TWM599062U - Privileged account management system - Google Patents

Privileged account management system Download PDF

Info

Publication number
TWM599062U
TWM599062U TW109203649U TW109203649U TWM599062U TW M599062 U TWM599062 U TW M599062U TW 109203649 U TW109203649 U TW 109203649U TW 109203649 U TW109203649 U TW 109203649U TW M599062 U TWM599062 U TW M599062U
Authority
TW
Taiwan
Prior art keywords
privileged
server
privileged account
module
list
Prior art date
Application number
TW109203649U
Other languages
Chinese (zh)
Inventor
蕭明輝
林世哲
李有倍
陳慧芳
張浩哲
Original Assignee
台北富邦商業銀行股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 台北富邦商業銀行股份有限公司 filed Critical 台北富邦商業銀行股份有限公司
Priority to TW109203649U priority Critical patent/TWM599062U/en
Publication of TWM599062U publication Critical patent/TWM599062U/en

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

A privileged account management system includes at least one target server, a storing module, a data management module and a monitoring analysis module. The target server includes a server data and at least one privileged account corresponding to the server data. The storing module is configured for storing a server list, and the server list includes each server data of the target servers and the at least one privileged account corresponding to the server data. The data management module establishes a privileged account list by monitoring the target servers and sends the privileged account list at a specific time. The privileged account list includes all the privileged accounts of the target servers. The monitoring analysis module matches up between the server list and the privileged account list and selectively generates and sends a warning signal.

Description

特權帳號管理系統 Privileged account management system

本創作關於一種帳號管理系統,並且特別地,關於一種可提升資料安全的特權帳號管理系統。 This creation is about an account management system, and in particular, about a privileged account management system that can improve data security.

在這個網路通訊快速、資料傳輸便利的時代,人們逐漸無法脫離網路,無論在商業交易、人際互動或生活形態,皆與網路息息相關,而企業內部電腦的資料溝通也可透過企業內部之網路進行傳輸。由於網路的便利性,許多資料都唾手可得,因此,企業必須建立取得資料或操作系統的權限,以限制與控管取得資料的人數,進而防止資料外洩。以銀行業為例,由於許多資料都包含客戶個人資料,因此如何保障客戶的個人資料外洩是重要的課題。另外,若系統未受到權限保護,則系統容易被提權受到攻擊。因此,通常企業都會建立特權帳號以控管資料並提升資料安全。 In this era of fast network communication and convenient data transmission, people are gradually unable to leave the network. No matter in business transactions, interpersonal interaction, or lifestyle, they are all closely related to the network, and the data communication of the internal computer of the enterprise can also be achieved through the internal communication of the enterprise. Network for transmission. Due to the convenience of the Internet, many data are readily available. Therefore, companies must establish permissions to obtain data or operating systems to limit and control the number of people who obtain data, thereby preventing data leakage. Take the banking industry as an example. Since many data contain customers' personal data, how to protect customers' personal data from leakage is an important issue. In addition, if the system is not protected by permissions, the system is vulnerable to escalation and attack. Therefore, companies usually create privileged accounts to control data and improve data security.

然而,近年來惡意程式威脅日益嚴重,許多駭客入侵企業的防禦系統取得特權帳號進行提權而發動攻擊(如SWIFT駭客盜領事件、銀行ATM遭駭客攻擊吐鈔事件等)。因此,如何有效地管理特權帳號將是主要的問題之一。現行一般企業在提升管理特權帳號的方法中,係在企業的伺服器以安裝應用程式或整合軟體的方式收集各伺服器的相關資訊後,再回傳到資安防禦系統進行比對分析以找出異常事件。但是,由於企業的伺服器 皆需安裝其他程式或軟體不僅提高成本也降低伺服器效能。 However, in recent years, the threat of malicious programs has become more and more serious. Many hackers have invaded the defense system of enterprises to obtain privileged accounts to escalate privileges and launch attacks (such as the SWIFT hacking incident, the bank ATM being attacked by hackers to spit money, etc.). Therefore, how to effectively manage privileged accounts will be one of the main problems. The current method for general enterprises to enhance the management privileged account is to install applications or integrate software on the enterprise’s server to collect the relevant information of each server, and then return it to the information security defense system for comparison and analysis to find An abnormal event occurred. However, because the corporate server All need to install other programs or software not only increase costs but also reduce server performance.

因此,有必要研發一種特權帳號管理系統,以解決先前技術之問題。 Therefore, it is necessary to develop a privileged account management system to solve the problems of the prior art.

有鑑於此,本創作之一範疇在於提供一種特權帳號管理系統,可降低成本並且可有效地提高資料安全。 In view of this, one of the scopes of this creation is to provide a privileged account management system, which can reduce costs and effectively improve data security.

根據本創作之一具體實施例,特權帳號管理系統包含至少一目標伺服器、儲存模組、資料管理模組以及監控分析模組。至少一目標伺服器儲存至少一特權帳號,其中每一目標伺服器包含伺服器資料以及對應伺服器資料的至少一特權帳號。儲存模組用以儲存伺服器列表,其中伺服器列表包含所有目標伺服器的每一目標伺服器資料以及對應每一目標伺服器資料的每一特權帳號。資料管理模組耦接至少一目標伺服器。資料管理模組用以監控目標伺服器並建立特權帳號清單,並且於至少一特定時間發送特權帳號清單。特權帳號清單包含目標伺服器的所有特權帳號。監控分析模組耦接儲存模組以及資料管理模組。監控分析模組用以接收特權帳號清單並且比對伺服器列表以及特權帳號清單。當伺服器列表與特權帳號清單不符時,監控分析模組產生並發送警示訊號。 According to a specific embodiment of this creation, the privileged account management system includes at least one target server, a storage module, a data management module, and a monitoring analysis module. At least one target server stores at least one privileged account, and each target server includes server data and at least one privileged account corresponding to the server data. The storage module is used to store a server list, where the server list includes each target server data of all target servers and each privileged account corresponding to each target server data. The data management module is coupled to at least one target server. The data management module is used for monitoring the target server and creating a list of privileged accounts, and sending the list of privileged accounts at least at a specific time. The list of privileged accounts contains all privileged accounts of the target server. The monitoring analysis module is coupled to the storage module and the data management module. The monitoring and analysis module is used to receive the list of privileged accounts and compare the list of servers and the list of privileged accounts. When the server list does not match the privileged account list, the monitoring and analysis module generates and sends a warning signal.

