CN1556611A - Network message safety comprehensive management method based on safety application servicer - Google Patents
Network message safety comprehensive management method based on safety application servicer Download PDFInfo
- Publication number
- CN1556611A CN1556611A CNA2003101098367A CN200310109836A CN1556611A CN 1556611 A CN1556611 A CN 1556611A CN A2003101098367 A CNA2003101098367 A CN A2003101098367A CN 200310109836 A CN200310109836 A CN 200310109836A CN 1556611 A CN1556611 A CN 1556611A
- Authority
- CN
- China
- Prior art keywords
- application server
- management
- security
- server
- safety
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to a network information security synthesis managing method based on safety application server. The invention belongs to information security field. The method is: the browser on the client terminal selects one of the security managing application server, security method application server, security auditing application server; when the connection is crated, the client terminal browser sends out instructions, the application server calls the connection created managing object server according to the demands, then the managing object server extracts the information to the managed security resources with three protocol to map the middle piece; when the middle piece receives the data gathering application, it gathers data to the security resources, the gathered data is converted and transmitted to the managing object server according to the mode defined by the mapping middle piece, the managing object server stores the data into the managing object information bank, then tells the application server; the application server calls the managing data to be analyzed through the managing object sever, finally, it is returned to the client terminal browser.
Description
Technical field
The present invention relates to a kind of network information security integrated management approach, specifically, is a kind of network information security integrated management approach based on security application server.Belong to information security field.
Background technology
The Internet era, effectively the company information safety management is most important to the good running of enterprise.But, when safety product is attempted to combine,, be difficult to form the network security integral protection system of multidimensional owing to lack comprehensive safety management.Therefore, enterprise needs the catenet information security management comprehensive platform of construction similar HP Open-View, a SunNet-Manager, Cabletron Spectrum formula to guarantee that network system normally moves.Under this management platform, realize equipment collaboration work, optimize effective utilization of network and system resource, guarantee network and application system are normally moved.In order to realize the integrated management of network information security technology, many research has been carried out in the particularly collaborative work between the safety means both at home and abroad.The TOPSEC alliance that the proposal of for example OPSEC alliance that is set up by the proposal of Israel Check Point company, and company of domestic Topsec is set up.Yet the user finds in concrete practice, according to the suitable difficulty of cooperatively interacting between the selected all kinds of safety means of the needs of self still.
Safety management product in the market is not independent from platform with policing feature, audit function as yet, forms security strategy application server, the security audit application server of specially its duty of department.Simultaneously, also form as yet be similar to the J2EE framework provide abundant second development interface Management Application Server for the user.
Find that by literature search Zhang Shaojun is in " computer engineering " the 29th volume the 14th phase 124 pages of " design of network security total management system and realization " literary compositions, this article has provided a kind of design of centralized information safety integrated management system.This design is centralized monitor, linkage strategy, security audit three main modular as safety management system, unified being installed on the safety management platform work station.Though this design structure is more short and sweet, but owing to be not based on the distributed solution of application server, so do not possess characteristics such as the superior retractility of application server, maintainability, reliability, availability, extensibility, manageability yet, be not suitable for being applied to the large-scale corporation network environment all very harsh to management system capacity, performance requirement.
Summary of the invention
The objective of the invention is at the above deficiency and the defective that exist in the prior art, a kind of network information security integrated management approach based on security application server is provided, achieved managing independently to each equipment and incident in the network, adopt the safety interaction method to realize the integrated management of the whole network equipment and incident, and realization is to the comprehensive audit function of network safety information, for enterprise provides a network synthesis management method safely and effectively.
