, only the security baselines predefined in the rule set can be inspected, so that the security requirement of real-time change cannot be met.
On the other hand, the traditional security base line often adopts a Bash script as an inspection item, the Bash script has poor flexibility, complex logic is difficult to express, the execution efficiency is low, and the Bash script is easy to attack.
Disclosure of Invention
In order to solve the technical problems that in the prior art, only a safety baseline which is predefined in a rule set can be checked in the actual checking process, the safety requirement of real-time change cannot be met, a Bash script is often adopted as a checking item, the Bash script has poor flexibility, complex logic is difficult to express, the execution efficiency is low, and the attack is easy to occur, the invention provides a plug-in-based self-defined safety baseline checking method and a plug-in-based self-defined safety baseline checking device.
In a first aspect, the present invention provides a plug-in based custom security baseline inspection method, applied to a front end, including:
adding a custom security baseline to the baseline list;
acquiring a baseline list, wherein a plurality of safety baselines including the self-defined safety baselines in the baseline list;
setting the weight of each safety baseline;
the base line list and the weight of each safety base line are sent to the rear end, so that the rear end determines the checking sequence of each safety base line according to the weight of each safety base line, the rear end sends the base line list and the checking sequence to a base line plug-in unit, corresponding checking programs are scheduled according to the checking sequence through the base line plug-in unit, each safety base line is checked, and the rear end receives the checking results of each safety base line reported by the base line plug-in unit and forwards the checking results to the front end;
a security baseline based inspection result is received.
In a second aspect, the present invention provides a plug-in based custom security baseline inspection device, applied to a front end, including:
the adding module is used for adding the self-defined safety base line to the base line list;
the acquisition module is used for acquiring a baseline list, wherein a plurality of safety baselines including the self-defined safety baselines are included in the baseline list;
The first setting module is used for setting the weight of each safety baseline;
the first sending module is used for sending the base line list and the weight of each safety base line to the rear end so that the rear end can determine the checking sequence of each safety base line according to the weight of each safety base line;
and the first receiving module is used for receiving the checking result based on the safety baseline.
In a third aspect, the present invention provides a plug-in based custom security baseline inspection method, including:
receiving a base line list sent by a front end and weight of each safety base line, wherein the base line list comprises a plurality of safety base lines including self-defined safety base lines;
determining the checking sequence of each safety baseline according to the weight of each safety baseline;
sending the baseline list and the checking sequence to a baseline plugin, so as to schedule corresponding checking programs according to the checking sequence through the baseline plugin and check each safety baseline;
receiving the checking result of each safety baseline reported by the baseline plug-in;
summarizing the inspection results of all the safety baselines;
and sending the checking result based on the safety baseline to the front end.
In a fourth aspect, the present invention provides a plug-in based custom security baseline inspection device, applied to a backend, comprising:
The second receiving module is used for receiving a baseline list sent by the front end and the weight of each safety baseline, wherein the baseline list comprises a plurality of safety baselines including self-defined safety baselines;
the determining module is used for determining the checking sequence of each safety baseline according to the weight of each safety baseline;
a third sending module, configured to send the baseline list and the inspection sequence to a baseline plug-in, so as to schedule a corresponding inspection program according to the inspection sequence through the baseline plug-in, and inspect each security baseline;
the third receiving module is used for receiving the checking result of each safety baseline reported by the baseline plug-in;
the summarizing module is used for summarizing the inspection results of each safety baseline;
and the fourth sending module is used for sending the inspection result based on the safety baseline to the front end.
Compared with the prior art, the invention has at least the following beneficial effects:
(1) In the invention, a self-defined safety baseline can be added into the baseline list through the baseline plug-in according to actual needs in the actual inspection process, thereby meeting the safety requirement of real-time change and improving the efficiency of network safety inspection.
(2) According to the invention, the checking sequence of each safety baseline is determined according to the weight of each safety baseline, and then the corresponding checking program is scheduled according to the checking sequence through the baseline plug-in, so that each safety baseline is checked, a Bash script is not required to be used as a checking item, and the corresponding checking program is directly scheduled through the baseline plug-in for checking, so that complex logic can be expressed, and the execution efficiency is improved.
Drawings
Fig. 1 is a schematic flow chart of a customized security baseline inspection method based on plug-ins provided by the invention.
Fig. 2 is a schematic structural diagram of a customized security baseline inspection device based on a plug-in unit according to the present invention.
Fig. 3 is a schematic flow chart of another customized security baseline inspection method based on plug-in provided by the invention.
Fig. 4 is a schematic structural diagram of another customized security baseline inspection device based on plug-in provided by the invention.
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiments of the application and together with the description serve to explain the application and do not constitute an undue limitation to the application. Some specific embodiments of the present application will be described in detail hereinafter by way of example and not by way of limitation with reference to the accompanying drawings.
Detailed Description
In order to enable those skilled in the art to better understand the present application, the following description will make clear and complete descriptions of the technical solutions in the embodiments of the present application with reference to the accompanying drawings in the embodiments of the present application. It will be apparent that the described embodiments are merely some, but not all, of the embodiments of the present application. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments herein without making any inventive effort, shall fall within the scope of the present application.
In the invention, the security baseline inspection frame adopts a front-end and rear-end separated framework. The front end and the back end of the system are separated and communicate with each other through a network, so that flexibility, maintainability and expandability are realized.