其中,至少一特權帳號包含第一特權帳號。當特權帳號清單包含對應目標伺服器的第一特權帳號並且伺服器列表不包含對應目標伺服器的第一特權帳號時,監控分析模組產生並發送警示訊號。 Among them, at least one privileged account includes the first privileged account. When the privileged account list contains the first privileged account corresponding to the target server and the server list does not contain the first privileged account corresponding to the target server, the monitoring and analysis module generates and sends a warning signal.

其中,至少一特權帳號包含第一特權帳號。當伺服器列表包含對應目標伺服器的第一特權帳號並且特權帳號清單不包含對應目標伺服 器的第一特權帳號時,監控分析模組產生並發送警示訊號。 Among them, at least one privileged account includes the first privileged account. When the server list contains the first privileged account corresponding to the target server and the privileged account list does not include the corresponding target server The first privileged account of the device, the monitoring analysis module generates and sends a warning signal.

其中,特權帳號管理系統進一步包含收發模組,耦接至少一目標伺服器以及監控分析模組。收發模組用以回收對應特權帳號的特權帳號密碼。當收發模組於該特定時間所回收的特權帳號密碼所對應的特權帳號與伺服器列表不符時,監控分析模組產生並發送警示訊號。 Wherein, the privileged account management system further includes a transceiver module, coupled to at least one target server and a monitoring analysis module. The transceiver module is used to recover the privileged account password of the corresponding privileged account. When the privilege account corresponding to the privilege account password recovered by the transceiver module at the specific time does not match the server list, the monitoring analysis module generates and sends a warning signal.

進一步地,至少一特定時間包含第一特定時間,至少一特權帳號包含第一特權帳號,並且第一特權帳號包含第一特定時間。當收發模組於第一特定時間未回收對應第一特權帳號的特權帳號密碼並且伺服器列表包含第一特權帳號時,監控分析模組產生並發送警示訊號。 Further, at least one specific time includes a first specific time, at least one privileged account includes a first privileged account, and the first privileged account includes a first specific time. When the transceiver module does not retrieve the privileged account password corresponding to the first privileged account at the first specific time and the server list contains the first privileged account, the monitoring and analysis module generates and sends a warning signal.

其中,特權帳號管理系統進一步包含申請模組,耦接收發模組以及監控分析模組。申請模組用以發送申請訊息至收發模組。申請訊息包含至少一目標伺服器資料以及對應至少一目標伺服器資料的至少一特權帳號。當申請訊息與伺服器列表不符時,監控分析模組產生並發送警示訊號。 Among them, the privileged account management system further includes an application module, a receiving and sending module, and a monitoring analysis module. The application module is used to send application messages to the transceiver module. The application message includes at least one target server data and at least one privileged account corresponding to the at least one target server data. When the application message does not match the server list, the monitoring analysis module generates and sends a warning signal.

進一步地,申請訊息包含第二目標伺服器資料以及第二特權帳號資料。當伺服器列表不包含第二目標伺服器資料時,收發模組建立第二目標伺服器資料以及對應第二目標伺服器資料的第二特權帳號資料於伺服器列表中。 Further, the application message includes the second target server data and the second privilege account data. When the server list does not include the second target server data, the transceiver module creates the second target server data and the second privilege account data corresponding to the second target server data in the server list.

其中,特權帳號管理系統進一步包含顯示模組耦接監控分析模組。顯示模組用以接收並顯示監控分析模組所發送的警示訊號。 Among them, the privileged account management system further includes a display module coupled to a monitoring analysis module. The display module is used to receive and display the warning signal sent by the monitoring analysis module.

其中,資料管理模組為系統中心配置管理器(System Center Configuration Manager,SCCM)。 Among them, the data management module is the System Center Configuration Manager (SCCM).

其中,收發模組、監控分析模組以及儲存模組整合於伺服器中。 Among them, the transceiver module, the monitoring analysis module, and the storage module are integrated in the server.

綜上所述,本創作之特權帳號管理系統可根據多種資料源交叉比對以準確地判斷未授權的特權帳號,進而提升資料安全。並且可藉由整合式的管理器取得各伺服器的特權帳號資料,而不需在各伺服器安裝其他相關整合及資料安全防禦軟體,進而降低成本並提高伺服器效能。 To sum up, the privileged account management system of this creation can accurately determine unauthorized privileged accounts based on cross-comparison of multiple data sources, thereby enhancing data security. Moreover, the privileged account data of each server can be obtained through the integrated manager, without installing other related integration and data security defense software on each server, thereby reducing costs and improving server performance.

1:特權帳號管理系統 1: Privileged account management system

11A、11B:目標伺服器 11A, 11B: target server

12、161、261:收發模組 12, 161, 261: transceiver module

13:資料管理模組 13: Data management module

14、162、262:監控分析模組 14, 162, 262: monitoring analysis module

15、264:顯示模組 15, 264: display module

16、26:伺服器 16, 26: server

17、163、263:儲存模組 17, 163, 263: storage module

18:申請模組 18: Application module

圖1係繪示根據本創作之一具體實施例之特權帳號管理系統的功能方塊圖。 Fig. 1 is a functional block diagram of a privileged account management system according to a specific embodiment of the invention.

圖2係繪示根據本創作之另一具體實施例之特權帳號管理系統的功能方塊圖。 Fig. 2 is a functional block diagram of a privileged account management system according to another specific embodiment of the present creation.

圖3係繪示根據本創作之又一具體實施例之特權帳號管理系統的功能方塊圖。 Fig. 3 is a functional block diagram of a privileged account management system according to another specific embodiment of the present creation.

圖4係繪示根據本創作之又一具體實施例之特權帳號管理系統的功能方塊圖。 Fig. 4 is a functional block diagram of a privileged account management system according to another specific embodiment of the present creation.

為了讓本創作的優點,精神與特徵可以更容易且明確地了解,後續將以具體實施例並參照所附圖式進行詳述與討論。值得注意的是,這些具體實施例僅為本創作代表性的具體實施例,其中所舉例的特定方法、裝置、條件、材質等並非用以限定本創作或對應的具體實施例。又,圖中各裝置僅係用於表達其相對位置且未按其實際比例繪述,合先敘明。 In order to make the advantages, spirit and features of this creation easier and clearer to understand, the following will be detailed and discussed with specific embodiments and with reference to the accompanying drawings. It should be noted that these specific embodiments are only representative specific embodiments of the creation, and the specific methods, devices, conditions, materials, etc. exemplified therein are not intended to limit the creation or the corresponding specific embodiments. In addition, each device in the figure is only used to express its relative position and is not drawn according to its actual scale, which is described first.

在本公開的各種實施例中,表述“或”包括同時列出的文字的任何組合或所有組合。例如,表述“A或B”可包括A、可包括B或可包括A和B二者。此外,本創作裝置或元件前的不定冠詞“一”、“一種”和“一個”對裝置或元件的數量要求(即出現次數)無限制性。因此“一”應被解讀為包括一或至少一,並且單數形式的裝置或元件也包括複數形式,除非所述數量明顯指單數形式。 In various embodiments of the present disclosure, the expression "or" includes any or all combinations of words listed at the same time. For example, the expression "A or B" can include A, can include B, or can include both A and B. In addition, the indefinite articles "a", "one" and "one" before the authoring device or element have no limitation on the number of devices or elements (ie, the number of appearances). Therefore, "a" should be interpreted as including one or at least one, and a device or element in the singular form also includes the plural form, unless the number clearly refers to the singular form.

在本說明書的描述中,參考術語“一具體實施例”、“另一具體實施例”或“部分具體實施例”等的描述意指結合該實施例描述的具體特徵、結構、材料或者特點包含於本創作的至少一個實施例中。在本說明書中,對上述術語的示意性表述不一定指的是相同的實施例。而且,描述的具體特徵、結構、材料或者特點可以在任何的一個或多個實施例中以合適的方式結合。 In the description of this specification, the description with reference to the terms "a specific embodiment", "another specific embodiment" or "parts of specific embodiments" etc. means that the specific features, structures, materials or features described in conjunction with the embodiment include In at least one embodiment of this creation. In this specification, the schematic representations of the aforementioned terms do not necessarily refer to the same embodiment. Moreover, the described specific features, structures, materials or characteristics can be combined in any one or more embodiments in a suitable manner.

請參考圖1,圖1係繪示根據本創作之一具體實施例之特權帳號管理系統1的功能方塊圖。在本具體實施例中,特權帳號管理系統1包含目標伺服器11A及11B、儲存模組17、資料管理模組13以及監控分析模組14。目標伺服器11A及11B耦接資料管理模組13,並且監控分析模組14耦接資料管理模組13以及儲存模組17。於實務中,特權帳號管理系統1可應用於企業的資料安全管理。監控分析模組14以及儲存模組17可運作於一電腦主機(如:伺服器)中,並且目標伺服器11A及11B可以有線的或無線的連接於電腦主機中的資料管理模組13。請注意,圖1中的目標伺服器的數量不限於2個,也可為1個或3個以上。 Please refer to FIG. 1, which is a functional block diagram of a privileged account management system 1 according to a specific embodiment of the present creation. In this specific embodiment, the privileged account management system 1 includes target servers 11A and 11B, a storage module 17, a data management module 13, and a monitoring analysis module 14. The target servers 11A and 11B are coupled to the data management module 13, and the monitoring analysis module 14 is coupled to the data management module 13 and the storage module 17. In practice, the privileged account management system 1 can be applied to enterprise data security management. The monitoring analysis module 14 and the storage module 17 can operate in a computer host (such as a server), and the target servers 11A and 11B can be wired or wirelessly connected to the data management module 13 in the computer host. Please note that the number of target servers in FIG. 1 is not limited to two, and can also be one or more than three.

在本具體實施例中,目標伺服器11A包含伺服器資料以及對 應伺服器資料的至少一特權帳號。於實務中,目標伺服器11A可為工業電腦,並且可為企業待管理的資料庫、系統、線上平台的伺服器等。伺服器資料為可用以辨識目標伺服器11A的資料(如:電腦IP位置、電腦編號等)。特權帳號可為系統或資料庫等的最高權限帳號,並且特權帳號可為檔案的形式。舉例來說,當特權帳號管理系統1應用於銀行業時,目標伺服器11A可為金融資料庫,特權帳號為資料庫伺服器的最高權限帳號。請注意,目標伺服器11B的功能與目標伺服器11A的功能大致上相同,於此不再贅述。進一步地,當目標伺服器的數量為3個以上時,各目標伺服器的功能皆與目標伺服器11A的功能大致上相同。 In this specific embodiment, the target server 11A includes server data and At least one privileged account for server data. In practice, the target server 11A may be an industrial computer, and may be a server of a database, system, online platform, etc. to be managed by the enterprise. The server data is data that can be used to identify the target server 11A (eg, computer IP location, computer number, etc.). The privileged account can be the highest authority account of the system or database, and the privileged account can be in the form of a file. For example, when the privileged account management system 1 is applied to the banking industry, the target server 11A may be a financial database, and the privileged account is the highest authority account of the database server. Please note that the functions of the target server 11B are substantially the same as those of the target server 11A, and will not be repeated here. Furthermore, when the number of target servers is more than three, the functions of each target server are substantially the same as those of the target server 11A.

在本具體實施例中,儲存模組17用以儲存伺服器列表,其中伺服器列表包含所有目標伺服器的每一目標伺服器資料以及對應每一目標伺服器資料的至少一特權帳號。於實務中,儲存模組17可為硬碟、外接式硬碟等。伺服器列表可包含目標伺服器11A中的伺服器資料以及對應的特權帳號,以及目標伺服器11B中的伺服器資料以及對應的特權帳號。而伺服器列表可以預存或匯入的方式儲存於儲存模組17中。舉例來說,當企業的伺服器上架或現有的伺服器運作時,特權帳號的管理人員可先將所有已上架和現有的伺服器的伺服器資料以及對應伺服器的特權帳號儲存於儲存模組17中。 In this embodiment, the storage module 17 is used to store a server list, where the server list includes each target server data of all target servers and at least one privileged account corresponding to each target server data. In practice, the storage module 17 can be a hard disk, an external hard disk, etc. The server list may include server data in the target server 11A and the corresponding privileged account, and server data in the target server 11B and the corresponding privileged account. The server list can be stored in the storage module 17 in a pre-stored or imported manner. For example, when a company’s server is launched or an existing server is operating, the administrator of a privileged account can first store the server data of all the listed and existing servers and the privileged account of the corresponding server in the storage module 17 in.

在本具體實施例中,資料管理模組13監控目標伺服器11A及11B並建立特權帳號清單,而特權帳號清單包含目標伺服器11A及11B的所有特權帳號。於實務中,資料管理模組13可建立於運算晶片中或可為應用程式並且可辨識出特權帳號。資料管理模組13可判斷及得知位於目標伺服 器11A的所有特權帳號及目標伺服器11B的所有特權帳號。在一具體實施例中,資料管理模組13為系統中心配置管理器(System Center Configuration Manager,SCCM)。由於伺服器資料除了可為前述的電腦IP位置及電腦編號之外,也可包含作業系統資料(如:Windows作業系統)。於實務中,當目標伺服器11A與目標伺服器11B皆為Windows作業系統時,Windows系統中的SCCM可直接監控並得知目標伺服器11A及目標伺服器11B的特權帳號以建立特權帳號清單。請注意,資料管理模組13不限於SCCM,也可為其他任何可建立特權帳號清單的功能的管理器。因此,本創作的特權帳號管理系統1可直接得知伺服器的特權帳號,而不需在各伺服器額外安裝資料安全軟體,以提高伺服器的運作能力並且減少伺服器的負擔,進而以降低成本並提高伺服器效能。 In this specific embodiment, the data management module 13 monitors the target servers 11A and 11B and creates a list of privileged accounts, and the list of privileged accounts includes all privileged accounts of the target servers 11A and 11B. In practice, the data management module 13 can be built in a computing chip or can be an application program and can identify a privileged account. The data management module 13 can determine and know that it is located in the target server All privileged accounts of the server 11A and all privileged accounts of the target server 11B. In a specific embodiment, the data management module 13 is a System Center Configuration Manager (SCCM). As the server data can include not only the aforementioned computer IP location and computer number, but also operating system data (such as Windows operating system). In practice, when the target server 11A and the target server 11B are both Windows operating systems, the SCCM in the Windows system can directly monitor and learn the privileged accounts of the target server 11A and the target server 11B to create a list of privileged accounts. Please note that the data management module 13 is not limited to SCCM, and can also be any other manager capable of creating a list of privileged accounts. Therefore, the created privileged account management system 1 can directly know the privileged account of the server without installing additional data security software on each server, so as to improve the operation capability of the server and reduce the burden on the server, thereby reducing Cost and improve server performance.

進一步地,資料管理模組13可於至少一特定時間發送特權帳號清單至監控分析模組14。於實務中,資料管理模組13可定期回報目標伺服器11A及11B中的特權帳號,以監控每一個目標伺服器的特權帳號使用情形。而特定時間可預存於資料管理模組13中,並且可根據需求而設定。舉例來說,特定時間可設定為每日的下午六點,因此,資料管理模組13可於每日的下午六點將特權帳號清單傳送至監控分析模組14。 Further, the data management module 13 can send the list of privileged accounts to the monitoring analysis module 14 at least at a specific time. In practice, the data management module 13 can periodically report the privileged accounts in the target servers 11A and 11B to monitor the use of the privileged accounts of each target server. The specific time can be pre-stored in the data management module 13 and can be set according to requirements. For example, the specific time can be set to 6 o'clock in the afternoon every day. Therefore, the data management module 13 can send the list of privileged accounts to the monitoring analysis module 14 at 6 o'clock in the afternoon every day.

在本具體實施例中,當監控分析模組14接收到資料管理模組13所發送的特權帳號清單後,監控分析模組14比對資料管理模組13所建立的特權帳號清單以及儲存於儲存模組17中的伺服器列表。於實務中,監控分析模組14可建立於運算晶片中。監控分析模組14可藉由比對特權帳號清單以及伺服器列表判斷出各目標伺服器11A及11B是否有異常且未授權的特 權帳號,並且根據判斷結果產生並發送警示訊號。進一步地,特權帳號管理人員可根據警示訊號採取相對應的資安防護處理,進而提升資料安全。 In this specific embodiment, after the monitoring and analysis module 14 receives the list of privileged accounts sent by the data management module 13, the monitoring and analysis module 14 compares the list of privileged accounts created by the data management module 13 and stores it in the storage List of servers in module 17. In practice, the monitoring analysis module 14 can be built in a computing chip. The monitoring analysis module 14 can determine whether each target server 11A and 11B has abnormal and unauthorized special features by comparing the list of privileged accounts and the list of servers. Account, and generate and send warning signals based on the judgment results. Further, the privileged account management personnel can take corresponding information security protection processing according to the warning signal, thereby improving data security.

在一具體實施例中,當特權帳號清單包含對應目標伺服器11A的第一特權帳號,並且伺服器列表不包含對應目標伺服器11A的第一特權帳號時,監控分析模組14產生並發送警示訊號。於實務中,當資料管理模組13找到伺服器列表沒有紀錄的第一特權帳號時,也就是說,第一特權帳號不為目標伺服器原有的特權帳號,並且也不為企業的特權帳號管理人員於目標伺服器上架時所建立的帳號。換句話說,第一特權帳號有可能為駭客入侵目標伺服器11A所建立的未授權的特權帳號。進一步地,企業的特權帳號管理人員可根據監控分析模組14所發送警示訊息將此帳號自目標伺服器刪除,以提升企業的安全性。 In a specific embodiment, when the list of privileged accounts includes the first privileged account corresponding to the target server 11A, and the server list does not include the first privileged account corresponding to the target server 11A, the monitoring analysis module 14 generates and sends an alert Signal. In practice, when the data management module 13 finds the first privileged account that is not recorded in the server list, that is, the first privileged account is not the original privileged account of the target server, nor is it the privileged account of the enterprise The account created by the administrator when the target server was launched. In other words, the first privileged account may be an unauthorized privileged account created by the hacker invading the target server 11A. Further, the privileged account manager of the enterprise can delete the account from the target server according to the warning message sent by the monitoring analysis module 14 to improve the security of the enterprise.

在一具體實施例中,當伺服器列表包含對應目標伺服器11A的第一特權帳號,並且特權帳號清單不包含對應目標伺服器11A的第一特權帳號時,監控分析模組14產生並發送警示訊號。於實務中,當資料管理模組13所發送的特權帳號清單不包含第一特權帳號時,也就是說,第一特權帳號已不存在。換句話說,目標伺服器11A可能已經下架,因此資料管理模組13無法取得第一特權帳號。然而,由於儲存模組17中的伺服器列表仍包含對應目標伺服器11A的第一特權帳號的資料,因此企業的特權帳號管理人員可根據監控分析模組14所發送警示訊息更新儲存模組17中的伺服器列表,以確實掌控企業所有特權帳號的流動。因此,特權帳號管理系統1可根據特權帳號清單以及伺服器列表自動判斷出異常的特權帳號,進而提升企業的安全管理效率。 In a specific embodiment, when the server list includes the first privileged account corresponding to the target server 11A, and the privileged account list does not include the first privileged account corresponding to the target server 11A, the monitoring analysis module 14 generates and sends an alert Signal. In practice, when the list of privileged accounts sent by the data management module 13 does not include the first privileged account, that is, the first privileged account no longer exists. In other words, the target server 11A may have been taken down, so the data management module 13 cannot obtain the first privilege account. However, since the server list in the storage module 17 still contains the data corresponding to the first privileged account of the target server 11A, the privileged account manager of the enterprise can update the storage module 17 according to the warning message sent by the monitoring analysis module 14 The list of servers in to control the flow of all privileged accounts of the enterprise. Therefore, the privileged account management system 1 can automatically determine the abnormal privileged account according to the list of privileged accounts and the list of servers, thereby improving the efficiency of security management of the enterprise.

請參考圖2。圖2係繪示根據本創作之另一具體實施例之特權帳號管理系統1的功能方塊圖。本具體實施例與前述的具體實施例的不同之處,係在於本具體實施例的特權帳號管理系統1進一步包含收發模組12。收發模組12耦接目標伺服器11A及11B,並且耦接監控分析模組14。收發模組12用以回收對應特權帳號的特權帳號密碼。當收發模組12於特定時間所回收的特權帳號密碼所對應的特權帳號與伺服器列表不符時,監控分析模組14產生並發送警示訊號。於實務中,收發模組12可為資料傳輸晶片。收發模組12可在特定時間(如:下午6點)回收所有企業人員所申用的特權帳號的特權帳號密碼。而回收特權帳號密碼的方式可為變更密碼的形式,但不限於此。當收發模組12未回收對應特權帳號的特權帳號密碼時,即表示收回對應特權帳號的特權帳號密碼未執行變更,此時,企業的特權帳號管理人員可根據監控分析模組14所發送警示訊息將對應特權帳號的特權帳號密碼進行密碼變更,以控管及避免特權帳號的濫用。因此,特權帳號管理系統1也可透過收發模組12有效地管理特權帳號,提升企業的資料安全。 Please refer to Figure 2. FIG. 2 is a functional block diagram of the privileged account management system 1 according to another specific embodiment of the present creation. The difference between this specific embodiment and the foregoing specific embodiments is that the privileged account management system 1 of this specific embodiment further includes a transceiver module 12. The transceiver module 12 is coupled to the target servers 11A and 11B, and is coupled to the monitoring analysis module 14. The transceiver module 12 is used to retrieve the privilege account password corresponding to the privilege account. When the privileged account corresponding to the privileged account password recovered by the transceiver module 12 at a specific time does not match the server list, the monitoring and analysis module 14 generates and sends a warning signal. In practice, the transceiver module 12 may be a data transmission chip. The transceiver module 12 can retrieve the privilege account password of the privilege account applied by all enterprise personnel at a specific time (for example, 6 pm). The way to recover the password of the privileged account can be in the form of changing the password, but is not limited to this. When the transceiver module 12 does not recover the privileged account password of the corresponding privileged account, it means that the privileged account password of the corresponding privileged account has not been changed. At this time, the privileged account manager of the enterprise can send a warning message according to the monitoring analysis module 14 Change the password of the privileged account corresponding to the privileged account to control and avoid abuse of the privileged account. Therefore, the privileged account management system 1 can also effectively manage the privileged account through the transceiver module 12 to enhance the data security of the enterprise.

而收發模組12所回收的對應特權帳號的特權帳號密碼除了可與儲存模組17中的伺服器列表分析與比對之外,也可與資料管理模組13所發送的特權帳號清單進行分析與比對。在一具體實施例中,收發模組12回收對應特權帳號的特權帳號密碼的同時,也根據特權帳號密碼所對應的特權帳號產生申用記錄。當資料管理模組13所發送的特權帳號清單與收發模組12的申用記錄不符時,監控分析模組14產生並發送警示訊號。舉例來說,當資料管理模組13所發送的特權帳號清單中,目標伺服器11A的使用紀錄包含第一特權帳號並且收發模組12所產生的申用記錄中不包含對應目標 伺服器11A的第一特權帳號時,也就是說,第一特權帳號並未行正常授權申用。企業的特權帳號管理人員可根據監控分析模組14所產生並發送的警示訊號尋找第一特權帳號的歷史紀錄。因此,特權帳號管理系統1可根據特權帳號清單以及回收的特權帳號密碼自動判斷出異常的特權帳號,以有效地管理企業的特權帳號,進而提升企業的安全管理效率。 The privileged account password corresponding to the privileged account recovered by the transceiver module 12 can be analyzed and compared with the server list in the storage module 17 as well as the privileged account list sent by the data management module 13 Compare with. In a specific embodiment, when the transceiver module 12 recovers the privileged account password corresponding to the privileged account, it also generates an application record according to the privileged account corresponding to the privileged account password. When the list of privileged accounts sent by the data management module 13 does not match the application record of the transceiver module 12, the monitoring analysis module 14 generates and sends a warning signal. For example, when the list of privileged accounts sent by the data management module 13, the use record of the target server 11A includes the first privileged account and the application record generated by the transceiver module 12 does not include the corresponding target When the first privileged account of the server 11A is used, that is, the first privileged account is not authorized to apply normally. The privileged account manager of the enterprise can search for the historical record of the first privileged account according to the warning signal generated and sent by the monitoring analysis module 14. Therefore, the privileged account management system 1 can automatically determine abnormal privileged accounts based on the list of privileged accounts and the recovered privileged account passwords, so as to effectively manage the privileged accounts of the enterprise, thereby improving the efficiency of security management of the enterprise.

而前述的特定時間可為收發模組12回收特權帳號的時間,也可為回收各特權帳號的依據。在一具體實施例中,目標伺服器11A的第一特權帳號包含第一特定時間,當收發模組12於該第一特定時間未回收對應第一特權帳號的特權帳號密碼並且伺服器列表包含第一特權帳號時,監控分析模組14產生該警示訊號。本具體實施例中的第一特定時間與前述的特定時間的不同之處係在於,前述的特定時間係為固定的時間點,並且收發模組12於固定的時間點回收所有特權帳號;而本具體實施例的第一特定時間係為第一特權帳號的使用時間,進一步地,多個特權帳號可分別包含不同的使用時間,因此,收發模組12可根據各特權帳號的使用時間回收特權帳號。於實務中,第一特定時間可為第一特權帳號的使用期限(如:3小時),並且第一特定時間可預設於收發模組12中。因此,當收發模組12於3小時後未回收到第一特權帳號時,監控分析模組14產生警示訊號。因此,特權帳號管理系統1也可藉由特權帳號的時效性比對回收的特權帳號以及特權帳號清單以判斷異常特權帳號,進而提升資料安全。 The aforementioned specific time may be the time when the transceiver module 12 reclaims the privileged account, or may be a basis for reclaiming each privileged account. In a specific embodiment, the first privileged account of the target server 11A includes the first specific time. When the transceiver module 12 does not retrieve the privileged account password corresponding to the first privileged account at the first specific time and the server list includes the first specific time When a privileged account is used, the monitoring analysis module 14 generates the warning signal. The difference between the first specific time in this embodiment and the foregoing specific time is that the foregoing specific time is a fixed time point, and the transceiver module 12 recovers all privileged accounts at a fixed time point; The first specific time in the specific embodiment is the use time of the first privileged account. Further, multiple privileged accounts may respectively contain different use times. Therefore, the transceiver module 12 can reclaim the privileged account according to the use time of each privileged account. . In practice, the first specific time may be the use period of the first privileged account (for example, 3 hours), and the first specific time may be preset in the transceiver module 12. Therefore, when the transceiver module 12 does not retrieve the first privileged account after 3 hours, the monitoring analysis module 14 generates a warning signal. Therefore, the privileged account management system 1 can also compare the recovered privileged accounts and the list of privileged accounts by the timeliness of the privileged accounts to determine abnormal privileged accounts, thereby enhancing data security.

而本創作的特權帳號管理系統1也可進一步包含申請模組18。申請模組18耦接收發模組12及監控分析模組14,並且用以發送申請訊息至收發模組12。申請訊息包含至少一目標伺服器資料以及對應目標伺服 器的特權帳號。於實務中,申請模組18可為申請特權帳號的應用程式、系統或介面,並且申請模組18可整合於電腦或伺服器中。當企業人員需申用或申請新增目標伺服器11A的特權帳號時,申請模組18可發送包含目標伺服器11A的伺服器資料以及對應伺服器資料的特權帳號的申請訊息至收發模組12。而當申請訊息與伺服器列表不符時,監控分析模組14產生並發送警示訊號。 The privileged account management system 1 created by this invention may further include an application module 18. The application module 18 is coupled to the receiving and sending module 12 and the monitoring and analyzing module 14, and is used to send application messages to the receiving and sending module 12. The application message contains at least one target server data and the corresponding target server The privileged account of the server. In practice, the application module 18 can be an application, system, or interface for applying for a privileged account, and the application module 18 can be integrated in a computer or server. When enterprise personnel need to apply or apply for adding a privileged account of the target server 11A, the application module 18 can send an application message containing the server data of the target server 11A and the privileged account corresponding to the server data to the transceiver module 12 . When the application message does not match the server list, the monitoring analysis module 14 generates and sends a warning signal.

在一具體實施例中,當申請訊息包含第二伺服器資料以及第二特權帳號,並且伺服器列表不包含第二伺服器資料以及第二特權帳號時,收發模組12建立第二伺服器資料以及對應第二伺服器資料的第二特權帳號於伺服器列表中。於實務中,當伺服器列表不包含第二伺服器資料時,也就是說,包含第二伺服器資料的第二伺服器不為現有的伺服器,因此,第二伺服器有可能是即將上架的伺服器,而申請訊息為伺服器管理人所新增申請的特權帳號。因此,企業的特權帳號管理人員可根據監控分析模組14所發送警示訊息確認即將上架的伺服器的訊息,以確實掌控企業所有的特權帳號。 In a specific embodiment, when the application message includes the second server data and the second privilege account, and the server list does not include the second server data and the second privilege account, the transceiver module 12 creates the second server data And the second privileged account corresponding to the data of the second server is in the server list. In practice, when the server list does not contain the second server data, that is, the second server that contains the second server data is not an existing server. Therefore, the second server may be available soon , And the application message is the privilege account newly applied for by the administrator of the server. Therefore, the privileged account management personnel of the enterprise can confirm the information of the server that is about to be launched according to the warning message sent by the monitoring analysis module 14 to control all the privileged accounts of the enterprise.

進一步地,監控分析模組14也可比對申請模組18所發送的申請訊息、儲存於儲存模組17的伺服器列表以及資料管理模組13所發送的特權帳號清單。在一具體實施例中,申請訊息以及伺服器列表包含目標伺服器11A的第一特權帳號,當特權帳號清單包含目標伺服器11A的第一特權帳號以及第二特權帳號,而伺服器列表不包含目標伺服器11A的第二特權帳號時,監控分析模組14產生並發送警示訊號。於實務中,當特權帳號清單包含第二特權帳號,但是伺服器列表不包含第二特權帳號時,也就是說,目 標伺服器11A中的第二特權帳號不為原有的而係新增的。然而,申請訊息中包含了目標伺服器11A的特權帳號申請紀錄。因此,特權帳號管理人員可根據監控分析模組14所產生並發送的警示訊息尋找申用目標伺服器11A的特權帳號的企業人員,進而判斷第二特權帳號建立的合法性。因此,特權帳號管理系統1可藉由多個資料來源進行交叉比對,進而提升企業資料安全。 Furthermore, the monitoring and analysis module 14 can also compare the application message sent by the application module 18, the server list stored in the storage module 17 and the privileged account list sent by the data management module 13. In a specific embodiment, the application message and the server list include the first privileged account of the target server 11A. When the privileged account list includes the first privileged account and the second privileged account of the target server 11A, and the server list does not include When the second privileged account of the target server 11A is used, the monitoring analysis module 14 generates and sends a warning signal. In practice, when the list of privileged accounts contains the second privileged account, but the server list does not contain the second privileged account, that is, the target The second privileged account in the target server 11A is not the original one but is newly added. However, the application message contains the privilege account application record of the target server 11A. Therefore, the privileged account manager can search for the enterprise personnel applying for the privileged account of the target server 11A according to the warning message generated and sent by the monitoring analysis module 14 to determine the legality of the establishment of the second privileged account. Therefore, the privileged account management system 1 can perform cross-comparison through multiple data sources, thereby enhancing the security of enterprise data.

請繼續參考圖2。本具體實施例的特權帳號管理系統1進一步包含顯示模組15耦接監控分析模組14。顯示模組15用以接收並顯示監控分析模組14所發送的警示訊號。於實務中,警示訊號可為文字、圖像及聲音等,並且顯示模組15可為電腦螢幕、手機螢幕及可用以顯示的裝置。而監控分析模組14也可將未授權帳號、異常帳號數量顯示於顯示模組15,因此,特權帳號管理人員可透過顯示模組15所顯示的警示訊號進行後續的資安防護作業,以提升資料安全。 Please continue to refer to Figure 2. The privileged account management system 1 of this embodiment further includes a display module 15 coupled to the monitoring analysis module 14. The display module 15 is used for receiving and displaying the warning signal sent by the monitoring analysis module 14. In practice, the warning signal can be text, image, sound, etc., and the display module 15 can be a computer screen, a mobile phone screen, and a display device. The monitoring and analysis module 14 can also display the number of unauthorized accounts and abnormal accounts on the display module 15. Therefore, the privileged account managers can use the warning signal displayed by the display module 15 to perform subsequent information security protection operations to improve Data security.

請參考圖3,圖3係繪示根據本創作之又一具體實施例之特權帳號管理系統1的功能方塊圖。本具體實施例與先前具體實施例的不同之處係在於本具體實施例的特權帳號管理系統1中的收發模組161、監控分析模組162以及儲存模組163整合於伺服器16中。於實務中,伺服器16可為由特權帳號管理人員所管理的電腦主機。因此,特權帳號的建立、儲存及收發皆可集中管理,以提升資料安全。請注意,本具體實施例的收發模組161、監控分析模組162以及儲存模組163的功能與前述的具體實施例的收發模組、監控分析模組以及儲存模組的功能大致相同,於此不再贅述。請參考圖4,圖4係繪示根據本創作之又一具體實施例之特權帳號管理系統1的功能方塊圖。在本具體實施例中,特權帳號管理系統中的收發模組261、監控分 析模組262、儲存模組263以及顯示模組264整合於伺服器26中。請注意,本具體實施例的收發模組261、監控分析模組262、儲存模組263及顯示模組264的功能與前述的具體實施例的收發模組、監控分析模組、儲存模組及顯示模組的功能大致相同,於此不再贅述。 Please refer to FIG. 3, which is a functional block diagram of the privileged account management system 1 according to another specific embodiment of the present creation. The difference between this embodiment and the previous embodiment is that the transceiver module 161, the monitoring analysis module 162, and the storage module 163 in the privileged account management system 1 of this embodiment are integrated in the server 16. In practice, the server 16 may be a computer host managed by a privileged account manager. Therefore, the creation, storage, and sending and receiving of privileged accounts can be managed centrally to enhance data security. Please note that the functions of the transceiver module 161, the monitoring analysis module 162, and the storage module 163 of this specific embodiment are substantially the same as those of the foregoing specific embodiment. This will not be repeated here. Please refer to FIG. 4, which is a functional block diagram of the privileged account management system 1 according to another specific embodiment of the present creation. In this specific embodiment, the transceiver module 261 and the monitoring component in the privileged account management system The analysis module 262, the storage module 263, and the display module 264 are integrated in the server 26. Please note that the functions of the transceiver module 261, monitoring analysis module 262, storage module 263, and display module 264 of this specific embodiment are the same as those of the transceiver module, monitoring analysis module, storage module, and The functions of the display modules are roughly the same, so I won't repeat them here.

綜上所述,本創作之特權帳號管理系統可根據多種資料源交叉比對以準確地判斷未授權的特權帳號,進而提升資料安全。並且可藉由整合式的管理器取得各伺服器的特權帳號資料,而不需在各伺服器安裝其他相關整合軟體,進而降低成本並提高伺服器效能。 To sum up, the privileged account management system of this creation can accurately determine unauthorized privileged accounts based on cross-comparison of multiple data sources, thereby enhancing data security. And the privileged account data of each server can be obtained through the integrated manager, without installing other related integrated software on each server, thereby reducing costs and improving server performance.

藉由以上較佳具體實施例之詳述,係希望能更加清楚描述本創作之特徵與精神,而並非以上述所揭露的較佳具體實施例來對本創作之範疇加以限制。相反地,其目的是希望能涵蓋各種改變及具相等性的安排於本創作所欲申請之專利範圍的範疇內。因此,本創作所申請之專利範圍的範疇應根據上述的說明作最寬廣的解釋,以致使其涵蓋所有可能的改變以及具相等性的安排。 Based on the above detailed description of the preferred embodiments, it is hoped that the characteristics and spirit of the creation can be described more clearly, and the scope of the creation is not limited by the preferred embodiments disclosed above. On the contrary, its purpose is to cover various changes and equivalent arrangements within the scope of the patent application for this creation. Therefore, the scope of the patent application for this creation should be interpreted in the broadest sense based on the above description, so that it covers all possible changes and equivalent arrangements.

1:特權帳號管理系統 1: Privileged account management system

11A、11B:目標伺服器 11A, 11B: target server

13:資料管理模組 13: Data management module

14:監控分析模組 14: Monitoring analysis module

17:儲存模組 17: Storage module

Claims (10)

一種特權帳號管理系統,其包含: A privileged account management system, which includes: 至少一目標伺服器,儲存至少一特權帳號,其中每一該目標伺服器包含一伺服器資料以及對應該伺服器資料的該至少一特權帳號; At least one target server stores at least one privileged account, wherein each target server includes a server data and the at least one privileged account corresponding to the server data; 一儲存模組,用以儲存一伺服器列表,其中該伺服器列表包含所有該目標伺服器的每一該目標伺服器資料以及對應每一該目標伺服器資料的該至少一特權帳號; A storage module for storing a server list, wherein the server list includes each target server data of all the target servers and the at least one privileged account corresponding to each target server data; 一資料管理模組,耦接該至少一目標伺服器,該資料管理模組用以監控該至少一目標伺服器並建立一特權帳號清單,並且於至少一特定時間發送該特權帳號清單,該特權帳號清單包含該至少一目標伺服器的所有特權帳號;以及 A data management module coupled to the at least one target server, the data management module is used to monitor the at least one target server and create a list of privileged accounts, and send the list of privileged accounts at least at a specific time, the privileges The account list contains all privileged accounts of the at least one target server; and 一監控分析模組,耦接該儲存模組以及該資料管理模組,該監控分析模組用以接收該特權帳號清單並且比對該伺服器列表以及該特權帳號清單,當該伺服器列表與該特權帳號清單不符時,該監控分析模組產生並發送一警示訊號。 A monitoring analysis module, coupled to the storage module and the data management module, the monitoring analysis module to receive the list of privileged accounts and compare the list of servers and the list of privileged accounts, when the list of servers and When the list of privileged accounts does not match, the monitoring and analysis module generates and sends a warning signal. 如申請專利範圍第1項所述之特權帳號管理系統,其中該至少一特權帳號包含一第一特權帳號,當該特權帳號清單包含對應該目標伺服器的該第一特權帳號並且該伺服器列表不包含對應該目標伺服器的該第一特權帳號時,該監控分析模組產生並發送該警示訊號。 For example, the privileged account management system described in item 1 of the scope of patent application, wherein the at least one privileged account includes a first privileged account, when the list of privileged accounts includes the first privileged account corresponding to the target server and the server list When the first privilege account corresponding to the target server is not included, the monitoring analysis module generates and sends the warning signal. 如申請專利範圍第1項所述之特權帳號管理系統,其中該至少一特權帳號包含一第一特權帳號,當該伺服器列表包含對應該目標伺服器的該第一特權帳號並且該特權帳號清單不包含對應該目標伺服器的該第一特權帳 號時,該監控分析模組產生並發送該警示訊號。 For example, the privileged account management system described in item 1 of the scope of patent application, wherein the at least one privileged account includes a first privileged account, when the server list includes the first privileged account corresponding to the target server and the privileged account list Does not contain the first privilege account corresponding to the target server At the time of the signal, the monitoring analysis module generates and sends the warning signal. 如申請專利範圍第1項所述之特權帳號管理系統,進一步包含一收發模組,耦接該至少一目標伺服器以及該監控分析模組,該收發模組用以回收對應該至少一特權帳號的至少一特權帳號密碼,當收發模組於該特定時間所回收的該至少一特權帳號密碼與該伺服器列表不符時,該監控分析模組產生並發送該警示訊號。 For example, the privileged account management system described in item 1 of the scope of patent application further includes a transceiver module, coupled to the at least one target server and the monitoring analysis module, and the transceiver module is used to retrieve at least one privileged account When the at least one privileged account password recovered by the transceiver module at the specific time does not match the server list, the monitoring and analysis module generates and sends the warning signal. 如申請專利範圍第4項所述之特權帳號管理系統,其中該至少一特定時間包含一第一特定時間,該至少一特權帳號包含一第一特權帳號,並且該第一特權帳號包含該第一特定時間,當該收發模組於該第一特定時間未回收對應該第一特權帳號的該至少一特權帳號密碼並且該伺服器列表包含該第一特權帳號時,該監控分析模組產生該警示訊號。 For example, the privileged account management system described in item 4 of the scope of patent application, wherein the at least one specific time includes a first specific time, the at least one privileged account includes a first privileged account, and the first privileged account includes the first At a specific time, when the transceiver module does not retrieve the at least one privileged account password corresponding to the first privileged account at the first specific time and the server list contains the first privileged account, the monitoring analysis module generates the alert Signal. 如申請專利範圍第4項所述之特權帳號管理系統,進一步包含一申請模組,耦接該收發模組及該監控分析模組,該申請模組用以發送一申請訊息至該收發模組,該申請訊息包含該至少一目標伺服器資料以及對應該至少一目標伺服器資料的該至少一特權帳號,當該申請訊息與該伺服器列表不符時,該監控分析模組產生並發送該警示訊號。 For example, the privileged account management system described in item 4 of the scope of patent application further includes an application module coupled to the transceiver module and the monitoring analysis module, and the application module is used to send an application message to the transceiver module , The application message includes the at least one target server data and the at least one privileged account corresponding to the at least one target server data. When the application message does not match the server list, the monitoring analysis module generates and sends the alert Signal. 如申請專利範圍第6項所述之特權帳號管理系統,其中該申請訊息包含一第二伺服器資料以及一第二特權帳號,當該伺服器列表不包含該第二伺服器資料時,該收發模組建立該第二伺服器資料以及對應該第二伺服器資料的該第二特權帳號於該伺服器列表中。 For example, the privileged account management system described in item 6 of the scope of patent application, wherein the application message includes a second server data and a second privileged account, when the server list does not include the second server data, the receiving and sending The module creates the second server data and the second privileged account corresponding to the second server data in the server list. 如申請專利範圍第1項所述之特權帳號管理系統,進一步包含一顯示模組耦接該監控分析模組,該顯示模組用 以接收並顯示該監控分析模組所發送的該警示訊號。 For example, the privileged account management system described in item 1 of the scope of patent application further includes a display module coupled to the monitoring analysis module, and the display module uses To receive and display the warning signal sent by the monitoring analysis module. 如申請專利範圍第1項所述之特權帳號管理系統,其中該資料管理模組為系統中心配置管理器(System Center Configuration Manager,SCCM)。 For example, in the privileged account management system described in item 1 of the scope of patent application, the data management module is the System Center Configuration Manager (SCCM). 如申請專利範圍第4項所述之特權帳號管理系統,其中該收發模組、該監控分析模組以及該儲存模組整合於一伺服器中。 For example, in the privileged account management system described in item 4 of the scope of patent application, the transceiver module, the monitoring analysis module, and the storage module are integrated in a server.
TW109203649U 2020-03-30 2020-03-30 Privileged account management system TWM599062U (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW109203649U TWM599062U (en) 2020-03-30 2020-03-30 Privileged account management system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW109203649U TWM599062U (en) 2020-03-30 2020-03-30 Privileged account management system

Publications (1)

Publication Number Publication Date
TWM599062U true TWM599062U (en) 2020-07-21

Family

ID=72601710

Family Applications (1)

Application Number Title Priority Date Filing Date
TW109203649U TWM599062U (en) 2020-03-30 2020-03-30 Privileged account management system

Country Status (1)

Country Link
TW (1) TWM599062U (en)

Similar Documents

Publication Publication Date Title
US12113831B2 (en) Privilege assurance of enterprise computer network environments using lateral movement detection and prevention
Cheng et al. Enterprise data breach: causes, challenges, prevention, and future directions
Saxena et al. Cyber threat intelligence challenges: Leveraging blockchain intelligence with possible solution
US9516062B2 (en) System and method for determining and using local reputations of users and hosts to protect information in a network environment
US9348984B2 (en) Method and system for protecting confidential information
US7421491B2 (en) Method and system for monitoring individual devices in networked environments
US9008617B2 (en) Layered graphical event mapping
CN107154939B (en) Method and system for tracking data
Malecki Best practices for preventing and recovering from a ransomware attack
JP2016521388A (en) Techniques for predicting and protecting spear phishing targets
US12032694B2 (en) Autonomous machine learning methods for detecting and thwarting ransomware attacks
US20180077190A1 (en) Cloud-based threat observation system and methods of use
TWI758705B (en) Intellectual anti-hacking and privilege governance system
WO2024258881A1 (en) Dynamic authentication revocation utilizing privilege assurance
Kurpjuhn The guide to ransomware: how businesses can manage the evolving threat
Sujeetha et al. Cyber-space and its menaces
Siddesh et al. Orchestrating data integrity through remote auditing and compliance assurance
KR101044291B1 (en) Real-time web page forgery detection and recovery system
Data Georgia
TWM599062U (en) Privileged account management system
Lin System security threats and controls
Iordache Database–Web Interface Vulnerabilities
Malecki Optimising storage processes to reduce the risk of ransomware
Gyabi et al. Data Security in Rural Banking Sector: A Case Study in Ashanti Region
Aldhizer III et al. Mitigating the growing threat to sensitive data: 21st century mobile devices