The present invention is achieved by the following technical solutions, and the inventive method is as follows:
(1) client browser is selected by one of the continuous concrete application server safety management application server of network, safety method application server, security audit application server according to its processing target, and discerning concrete server is to realize according to the pairing network ip address of each server;
(2) after client browser has been selected correct application server and has been set up normal the connection with it, send instruction and give application server, when application server safety management application server, safety method application server or security audit application server receive the request that client browser sends and have then set up the management object server of connection by network call, after the management object server receives the call request that application server sends, by laying respectively at three informants on it---snmp protocol mapping middleware, DMI agreement mapping middleware, proprietary protocol mapping middleware carries out information extraction to managed secure resources;
(3) user is by the pre-defined method for converting protocol of mapping definition file of agreement mapping middleware, when middleware is received the data acquisition request to the secure resources image data, submit to the management object server after then the pattern of the data based agreement mapping of the secure resources that collects middleware definition being changed, the management object server leaves uniform data in the management object information storehouse in, then send out message and tell application server, data are ready;
(4) safety management application server then, safety method application server or security audit application server access management data analyzing and processing in addition by the data-interface in management object server calls management object information storehouse, finally return to client browser.
Safety management application server, safety method application server, security audit application server be by management object server access data, and the management object server shines upon middleware, DMI agreement mapping middleware, proprietary protocol mapping middleware by snmp protocol variety of protocol (as SNMP, DMI) is converted to the platform standard data format.In order to guarantee the fail safe of information on the link, the communication data rsa encryption between safety management application server, safety method application server, security audit application server and the management object server.Between client browser and safety management application server, safety method application server, the security audit application server and adopt SSL (secure socket layer protocol) to realize Network Transmission safety, to guarantee that the information on the webmaster link is not is not intercepted and captured, do not distorted.
Described managed secure resources comprises router, the switch of backbone network, application server, flow quantity detecting system, content monitoring system, desktop system, and common Network Security Device such as IDS, fire compartment wall, scanner, VPN.
Described web browser can utilize web browser to pass through http protocol access security Management Application Server, safety method application server, security audit application server for supporting the main flow browser of Java Applet.
Described safety management application server is provided with device management module, traffic management module, security log analysis module, service detection module, monitoring resource module, carry out equipment state detection, network traffics detection, safety means log analysis, the detection of network service availability respectively, the monitoring resource module is by finishing specific management and monitoring to the poll of managed resource in the network (equipment state, network traffics, device log, service availability), and the monitored item that each monitoring server loads can dynamically add, revises or delete.
Described safety method application server is followed the IETF method frame, supports the method descriptive language based on XML, supports DMTF CIM Policy Schema.By in the method container, customizing and dispose corresponding safety method, by the dynamic management of management object server realization to safety means.
Described security audit application server comprises data query module, olap analysis module, pattern matching module.By management object server collection network secure resources information, the safety means log information then carries out the comprehensive audit analysis according to the logic of audit component to information.
Described management object server is followed the WBEM/CIM standard, at management object server bottom each class management agreement development agreement (as SNMP, DMI) is shone upon middleware with the collecting device data.
Ldap protocol and ODBC software interface standard are followed in described safety management object information storehouse, leave the management information of static state in ldap server, leave dynamic management information in relational database.
Described snmp protocol mapping middleware, DMI agreement mapping middleware, proprietary protocol mapping middleware are followed the WBEM API standard of Sun to the software interface of management object server, and managed secure resources is supported specific protocol standard (as SNMP, DMI, proprietary protocol).Agreement mapping middleware provides template by the mapping definition file of disposing based on XML for the agreement mapping.Any system, equipment that needs management, as long as support these standard management interfaces, deployment customized by to middleware just can be integrated in the platform easily and manage.
The present invention passes through to gather various information (security related information such as main process equipment, the network equipment, safety means, system, application, service) on centralized and unified management platform, carry out centralized Analysis and audit, effective warning is provided, and realize the certain device collaborative work, to ensure the normal operation of network system.It has comprised equipment control, traffic management, log analysis, service detection, interlock method, management tool, security incident, platform configuration, user management module based on view, has realized the integrated management to network security.In order to guarantee the fail safe of information on the link, and adopt secure socket layer protocol to realize Network Transmission safety, make client and Management Application Server, information on the link between Management Application Server and the management object server all is able to encrypted transmission, to guarantee that authority, audit and management information on the webmaster link are not are not intercepted and captured, do not distorted.
