CN117390629A - Application server risk reinforcement method and device - Google Patents

Application server risk reinforcement method and device Download PDF

Info

Publication number
CN117390629A
CN117390629A CN202311254686.2A CN202311254686A CN117390629A CN 117390629 A CN117390629 A CN 117390629A CN 202311254686 A CN202311254686 A CN 202311254686A CN 117390629 A CN117390629 A CN 117390629A
Authority
CN
China
Prior art keywords
risk
asset
application
reinforcement
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311254686.2A
Other languages
Chinese (zh)
Inventor
白建兵
傅鹏斌
张恒
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhongtong Service Kexin Information Technology Co ltd
Original Assignee
Zhongtong Service Kexin Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhongtong Service Kexin Information Technology Co ltd filed Critical Zhongtong Service Kexin Information Technology Co ltd
Priority to CN202311254686.2A priority Critical patent/CN117390629A/en
Publication of CN117390629A publication Critical patent/CN117390629A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • Databases & Information Systems (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The application provides an application server risk reinforcement method and device, wherein the method comprises the following steps: acquiring asset information of an application server, and determining asset risk values based on the asset information, wherein the asset information comprises hardware information, operating system information and application program information; scanning an operating system and an application program of the application server, comparing scanned contents with contents of an own basic security risk library, and determining a basic risk value based on a comparison result; determining an application risk value for the application server based on the asset risk value and the base risk value; and when the application risk value is larger than a first preset value, generating a risk reinforcement measure. Therefore, the operation and maintenance management efficiency of the application server is improved.

Description

Application server risk reinforcement method and device
Technical Field
The application relates to the technical field of server operation and maintenance, in particular to an application server risk reinforcement method and device.
Background
With the rapid development of the information age, applications having ultra-large user scales are increasing, so the number of large-scale servers is increasing, and the requirements on the servers are also increasing. Thus, as server size, number, and requirements increase, secure operation of servers also faces more challenges.
The invention patent of application number 2005100426556 discloses an active network security vulnerability detector which consists of three modules, namely a detection agent, a data center and an analysis console, and the three modules cooperate with each other to realize vulnerability detection. Wherein the detection agent gathers system configuration information and uploads to the data center. The analysis control console analyzes the information stored in the data center, identifies host loopholes by utilizing OVAL loopholes definition, further applies predicate logic theory to perform association analysis of attacks/loopholes, discovers security problems caused by loopholes combination, and visually displays potential attack paths. The method can successfully realize rapid and high-precision vulnerability detection of the network system, has small influence on the performance of the system to be evaluated, has strong expandability, and is suitable for evaluating and managing the network security.
However, according to the above prior art, most of the existing security operations remain in the conventional stage, the security operations of the server are still uniformly scanned, and then blind uniform security reinforcement is performed for the scanned holes, so that the operation and maintenance management efficiency is low.
Disclosure of Invention
The application provides a risk reinforcement method and device for an application server, which are used for solving the problems in the background technology.
In a first aspect, the present application provides an application server risk reinforcement method, including:
acquiring asset information of an application server, and determining asset risk values based on the asset information, wherein the asset information comprises hardware information, operating system information and application program information;
scanning an operating system and an application program of the application server, comparing scanned contents with contents of an own basic security risk library, and determining a basic risk value based on a comparison result;
determining an application risk value for the application server based on the asset risk value and the base risk value;
and when the application risk value is larger than a first preset value, generating a risk reinforcement measure.
Optionally, the determining an asset risk value based on the asset information includes:
determining a first amount of acquired hardware information, a second amount of system information and a third amount of application information;
an asset risk value is determined based on the first quantity, the second quantity, the third quantity, and a predetermined algorithm.
Optionally, the generating risk reinforcement measures includes:
repairing each asset when the application risk value is greater than the first preset value and less than a second preset value;
and when the application risk value is greater than the second preset value, replacing each asset.
Optionally, after the generating the risk reinforcement measure, the method further comprises:
and generating a risk reinforcement report, wherein the content of the report comprises the application risk value, the asset name of the reinforced asset, the reinforcement measure name, the reinforcement measure type, the information before reinforcement and the information after reinforcement.
Optionally, after the generating the risk reinforcement measure, the method further comprises:
and storing the asset risk value, the base risk value and the risk reinforcement report into a safety database.
Optionally, the method further comprises: and updating the self-owned basic security risk library every preset time interval.
In a second aspect, the present application provides an application server risk reinforcement device, including:
the system comprises an acquisition determining module, a storage module and a storage module, wherein the acquisition determining module is used for acquiring asset information of an application server and determining asset risk values based on the asset information, and the asset information comprises hardware information, operating system information and application program information;
the scanning determining module is used for scanning an operating system and an application program of the application server, comparing the scanned content with an own basic security risk library and determining a basic risk value based on a comparison result;
a determining module for determining an application risk value for the application server based on the asset risk value and the base risk value;
and the generation module is used for generating risk reinforcement measures when the application risk value is larger than a first preset value.
In a third aspect, an embodiment of the present application provides an electronic device, including:
one or more processors;
a memory for storing one or more programs;
the one or more programs, when executed by the one or more processors, cause the one or more processors to perform a method embodying the first aspect described above.
In a fourth aspect, embodiments of the present application provide a computer readable storage medium having stored thereon a computer program for implementing the method of the first aspect.
In a fifth aspect, embodiments of the present application provide a computer program product comprising a computer program which, when executed by a processor, implements the method of the first aspect described above.
According to the application server risk reinforcement method, asset information of an application server is obtained, and an asset risk value is determined based on the asset information; scanning an operating system and an application program of the application server, and determining a basic risk value based on a scanning result; determining an application risk value for the application server based on the asset risk value and the base risk value; and when the application risk value is larger than a first preset value, generating a risk reinforcement measure. Compared with the prior art, the vulnerability scanning is performed on the application server, and then the security reinforcement is performed on all scanned vulnerabilities; according to the risk assessment method and the risk assessment device, the risk assessment device and the risk assessment system, the risk is reinforced only when the risk value is larger than the preset value, and the risk is not reinforced blindly, so that the safety operation and maintenance efficiency is improved; further, during the evaluation, not only the scanned vulnerabilities are evaluated, but also the risks of the assets are evaluated, for example, the hardware information of the assets, the information of the operating system and the information of the application programs are evaluated, so that the comprehensiveness and the accuracy of the risk evaluation are improved, the safety reinforcement efficiency and the reliability are also improved, and the safety operation and maintenance efficiency of the application server is further improved.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, a brief description will be given below of the drawings that are needed in the embodiments or the prior art descriptions, and it is obvious that the drawings in the following description are some embodiments of the present application, and that other drawings can be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is an implementation environment architecture diagram of an application server risk reinforcement method according to an embodiment of the present application;
fig. 2 is a flowchart of an application server risk reinforcement method provided in an embodiment of the present application;
FIG. 3 is a flowchart of a method for determining an asset risk value according to an embodiment of the present application;
FIG. 4 is a flowchart of a method for determining a risk value for an asset according to an embodiment of the present application;
FIG. 5 is a flowchart of another risk reinforcement method for an application server according to an embodiment of the present application;
fig. 6 is a schematic structural diagram of an application server risk reinforcement device according to an embodiment of the present application;
fig. 7 is a schematic structural diagram of another risk reinforcement device for an application server according to an embodiment of the present application;
fig. 8 is a schematic diagram of a computer system according to an embodiment of the present application.
Detailed Description
For the purposes of making the objects, technical solutions and advantages of the embodiments of the present application more clear, the technical solutions in the embodiments of the present application are clearly and completely described below, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments, which can be made by one of ordinary skill in the art without inventive effort, are also within the scope of the present application based on the embodiments herein. In addition, the embodiments and features in the embodiments in the present application may be combined with each other without conflict. The present application will be described in detail below with reference to the accompanying drawings in conjunction with embodiments.
Fig. 1 is an implementation environment architecture diagram of an application server risk reinforcement method according to an embodiment of the present application. As shown in fig. 1, the architecture includes a terminal, an operation server, and an application server.
The hardware of the operation server comprises a processor, a memory, a main board, a hard disk, an optical drive and the like. The software of the operation and maintenance server comprises a risk reinforcement system arranged on the software and a database corresponding to the system. The risk reinforcement system can acquire and scan asset information of the application server, evaluate the risk of the application server according to the asset information, and determine a risk reinforcement method according to the risk.
Further, the operation and maintenance server can also store data generated in the evaluation and reinforcement processes, so that the data can be obtained at any time when needed, for example, the application risk value, the reinforcement method and the like of each application server are stored.
The hardware structure of the terminal comprises a processor, a memory and a display device, and the software structure comprises a risk reinforcement system or a client called a risk reinforcement application program which is installed on the terminal. When the client is started, the terminal can display an application interface, acquire data input by a user through the interface, and send the data to the operation and maintenance server, or be used for displaying one or more messages sent by the operation and maintenance server. For example, the staff inputs the identification of the application server to be consolidated through the input device of the terminal, so that the risk reinforcement system can identify the application server to be consolidated through the identification.
The types of terminals include, but are not limited to, smart phones, tablet computers, televisions, notebook computers, desktop computers, etc., and the embodiments of the present application are not limited in this regard.
The terminal and the operation server establish communication connection through a wired or wireless network.
The application server may also be called an application server, which is a server corresponding to an application program, and is also a server that needs to be operated and maintained, and in this application, is a server that needs to be evaluated and consolidated. The hardware of the application server comprises a processor, a memory, a main board, a hard disk, an optical drive and the like, and the software comprises an operating system installed on the hardware and background data of an application program running on the operating system.
Here, the application server may be a plurality of servers corresponding to one application program, or may be a plurality of servers corresponding to a plurality of application programs, which is not limited in this embodiment of the present application.
Fig. 2 is a flowchart illustrating an application server risk reinforcement method according to an embodiment of the present application. The method shown in fig. 2 may be performed by the operation and maintenance server in fig. 1, and as shown in fig. 2, the method includes the steps of:
in step 201, asset information of an application server is obtained, and asset risk values are determined based on the asset information, wherein the asset information comprises hardware information, operating system information and application program information.
The hardware information includes related information of electrical components such as a Central Processing Unit (CPU), a memory (MEM), a DISK (DISK), a basic input/output system (English full name: basic Input Output System; english short name: BIOS) +net display card, a hard DISK and the like. Such as the model number, brand name, master frequency, number of bits, cache instruction set, core number, and number of instructions per cycle, etc. of the CPU.
The operating system information includes the type, name, version number, application container engine dock, real-time operating system klernel, IP packet filtering system IPTABLES, network time protocol (english name: network Time Protocol; english: NTP), system log SYSLOG, secure Shell protocol (english: secure Shell, english: SSH), domain name system (english: domain Name System, english: DNS).
The application information includes names, version numbers, types, occupied memory space, databases, etc.
The application program is an application program taking an application server as a back-end server.
Supported CTyunOS, euler, UOS, kylin, SUSE, centos, redhat, UNIX, windows server, etc. systems
Further, asset information of the application server may be obtained by: acquiring login information of an application server, and logging in a host of the application server; and then acquiring the hardware information, the operating system information and the application system information of the host. The login information of the application server can be obtained by manually inquiring a host of the application server.
Referring to FIG. 3, determining asset risk values based on the asset information may be accomplished by:
in step 2011, a first amount of acquired hardware information, a second amount of system information, and a third amount of application information are determined.
Step 2012, determining an asset risk value based on the first quantity, the second quantity, the third quantity, and a predetermined algorithm.
The predetermined algorithm may be the following formula:
i=first number x+second number y+third number z
Wherein I represents an asset risk value, x is a first weight, y is a second weight, and z is a third weight. x, y and z can be set according to specific requirements, or can be determined empirically, for example, x is 0.8, y is 1, and z is 1.2, then the asset risk value is calculated by the following formula:
i=first quantity 0.8+second quantity 1+third quantity 1.2
Typically, the first, second, and third amounts will all be within a certain range, as will the asset risk values, e.g., the asset risk values will typically be between [0, 19.6 ].
Because the larger the number of the asset information is, the larger the probability of risk occurrence is, the number of the asset information is integrated into the asset risk, and the accuracy of asset risk assessment is improved, so that the accuracy of risk reinforcement is also improved.
Alternatively, referring to FIG. 4, determining asset risk values based on the asset information may also be accomplished by steps 2013-2015 as follows:
in step 2013, asset values for each asset are determined, the asset values being used to represent a degree of matching between one asset and other assets.
In this application, assets may include hardware, operating systems, and applications, with each asset corresponding to an asset value, with higher asset values representing a higher degree of match with other associated assets.
In the application, for hardware, the higher the matching degree between the hardware and an operating system and between the hardware and an application program is, the higher the asset value is; for an operating system: the higher the matching degree with hardware, the higher the asset value; for an application, the higher its match to the hardware and operating system, the higher the asset value.
The degree of matching of hardware to the operating system and applications can be understood as: the more hardware can meet the running of the operating system and applications, the higher the asset value. The degree of matching of the operating system to the hardware and applications can be understood as: the more smoothly the operating system runs on the hardware and the higher the operating system's management efficiency for the application, the higher the asset value. The degree of matching of an application to hardware and operating systems can be understood as: the more smoothly the application runs on the operating system and hardware described above, the higher the asset value. Further, the degree of mutual matching between the assets can be determined by the asset information.
Illustratively, still taking the above example as an example, asset information for each asset of the application server is as follows:
hardware information: the main frequency of CPU is 50MHz, memory 2G and hard disk 50G
Operating system information: win10
Application program: weChan, paoyao and naughty
Further, assuming that the full scale of the asset value is 10 minutes, the performance of the hardware is low, and the operation of the operating system and the application degree cannot be satisfied, and the asset value is low, for example, 2.Win10 operating system operation cannot basically run on the hardware, but Win10 is relatively efficient for WeChat, payment and Taobao topologies, thus determining the asset value of the operating system to be 5. The WeChat, payment Bao, and Taobao described above cannot basically run in the hardware system described above, but can be managed efficiently by the Win10 operating system, then the asset value of the application is a value near median 5, e.g., the asset value of the application is determined to be 4.
In step 2014, a sum of the asset values is calculated.
And step 2015, determining the reciprocal of the sum value, normalizing the reciprocal within a preset range to obtain a normalized value, and determining the normalized value as the asset risk value.
The normalized coefficient and the predetermined range may be determined empirically, e.g., the predetermined range is [0, 19.6], and the normalized value is determined as the asset risk value.
Steps 2013-2015 provided in the embodiments of the present application determine an asset value for each asset, and determine the matching between the assets through the asset value, so as to determine the asset risk value through the matching degree between the assets. Because of the mismatch between the assets, there is also a risk to the application server, for example, when the asset value of the hardware is too low, there is a risk that both the operating system and the application program will run slowly. Further, since the respective operating systems and application programs on the application server are slow to apply, the application server is more susceptible to interference from other external factors. Thus, assets with lower asset values, i.e., assets with higher asset risk values, tend to increase the risk of the application server. Therefore, the asset value is included in the evaluation of the asset risk, namely, the asset value is included in the risk evaluation of the application server, so that the accuracy of the risk evaluation of the application server can be improved, the risk solving efficiency is improved, and the risk reinforcing efficiency is also improved.
In addition, for a same asset, in different application servers, the asset value may also be different due to the difference of other assets of the application servers. Therefore, when the asset is used for risk assessment, different asset risk values are determined for different application servers, so that the targeted operation and maintenance are performed in the operation and maintenance process, and the efficiency of operation and maintenance management is improved.
Step 202, scanning an operating system and an application program of the application server, comparing scanned contents with contents of an own basic security risk library, and determining a basic risk value based on a comparison result.
The operating system and application programs of the scanning application server can be understood as follows: all information related to an operating system and an application program of the application server, such as static files, memory space, kernel space, codes, running results, corresponding databases and the like, are acquired, each acquired information is compared with a basic security risk library, and when the operating system and the application program have the same or similar content as the basic security risk library, the security risk in the operating system and the application program is determined.
Further, the scanned content may also be stored in a secure database.
The self-contained basic security risk library comprises a national information security vulnerability sharing platform (English full name: china National Vulnerability Database; english abbreviated: CNVD), an information security vulnerability sharing platform (English full name: national Vulnerability Database; english abbreviated: NVD), security public opinion, default vulnerabilities of the Internet industry, vulnerability security compliance and the like.
Further, the underlying risk value may be determined by how much content is present in the operating system and application that is the same as or similar to the underlying security risk library, with greater risk being deemed to be present when there is more content that is the same as or similar to the underlying security risk library, and lesser risk being deemed to be present when there is less content that is the same as or similar to the underlying security risk library.
Further, the basic risk value may be determined according to a general vulnerability score, and the general score range is [0, 10] and the related general vulnerability score may refer to related content, which is not described herein.
Step 203, determining an application risk value of the application server based on the asset risk value and the base risk value.
The application risk value of the application server can be calculated by the following formula:
wherein I is an asset risk value, C is a base risk value, and B is a risk constant, wherein I and C can be determined by steps 201 and 202 described above, and B can be determined empirically, e.g., B can be determined to be 10.
Further, the risk of the application server may be classified according to the range of application risk values, for example, when the range of application risk values is [0,6.2], it is low risk when the application risk values are in the range of [0, 1), medium risk when the application risk values are in the range of [1, 2), high risk when the application risk values are in the range of [2, 4), and deadly when the application risk values are in the range of [4,6.2 ].
And 204, when the application risk value is greater than a first preset value, generating a risk reinforcement measure.
Different risk levels cause different dangers to the application server, so that different risk reinforcement measures can be determined for the application risk values according to the different risk levels; of course, different risk reinforcement measures can be determined for the application server directly according to the application risk value, and because the risk level is also determined according to the application risk value, the risk reinforcement measures are generated according to the risk level and the risk reinforcement measures are generated according to the application risk value, and the risk reinforcement measures are basically the same.
When the application risk value is smaller than or equal to a first preset value, determining that the risk is smaller, causing no risk to the application server, and performing no risk reinforcement treatment; when the application risk value is larger than the first preset value, the risk is larger, and reinforcement is needed to prevent damage to the application server or further expansion of the risk.
The first preset value may be determined empirically, for example, as 1.
Optionally, the risk reinforcement measure may be generated by the following steps 2041 and 2042:
in step 2041, repairing each of the assets when the application risk value is greater than the first preset value and less than a second preset value.
For example, if the second preset value is 4, each asset is repaired when the application risk value is greater than or equal to 1 and less than 4.
Further, repairing each asset includes: replacing assets with lower asset values, scanning the assets, and repairing vulnerabilities present in the assets.
And 2042, replacing each asset when the application risk value is greater than the second preset value.
When the risk value is greater than the second preset value, the risk is great, and even if the reinforcement is performed by adopting the repairing method, the asset can be replaced substantially, and more time is consumed, so that when the risk value is greater than the second preset value, the reinforcement can be performed by adopting the method for replacing the asset directly.
For example, if the application risk value is 5, the application risk value is greater than the second preset value, and all the assets in the application server can be replaced, so that the risk is eliminated.
Optionally, referring to fig. 5, after the risk reinforcement measures are generated, the method further includes step 205: and generating a risk reinforcement report, wherein the content of the report comprises the application risk value, the asset name of the reinforced asset, the reinforcement measure name, the reinforcement measure type, the information before reinforcement and the information after reinforcement. Of course, the report content may also include other information related to asset consolidation, which is not described in detail herein.
Optionally, referring to fig. 5, the method further includes step 206:
and storing the asset risk value, the base risk value and the risk reinforcement report into a safety database.
Various data generated in the whole risk reinforcement process can be stored in a safety database so as to be inquired at any time.
Optionally, the method further comprises step 207: and updating the self-owned basic security risk library every preset time interval.
After the self-based security risk library is updated, loopholes in the risk library are more perfect, the risk of the asset is easier to detect, and the accuracy of the basic risk value is improved, so that the accuracy of the application risk value is improved, and further, the reliability of risk reinforcement is also improved.
In addition, it should be noted that the evaluation method is described in the present application by taking the evaluation application server as an example, and is not a limitation of the application, for example, the evaluation method may be used to evaluate any computer electronic device installed with hardware, an operating system, and an application program.
According to the application server risk reinforcement method, asset information of an application server is obtained, and an asset risk value is determined based on the asset information; scanning an operating system and an application program of the application server, and determining a basic risk value based on a scanning result; determining an application risk value for the application server based on the asset risk value and the base risk value; and when the application risk value is larger than a first preset value, generating a risk reinforcement measure. Compared with the prior art, the vulnerability scanning is performed on the application server, and then the security reinforcement is performed on all scanned vulnerabilities; according to the risk assessment method and the risk assessment device, the risk assessment device and the risk assessment system, the risk is reinforced only when the risk value is larger than the preset value, and the risk is not reinforced blindly, so that the safety operation and maintenance efficiency is improved; further, during the evaluation, not only the scanned vulnerabilities are evaluated, but also the risks of the assets are evaluated, for example, the hardware information of the assets, the information of the operating system and the information of the application programs are evaluated, so that the comprehensiveness and the accuracy of the risk evaluation are improved, the safety reinforcement efficiency and the reliability are also improved, and the safety operation and maintenance efficiency of the application server is further improved.
Fig. 6 is a block diagram of an application server risk reinforcement device according to an embodiment of the present application. As shown in fig. 6, the apparatus includes:
an acquisition determining module 701, configured to acquire asset information of an application server, and determine an asset risk value based on the asset information, where the asset information includes hardware information, operating system information, and application information;
the scan determining module 702 is configured to scan an operating system and an application program of the application server, compare the scanned content with an own basic security risk library, and determine a basic risk value based on a comparison result;
a determining module 703 for determining an application risk value for the application server based on the asset risk value and the base risk value;
and a generating module 704, configured to generate a risk reinforcement measure when the application risk value is greater than a first preset value.
Optionally, the acquisition determining module 701 is further configured to:
determining a first amount of acquired hardware information, a second amount of system information and a third amount of application information;
an asset risk value is determined based on the first quantity, the second quantity, the third quantity, and a predetermined algorithm.
Optionally, the generating module 704 is further configured to:
repairing each asset when the application risk value is greater than the first preset value and less than a second preset value;
and when the application risk value is greater than the second preset value, replacing each asset.
Optionally, the generating module 704 is further configured to:
and generating a risk reinforcement report, wherein the content of the report comprises the application risk value, the asset name of the reinforced asset, the reinforcement measure name, the reinforcement measure type, the information before reinforcement and the information after reinforcement.
Optionally, referring to fig. 7, the apparatus further includes a storage module 705 for:
and storing the asset risk value, the base risk value and the risk reinforcement report into a safety database.
Optionally, referring to fig. 7, the apparatus further includes an update module 706 further configured to: and updating the self-owned basic security risk library every preset time interval.
In addition, the relevant content in the device embodiment is referred to the method embodiment, and will not be described herein.
Fig. 8 is a schematic diagram showing a structure of an electronic device or a computer system 800 according to an embodiment of the present application, which includes a Central Processing Unit (CPU) 801 that can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 802 or a program loaded from a storage section into a Random Access Memory (RAM) 803. In the RAM803, various programs and data required for system operation are also stored. The CPU801, ROM802, and RAM803 are connected to each other by a bus 804. An input/output (I/O) interface 805 is also connected to the bus 804.
The following components are connected to the I/O interface 805: an input portion 806 including a keyboard, mouse, etc.; an output portion 807 including a display such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and a speaker; a storage section 808 including a hard disk or the like; and a communication section 809 including a network interface card such as a LAN card, a modem, or the like. The communication section 809 performs communication processing via a network such as the internet. The drives are also connected to the I/O interface 805 as needed. A removable medium 811 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 810 as needed so that a computer program read out therefrom is mounted into the storage section 808 as needed.
In particular, the processes described by the flowcharts of the embodiments of the present application may be implemented as computer software programs. For example, method embodiments of the present application include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method shown in the flow diagrams.
As another aspect, the present application also provides a computer-readable medium that may be contained in the electronic device described in the above embodiment; or may exist alone without being incorporated into the electronic device. The computer readable medium carries one or more programs which, when executed by one of the electronic devices, cause the electronic device to implement the methods described in embodiments of the present application.
It should be noted that the computer readable medium shown in the present application may be a computer readable signal medium or a computer readable storage medium, or any combination of the two.
The units involved in the embodiments of the present application may be implemented by means of software, or may be implemented by means of hardware, and the described units may also be provided in a processor. Wherein the names of the units do not constitute a limitation of the units themselves in some cases. The described units or modules may also be provided in a processor. Wherein the names of the units or modules do not in some cases constitute a limitation of the units or modules themselves.
In addition, the scope of the present application includes a possible technical solution of a specific combination of the above technical features, and also includes a possible other technical solution of any combination of the above technical features or the equivalent features without departing from the concept of the present application.
Finally, it should be noted that what is not described in the technical solutions of the present application may be implemented using the prior art. In addition, the above embodiments are only for illustrating the technical solution of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art will understand; the technical scheme described in the foregoing embodiments can be modified or some or all of the technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit of the corresponding technical solutions from the scope of the technical solutions of the embodiments of the present application.

Claims (10)

1. An application server risk reinforcement method, comprising:
acquiring asset information of an application server, and determining asset risk values based on the asset information, wherein the asset information comprises hardware information, operating system information and application program information;
scanning an operating system and an application program of the application server, comparing scanned contents with contents of an own basic security risk library, and determining a basic risk value based on a comparison result;
determining an application risk value for the application server based on the asset risk value and the base risk value;
and when the application risk value is larger than a first preset value, generating a risk reinforcement measure.
2. The application server risk reinforcement method of claim 1, wherein the determining an asset risk value based on the asset information comprises:
determining a first amount of acquired hardware information, a second amount of system information and a third amount of application information;
an asset risk value is determined based on the first quantity, the second quantity, the third quantity, and a predetermined algorithm.
3. The application server risk reinforcement method according to claim 2, wherein the generating risk reinforcement measures includes:
repairing each asset when the application risk value is greater than the first preset value and less than a second preset value;
and when the application risk value is greater than the second preset value, replacing each asset.
4. The application server risk reinforcement method according to claim 1, characterized in that after the generation of the risk reinforcement measures, the method further comprises:
and generating a risk reinforcement report, wherein the content of the report comprises the application risk value, the asset name of the reinforced asset, the reinforcement measure name, the reinforcement measure type, the information before reinforcement and the information after reinforcement.
5. The application server risk reinforcement method of claim 4, wherein after the generating risk reinforcement measures, the method further comprises:
and storing the asset risk value, the base risk value and the risk reinforcement report into a safety database.
6. The application server risk reinforcement method according to any one of claims 1-5, further comprising: and updating the self-owned basic security risk library every preset time interval.
7. An application server risk reinforcement device, comprising:
the system comprises an acquisition determining module, a storage module and a storage module, wherein the acquisition determining module is used for acquiring asset information of an application server and determining asset risk values based on the asset information, and the asset information comprises hardware information, operating system information and application program information;
the scanning determining module is used for scanning an operating system and an application program of the application server, comparing the scanned content with an own basic security risk library and determining a basic risk value based on a comparison result;
a determining module for determining an application risk value for the application server based on the asset risk value and the base risk value;
and the generation module is used for generating risk reinforcement measures when the application risk value is larger than a first preset value.
8. An electronic device, the device comprising:
one or more processors;
a memory for storing one or more programs;
the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the method of any of claims 1-6.
9. A computer-readable storage medium, having stored thereon a computer program for:
the computer program, when executed by a processor, implements the method according to any of claims 1-6.
10. A computer program product comprising a computer program which, when executed by a processor, implements the method according to any of claims 1-6.
CN202311254686.2A 2023-09-26 2023-09-26 Application server risk reinforcement method and device Pending CN117390629A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311254686.2A CN117390629A (en) 2023-09-26 2023-09-26 Application server risk reinforcement method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311254686.2A CN117390629A (en) 2023-09-26 2023-09-26 Application server risk reinforcement method and device

Publications (1)

Publication Number Publication Date
CN117390629A true CN117390629A (en) 2024-01-12

Family

ID=89462171

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311254686.2A Pending CN117390629A (en) 2023-09-26 2023-09-26 Application server risk reinforcement method and device

Country Status (1)

Country Link
CN (1) CN117390629A (en)

Similar Documents

Publication Publication Date Title
US10873596B1 (en) Cybersecurity alert, assessment, and remediation engine
US9110941B2 (en) Master data governance process driven by source data accuracy metric
CN110162976B (en) Risk assessment method and device and terminal
US10872157B2 (en) Reinforcement-based system and method for detecting system vulnerabilities
US20090113246A1 (en) Apparatus for and Method of Implementing system Log Message Ranking via System Behavior Analysis
US10439876B2 (en) System and method for determining information technology component dependencies in enterprise applications by analyzing configuration data
CN111931048B (en) Artificial intelligence-based black product account detection method and related device
CN113287096A (en) Test result classification for failed code verification
CN112328301B (en) Method and device for maintaining consistency of operating environments, storage medium and electronic equipment
CN114780965A (en) Vulnerability repair priority evaluation method and system
CN115580494A (en) Method, device and equipment for detecting weak password
CN112783508B (en) File compiling method, device, equipment and storage medium
CN117390629A (en) Application server risk reinforcement method and device
CN116541069A (en) Key function evaluation method, device, electronic equipment, medium and program product
CN116301978A (en) System upgrading method, device, equipment and storage medium
US20230252158A1 (en) System and method for dynamically updating existing threat models based on newly identified active threats
US11687574B2 (en) Record matching in a database system
JP2019057016A (en) Classification device
CN114330221A (en) Score board implementation method, score board, electronic device and storage medium
CN113344598A (en) Data verification method, device, medium and electronic equipment
CN113869904A (en) Suspicious data identification method, device, electronic equipment, medium and computer program
CN114039742A (en) Vulnerability management method, system, device and storage medium
Nakamura Towards unified vulnerability assessment with open data
US20230099366A1 (en) Method of managing resources, electronic device, and computer program product
CN116644078A (en) Data quality inspection method, inspection device, inspection equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination