CN1901472A - Method and system for combining system managing and fragility scan - Google Patents
Method and system for combining system managing and fragility scan Download PDFInfo
- Publication number
- CN1901472A CN1901472A CN 200610088880 CN200610088880A CN1901472A CN 1901472 A CN1901472 A CN 1901472A CN 200610088880 CN200610088880 CN 200610088880 CN 200610088880 A CN200610088880 A CN 200610088880A CN 1901472 A CN1901472 A CN 1901472A
- Authority
- CN
- China
- Prior art keywords
- scanning
- engine
- unit
- scan
- management
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Computer And Data Communications (AREA)
- Debugging And Monitoring (AREA)
Abstract
This invention relates to a method for combining a system management and weak scan and a system including: 1, a network scan engine, 2, a system management, 3, a display unit, 4, a journal analysis unit, in which, the window domain scanner system utilizes the strong function of the domain management in the weak scan and the management system to carry out weak scanning to the host in the domain and find out the hidden troubles and defects in the host more effectively to increase the accuracy and efficiency of scanning.
Description
Technical field
The present invention relates to the method and system that a kind of system management combines with vulnerability scanning, the present invention relates to computer network security field, the method and system that a kind of system management combines with vulnerability scanning, on the basis of management, increase the accuracy that vulnerability scanning improves vulnerability scanning, solve common vulnerability scanning instrument and can't detect the defective that passive attack utilizes.
Background technology
Existing leak is meant in the computer software (comprising operating system and application program etc.) defective of self or the configuration defective that causes because of improper use, and these defectives may be utilized by the hacker and invade or attack computer system.
The vulnerability scanning technology is to detect a kind of safe practice of long-range or local system leak.What network hole scanning was based on network carries out the system vulnerability scanning technique to distance host, and its advantage is easy to use, scanning engine need be installed on being scanned main frame just can scan main frame in the network.Its shortcoming is that the leak that can scan is few, for the local leak of similar IE and so on, does not authorize and then can't scan.Local system vulnerability scanning technology must be installed scanning engine being scanned on the main frame, its advantage is that scan capability is strong, can any resource of access system.
IDC investigation in 2004, the occupation rate of Microsoft on client operating system market is about 90%; The shock wave and the wave of oscillation worm that cause the Internet almost to be paralysed have utilized the leak of Windows just, and that the annual leak of finding of Windows has is up to a hundred individual.
The territory is the logical organization unit of window networking system, also is the logical organization unit of Internet, and in the Windows system, the territory is a secure border.Domain administrator can management domain the inside member, all there is the security strategy of oneself in each territory, and the safe trusting relationship in it and other territories.One " domain controller " (Domain Controller is abbreviated as DC) must be arranged in each territory, comprised by account, the password in this territory in the domain controller, belonged to the database that the information such as computer in this territory constitute.When computer was linked network, domain controller will differentiate at first whether this computer belongs to this territory, and whether the login account that the user uses exists, whether password is correct.If above information has equally incorrect, domain controller will be refused this user from this computer login so.
Summary of the invention
In order to overcome the deficiency of prior art structure, the invention provides the method and system that a kind of system management combines with vulnerability scanning.Purpose of the present invention is exactly a kind of method and system in conjunction with network hole scanning technique and the work of local vulnerability scanning technology synergy of design, increases substantially the ability and the efficient of network hole scanning technique.
For achieving the above object, the present invention has realized a kind of method and system by territory management function realization network and local vulnerability scanning combination, need not carry out profound level scanning to destination host under the situation that is scanned installation engine on the main frame.
The technical solution adopted for the present invention to solve the technical problems is:
This system comprises:
(1) scanning engine modular unit (hereinafter to be referred as scanning engine): be installed in the network, destination host carried out vulnerability scanning, analysis, have leak in the destination host then report display centre if detect according to the scanning probe rule of setting;
(2) System Management Unit: user oriented, realize the operating state of scanning engine is managed, controls and inquires about, scanning engine is issued scan task;
(3) display unit: report scanning result to user's reading scan engine, comprise the host information, the existing leak of this main frame and the total scan progress that scan;
(4) log analysis unit: with the extraction of classifying of the scanning result of history, provide multiple analysis means and masterplate, can produce the statistical of the needed uniqueness of user and analytical managerial report;
(5) updating and management unit: to the vulnerability database of scanning and the online upgrading of systemic-function renewal.
The method that a kind of system management combines with vulnerability scanning; May further comprise the steps:
Step 1: with domain administrator identity operation scanning engine;
Step 2: control centre and scanning engine connect, and issue scan task;
Step 3: main frame in the engine scanning field, and the result is reported to control centre;
Step 4: control centre hands to display centre with the result, writes database simultaneously and does with post analysis and use;
Step 5: report program carries out statistical analysis to historical data and handles by accessing database.
Beneficial effect of the present invention, the method and system that a kind of system management of being applied in this patent combines with vulnerability scanning is network vulnerability scanning of Windows territory and management system, the ease for use that had both had the network hole scanning system has the accuracy of local vulnerability scanning simultaneously.On former network hole scanning system, use the territory management, by the Windows netbios protocol, visit and get resource in the territory in the main frame, and the resource that is obtained is analyzed, by judging system whether patch is installed, whether whether the system file version is low excessively, wait the analysis means to come to scan more accurately leak and exist.
Network vulnerability scanning of Windows territory and management system (DSS:Domain Scanner System) mainly are the powers that has utilized the territory management in network vulnerability scanning and management system, long-range main frame in the territory is carried out vulnerability scanning, more effectively find the hidden danger and the defective that exist in the main frame, improve the accuracy and the scan efficiency of scanning.
Description of drawings
Below in conjunction with drawings and Examples invention is further specified.
Fig. 1. the implementation framework figure of system.
Fig. 2. the realization flow figure of system.
Embodiment
Embodiment: as shown in Figure 1 and Figure 2, with " control centre ", " display centre ", " database ", " log analysis " are installed in the machine; " scanning engine " is installed on the machine in the territory, lands the territory with the domain administrator identity, and the operation scanning engine.By ICP/IP protocol " control centre " is connected with " scanning engine ".
" control centre " formulates scan task, and scan task is issued to " scanning engine ", and " scanning engine " scans main frame in the territory, scanning result is uploaded to " control centre "." control centre " is saved to scanning result " database ", forwards the data to " display centre " simultaneously so that the user in time checks.The user can check historical scanning result analysis by " log analysis " module.
The method that a kind of system management combines with vulnerability scanning; May further comprise the steps:
1, with domain administrator authority login system, the operation scanning engine;
2, scanning mainly is to utilize the API that provides in the netbios protocol of Microsoft to realize the function of local scanning;
3, obtain destination host and share information by calling NetShareEnum API such as (), whether dangerous sharing;
4, obtain user profile by NetUseEnum API such as (), whether have the disabled user;
5, open the remote login table by RegOpenKeyEx (), RegQueryValueEx API such as (), the information in the visit remote login table is checked whether patch is installed;
6,, judge the system file version by the system file in fopen (), GetFileAttributes API Access such as the () distance host;
7, utilize above these API can realize remote host system is conducted interviews, therefrom extract necessary information it is resolved, judge whether to have leak;
8, analysis finishes, and the result is reported to control centre and display centre.
Claims (2)
1. method that system management combines with vulnerability scanning is characterized in that:
Step 1: with domain administrator identity operation scanning engine;
Step 2: control centre and scanning engine connect, and issue scan task;
Step 3: main frame in the engine scanning field, and the result is reported to control centre;
Step 4: control centre hands to display centre with the result, writes database simultaneously and does with post analysis and use;
Step 5: report program carries out statistical analysis to historical data and handles by accessing database.
2. the system that a kind of system management as claimed in claim 1 combines with vulnerability scanning, comprising:
(1) scanning engine modular unit: according to the scanning probe rule of setting destination host is carried out fragility, have hidden danger in the destination host then report display centre if detect;
(2) System Management Unit: the operating state that mainly is the scanning engine modular unit manages, controls and inquires about, and the scanning engine modular unit is issued scan task;
(3) display unit: the leak of the existence that reports to user's reading scan engine modules unit and the main frame that has leak;
(4) log analysis unit: scanning result is in the past carried out statistical analysis etc.;
(5) updating and management unit: to the vulnerability database of scanning and the online upgrading of systemic-function renewal.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2006100888808A CN100536402C (en) | 2006-07-24 | 2006-07-24 | Method and system for combining system managing and fragility scan |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2006100888808A CN100536402C (en) | 2006-07-24 | 2006-07-24 | Method and system for combining system managing and fragility scan |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1901472A true CN1901472A (en) | 2007-01-24 |
| CN100536402C CN100536402C (en) | 2009-09-02 |
Family
ID=37657223
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2006100888808A Expired - Fee Related CN100536402C (en) | 2006-07-24 | 2006-07-24 | Method and system for combining system managing and fragility scan |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100536402C (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101964780B (en) * | 2010-01-28 | 2012-11-28 | 北京邮电大学 | Method and system for analyzing vulnerability of IP multimedia subsystem network |
| CN104012027A (en) * | 2011-12-29 | 2014-08-27 | 迈可菲公司 | System and method for cloud based scanning for computer vulnerabilities in a network environment |
| CN104821950A (en) * | 2015-05-12 | 2015-08-05 | 携程计算机技术(上海)有限公司 | Distributed host vulnerability scanning method |
| CN105681314A (en) * | 2016-01-29 | 2016-06-15 | 博雅网信(北京)科技有限公司 | Cloud environment security scanner and method |
| CN110311912A (en) * | 2019-07-01 | 2019-10-08 | 深信服科技股份有限公司 | Cloud server, Intranet scanning client, system and Intranet remote scanning method |
-
2006
- 2006-07-24 CN CNB2006100888808A patent/CN100536402C/en not_active Expired - Fee Related
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101964780B (en) * | 2010-01-28 | 2012-11-28 | 北京邮电大学 | Method and system for analyzing vulnerability of IP multimedia subsystem network |
| CN104012027A (en) * | 2011-12-29 | 2014-08-27 | 迈可菲公司 | System and method for cloud based scanning for computer vulnerabilities in a network environment |
| CN104821950A (en) * | 2015-05-12 | 2015-08-05 | 携程计算机技术(上海)有限公司 | Distributed host vulnerability scanning method |
| CN104821950B (en) * | 2015-05-12 | 2018-05-04 | 上海携程商务有限公司 | distributed host vulnerability scanning method |
| CN105681314A (en) * | 2016-01-29 | 2016-06-15 | 博雅网信(北京)科技有限公司 | Cloud environment security scanner and method |
| CN110311912A (en) * | 2019-07-01 | 2019-10-08 | 深信服科技股份有限公司 | Cloud server, Intranet scanning client, system and Intranet remote scanning method |
| CN110311912B (en) * | 2019-07-01 | 2022-06-21 | 深信服科技股份有限公司 | Cloud server, intranet scanning client, system, intranet remote scanning method and device and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN100536402C (en) | 2009-09-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1313897C (en) | Adaptive multi-tier authentication system | |
| CN104009881B (en) | A kind of method and device of system penetration testing | |
| US10091220B2 (en) | Platform for protecting small and medium enterprises from cyber security threats | |
| CN102104601B (en) | Web vulnerability scanning method and device based on infiltration technology | |
| Kruegel et al. | Alert verification determining the success of intrusion attempts | |
| CN1901472A (en) | Method and system for combining system managing and fragility scan | |
| CN111683047B (en) | Unauthorized vulnerability detection method, device, computer equipment and medium | |
| DE202013102441U1 (en) | System for checking digital certificates | |
| US20080256638A1 (en) | System and method for providing network penetration testing | |
| CN101034981A (en) | Network access control system and its control method | |
| WO2007089786B1 (en) | Identifying unauthorized privilege escalations | |
| US20060137014A1 (en) | Webcrawl internet security analysis and process | |
| US20080209566A1 (en) | Method and System For Network Vulnerability Assessment | |
| CN104468477A (en) | WebShell detection method and system | |
| JP2006526221A (en) | Apparatus and method for detecting network vulnerability and evaluating compliance | |
| CA2520882A1 (en) | Network security system based on physical location | |
| WO2002079907A2 (en) | Overall risk in a system | |
| KR101951730B1 (en) | Total security system in advanced persistent threat | |
| CN1558605A (en) | Method for realizing loophole scanning | |
| WO2012063493A1 (en) | Vulnerability-diagnosis device | |
| Nichols et al. | A metrics framework to drive application security improvement | |
| KR20090044202A (en) | System and method for processing security for webservices detecting evasion attack by roundabout way or parameter alteration | |
| KR20140055103A (en) | Detection server and method for detecting abnormal sign of the same | |
| CN116484380A (en) | Automatic penetration test method and system for cloud native application | |
| CN109543419B (en) | Method and device for detecting asset security |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| ASS | Succession or assignment of patent right |
Owner name: BEIJING QIMINGXINCHEN INFORMATION SECURITY TECHNOL |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| COR | Change of bibliographic data |
Free format text: CORRECT: ADDRESS; FROM: 100081 NO 188, NO.12, ZHONGGUANCUN SOUTH AVENUE, HAIDIAN DISTRICT, BEIJING CITY TO: 100193 QIMINGXINGCHEN BUILDING, BUILDING 21, ZHONGGUANCUN SOFTWARE PARK, NO.8, DONGBEIWANG WEST ROAD, HAIDIAN DISTRICT, BEIJING CITY |
|
| TR01 | Transfer of patent right |
Effective date of registration: 20100507 Address after: 100193 Beijing city Haidian District Dongbeiwang qimingxingchenmansionproject Building No. 21 West Road No. 8 Zhongguancun Software Park Co-patentee after: Beijing Venusense Information Security Technology Co., Ltd. Patentee after: Beijing Venus Information Technology Co., Ltd. Address before: 100081 No. 12 South Avenue, Haidian District, Zhongguancun, No. 188, Beijing Patentee before: Beijing Venus Information Technology Co., Ltd. |
|
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20090902 Termination date: 20130724 |