Compared with prior art, the advantage of tool retractility of the present invention, maintainability, reliability, availability, extensibility, the good distributed of manageability system, have again simultaneously dispose convenient, provide the advantage of abundant application servers such as second development interface to the third party, thereby in the safety management project implementation, can bring huge actual benefit.
Description of drawings
Fig. 1 is a method schematic diagram of the present invention.
Embodiment
As shown in Figure 1, the network information security total management system that realizes based on the inventive method.This system comprises: client browser, the safety management application server, the safety method application server, the security audit application server, management object server, safety management object information storehouse, snmp protocol mapping middleware, DMI agreement mapping middleware, proprietary protocol mapping middleware, managed secure resources.Client browser is by network and safety management application server, the safety method application server, security audit application server physics links to each other, the safety management application server, the safety method application server, the audit application server connects by network and links to each other with the management object server respectively, the management object server is connected with the database server that safety management object information storehouse is arranged, snmp protocol mapping middleware, DMI agreement mapping middleware, proprietary protocol mapping middleware is positioned on the management object server, and the management object server links to each other with managed secure resources by netting twine.
The flow process of specific implementation is: the user selects one of concrete application server by its client browser according to the pairing network ip address of each server, and connect with it, these application servers comprise safety management application server, safety method application server, security audit application server; Client browser sends instructions to application server, then set up the management object server of connection by network call when application server receives the request that client browser sends, the management object server receives the call request that application server sends and utilizes position three parts thereon respectively---snmp protocol mapping middleware, DMI agreement mapping middleware, proprietary protocol mapping middleware; Three agreement mapping middlewares return to the management object server with the secure resources data that collect, and agreement is mapped as the CIM data format according to the mapping definition file, uniform data after the conversion leaves in the management object information storehouse also, send out message and tell application server, data are ready; Safety management application server then, safety method application server or security audit application server access management data analyzing and processing in addition by management object server calls management object information storehouse, finally return to client browser.In whole flow process, communication data rsa encryption between safety management application server, safety method application server, security audit application server and the management object server is between client browser and safety management application server, method application server, the audit application server and adopt secure socket layer protocol to realize Network Transmission safety.
This method is implemented on 15 great Program for Tackling Key Problems S219 engineering second phase safety management platform, in project, safety management platform is divided into Management Application Server, management method application server, security audit application server three parts, than the non-management system framework based on security application server of project first phase tangible enhancing is arranged through retractility, maintainability, reliability, availability, extensibility, the manageability of implementing proof system.
Aspect system scalability, when managed resource surpasses the unit load more greatly than big or customer volume, can be by increasing application server and making the mode of carrying out load balancing between the application server increase system's heap(ed) capacity.The working method of application server cluster has prevented that simultaneously the single device paralysis from causing system unavailable, has increased the reliability and availability of system, and makes the part of system can not cause service to suspend when safeguarding.Aspect extensibility, when needs insert novel management resource, agreement mapped file by the custom protocol middleware can insert managed resource very apace, is example with the Cisco switching equipment of new model, makes be reduced to three days by an original week average turn-on time.In addition,, directly realize disposing operation by definition XML deployment file, thereby avoided the entire system compilation process that wastes time and energy, improved development efficiency greatly according to application server interface standard exploitation back for the new method assembly and the increase of audit component.
Claims (10)
1, a kind of network information security integrated management approach based on security application server is characterized in that method is as follows:
(1) client browser is selected by one of the continuous safety management application server of network, safety method application server, security audit application server according to its processing target, and discerning concrete server is to realize according to the pairing network ip address of each server;
(2) after client browser has been selected correct application server and has been set up normal the connection with it, send instruction and give application server, when application server safety management application server, safety method application server or security audit application server receive the request that client browser sends and have then set up the management object server of connection by network call, after the management object server receives the call request that application server sends, by laying respectively at the snmp protocol mapping middleware on it, DMI agreement mapping middleware, proprietary protocol mapping middleware carries out information extraction to managed secure resources;
(3) user is by the pre-defined method for converting protocol of mapping definition file of agreement mapping middleware, when middleware is received the data acquisition request to the secure resources image data, submit to the management object server after the pattern of the data based agreement of the secure resources that collects mapping middleware definition changed, the management object server leaves uniform data in the management object information storehouse in, send out message again and tell application server, data are ready;
(4) safety management application server, safety method application server or security audit application server access management data analyzing and processing in addition by the data-interface in management object server calls management object information storehouse, finally return to client browser.
2, network information security integrated management approach based on security application server according to claim 1, it is characterized in that, the safety management application server, the safety method application server, the security audit application server is by management object server access data, the management object server shines upon middleware by snmp protocol, DMI agreement mapping middleware, proprietary protocol mapping middleware is the platform standard data format with variety of protocol conversions, the safety management application server, the safety method application server, communication data rsa encryption between security audit application server and the management object server, client browser and safety management application server, the method application server, between the audit application server and adopt secure socket layer protocol to realize Network Transmission safety.
3, the network information security integrated management approach based on security application server according to claim 1, it is characterized in that, described managed secure resources comprises router, the switch of backbone network, application server, flow quantity detecting system, content monitoring system, desktop system, and IDS, fire compartment wall, scanner, the common Network Security Device of VPN.
4, the network information security integrated management approach based on security application server according to claim 1, it is characterized in that, described web browser utilizes web browser to pass through http protocol access security Management Application Server, safety method application server, security audit application server for supporting the main flow browser of Java Applet.
5, according to claim 1 or 2 described network information security integrated management approach based on security application server, it is characterized in that, described safety management application server is provided with device management module, the traffic management module, the security log analysis module, the service detection module, the monitoring resource module, carrying out equipment state respectively detects, network traffics detect, the safety means log analysis, the network service availability detects, the monitoring resource module is by finishing management and monitoring to the poll of managed resource in the network, and the monitored item that each monitoring server loads can dynamically add, revise or deletion.
6, according to claim 1 or 2 described network information security integrated management approach based on security application server, it is characterized in that, described safety method application server is followed the IETF method frame, support is based on the method descriptive language of XML, support DMTF CIM Policy Schema, by in the method container, customizing and dispose corresponding safety method, by the dynamic management of management object server realization to safety means.
7, according to claim 1 or 2 described network information security integrated management approach based on security application server, it is characterized in that, described security audit application server is provided with data query module, olap analysis module, pattern matching module, by management object server collection network secure resources information, the safety means log information then carries out the comprehensive audit analysis according to the logic of audit component to information.
8, according to claim 1 or 2 described network information security integrated management approach based on security application server, it is characterized in that, described management object server is followed the WBEM/CIM standard, at management object server bottom each class management agreement development agreement is shone upon middleware with the collecting device data.
9, according to claim 1 or 2 described network information security integrated management approach based on security application server, it is characterized in that, ldap protocol and ODBC software interface standard are followed in described safety management object information storehouse, leave the management information of static state in ldap server, leave dynamic management information in relational database.
10, according to claim 1 or 2 described network information security integrated management approach based on security application server, it is characterized in that, described snmp protocol mapping middleware, DMI agreement mapping middleware, proprietary protocol mapping middleware is followed the WBEM API standard of Sun to the software interface of management object server, to managed secure resources supported protocol standard, as SNMP, DMI, proprietary protocol, agreement mapping middleware provides template by the mapping definition file of disposing based on XML for the agreement mapping, any system that needs management, equipment, as long as support these standard management interfaces, deployment customized by to middleware can be integrated in the platform easily and manage.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2003101098367A CN100495975C (en) | 2003-12-30 | 2003-12-30 | Network message safety comprehensive management method based on safety application servicer |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2003101098367A CN100495975C (en) | 2003-12-30 | 2003-12-30 | Network message safety comprehensive management method based on safety application servicer |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1556611A true CN1556611A (en) | 2004-12-22 |
| CN100495975C CN100495975C (en) | 2009-06-03 |
Family
ID=34335395
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2003101098367A Expired - Fee Related CN100495975C (en) | 2003-12-30 | 2003-12-30 | Network message safety comprehensive management method based on safety application servicer |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100495975C (en) |
Cited By (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100417066C (en) * | 2004-12-29 | 2008-09-03 | 国际商业机器公司 | Multi-territory accessing proxy using in treating safety problem based on browser application |
| CN101917419A (en) * | 2010-08-04 | 2010-12-15 | 安徽天虹数码技术有限公司 | Job network behavior fire wall |
| CN101963904A (en) * | 2010-09-17 | 2011-02-02 | 中山大学 | Wireless network-based middleware system |
| CN101227329B (en) * | 2008-02-18 | 2011-04-06 | 华为技术有限公司 | System, apparatus and method for managing network device |
| CN101557350B (en) * | 2009-05-21 | 2011-11-16 | 中国建设银行股份有限公司 | Data exchange method, data exchange module and service access system |
| CN101197876B (en) * | 2006-12-06 | 2012-02-29 | 中兴通讯股份有限公司 | Method and system for multi-dimensional analysis of message service data |
| CN101401390B (en) * | 2006-01-11 | 2012-10-31 | 三星电子株式会社 | Security management method and apparatus in multimedia middleware, and storage medium therefor |
| CN104102960A (en) * | 2013-04-08 | 2014-10-15 | 宁夏新航信息科技有限公司 | Computer energy efficiency audit application module |
| CN104170347A (en) * | 2012-03-13 | 2014-11-26 | 阿尔卡特朗讯公司 | methodand apparatus of a distributed security service in a cloud network |
| CN104378228A (en) * | 2014-09-30 | 2015-02-25 | 上海宾捷信息科技有限公司 | Network data security management system and method |
| CN104573395A (en) * | 2015-01-29 | 2015-04-29 | 上海理想信息产业(集团)有限公司 | Big data platform safety assessment quantitative analysis method |
| CN107404474A (en) * | 2017-06-08 | 2017-11-28 | 广州市呼百应网络技术股份有限公司 | server resource elastic management method based on distributed arithmetic |
| CN107545408A (en) * | 2017-07-21 | 2018-01-05 | 合肥未来计算机技术开发有限公司 | A kind of enterprise information security operation management system based on fine-grained management |
| CN109510792A (en) * | 2017-09-11 | 2019-03-22 | 基本立子(北京)科技发展有限公司 | A kind of equipment after-sale management system |
| CN110012031A (en) * | 2019-04-26 | 2019-07-12 | 中国电子科技集团公司第二十九研究所 | Data message is general to automatically parse method and storage method |
| CN110262420A (en) * | 2019-06-18 | 2019-09-20 | 国家计算机网络与信息安全管理中心 | A kind of distributed industrial control network security detection system |
-
2003
- 2003-12-30 CN CNB2003101098367A patent/CN100495975C/en not_active Expired - Fee Related
Cited By (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100417066C (en) * | 2004-12-29 | 2008-09-03 | 国际商业机器公司 | Multi-territory accessing proxy using in treating safety problem based on browser application |
| CN101401390B (en) * | 2006-01-11 | 2012-10-31 | 三星电子株式会社 | Security management method and apparatus in multimedia middleware, and storage medium therefor |
| CN101197876B (en) * | 2006-12-06 | 2012-02-29 | 中兴通讯股份有限公司 | Method and system for multi-dimensional analysis of message service data |
| CN101227329B (en) * | 2008-02-18 | 2011-04-06 | 华为技术有限公司 | System, apparatus and method for managing network device |
| CN101557350B (en) * | 2009-05-21 | 2011-11-16 | 中国建设银行股份有限公司 | Data exchange method, data exchange module and service access system |
| CN101917419A (en) * | 2010-08-04 | 2010-12-15 | 安徽天虹数码技术有限公司 | Job network behavior fire wall |
| CN101963904A (en) * | 2010-09-17 | 2011-02-02 | 中山大学 | Wireless network-based middleware system |
| CN104170347A (en) * | 2012-03-13 | 2014-11-26 | 阿尔卡特朗讯公司 | methodand apparatus of a distributed security service in a cloud network |
| CN104102960A (en) * | 2013-04-08 | 2014-10-15 | 宁夏新航信息科技有限公司 | Computer energy efficiency audit application module |
| CN104378228A (en) * | 2014-09-30 | 2015-02-25 | 上海宾捷信息科技有限公司 | Network data security management system and method |
| CN104573395A (en) * | 2015-01-29 | 2015-04-29 | 上海理想信息产业(集团)有限公司 | Big data platform safety assessment quantitative analysis method |
| CN104573395B (en) * | 2015-01-29 | 2017-04-12 | 上海理想信息产业(集团)有限公司 | Big data platform safety assessment quantitative analysis method |
| CN107404474A (en) * | 2017-06-08 | 2017-11-28 | 广州市呼百应网络技术股份有限公司 | server resource elastic management method based on distributed arithmetic |
| CN107545408A (en) * | 2017-07-21 | 2018-01-05 | 合肥未来计算机技术开发有限公司 | A kind of enterprise information security operation management system based on fine-grained management |
| CN109510792A (en) * | 2017-09-11 | 2019-03-22 | 基本立子(北京)科技发展有限公司 | A kind of equipment after-sale management system |
| CN110012031A (en) * | 2019-04-26 | 2019-07-12 | 中国电子科技集团公司第二十九研究所 | Data message is general to automatically parse method and storage method |
| CN110012031B (en) * | 2019-04-26 | 2022-03-08 | 中国电子科技集团公司第二十九研究所 | General automatic analysis method and storage method for data message |
| CN110262420A (en) * | 2019-06-18 | 2019-09-20 | 国家计算机网络与信息安全管理中心 | A kind of distributed industrial control network security detection system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN100495975C (en) | 2009-06-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100495975C (en) | Network message safety comprehensive management method based on safety application servicer | |
| US7185366B2 (en) | Security administration server and its host server | |
| CN101605056B (en) | J2EE server monitoring device and monitoring method employing same | |
| CN101069169B (en) | Caching content and state data at a network element | |
| CN100461150C (en) | Performing message and transformation adapter functions in a network element on behalf of an application | |
| CN103152352B (en) | A kind of perfect information security forensics monitor method based on cloud computing environment and system | |
| EP1604486B1 (en) | Relational model for management information in network devices | |
| CN102185709B (en) | Integrated network quality of service assurance and management system | |
| CN108833137A (en) | A kind of flexibility micro services Monitoring framework framework | |
| US20020091824A1 (en) | Intermediate systems for enterprise management from a central location | |
| CN103546343B (en) | The network traffics methods of exhibiting of network traffic analysis system and system | |
| CN102752131B (en) | Task-driven based power telecommunication network data acquisition method | |
| CN1412978A (en) | Supervisory assigned control component for entering module into digital data network and its control method | |
| CN201616710U (en) | Telescopic terminal concurrency access and load balancing system framework | |
| CN106612199A (en) | Network monitoring data collection and analysis system and method | |
| CN104243185A (en) | Experiential service monitoring system and method | |
| CN107025222A (en) | A kind of distributed information log acquisition method and device | |
| CN112596914B (en) | IoT-oriented edge node system architecture, working method thereof and computing migration method | |
| CN1063898C (en) | Central operation and maintenance system of analog movable communication network B | |
| WO2023093024A1 (en) | Network jitter analysis and visualization method and system | |
| CN105978715A (en) | Data access interface uniform management method based on real time data center | |
| Kim et al. | Service composition using new DSON platform architecture for M2M service | |
| US20210334360A1 (en) | Method for processing sandbox file in queue manner | |
| CN107809347A (en) | A kind of monitoring system of power transmission and transforming equipment monitoring platform | |
| Duan et al. | Object-oriented IPV4/IPV6 distributed network management model |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20090603 Termination date: 20151230 |
|
| EXPY | Termination of patent right or utility model |