Where the front end is the portion of the user's direct interaction with the application or website, typically a visual interface.
The back end is a service end of the Web application program and is used for processing interaction with the database, the business logic and the server.
Furthermore, the security baseline inspection framework also comprises a host agent program, a main baseline plug-in and a sub-baseline plug-in, and each host to be inspected is provided with the host agent program which is used for running the main baseline plug-in.
In a first aspect, referring to fig. 1, a flowchart of a customized security baseline inspection method based on a plug-in unit according to an embodiment of the present invention is shown.
The invention provides a self-defined security baseline checking method based on a plug-in, which is applied to a front end and comprises the following steps:
s101: and adding a custom security baseline to the baseline list.
The custom security baseline refers to a custom security baseline plug-in manufactured by writing codes.
S102: a baseline list is obtained.
The base line list comprises a plurality of safety base lines including self-defined safety base lines.
Optionally, in addition to the custom security baseline, the baseline list further includes: a safety base line and a template safety base line are built in.
The built-in security baseline refers to a plug-in set preset in a security baseline plug-in system when the baseline plug-in is released.
The template safety base line refers to a safety base line formed by configuring a template. In the configuration template, the security baseline is abstracted into four stages of pre-condition judgment, action execution, reading output and post-processing, and actions are predefined for each stage for selection respectively, and a template security baseline plug-in is formed by selecting the actions and setting action parameters.
S103: and setting the weight of each safety baseline.
It should be noted that, setting the weight of each security baseline may assign different priorities or importance to different security baselines during the security inspection process. By setting weights, resources can be more efficiently allocated to ensure that critical security baselines get sufficient attention and resources.
Specifically, the weight of each security baseline can be set by an analytic hierarchy process, an entropy weight process, a principal component analysis process, and the like, and the method for specifically setting the security baseline is not limited by the present invention.
S104: and sending the baseline list and the weight of each safety baseline to the back end so that the back end determines the checking sequence of each safety baseline according to the weight of each safety baseline, and sending the baseline list and the checking sequence to a baseline plug-in unit by the back end so as to schedule corresponding checking programs according to the checking sequence through the baseline plug-in unit to check each safety baseline, and receiving the checking result of each safety baseline reported by the baseline plug-in unit by the back end and forwarding the checking result to the front end.
In the invention, the checking sequence of each safety base line is determined according to the weight of each safety base line, and the safety base line with higher weight is arranged in front for checking, so that the most important safety problem can be ensured to be solved first, the overall safety of the system can be improved to the greatest extent, and the key safety problem is solved first. Further, determining the inspection order according to the weights may increase the efficiency of the security baseline inspection.
According to the invention, the checking sequence of each safety baseline is determined according to the weight of each safety baseline, and then the corresponding checking program is scheduled according to the checking sequence through the baseline plug-in, so that each safety baseline is checked, a Bash script is not required to be used as a checking item, and the corresponding checking program is directly scheduled through the baseline plug-in for checking, so that complex logic can be expressed, and the execution efficiency is improved.
In a possible embodiment, the corresponding checking procedure is scheduled to check each security baseline, and specifically includes:
and the base line plug-in schedules the sub-plug-in corresponding to the id according to the id of the safety base line, and checks the safety base line.
In the invention, the checking program is scheduled according to the unique id of the safety baseline, so that the checking program can be ensured to be accurately matched with the corresponding baseline, thereby improving the checking accuracy. This helps to prevent false positives or incorrect checks. Further, scheduling using baseline ids can allow the inspection program to remain modularized and separate from a particular baseline, easy to maintain and update, and easy to manage and maintain when a security baseline changes or a new baseline needs to be added.
In one possible embodiment, each security baseline is provided with a timeout parameter, the security baseline comprising: built-in safety baselines, template safety baselines and self-defined safety baselines, and checking each safety baseline, wherein the method specifically comprises the following steps of:
and when the time for checking the built-in safety base line or the template safety base line exceeds the corresponding timeout parameter, recording timeout information in a log, and continuing checking.
It should be noted that, because the built-in safety baseline or the template safety baseline is carefully designed and strictly tested by the baseline plug-in developer, even if the built-in safety baseline or the template safety baseline overtime, the risk to the whole inspection logic is less, the stability of the whole system is not affected, and therefore the inspection can be continued.
When the time for checking the self-defined safety base line exceeds the timeout parameter of the self-defined safety base line, the checking of the current self-defined safety base line is terminated, and the next safety base line is started to be checked.
It should be noted that, the custom security baseline is a security baseline directly configured by a user by writing a code, when the custom security baseline is checked and time-out, the risk of executing complex checking logic or finding a problem may exist in the code written by the user, and the risk can be reduced by timely terminating the current checking, so that the system can complete the checking in a reasonable time.
In the invention, the characteristics of built-in, template and self-defined safety base line are fully utilized, and the overtime conditions of the three are subjected to differential processing, so that the overall safety and the safety test efficiency of the system can be considered.
S105: a security baseline based inspection result is received.
In one possible implementation, the inspection result based on the safety baseline is specifically a weighted passing rate, and the weighted passing rate is calculated by the following method:
and determining a system risk level corresponding to the detection result according to the detection result of the safety baseline.
Optionally, the system risk level may include: severe, high-risk, medium-risk, and low-risk.
And converting the system risk level into a system risk value.
Optionally, the system risk value corresponding to the serious risk level is 100, the system risk value corresponding to the high-risk level is 75, the system risk value corresponding to the medium-risk level is 50, and the system risk value corresponding to the low-risk level is 20.
According to the weight of the safety base line and the system risk value, calculating the score of the safety base line:
wherein,sa score representing a baseline of safety,λthe weight of the safety baseline is represented,arepresenting a system risk value determined from the security baseline.
Accumulating the scores of all the safety baselines to obtain a total score:
wherein,Sthe total score is represented as a function of the total score,s i represent the firstiA score for the individual safety baseline, and,nrepresenting the total number of security baselines.
It should be noted that, calculating the score of the safety baseline may combine the inspection result with the weight to quantify the safety of each safety baseline. This helps determine which baselines require preferential treatment to improve the overall security of the system.
Calculating a weighted pass rate according to the total score:
wherein,ρthe weighted passing rate is represented by max, and the highest score in an ideal case is represented by max.
In the present invention, mapping the inspection results of the security baseline onto weighted passing rates helps to provide a more comprehensive, quantitative security assessment and helps organizations better understand, manage and improve the security of the system.
In one possible implementation, after S103, the method further includes:
s106: and setting filtering conditions.
In one possible embodiment, the filtering conditions are in particular: the weight of the safety base line is in a preset weight range, and/or the risk level of the safety base line is a preset risk level.
It should be noted that, the filtering condition allows to precisely select the safety baseline meeting the specific requirement according to the preset weight range and/or risk level, so that only the baseline meeting the specific condition is ensured to be considered, thereby improving the accuracy of screening.
S107: and sending the filtering condition to the back end so that the back end filters the safety baselines in the baseline list according to the filtering condition.
In the invention, the working load of the back-end processing can be reduced by reducing the baseline list to the baseline meeting the specific standard, thereby improving the performance and response speed of the system. This is important for large scale baseline management and screening. Furthermore, the strategy can be customized according to different security requirements by setting the filtering conditions, and the filtering conditions can be adjusted according to the requirements, so that the applicability of security detection is improved.
It should be noted that, in the present invention, the weight of each safety baseline has at least the following three effects:
(1) The weights of the safety baselines can be used for determining the checking sequence of the respective safety baselines, and by putting the safety baselines with higher weights in front for checking, the most important safety problem can be ensured to be solved first, so that the overall safety of the system is improved to the greatest extent, and the key safety problem is solved first. Further, determining the order of inspection based on the weights may increase the efficiency of the security baseline inspection, as lower weighted security baselines may be performed later to reduce the impact on system performance.
(2) The weight of the safety baselines can be used for calculating the scores of the safety baselines, and the safety of each safety baseline can be accurately quantified by combining the inspection results with the weight.
(3) The weight of the safety base line can be used as a filtering condition to filter the safety base line so as to accurately select the safety base line meeting specific requirements, and the workload of back-end processing can be reduced by reducing the base line list to the base line meeting specific standards, so that the performance and response speed of the system are improved.
Compared with the prior art, the invention has at least the following beneficial effects:
(1) In the invention, a self-defined safety baseline can be added into the baseline list through the baseline plug-in according to actual needs in the actual inspection process, thereby meeting the safety requirement of real-time change and improving the efficiency of network safety inspection.
(2) According to the invention, the checking sequence of each safety baseline is determined according to the weight of each safety baseline, and then the corresponding checking program is scheduled according to the checking sequence through the baseline plug-in, so that each safety baseline is checked, a Bash script is not required to be used as a checking item, and the corresponding checking program is directly scheduled through the baseline plug-in for checking, so that complex logic can be expressed, and the execution efficiency is improved.
In a second aspect, referring to fig. 2, a schematic structural diagram of a customized security baseline inspection device based on a plug-in unit according to an embodiment of the present invention is shown.
The invention provides a self-defined security baseline inspection device 20 based on a plug-in, which is applied to a front end and comprises:
an adding module 201, configured to receive a baseline plug-in and add a custom security baseline to the baseline list;
an obtaining module 202, configured to obtain a baseline list, where the baseline list includes a plurality of security baselines including a custom security baseline;
a first setting module 203, configured to set weights of the respective security baselines;
a first sending module 204, configured to send the baseline list and the weights of the security baselines to the back end, so that the back end determines an inspection sequence of the security baselines according to the weights of the security baselines;
A first receiving module 205, configured to receive a security baseline based inspection result.
In one possible embodiment, the plug-in based custom security baseline inspection device 20 further comprises:
a second setting module 206, configured to set a filtering condition;
and the second sending module 207 is configured to send the filtering condition to the back end, so that the back end filters the security baselines in the baseline list according to the filtering condition.
In one possible embodiment, the filtering conditions are in particular: the weight of the safety base line is in a preset weight range, and/or the risk level of the safety base line is a preset risk level.
In a possible embodiment, the corresponding checking procedure is scheduled to check each security baseline, and specifically includes:
and the base line plug-in schedules the sub-plug-in corresponding to the id according to the id of the safety base line, and checks the safety base line.
In one possible embodiment, each security baseline is provided with a timeout parameter, the security baseline comprising: built-in safety baselines, template safety baselines and self-defined safety baselines, and checking each safety baseline, wherein the method specifically comprises the following steps of:
when the time for checking the built-in safety base line or the template safety base line exceeds the corresponding overtime parameter, recording overtime information in a log, and continuing to check;
When the time for checking the self-defined safety base line exceeds the timeout parameter of the self-defined safety base line, the checking of the current self-defined safety base line is terminated, and the next safety base line is started to be checked.
In one possible implementation, the inspection result based on the safety baseline is specifically a weighted passing rate, and the weighted passing rate is calculated by the following method:
determining a system risk level corresponding to the detection result according to the detection result of the safety baseline;
converting the system risk level into a system risk value;
according to the weight of the safety base line and the system risk value, calculating the score of the safety base line:
wherein,sa score representing a baseline of safety,λthe weight of the safety baseline is represented,arepresenting a system risk value determined from the security baseline;
accumulating the scores of all the safety baselines to obtain a total score:
wherein,Sthe total score is represented as a function of the total score,s i represent the firstiA score for the individual safety baseline, and,nrepresenting a total number of security baselines;
calculating a weighted pass rate according to the total score:
wherein,ρthe weighted passing rate is represented by max, and the highest score in an ideal case is represented by max.
The plug-in based custom security baseline inspection device 20 provided in the present invention can implement each process implemented in the method embodiment of the first aspect, and in order to avoid repetition, a description is omitted here.
The virtual device provided by the invention can be a device, and can also be a component, an integrated circuit or a chip in a terminal.
Compared with the prior art, the invention has at least the following beneficial effects:
(1) In the invention, a self-defined safety baseline can be added into the baseline list through the baseline plug-in according to actual needs in the actual inspection process, thereby meeting the safety requirement of real-time change and improving the efficiency of network safety inspection.
(2) According to the invention, the checking sequence of each safety baseline is determined according to the weight of each safety baseline, and then the corresponding checking program is scheduled according to the checking sequence through the baseline plug-in, so that each safety baseline is checked, a Bash script is not required to be used as a checking item, and the corresponding checking program is directly scheduled through the baseline plug-in for checking, so that complex logic can be expressed, and the execution efficiency is improved.
In a third aspect, referring to fig. 3, a flowchart of another plug-in based custom security baseline inspection method according to an embodiment of the present invention is shown.
The invention provides a self-defined security baseline checking method based on a plug-in, which is applied to a back end and comprises the following steps:
s301: and receiving a base line list sent by the front end and the weight of each safety base line.
The base line list comprises a plurality of safety base lines including self-defined safety base lines.
The base line list comprises a plurality of safety base lines including self-defined safety base lines.
Optionally, in addition to the custom security baseline, the baseline list further includes: a safety base line and a template safety base line are built in.
The built-in security baseline refers to a pre-configured security baseline when the baseline plug-in is released.
The template safety base line refers to a safety base line formed by configuring a template. In the configuration template, the safety base line is abstracted into four stages of judging the precondition, executing the action, reading the output and post-processing, and the actions are predefined for each stage for selection respectively, and the safety base line is formed by selecting the action and setting the action parameters.
It should be noted that, setting the weight of each security baseline may assign different priorities or importance to different security baselines during the security inspection process. By setting weights, resources can be more efficiently allocated to ensure that critical security baselines get sufficient attention and resources.
Specifically, the weight of each security baseline can be set by an analytic hierarchy process, an entropy weight process, a principal component analysis process, and the like, and the method for specifically setting the security baseline is not limited by the present invention.
S302: and determining the checking sequence of each safety baseline according to the weight of each safety baseline.
In the invention, the checking sequence of each safety base line is determined according to the weight of each safety base line, and the safety base line with higher weight is arranged in front for checking, so that the most important safety problem can be ensured to be solved first, the overall safety of the system can be improved to the greatest extent, and the key safety problem is solved first. Further, determining the order of inspection based on the weights may increase the efficiency of the security baseline inspection, as lower weighted security baselines may be performed later to reduce the impact on system performance.
S303: and sending the baseline list and the checking sequence to the baseline plugin so as to schedule corresponding checking programs according to the checking sequence through the baseline plugin and check each safety baseline.
According to the invention, the checking sequence of each safety baseline is determined according to the weight of each safety baseline, and then the corresponding checking program is scheduled according to the checking sequence through the baseline plug-in, so that each safety baseline is checked, a Bash script is not required to be used as a checking item, and the corresponding checking program is directly scheduled through the baseline plug-in for checking, so that complex logic can be expressed, and the execution efficiency is improved.
In a possible embodiment, the corresponding checking procedure is scheduled to check each security baseline, and specifically includes:
and the base line plug-in schedules the sub-plug-in corresponding to the id according to the id of the safety base line, and checks the safety base line.
In the invention, the checking program is scheduled according to the unique id of the safety baseline, so that the checking program can be ensured to be accurately matched with the corresponding baseline, thereby improving the checking accuracy. This helps to prevent false positives or incorrect checks. Further, scheduling using baseline ids can allow the inspection program to remain modularized and separate from a particular baseline, easy to maintain and update, and easy to manage and maintain when a security baseline changes or a new baseline needs to be added.
In one possible embodiment, each security baseline is provided with a timeout parameter, the security baseline comprising: built-in safety baselines, template safety baselines and self-defined safety baselines, and checking each safety baseline, wherein the method specifically comprises the following steps of:
and when the time for checking the built-in safety base line or the template safety base line exceeds the corresponding timeout parameter, recording timeout information in a log, and continuing checking.
It should be noted that, because the built-in safety baseline or the template safety baseline is carefully designed and strictly tested by the baseline plug-in developer, even if the built-in safety baseline or the template safety baseline overtime, the risk to the whole inspection logic is less, the stability of the whole system is not affected, and therefore the inspection can be continued.
When the time for checking the self-defined safety base line exceeds the timeout parameter of the self-defined safety base line, the checking of the current self-defined safety base line is terminated, and the next safety base line is started to be checked.
It should be noted that, the custom security baseline is a security baseline directly configured by a user by writing a code, when the custom security baseline is checked and time-out, the risk of executing complex checking logic or finding a problem may exist in the code written by the user, and the risk can be reduced by timely terminating the current checking, so that the system can complete the checking in a reasonable time.
In the invention, the characteristics of built-in, template and self-defined safety base line are fully utilized, and the overtime conditions of the three are subjected to differential processing, so that the overall safety and the safety test efficiency of the system can be considered.
S304: and receiving the checking result of each safety baseline reported by the baseline plug-in.
S305: and summarizing the inspection results of each safety baseline.
In one possible implementation, S305 specifically includes substeps S3051 to S3055:
s3051: and determining a system risk level corresponding to the detection result according to the detection result of the safety baseline.
Optionally, the system risk level may include: severe, high-risk, medium-risk, and low-risk.
S3052: and converting the system risk level into a system risk value.
Optionally, the system risk value corresponding to the serious risk level is 100, the system risk value corresponding to the high-risk level is 75, the system risk value corresponding to the medium-risk level is 50, and the system risk value corresponding to the low-risk level is 20.
S3053: according to the weight of the safety base line and the system risk value, calculating the score of the safety base line:
wherein,sa score representing a baseline of safety,λthe weight of the safety baseline is represented,arepresenting a system risk value determined from the security baseline.
S3054: accumulating the scores of all the safety baselines to obtain a total score:
wherein,Sthe total score is represented as a function of the total score,s i represent the firstiA score for the individual safety baseline, and,nrepresenting the total number of security baselines.
It should be noted that, calculating the score of the safety baseline may combine the inspection result with the weight to quantify the safety of each safety baseline. This helps determine which baselines require preferential treatment to improve the overall security of the system.
S3055: calculating a weighted pass rate according to the total score:
wherein,ρthe weighted passing rate is represented by max, and the highest score in an ideal case is represented by max.
In the present invention, mapping the inspection results of the security baseline onto weighted passing rates helps to provide a more comprehensive, quantitative security assessment and helps organizations better understand, manage and improve the security of the system.
S306: and sending the checking result based on the safety baseline to the front end.
In one possible implementation, after S301, the method further includes:
s307: the filter conditions are received.
In one possible embodiment, the filtering conditions are in particular: the weight of the safety base line is in a preset weight range, and/or the risk level of the safety base line is a preset risk level.
It should be noted that, the filtering condition allows to precisely select the safety baseline meeting the specific requirement according to the preset weight range and/or risk level, so that only the baseline meeting the specific condition is ensured to be considered, thereby improving the accuracy of screening.
S308: and filtering the safety baselines in the baseline list according to the filtering conditions.
In the invention, the working load of the back-end processing can be reduced by reducing the baseline list to the baseline meeting the specific standard, thereby improving the performance and response speed of the system. This is important for large scale baseline management and screening. Furthermore, the strategy can be customized according to different security requirements by setting the filtering conditions, and the filtering conditions can be adjusted according to the requirements, so that the applicability of security detection is improved.
It should be noted that, in the present invention, the weight of each safety baseline has at least the following three effects:
(1) The weights of the safety baselines can be used for determining the checking sequence of the respective safety baselines, and by putting the safety baselines with higher weights in front for checking, the most important safety problem can be ensured to be solved first, so that the overall safety of the system is improved to the greatest extent, and the key safety problem is solved first. Further, determining the order of inspection based on the weights may increase the efficiency of the security baseline inspection, as lower weighted security baselines may be performed later to reduce the impact on system performance.
(2) The weight of the safety baselines can be used for calculating the scores of the safety baselines, and the safety of each safety baseline can be accurately quantified by combining the inspection results with the weight.
(3) The weight of the safety base line can be used as a filtering condition to filter the safety base line so as to accurately select the safety base line meeting specific requirements, and the workload of back-end processing can be reduced by reducing the base line list to the base line meeting specific standards, so that the performance and response speed of the system are improved.
Compared with the prior art, the invention has at least the following beneficial effects:
(1) In the invention, a self-defined safety baseline can be added into the baseline list through the baseline plug-in according to actual needs in the actual inspection process, thereby meeting the safety requirement of real-time change and improving the efficiency of network safety inspection.
(2) According to the invention, the checking sequence of each safety baseline is determined according to the weight of each safety baseline, and then the corresponding checking program is scheduled according to the checking sequence through the baseline plug-in, so that each safety baseline is checked, a Bash script is not required to be used as a checking item, and the corresponding checking program is directly scheduled through the baseline plug-in for checking, so that complex logic can be expressed, and the execution efficiency is improved.
Fourth, referring to fig. 4, a schematic structural diagram of another customized security baseline inspection device based on a plug-in unit according to an embodiment of the present invention is shown.
The invention provides a self-defined security baseline inspection device 40 based on a plug-in, which is applied to a back end and comprises:
a second receiving module 401, configured to receive a baseline list sent by the front end and weights of each security baseline, where the baseline list includes a plurality of security baselines including a custom security baseline;
a determining module 402, configured to determine an inspection sequence of each safety baseline according to the weight of each safety baseline;
a third sending module 403, configured to send the baseline list and the inspection sequence to the baseline plugin, so as to schedule a corresponding inspection program according to the inspection sequence through the baseline plugin, and inspect each security baseline;
A third receiving module 404, configured to receive an inspection result of each security baseline reported by the baseline plug-in;
the summarizing module 405 is configured to summarize inspection results of each security baseline;
a fourth sending module 406, configured to send the security baseline based inspection result to the front end.
In one possible implementation, the plug-in based custom security baseline inspection device 40 further includes:
a fourth receiving module 407 that receives the filtering condition;
and a filtering module 408, configured to filter the security baselines in the baseline list according to the filtering condition.
In one possible embodiment, the filtering conditions are in particular: the weight of the safety base line is in a preset weight range, and/or the risk level of the safety base line is a preset risk level.
In a possible embodiment, the corresponding checking procedure is scheduled to check each security baseline, and specifically includes:
and the base line plug-in schedules the sub-plug-in corresponding to the id according to the id of the safety base line, and checks the safety base line.
In one possible embodiment, each security baseline is provided with a timeout parameter, the security baseline comprising: built-in safety baselines, template safety baselines and self-defined safety baselines, and checking each safety baseline, wherein the method specifically comprises the following steps of:
When the time for checking the built-in safety base line or the template safety base line exceeds the corresponding overtime parameter, recording overtime information in a log, and continuing to check;
when the time for checking the self-defined safety base line exceeds the timeout parameter of the self-defined safety base line, the checking of the current self-defined safety base line is terminated, and the next safety base line is started to be checked.
In one possible implementation, the summarizing module 405 is specifically configured to:
determining a system risk level corresponding to the detection result according to the detection result of the safety baseline;
converting the system risk level into a system risk value;
according to the weight of the safety base line and the system risk value, calculating the score of the safety base line:
wherein,sa score representing a baseline of safety,λthe weight of the safety baseline is represented,arepresenting a system risk value determined from the security baseline;
accumulating the scores of all the safety baselines to obtain a total score:
wherein,Sthe total score is represented as a function of the total score,s i represent the firstiA score for the individual safety baseline, and,nrepresenting a total number of security baselines;
calculating a weighted pass rate according to the total score:
wherein,ρthe weighted passing rate is represented by max, and the highest score in an ideal case is represented by max.
The plug-in based custom security baseline inspection device 40 provided in the present invention can implement each process implemented in the method embodiment of the third aspect, and in order to avoid repetition, a description is omitted here.
The virtual device provided by the invention can be a device, and can also be a component, an integrated circuit or a chip in a terminal.
Compared with the prior art, the invention has at least the following beneficial effects:
(1) In the invention, a self-defined safety baseline can be added into the baseline list through the baseline plug-in according to actual needs in the actual inspection process, thereby meeting the safety requirement of real-time change and improving the efficiency of network safety inspection.
(2) According to the invention, the checking sequence of each safety baseline is determined according to the weight of each safety baseline, and then the corresponding checking program is scheduled according to the checking sequence through the baseline plug-in, so that each safety baseline is checked, a Bash script is not required to be used as a checking item, and the corresponding checking program is directly scheduled through the baseline plug-in for checking, so that complex logic can be expressed, and the execution efficiency is improved.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some or all of the technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit of the corresponding technical solutions from the scope of the technical solutions of the embodiments of the present application.
Claims (9)
1. The plug-in based custom security baseline checking method is characterized by being applied to the front end and comprising the following steps:
adding a custom security baseline to the baseline list;
acquiring a baseline list, wherein a plurality of safety baselines including the self-defined safety baselines in the baseline list;
setting the weight of each safety baseline;
the base line list and the weight of each safety base line are sent to the rear end, so that the rear end determines the checking sequence of each safety base line according to the weight of each safety base line, the rear end sends the base line list and the checking sequence to a base line plug-in unit, corresponding checking programs are scheduled according to the checking sequence through the base line plug-in unit, each safety base line is checked, and the rear end receives the checking results of each safety base line reported by the base line plug-in unit and forwards the checking results to the front end;
receiving a security baseline based inspection result;
the inspection result of the safety baseline is specifically a weighted passing rate, and the calculation mode of the weighted passing rate is as follows:
determining a system risk level corresponding to the detection result according to the detection result of the safety baseline;
converting the system risk level into a system risk value;
according to the weight of the safety base line and the system risk value, calculating the score of the safety base line: Wherein,sa score representing a baseline of safety,λthe weight of the safety baseline is represented,arepresenting a system risk value determined from the security baseline;
accumulating the scores of all the safety baselines to obtain a total score:wherein,Sthe total score is represented as a function of the total score,s i represent the firstiA score for the individual safety baseline, and,nrepresenting a total number of security baselines; calculating a weighted pass rate according to the total score:wherein,ρthe weighted passing rate is represented by max, and the highest score in an ideal case is represented by max.
2. The plug-in based custom security baseline inspection method according to claim 1, further comprising, after the setting of the weights of the respective security baselines:
setting filtering conditions;
and sending the filtering condition to the back end so that the back end filters the safety baselines in the baseline list according to the filtering condition.
3. The plug-in based custom security baseline inspection method according to claim 2, wherein the filtering conditions are specifically: the weight of the safety base line is in a preset weight range, and/or the risk level of the safety base line is a preset risk level.
4. The plug-in based custom security baseline inspection method according to claim 1, wherein the scheduling of the corresponding inspection program inspects each security baseline, specifically comprising:
And the base line plug-in schedules the sub-plug-in corresponding to the id according to the id of the safety base line, and checks the safety base line.
5. The plug-in based custom security baseline inspection method of claim 1, wherein each security baseline is provided with a timeout parameter, the security baseline comprising: built-in safety baselines, template safety baselines and self-defined safety baselines, wherein each safety baseline is checked, and the method specifically comprises the following steps:
when the time for checking the built-in safety base line or the template safety base line exceeds the corresponding overtime parameter, recording overtime information in a log, and continuing to check;
and when the time for checking the self-defined safety base line exceeds the timeout parameter of the self-defined safety base line, stopping checking the current self-defined safety base line and starting checking the next safety base line.
6. The utility model provides a self-defining safety baseline inspection device based on plug-in components, its characterized in that is applied to the front end, includes:
the adding module is used for adding the self-defined safety base line to the base line list;
the acquisition module is used for acquiring a baseline list, wherein a plurality of safety baselines including the self-defined safety baselines are included in the baseline list;
The first setting module is used for setting the weight of each safety baseline;
the first sending module is used for sending the base line list and the weight of each safety base line to the rear end so that the rear end can determine the checking sequence of each safety base line according to the weight of each safety base line;
the first receiving module is used for receiving the checking result based on the safety baseline;
the inspection result of the safety baseline is specifically a weighted passing rate, and the calculation mode of the weighted passing rate is as follows:
determining a system risk level corresponding to the detection result according to the detection result of the safety baseline;
converting the system risk level into a system risk value;
according to the weight of the safety base line and the system risk value, calculating the score of the safety base line:wherein,sa score representing a baseline of safety,λthe weight of the safety baseline is represented,arepresenting a system risk value determined from the security baseline;
accumulating the scores of all the safety baselines to obtain a total score:wherein,Sthe total score is represented as a function of the total score,s i represent the firstiA score for the individual safety baseline, and,nrepresenting a total number of security baselines;
calculating a weighted pass rate according to the total score:wherein,ρthe weighted passing rate is represented by max, and the highest score in an ideal case is represented by max.
7. The plug-in based custom security baseline checking method is characterized by being applied to a back end and comprising the following steps:
receiving a base line list sent by a front end and weight of each safety base line, wherein the base line list comprises a plurality of safety base lines including self-defined safety base lines;
determining the checking sequence of each safety baseline according to the weight of each safety baseline;
sending the baseline list and the checking sequence to a baseline plugin, so as to schedule corresponding checking programs according to the checking sequence through the baseline plugin and check each safety baseline;
receiving the checking result of each safety baseline reported by the baseline plug-in;
summarizing the inspection results of all the safety baselines;
sending a checking result based on the safety baseline to the front end;
the inspection result of the safety baseline is specifically a weighted passing rate, and the calculation mode of the weighted passing rate is as follows:
determining a system risk level corresponding to the detection result according to the detection result of the safety baseline;
converting the system risk level into a system risk value;
according to the weight of the safety base line and the system risk value, calculating the score of the safety base line:wherein, sA score representing a baseline of safety,λthe weight of the safety baseline is represented,arepresenting a system risk value determined from the security baseline; accumulating the scores of all the safety baselines to obtain a total score: />Wherein,Sthe total score is represented as a function of the total score,s i represent the firstiA score for the individual safety baseline, and,nrepresenting a total number of security baselines;
calculating a weighted pass rate according to the total score:wherein,ρthe weighted passing rate is represented by max, and the highest score in an ideal case is represented by max.
8. The plug-in based custom security baseline inspection method according to claim 7, further comprising, after the receiving front-end sends the baseline list and the weights of the security baselines:
receiving a filtering condition;
and filtering the safety baselines in the baseline list according to the filtering conditions.
9. The utility model provides a self-defining safety baseline inspection device based on plug-in components, its characterized in that is applied to the backend, includes:
the second receiving module is used for receiving a baseline list sent by the front end and the weight of each safety baseline, wherein the baseline list comprises a plurality of safety baselines including self-defined safety baselines;
the determining module is used for determining the checking sequence of each safety baseline according to the weight of each safety baseline;
A third sending module, configured to send the baseline list and the inspection sequence to a baseline plug-in, so as to schedule a corresponding inspection program according to the inspection sequence through the baseline plug-in, and inspect each security baseline;
the third receiving module is used for receiving the checking result of each safety baseline reported by the baseline plug-in;
the summarizing module is used for summarizing the inspection results of each safety baseline;
the fourth sending module is used for sending the checking result based on the safety baseline to the front end;
the inspection result of the safety baseline is specifically a weighted passing rate, and the calculation mode of the weighted passing rate is as follows:
determining a system risk level corresponding to the detection result according to the detection result of the safety baseline;
converting the system risk level into a system risk value;
according to the weight of the safety base line and the system risk value, calculating the score of the safety base line:wherein,sa score representing a baseline of safety,λthe weight of the safety baseline is represented,arepresenting a system risk value determined from the security baseline;
accumulating the scores of all the safety baselines to obtain a total score:wherein,Sthe total score is represented as a function of the total score,s i represent the firstiA score for the individual safety baseline, and, nRepresenting a total number of security baselines; calculating a weighted pass rate according to the total score:wherein,ρthe weighted passing rate is represented by max, and the highest score in an ideal case is represented by max.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311319489.4A CN117077149B (en) | 2023-10-12 | 2023-10-12 | Plug-in-based custom security baseline checking method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311319489.4A CN117077149B (en) | 2023-10-12 | 2023-10-12 | Plug-in-based custom security baseline checking method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117077149A CN117077149A (en) | 2023-11-17 |
| CN117077149B true CN117077149B (en) | 2024-01-23 |
Family
ID=88702757
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311319489.4A Active CN117077149B (en) | 2023-10-12 | 2023-10-12 | Plug-in-based custom security baseline checking method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117077149B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103176786A (en) * | 2011-12-26 | 2013-06-26 | 中科信息安全共性技术国家工程研究中心有限公司 | Security configuration checking framework based on plug-in unit and construction method thereof |
| CN113515751A (en) * | 2021-09-13 | 2021-10-19 | 富通云腾科技有限公司 | Deployment analysis platform based on modular software |
| CN113873006A (en) * | 2021-08-23 | 2021-12-31 | 湖北省农村信用社联合社网络信息中心 | Baseline detection method based on priority |
| CN114756276A (en) * | 2022-04-12 | 2022-07-15 | 北京神舟航天软件技术股份有限公司 | Software version control method based on baseline |
| CN116719558A (en) * | 2023-08-09 | 2023-09-08 | 北京比瓴科技有限公司 | Gitlab baseline inspection method, device, equipment and readable storage medium |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP7138295B2 (en) * | 2019-12-31 | 2022-09-16 | シェンヂェン ジンタイ テクノロジー カンパニー リミテッド | Pharmaceutical R&D software repository and software package management system |
-
2023
- 2023-10-12 CN CN202311319489.4A patent/CN117077149B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103176786A (en) * | 2011-12-26 | 2013-06-26 | 中科信息安全共性技术国家工程研究中心有限公司 | Security configuration checking framework based on plug-in unit and construction method thereof |
| CN113873006A (en) * | 2021-08-23 | 2021-12-31 | 湖北省农村信用社联合社网络信息中心 | Baseline detection method based on priority |
| CN113515751A (en) * | 2021-09-13 | 2021-10-19 | 富通云腾科技有限公司 | Deployment analysis platform based on modular software |
| CN114756276A (en) * | 2022-04-12 | 2022-07-15 | 北京神舟航天软件技术股份有限公司 | Software version control method based on baseline |
| CN116719558A (en) * | 2023-08-09 | 2023-09-08 | 北京比瓴科技有限公司 | Gitlab baseline inspection method, device, equipment and readable storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117077149A (en) | 2023-11-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10353799B2 (en) | Testing and improving performance of mobile application portfolios | |
| CN102222042B (en) | Automatic software testing method based on cloud computing | |
| CN114357495B (en) | Prediction machine under-chain aggregation method, device, equipment and medium based on block chain | |
| CN109062807B (en) | Method and device for testing application program, storage medium and electronic device | |
| CN114064208A (en) | Method and device for detecting application service state, electronic equipment and storage medium | |
| CN115396289A (en) | Fault alarm determination method and device, electronic equipment and storage medium | |
| CN115509797A (en) | Method, device, equipment and medium for determining fault category | |
| CN115204733A (en) | Data auditing method and device, electronic equipment and storage medium | |
| CN112416800B (en) | Intelligent contract testing method, device, equipment and storage medium | |
| CN117077149B (en) | Plug-in-based custom security baseline checking method and device | |
| CN105550103A (en) | Custom test script based automated testing method | |
| CN110908858B (en) | Log sample sampling method based on double-funnel structure and related device | |
| CN116074183B (en) | C3 timeout analysis method, device and equipment based on rule engine | |
| CN116431505A (en) | Regression testing method and device, electronic equipment, storage medium and product | |
| CN116645082A (en) | System inspection method, device, equipment and storage medium | |
| CN115687283A (en) | Log-based playback method and device, electronic equipment and medium | |
| CN115794744A (en) | Log display method, device, equipment and storage medium | |
| CN111130955B (en) | Distributed link monitoring method based on internet credit system | |
| CN114693116A (en) | Method and device for detecting code review validity and electronic equipment | |
| CN111143325B (en) | Data acquisition monitoring method, monitoring device and readable storage medium | |
| CN113032151A (en) | Service message processing method, electronic equipment, mobile terminal and storage medium | |
| CN114637685A (en) | Performance test method, device, equipment and medium of application program in bank system | |
| CN104426708A (en) | Method and system for executing security detection service | |
| CN110908911A (en) | Software testing method and device, electronic equipment and computer readable medium | |
| CN111835566A (en) | System fault management method, device and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |