CN117786663A - Commercial password application compliance detection system and method - Google Patents
Commercial password application compliance detection system and method Download PDFInfo
- Publication number
- CN117786663A CN117786663A CN202311635224.5A CN202311635224A CN117786663A CN 117786663 A CN117786663 A CN 117786663A CN 202311635224 A CN202311635224 A CN 202311635224A CN 117786663 A CN117786663 A CN 117786663A
- Authority
- CN
- China
- Prior art keywords
- password
- data
- network
- module
- application
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 34
- 238000000034 method Methods 0.000 title claims description 17
- 238000012544 monitoring process Methods 0.000 claims abstract description 9
- 230000002159 abnormal effect Effects 0.000 claims abstract description 6
- 230000006854 communication Effects 0.000 claims description 13
- 238000012360 testing method Methods 0.000 claims description 13
- 238000004458 analytical method Methods 0.000 claims description 9
- 238000005206 flow analysis Methods 0.000 claims description 8
- 238000004891 communication Methods 0.000 claims description 7
- 230000008569 process Effects 0.000 claims description 7
- 238000011056 performance test Methods 0.000 claims description 5
- 230000005856 abnormality Effects 0.000 claims description 4
- 230000010485 coping Effects 0.000 claims description 2
- 230000008859 change Effects 0.000 abstract description 4
- 238000007726 management method Methods 0.000 abstract description 4
- 238000012550 audit Methods 0.000 abstract description 2
- 230000006399 behavior Effects 0.000 abstract description 2
- 238000011217 control strategy Methods 0.000 abstract description 2
- 230000000694 effects Effects 0.000 abstract description 2
- 230000007246 mechanism Effects 0.000 abstract description 2
- 230000004807 localization Effects 0.000 abstract 1
- 230000005540 biological transmission Effects 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000001105 regulatory effect Effects 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000003339 best practice Methods 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000007123 defense Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 230000008439 repair process Effects 0.000 description 1
- 238000012552 review Methods 0.000 description 1
- 238000012549 training Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a commercial password application compliance detection system and a commercial password application compliance detection method, and relates to the technical field of application system localization commercial password management; the invention comprises a detection system and an exchange system; in the invention, through periodically detecting compliance, standardization, integrity and security of the password algorithm of an application system, an automatic scanning tool is integrated, so that possible weaknesses and illegal practices in the password application, such as password storage plaintext, encryption algorithm used outdated and the like, are detected, a real-time monitoring mechanism is introduced, abnormal activities in the password application, including the conditions of multiple login attempts, frequent password change and the like which possibly indicate malicious behaviors, are timely captured, an access control strategy is set up, only authorized personnel can access the password application to prevent unauthorized access, and activities of all the password applications, including login attempts, password change and the like, are recorded and stored so as to audit and investigate when needed.
Description
Technical Field
The invention relates to the technical field of application system domestic commercial password management, in particular to a commercial password application compliance detection system and method.
Background
Currently, the network space becomes the space of the fifth main right field after land, sea, air and the sky, and is also the evolution of the international strategy in the field of the network society of China, and the highest-level network security faces a serious challenge. "no network security exists, no national security exists", and according to the requirements of national network security laws, strategies and level protection systems, popularization of safe and reliable products and services and construction of firm network security lines are historical missions.
In the related documents (GB/T22239-2019 basic requirements for protecting the network security level of information security technology, GB/T25070-2019 technical requirements for protecting the network security level of information security technology and information security level protection management method) of the Isoprotectant 2.0, the government departments and various public industries are required to grade the information system, and the corresponding grades are regulated and specified in technical terms. The data encryption and data leakage prevention are an important component, and authentication information and important business data storage of a system with more than three levels are required to be encrypted;
in GB/T39786-2021 basic requirements for cryptographic applications of information security technology information systems, confidentiality and integrity of important data in a storage process are explicitly claimed;
legal export such as "cryptography", data security ", and" personal information protection law "has made further clear demands on the security of data;
therefore, data security must be fully emphasized, and the demands for information encryption and data secure transmission are increasing in various industries;
the commercial password application compliance detection system and method are used as the last defense line of data security and information security, and are important components for establishing a security protection system based on a domestic password algorithm;
in view of the above, the inventor proposes a system and a method for detecting compliance of commercial cryptography applications to solve the above problem.
Disclosure of Invention
In order to solve the problem of low data information security level of commercial passwords; the invention aims to provide a commercial password application compliance detection system and method.
In order to solve the technical problems, the invention adopts the following technical scheme: the commercial password application compliance detection system comprises a detection system and a switching system, wherein the detection system is in signal connection with the switching system, and the detection system comprises a network packet capturing module, a database detection module, a vulnerability scanning module and a flow acquisition module;
the network packet capturing module captures network data packets in a network, performs layer-by-layer unpacking analysis on all the lP messages in the data communication process, and displays detailed information of the data packets so as to detect whether the transmitted data are encrypted by adopting a national encryption algorithm or not and whether sensitive data and general important data are distinguished or not, wherein key fields are protected by key points or not;
the database detection module is used for encrypting the database transparently and seamlessly;
the vulnerability scanning module provides vulnerability scanning service for the host and website assets, and discovers the risk of the website and host vulnerability;
the flow acquisition module is used for knowing the real running condition of the network through flow analysis and finding out the problems existing in the running process in time.
Preferably, the network packet capturing module uses include:
A. from the function test perspective, the hidden field is checked through grabbing the packet;
B. the protocol content is known through the network packet grasping module, so that the interface and performance test can be conveniently carried out;
C. and checking data encryption through a network packet capturing module.
A method of using a compliance detection system with a commercial password, comprising the steps of:
s1, a network packet capturing module captures various network data packets, performs layer-by-layer unpacking analysis on all the lP messages in the data communication process, and displays detailed information of the data packets so as to detect whether transmitted data are encrypted by adopting a cryptographic algorithm or not, and whether sensitive data and general important data are distinguished or not, wherein key fields are protected by key;
s2, the database detection module encrypts the database transparently and seamlessly, a service system developer does not need to develop any information, and the database encryption based on the domestic cryptographic algorithm can be realized by only configuring and deploying the server side, so that confidentiality and integrity protection of sensitive data are realized;
s3, the vulnerability scanning module provides vulnerability scanning service for the host and website assets, and rapidly discovers the risk of the website and host vulnerabilities, and prevents an attacker from implanting the backdoor, stealing core data and damaging a server through the vulnerabilities;
s4, the flow acquisition module is used for knowing the real running condition of the network through flow analysis and timely finding out the problems existing in the running process, analyzing the business application layer through the flow, knowing the data of web site visitors, such as IP addresses and browser information, counting the online number of the web sites, knowing the web site pages visited by users, helping a web site manager to know whether abuse or attack exists or not through analysis of abnormality, knowing the service condition of the web site, coping with the load problem of a web server system in advance, and analyzing the safety monitoring field through the flow by the flow acquisition module to monitor abnormal communication of the network and prevent common network intrusion and DDOS attack.
Compared with the prior art, the invention has the beneficial effects that:
1. in the invention, through periodically detecting compliance, standardization, integrity and security of the password algorithm of an application system, an automatic scanning tool is integrated, so that possible weaknesses and illegal practices in the password application, such as password storage plaintext, encryption algorithm used in outdated and the like, are detected, a real-time monitoring mechanism is introduced, abnormal activities in the password application, including the conditions of multiple times of login trial, frequent password change and the like possibly indicating malicious behaviors, an access control strategy is set up, only authorized personnel can access the password application to prevent unauthorized access, and activities of all the password applications, including login trial, password change and the like, are recorded and stored so as to audit and investigate when needed;
2. in the invention, encryption standard detection is introduced to ensure that the password application adopts an encryption algorithm conforming to industry standards, prevent data leakage and unauthorized access, ensure that the password application and related components are updated in time so as to repair known vulnerabilities and improve the overall security of the system, provide regular user training to ensure that the password application knows the best practice of password security, reduce the influence of human factors on compliance, provide regular compliance reports for review by a management layer, ensure that the password application conforms to regulatory standards and policies, and ensure that the system conforms to international and domestic related password security regulations so as to prevent legal liabilities and fines.
Drawings
In order to more clearly illustrate the embodiments of the invention or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, it being obvious that the drawings in the following description are only some embodiments of the invention, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic diagram of the system of the present invention.
In the figure: 10. a network packet grabbing module; 20. a database detection module; 30. a vulnerability scanning module; 40. and the flow acquisition module.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Examples: as shown in fig. 1, the invention provides a commercial password application compliance detection system, which comprises a detection system and a switching system, wherein the detection system is in signal connection with the switching system, and comprises a network packet capturing module 10, a database detection module 20, a vulnerability scanning module 30 and a flow acquisition module 40;
the network packet capturing module 10 captures network data packets in a network, performs layer-by-layer unpacking analysis on all the lP messages in the data communication process, and displays detailed information of the data packets so as to detect whether the transmitted data are encrypted by adopting a national encryption algorithm or not and whether sensitive data and general important data are distinguished or not, wherein key fields are protected by key points or not;
the database detection module 20 encrypts the database transparently and seamlessly, a service system developer does not need to develop any data, and the database encryption based on the domestic cryptographic algorithm can be realized by only configuring and deploying the database at a server side, so that confidentiality and integrity protection of sensitive data are realized;
the vulnerability scanning module 30 provides vulnerability scanning services for hosts and website assets, discovers the risk of the website and host vulnerabilities, and prevents an attacker from implanting a backdoor, stealing core data and damaging a server through the vulnerabilities;
the flow collection module 40 knows the real running condition of the network through flow analysis, and timely discovers the problems existing in the running process, and has different application levels, so that the flow analysis plays different roles, for example, an operator needs to calculate network consumption by analyzing the network flow of a user, master the access condition of the user to other operators, and provide decision data support for setting the interconnection link of the network outlet; the traffic acquisition module 40 analyzes the traffic application layer through traffic, knows the data of website visitors, such as IP addresses and browser information, counts the online number of websites, knows the website pages visited by users, helps website administrators to know whether abuse or attack occurs or not by analyzing abnormality, knows the use condition of the website, and deals with the load problem of the website server system in advance; the flow acquisition module 40 analyzes the safety monitoring field through flow, realizes monitoring of network abnormal communication, and prevents common network intrusion and DDOS attack.
The network packet capturing module 10 uses include:
A. from the function test perspective, the hidden field is checked through grabbing the packet;
there are many hidden fields in Web forms, which generally have some special uses, such as: collecting data of users, preventing CRSF attacks and preventing web crawlers;
B. the network packet capturing module 10 is used for knowing the protocol content, so that the interface and performance test can be conveniently carried out;
in terms of performance test, the performance test is to simulate a great amount of requests of users, so that the user requests can be better simulated only by knowing the content and characteristics of the protocol in the requests, and the network packet capturing module 10 is needed for analyzing the protocol; in the aspect of interface test, in the interface test, the interface document cannot cover all conditions in many times, or because the document is lagged, in the interface test process, the network packet capturing module 10 is also needed to assist us in the interface test;
C. the encryption of the data is checked by the network packet grasping module 10.
In the aspect of security test, whether sensitive data is encrypted in the transmission process or not needs to be checked, and the checking can be performed by means of a packet grabbing tool.
The invention also provides a method for detecting the compliance of the commercial password application, which comprises the following steps:
s1, a network packet capturing module 10 captures various network data packets, performs layer-by-layer unpacking analysis on all the lP messages in the data communication process, and displays detailed information of the data packets so as to detect whether transmitted data are encrypted by adopting a cryptographic algorithm or not, and whether sensitive data and general important data are distinguished or not, wherein key fields are protected by key points or not;
s2, the database detection module 20 encrypts the database transparently and seamlessly, a service system developer does not need to develop any information, and the database encryption based on the domestic cryptographic algorithm can be realized by only configuring and deploying the server side, so that confidentiality and integrity protection of sensitive data are realized;
s3, the vulnerability scanning module 30 provides vulnerability scanning services for hosts and website assets, rapidly discovers the risk of the website and host vulnerabilities, and prevents an attacker from implanting the backdoor, stealing core data and damaging a server through the vulnerabilities;
s4, the flow acquisition module 40 knows the real running condition of the network through flow analysis, timely discovers the problems existing in the running process, and has different application levels, and the flow analysis plays different roles, for example, an operator needs to calculate network consumption and master the access condition of the user to other operators by analyzing the network flow of the user, so that decision data support is provided for setting of the interconnection link of the network outlet; the traffic acquisition module 40 analyzes the traffic application layer through traffic, knows the data of website visitors, such as IP addresses and browser information, counts the online number of websites, knows the website pages visited by users, helps website administrators to know whether abuse or attack occurs or not by analyzing abnormality, knows the use condition of the website, and deals with the load problem of the website server system in advance; the flow acquisition module 40 analyzes the safety monitoring field through flow, realizes monitoring of network abnormal communication, and prevents common network intrusion and DDOS attack.
Working principle: integrating a plurality of network security detection analysis systems on the market into one system, aiming at the demands of large-scale government enterprises on the compliance of commercial password application, fitting the requirements of commercial password application and security assessment, aiming at high-risk item key monitoring and real-time protection, greatly reducing the workload and later operation and maintenance cost during deployment, and adopting a protection strategy of multilayer coverage and layer-by-layer protection on a network layer, an application layer and a transmission layer;
the method can identify the user terminal, the user terminal password application equipment (comprising an intelligent password key) and the password algorithm used on the communication line, and after the password algorithm is identified, the instrument can perform algorithm verification on the acquired data, so that the conditions of clear code transmission, password identification and actual application password mismatch in the password communication can be effectively prevented;
the password application security condition can be detected through an identity authentication security test, a key exchange security test and a ciphertext security test, potential safety hazards such as man-in-the-middle attacks are prevented through the security test on the identity authentication related data, whether potential safety hazards exist in the key exchange stage is determined through the security test on the key exchange link of the information system, ciphertext security detection is realized through ciphertext in a communication line, and accidental plaintext leakage is prevented.
It will be apparent to those skilled in the art that various modifications and variations can be made to the present invention without departing from the spirit or scope of the invention. Thus, it is intended that the present invention also include such modifications and alterations insofar as they come within the scope of the appended claims or the equivalents thereof.
Claims (3)
1. The commercial password application compliance detection system comprises a detection system and a switching system, wherein the detection system is in signal connection with the switching system, and is characterized by comprising a network packet capturing module (10), a database detection module (20), a vulnerability scanning module (30) and a flow acquisition module (40);
the network packet capturing module (10) captures network data packets in a network, performs layer-by-layer unpacking analysis on all the lP messages in the data communication process, and displays detailed information of the data packets so as to detect whether the transmitted data are encrypted by adopting a national encryption algorithm or not and whether sensitive data and general important data are distinguished or not, wherein key fields are protected by key points or not;
the database detection module (20) is used for encrypting the database transparently and seamlessly;
the vulnerability scanning module (30) provides vulnerability scanning service for hosts and website assets, and discovers the risk of the website and host vulnerabilities;
the flow acquisition module (40) is used for knowing the real running condition of the network through flow analysis and finding out the problems existing in the running process in time.
2. A commercial cryptographic application compliance detection system as in claim 1, wherein the network packet capturing module (10) uses include:
A. from the function test perspective, the hidden field is checked through grabbing the packet;
B. the protocol content is known through the network packet capturing module (10), so that the interface and performance test can be conveniently carried out;
C. the encryption of the data is checked by a network packet grasping module (10).
3. A method for use in a commercial cryptographic compliance detection system as in any one of claims 1-2, comprising the steps of:
s1, a network packet capturing module (10) captures various network data packets, performs layer-by-layer unpacking analysis on all the lP messages in the data communication process, and displays detailed information of the data packets so as to detect whether transmitted data are encrypted by adopting a national encryption algorithm or not and whether sensitive data and general important data are distinguished, wherein key fields are protected by key points or not;
s2, the database detection module (20) encrypts the database transparently and seamlessly, a service system developer does not need to develop any information, and the database encryption based on the domestic cryptographic algorithm can be realized by only configuring and deploying the server side, so that confidentiality and integrity protection of sensitive data are realized;
s3, a vulnerability scanning module (30) provides vulnerability scanning service for the host and website assets, so that the risk of the website and host vulnerabilities is quickly found, and an attacker is prevented from implanting a back door through the vulnerabilities, stealing core data and damaging a server;
s4, the flow acquisition module (40) is used for knowing the real running condition of the network through flow analysis, finding the problems existing in running in time, analyzing the business application layer through flow, knowing the data of web visitors, such as IP addresses and browser information, counting the online number of web sites, knowing the web pages visited by users, helping a web site manager know whether misuse or attack phenomenon exists or not through analysis of abnormality, knowing the service condition of the web site, coping with the load problem of a web server system in advance, and the flow acquisition module (40) is used for analyzing the safety monitoring field through flow to monitor abnormal communication of the network and prevent common network intrusion and DDOS attack.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311635224.5A CN117786663A (en) | 2023-12-01 | 2023-12-01 | Commercial password application compliance detection system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311635224.5A CN117786663A (en) | 2023-12-01 | 2023-12-01 | Commercial password application compliance detection system and method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117786663A true CN117786663A (en) | 2024-03-29 |
Family
ID=90395262
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311635224.5A Pending CN117786663A (en) | 2023-12-01 | 2023-12-01 | Commercial password application compliance detection system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117786663A (en) |
-
2023
- 2023-12-01 CN CN202311635224.5A patent/CN117786663A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Sattarova Feruza et al. | IT security review: Privacy, protection, access control, assurance and system security | |
| Ahmed et al. | Scada systems: Challenges for forensic investigators | |
| CN114978584A (en) | Network security protection safety method and system based on unit cell | |
| CN107819771A (en) | A kind of Information Security Risk Assessment Methods and system based on assets dependence | |
| Rani et al. | Cyber security techniques, architectures, and design | |
| CN105430000A (en) | Cloud computing security management system | |
| CN113672663B (en) | Industrial enterprise carbon account system | |
| CN115150208B (en) | Zero-trust-based Internet of things terminal secure access method and system | |
| CN101355459A (en) | Method for monitoring network based on credible protocol | |
| Rekik et al. | A cyber-physical threat analysis for microgrids | |
| Xu et al. | Network security | |
| Walker et al. | Cybersecurity in photovoltaic plant operations | |
| Miloslavskaya et al. | Ensuring information security for internet of things | |
| Guynes et al. | E-commerce/network security considerations | |
| CN117786663A (en) | Commercial password application compliance detection system and method | |
| Kagita | Security and privacy issues for business intelligence in lot | |
| Campos et al. | Sensors for detection of cyber threats on industrial environment using a high interaction ICS/SCADA Honeynet | |
| CN112000953A (en) | Big data terminal safety protection system | |
| Irmak et al. | Experimental analysis of the internal attacks on scada systems | |
| Alhasawi | ICSrank: A Security Assessment Framework for Industrial Control Systems (ICS) | |
| Cho et al. | Detection and response of identity theft within a company utilizing location information | |
| CN114189387B (en) | Alliance chain safety detection method and device | |
| Özyazıcı | Building a security operations center with an enhanced cyber intelligence capability | |
| Jariwala | The Cyber Security Roadmap A Comprehensive Guide to Cyber Threats, Cyber Laws, and Cyber Security Training for a Safer Digital World | |
| Selvaraj et al. | Security Vulnerabilities, Threats, and Attacks in IoT and Big Data: Challenges and Solutions |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |