[go: up one dir, main page]

CN110086812A - A kind of safely controllable intranet security patrol police's system and method - Google Patents

A kind of safely controllable intranet security patrol police's system and method Download PDF

Info

Publication number
CN110086812A
CN110086812A CN201910357390.0A CN201910357390A CN110086812A CN 110086812 A CN110086812 A CN 110086812A CN 201910357390 A CN201910357390 A CN 201910357390A CN 110086812 A CN110086812 A CN 110086812A
Authority
CN
China
Prior art keywords
security
intranet
network
asset
vulnerability scanning
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910357390.0A
Other languages
Chinese (zh)
Other versions
CN110086812B (en
Inventor
崔翔
刘井强
殷丽华
谭庆丰
姜誉
王乐
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangzhou University
Original Assignee
Guangzhou University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangzhou University filed Critical Guangzhou University
Priority to CN201910357390.0A priority Critical patent/CN110086812B/en
Publication of CN110086812A publication Critical patent/CN110086812A/en
Application granted granted Critical
Publication of CN110086812B publication Critical patent/CN110086812B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer And Data Communications (AREA)

Abstract

本发明涉及计算机安全领域,具体涉及了一种安全可控的内网安全巡警系统及方法,所述方法对内网中的网络设备安装内网资产标志;判断所述内网资产标志是否包括登录凭证信息;若是,则对所述网络设备执行有登录凭证的漏洞扫描;否则,对所述网络设备执行无登录凭证的漏洞扫描。本发明仅在其符合特定条件下,才对内网中的网络设备进行漏洞扫描,所述特征条件为,所述网络设备发送的内网资产标志信息中包含登录凭证信息,能够有效地避免了漏洞扫描过程误伤主机系统。

The present invention relates to the field of computer security, in particular to a safe and controllable intranet security patrol system and method. The method installs an intranet asset mark on a network device in the intranet; judges whether the intranet asset mark includes a login credential information; if yes, execute vulnerability scan with login credential on the network device; otherwise, execute vulnerability scan without login credential on the network device. The present invention scans the network equipment in the intranet for vulnerabilities only when it meets specific conditions. The vulnerability scanning process accidentally damages the host system.

Description

一种安全可控的内网安全巡警系统及方法A safe and controllable intranet security patrol system and method

技术领域technical field

本发明涉及计算机安全领域,特别是涉及一种安全可控的内网安全巡警系统及方法。The invention relates to the field of computer security, in particular to a safe and controllable intranet security patrol system and method.

背景技术Background technique

随着网络应用的日益广泛,网络安全特别是“内网安全”已成为IT应用面临的关键问题之一,以内网巡警为代表的各种针对内网安全的产品日益受到用户重视。With the increasingly widespread network applications, network security, especially "intranet security" has become one of the key issues faced by IT applications. Various products for intranet security represented by intranet patrol police are increasingly valued by users.

内网安全巡警系统作为一个针对内部网络、专用网络的主动管理、控制和监视的网络安全产品,以解决企业和政府内部专用网络的安全管理、安全控制、行为监视为目标,以主动的安全管理和安全控制的方式,将内部网络的安全隐患以技术的手段进行有效地控制,通过对每一个网络行为的监视和记录,将网络的安全隐患可视化,从而大大提高内部专用网络地安全性,真正保障每一个网络用户都在授权的范围合法地使用数据和信息。As a network security product aimed at active management, control and monitoring of internal networks and private networks, the intranet security patrol system aims to solve the security management, security control, and behavior monitoring of private networks within enterprises and governments. and security control methods to effectively control the hidden dangers of the internal network with technical means. By monitoring and recording each network behavior, the hidden dangers of the network can be visualized, thereby greatly improving the security of the internal private network, truly Ensure that every network user uses data and information legally within the scope of authorization.

目前主流的内网安全巡警系统缺乏有效的安全边界检测机制,使得再给定一个目的IP地址,或者给定一个IP地址范围时,容易产生对该IP地址或地址段以外的其它非目标主机系统的渗透测试和安全审计,有时不但起不到安全加固的作用,甚至对核心生成网中的主机造成破坏,影响正常系统业务的运行。At present, the mainstream intranet security patrol system lacks an effective security boundary detection mechanism, so that when a destination IP address or an IP address range is given, it is easy to generate other non-target host systems outside the IP address or address range. Penetration testing and security auditing, sometimes not only fail to achieve the effect of security reinforcement, but even cause damage to the hosts in the core generation network, affecting the normal operation of system services.

目前主流的内网安全产品缺乏边界审核机制,缺少有效的目标主机安全检测认证标识,当对内网主机进行渗透测试和安全评估时,可能由于内部局域网的互联,导致扩散或错误攻击的情况,使一些正常运行的非目标主机系统受到内网安全巡警系统的威胁。一些不希望被扫描探测的系统由于漏洞验证脚本的运行,误伤主机系统,导致信息泄露,越权访问,甚至自动化攻击的POC使得系统瘫痪,如:永恒之蓝(漏洞编号ms17-010)漏洞验证脚本可使Windows系统的主机蓝屏,导致拒绝服务。At present, mainstream intranet security products lack a boundary audit mechanism and effective target host security detection and certification marks. When performing penetration testing and security assessment on intranet hosts, it may be due to the interconnection of internal LANs, which may lead to proliferation or wrong attacks. Some non-target host systems that are normally running are threatened by the intranet security patrol system. Some systems that do not want to be scanned and detected may accidentally damage the host system due to the running of the vulnerability verification script, resulting in information leakage, unauthorized access, and even automatic attack POC that paralyzes the system, such as: Eternal Blue (vulnerability number ms17-010) vulnerability verification script It can make the host of the Windows system blue screen, resulting in denial of service.

发明内容SUMMARY OF THE INVENTION

为了解决上述问题,本发明的目的是提供一种内网安全巡警系统及方法,仅在其符合特定条件下,才对内网中的网络设备进行漏洞扫描,所述特征条件为,所述网络设备发送的内网资产标志信息中包含登录凭证信息。In order to solve the above-mentioned problems, the object of the present invention is to provide a security patrol system and method for the intranet, which scans the network equipment in the intranet for vulnerabilities only when it meets specific conditions, and the characteristic condition is that the network The intranet asset identification information sent by the device includes login credential information.

基于此,本发明提供了一种安全可控的内网安全巡警系统,其特征在于,包括:资产管理模块、漏洞扫描模块、安全审计模块和网络管理模块;Based on this, the present invention provides a safe and controllable intranet security patrol system, which is characterized in that it includes: an asset management module, a vulnerability scanning module, a security audit module and a network management module;

所述资产管理模块,用于接收所述内网中的网络设备发送的内网资产标志信息;所述内网资产标志信息,用于资产认证标识及资产管理;The asset management module is configured to receive intranet asset identification information sent by network devices in the intranet; the intranet asset identification information is used for asset authentication identification and asset management;

所述漏洞扫描模块,用于判断内网中的网络设备是否具有内网资产标志中的登录凭证信息,若是,则对所述网络设备进行漏洞扫描;若否,则不对所述网络设备进行漏洞扫描;所述资产管理模块使用登录凭证信息,远程管理所述网络设备和安全设备;The vulnerability scanning module is used to judge whether the network equipment in the intranet has the login credential information in the intranet asset mark, if so, then scan the vulnerability of the network equipment; if not, do not perform vulnerability scanning on the network equipment scanning; the asset management module uses the login credential information to remotely manage the network device and security device;

所述安全审计模块,用于审计所述网络设备及所述安全设备,发现存在安全问题的问题设备;The security audit module is used to audit the network equipment and the security equipment, and find problematic equipment with security issues;

所述网络管理模块,用于对所述问题设备进行安全修复。The network management module is used to perform security repair on the faulty equipment.

作为优选的技术方案,所述资产管理模块还用于配置具有不同属性的网络资产库单元;所述网络资产库单元用于配置所述网络资产库中的网络设备的入侵检测任务和安全审计任务。As a preferred technical solution, the asset management module is also used to configure network asset library units with different attributes; the network asset library unit is used to configure intrusion detection tasks and security audit tasks of network devices in the network asset library .

作为优选的技术方案,所述内网资产标志信息还包括运行标志信息;所述运行标志信息,用于发现所述内网中的网络设备和安全设备;As a preferred technical solution, the intranet asset flag information also includes running flag information; the running flag information is used to discover network devices and security devices in the intranet;

作为优选的技术方案,所述安全问题包括:发现错误配置、异常登录、违反安全策略的行为;所述违反安全策略的行为包括:所述网络设备的系统级的安全策略和所述安全设备的系统级的安全策略。As a preferred technical solution, the security issues include: discovering misconfigurations, abnormal logins, and violations of security policies; the violations of security policies include: the system-level security policies of the network equipment and the security policies of the security equipment. System-level security policy.

作为优选的技术方案,所述网络管理模块,还用于判断安全问题是否能够被自动化安全修复,若是,则进行自动化安全修复;若否,向内网安全员发出协作通知或安全警告。As a preferred technical solution, the network management module is also used to determine whether the security problem can be automatically repaired, and if so, perform automatic security repair; if not, send a cooperation notification or a security warning to the intranet security officer.

基于此,本发明还提出了一种安全可控的内网安全巡警方法,其特征在于,包括:Based on this, the present invention also proposes a safe and controllable intranet security patrol method, which is characterized in that it includes:

安装标志,即对内网中的网络设备安装内网资产标志;Install the logo, that is, install the intranet asset logo on the network equipment in the intranet;

漏洞扫描,即判断所述内网资产标志是否包括登录凭证信息;若是,则对所述网络设备执行漏洞扫描;如否,则不对所述网络设备执行漏洞扫描。Vulnerability scanning, that is, judging whether the intranet asset mark includes login credential information; if so, performing vulnerability scanning on the network device; if not, not performing vulnerability scanning on the network device.

作为优选的技术方案,在安装标志之后及漏洞扫描之前,所述内网安全巡警方法还包括;登记资产,即判断所述内网资产标志是否包括运行标志信息,若是,则将所述网络设备登记为可漏洞扫描设备;若否,结束所述内网安全巡警方法。As a preferred technical solution, after installing the flag and before vulnerability scanning, the intranet security patrol method also includes: registering assets, that is, judging whether the intranet asset flag includes running flag information, and if so, registering the network device Register as a vulnerability scanning device; if not, end the intranet security patrol method.

作为优选的技术方案,在漏洞扫描之后,所述内网安全巡警方法还包括:安全审计,对所述可漏洞扫描设备进行安全审计。As a preferred technical solution, after the vulnerability scanning, the intranet security patrol method further includes: security audit, performing a security audit on the vulnerability scanning device.

作为优选的技术方案,在漏洞扫描之后,所述内网安全巡警方法还包括:安全修复,对所述可漏洞扫描设备进行安全修复操作,所述安全修复包括:策略加强、版本更新、漏洞修复及补丁更新。As a preferred technical solution, after the vulnerability scanning, the intranet security patrol method also includes: security repair, performing a security repair operation on the vulnerability scanning device, and the security repair includes: policy strengthening, version update, vulnerability repair and patch updates.

因此,本发明提出的安全可控的内网安全巡警系统及方法,仅在所述网络设备包含登录凭证信息时,才认为所述网络设备希望被扫描探测。而不希望被扫描探测的系统,则因其不包含登录凭证信息,不对其进行漏洞扫描,避免了漏洞验证脚本的运行。避免了漏洞扫描过程误伤主机系统,导致信息泄露,越权访问,甚至自动化攻击的POC使得系统瘫痪,如:永恒之蓝(漏洞编号ms17-010)漏洞验证脚本可使Windows系统的主机蓝屏,导致拒绝服务等现象的发生。Therefore, the security and controllable intranet security patrol system and method proposed by the present invention consider that the network device wants to be scanned and detected only when the network device contains login credential information. The system that does not want to be scanned and detected does not perform vulnerability scanning because it does not contain login credential information, thus avoiding the running of the vulnerability verification script. Avoid accidental damage to the host system during the vulnerability scanning process, resulting in information leakage, unauthorized access, and even automatic attack POC that paralyzes the system, such as: Eternal Blue (vulnerability number ms17-010) vulnerability verification script can cause the host computer of the Windows system to blue screen, resulting in rejection occurrence of services.

附图说明Description of drawings

图1是本发明实施例的内网安全巡警系统的网络拓扑图;Fig. 1 is the network topology diagram of the intranet security patrol system of the embodiment of the present invention;

图2是本发明实施例的内网安全巡警系统的框架图;Fig. 2 is the frame diagram of the intranet security patrol system of the embodiment of the present invention;

图3是本发明实施例的内网安全巡警方法的流程图;Fig. 3 is the flow chart of the intranet security police patrol method of the embodiment of the present invention;

图4是本发明实施例的引入资产登记步骤的内网安全巡警方法的流程图。Fig. 4 is a flowchart of an intranet security patrol method introducing an asset registration step according to an embodiment of the present invention.

具体实施方式Detailed ways

下面结合附图和实施例,对本发明的具体实施方式作进一步详细描述。以下实施例用于说明本发明,但不用来限制本发明的范围。The specific embodiments of the present invention will be described in further detail below with reference to the accompanying drawings and embodiments. The following examples are intended to illustrate the present invention, but not to limit the scope of the present invention.

实施例1Example 1

参见附图1,本发明提出的内网安全巡警服务器可以安装在内网的核心交换机上,这样方便内网安全巡警服务器对内网中的网络设备进行管理。Referring to accompanying drawing 1, the intranet security patrol server that the present invention proposes can be installed on the core switchboard of intranet, makes things convenient for intranet security patrol server to manage the network equipment in intranet like this.

参见附图2,本发明提出的安全可控的内网安全巡警系统包括:资产管理模块、漏洞扫描模块、安全审计模块和网络管理模块;Referring to accompanying drawing 2, the safe and controllable intranet safety patrol system that the present invention proposes comprises: asset management module, loophole scanning module, safety audit module and network management module;

资产管理模块,用于接收所述内网中的网络设备发送的内网资产标志信息。The asset management module is configured to receive the intranet asset identification information sent by the network equipment in the intranet.

所述漏洞扫描模块,用于判断内网中的网络设备是否具有内网资产标志中的登录凭证信息,若是,则对所述网络设备进行漏洞扫描;否则,不对所述网络设备进行漏洞扫描;The vulnerability scanning module is used to judge whether the network equipment in the intranet has the login credential information in the intranet asset mark, if so, then scan the network equipment for vulnerabilities; otherwise, do not scan the network equipment for vulnerabilities;

所述安全审计模块,用于对内网中的网络设备及安全设备进行安全审计,即发现内网中的存在安全问题的问题设备;The security audit module is used to perform a security audit on network equipment and security equipment in the intranet, that is, to find problematic equipment with security problems in the intranet;

所述网络管理模块,用于对所述问题设备进行安全修复。The network management module is used to perform security repair on the faulty equipment.

在内网中运行的网络设备中,均安装并运行了内网资产标志,在本发明的实施例中,该标志可以为网络设备的Mutex信号量,可以用来进行资产认证及资产管理。所述内网中的网络设备在安装了内网资产标志之后,自动向内网巡警服务器发送经加密之后的内网资产标志信息。所述加密过程,可以使用HTTPS协议、RSA加密算法、MD5加密算法等,但不限于上述加密手段。In the network equipment running in the intranet, all the intranet asset flags are installed and running. In the embodiment of the present invention, the flag can be the Mutex semaphore of the network equipment, which can be used for asset authentication and asset management. After the network device in the intranet is installed with the intranet asset flag, it automatically sends encrypted intranet asset flag information to the intranet patrol server. The encryption process may use HTTPS protocol, RSA encryption algorithm, MD5 encryption algorithm, etc., but is not limited to the above encryption means.

漏洞扫描模块支持插件验证式检测机制来检测验证内网中网络设备的漏洞,主要是对互联网新爆发的安全漏洞进行快速响应及风险排查,对已发现的漏洞进行评估,该模块和资产管理模块联动工作。The vulnerability scanning module supports a plug-in verification detection mechanism to detect and verify the vulnerabilities of network devices in the intranet. It is mainly to quickly respond to new security vulnerabilities on the Internet and investigate risks, and evaluate the discovered vulnerabilities. This module and the asset management module Linkage work.

为了避免扩散或错误攻击,漏洞扫描模块检测收集到的网络设备的内网资产标志信息中是否保存有的登录凭证信息,若有所述登录凭证信息,则该网络设备的漏洞扫描活动在所述内网安全巡警系统中是在授权范围内的;若果没有,则所述内网安全巡警系统没有授权所述漏洞扫描模块对所述网络设备进行漏洞扫描。In order to avoid spreading or mistaken attacks, the vulnerability scanning module detects whether there is any login credential information stored in the collected intranet asset identification information of the network device. If there is the login credential information, the vulnerability scanning activity of the network device is in In the intranet security patrol system, it is within the scope of authorization; if not, then the intranet security patrol system does not authorize the vulnerability scanning module to scan the network device for vulnerabilities.

安全审计模块主要对各类服务器(如:Web服务器、数据库服务器、FTP服务器、邮件服务器等)、PC主机、路由器、交换机等网络设备,和防火墙等安全设备进行安全审计。所述安全审计模块,通过解析所述网络设备发送的内含登录凭据的内网资产表示信息,进行主机系统级和网络安全系统级的安全策略审计。所述安全审计模块能够读取审计日志信息,从审计日志中,识别出安全问题,如:错误配置、异常登录、违反安全策略的行为等。The security audit module mainly conducts security audits on various servers (such as: Web servers, database servers, FTP servers, mail servers, etc.), PC hosts, routers, switches and other network devices, and firewalls and other security devices. The security audit module conducts security policy audits at the host system level and network security system level by analyzing the intranet asset representation information containing login credentials sent by the network device. The security audit module can read the audit log information, and identify security problems from the audit log, such as: misconfiguration, abnormal login, behaviors violating security policies, and the like.

网络管理模块根据安全审计模块发现的安全问题,,对检测的目标系统进行自动化的安全修复,安全修复的内容包括:策略加强、版本更新、漏洞修复、补丁更新,对于所述网络管理模块无法自动处理,即需要安全管理人员配合操作的安全修复,向内网安全员发出协作通知或安全警告。The network management module performs automatic security repairs on the detected target system according to the security problems found by the security audit module. Processing, that is, a security repair that requires the cooperation of security management personnel, and a cooperation notification or security warning is issued to the intranet security personnel.

实施例2Example 2

在实施例1的基础上,所述内网资产标志信息还包括运行标志信息。内网巡警服务器收到所述运行标志后,登记该资产信息,作为后续阶段的入侵检测、安全审计及资产管理的凭据。On the basis of Embodiment 1, the intranet asset flag information further includes running flag information. After the intranet patrol server receives the operation flag, it registers the asset information as a credential for subsequent intrusion detection, security audit, and asset management.

内网安全员可以根据网络设备的属性,使用所述资产管理模块中的网络资产库单元,对其进行IT资产划分,创建不同的资产库。通过网络资产库单元,内网安全员可以灵活的创建入侵检测任务和安全审计任务。网络资产库单元,支持添加、删除资产等资产管理功能,启动或自定义已发现网络设备的入侵检测,内网安全员可以通过关键字搜索功能筛选出符合条件的网络设备添加到漏洞扫描任务中。The intranet security officer can use the network asset library unit in the asset management module to divide IT assets and create different asset libraries according to the attributes of the network equipment. Through the network asset library unit, intranet security officers can flexibly create intrusion detection tasks and security audit tasks. The network asset library unit supports asset management functions such as adding and deleting assets, and enables or customizes the intrusion detection of discovered network devices. Intranet security personnel can use the keyword search function to filter out qualified network devices and add them to the vulnerability scanning task .

实施例3Example 3

参见附图3,为本发明提出的安全可控的内网巡警方法的流程图。所述内网安全巡警方法,包括:Referring to accompanying drawing 3, it is a flow chart of the safe and controllable intranet patrol method proposed by the present invention. The intranet security patrol method includes:

安装标志,即对内网中的网络设备安装内网资产标志;Install the logo, that is, install the intranet asset logo on the network equipment in the intranet;

漏洞扫描,即判断所述内网资产标志是否包括登录凭证信息;若是,则对所述网络设备执行漏洞扫描;否则,不对所述网络设备执行漏洞扫描。Vulnerability scanning, that is, judging whether the intranet asset mark includes login credential information; if so, performing vulnerability scanning on the network device; otherwise, not performing vulnerability scanning on the network device.

安全审计,对所述可漏洞扫描设备进行安全审计;Security audit, performing a security audit on the vulnerability scanning device;

安全修复,对所述可漏洞扫描设备进行安全修复操作,所述安全修复包括:策略加强、版本更新、漏洞修复及补丁更新。Security repair, performing a security repair operation on the vulnerability scanning device, the security repair includes: policy enhancement, version update, vulnerability repair and patch update.

本实施例中的术语的含义与本发明实施1与实施2中的含义相同。此处,不在赘述。The meanings of the terms in this embodiment are the same as those in Embodiment 1 and Embodiment 2 of the present invention. Here, I won't go into details.

实施例4Example 4

参见附图4,本实施例在实施例3的基础上,所述内网资产标志信息还包括运行标志信息。内网巡警服务器收到所述运行标志后,登记该资产信息,作为后续阶段的入侵检测、安全审计及资产管理的凭据。Referring to FIG. 4 , this embodiment is based on Embodiment 3, and the intranet asset flag information also includes running flag information. After the intranet patrol server receives the operation flag, it registers the asset information as a credential for subsequent intrusion detection, security audit, and asset management.

本申请提出的内网巡警方法在实施例3的基础上,在安装标志之后及漏洞扫描之前,增加以下步骤:登记资产,即判断所述内网资产标志是否包括运行标志信息,若是,则将所述网络设备登记为可漏洞扫描设备;若否,则结束所述内网安全巡警方法。The intranet patrol method proposed by this application is based on embodiment 3. After the flag is installed and before the vulnerability scan, the following steps are added: registering assets, that is, judging whether the intranet asset flag includes running flag information, and if so, add the following steps: The network device is registered as a vulnerability scanning device; if not, the intranet security patrol method is ended.

内网安全员可以根据网络设备的属性,使用所述资产管理模块中的网络资产库单元,对其进行IT资产划分,创建不同的资产库。通过网络资产库单元,内网安全员可以灵活的创建入侵检测任务和安全审计任务。网络资产库单元,支持添加、删除资产等资产管理功能,启动或自定义已发现网络设备的入侵检测,内网安全员可以通过关键字搜索功能筛选出符合条件的网络设备添加到漏洞扫描任务中。The intranet security officer can use the network asset library unit in the asset management module to divide IT assets and create different asset libraries according to the attributes of the network equipment. Through the network asset library unit, intranet security officers can flexibly create intrusion detection tasks and security audit tasks. The network asset library unit supports asset management functions such as adding and deleting assets, and enables or customizes the intrusion detection of discovered network devices. Intranet security personnel can use the keyword search function to filter out qualified network devices and add them to the vulnerability scanning task .

因此,本发明提出的安全可控的内网安全巡警系统及方法,仅在所述网络设备包含登录凭证信息时,才认为所述网络设备希望被扫描探测。而不希望被扫描探测的系统,则因其不包含登录凭证信息,不对其进行漏洞扫描,避免了漏洞验证脚本的运行。避免了漏洞扫描过程误伤主机系统,导致信息泄露,越权访问,甚至自动化攻击的POC使得系统瘫痪,如:永恒之蓝(漏洞编号ms17-010)漏洞验证脚本可使Windows系统的主机蓝屏,导致拒绝服务等现象的发生。Therefore, the security and controllable intranet security patrol system and method proposed by the present invention consider that the network device wants to be scanned and detected only when the network device contains login credential information. The system that does not want to be scanned and detected does not perform vulnerability scanning because it does not contain login credential information, thus avoiding the running of the vulnerability verification script. Avoid accidental damage to the host system during the vulnerability scanning process, resulting in information leakage, unauthorized access, and even automatic attack POC that paralyzes the system, such as: Eternal Blue (vulnerability number ms17-010) vulnerability verification script can cause the host computer of the Windows system to blue screen, resulting in rejection occurrence of services.

以上所述仅是本发明的优选实施方式,应当指出,对于本技术领域的普通技术人员来说,在不脱离本发明技术原理的前提下,还可以做出若干改进和替换,这些改进和替换也应视为本发明的保护范围。The above is only a preferred embodiment of the present invention, it should be pointed out that for those of ordinary skill in the art, without departing from the technical principle of the present invention, some improvements and replacements can also be made, these improvements and replacements It should also be regarded as the protection scope of the present invention.

Claims (10)

1.一种安全可控的内网安全巡警系统,其特征在于,包括:资产管理模块、漏洞扫描模块、安全审计模块和网络管理模块;1. A safe and controllable intranet security patrol system is characterized in that it comprises: an asset management module, a vulnerability scanning module, a safety audit module and a network management module; 所述资产管理模块,用于接收所述内网中的网络设备发送的内网资产标志信息;所述内网资产标志信息,用于资产认证标识及资产管理;The asset management module is configured to receive intranet asset identification information sent by network devices in the intranet; the intranet asset identification information is used for asset authentication identification and asset management; 所述漏洞扫描模块,用于判断内网中的网络设备是否具有内网资产标志中的登录凭证信息,若是,则对所述网络设备进行漏洞扫描;若否,则不对所述网络设备进行漏洞扫描;所述资产管理模块使用登录凭证信息,远程管理所述网络设备和安全设备;The vulnerability scanning module is used to judge whether the network equipment in the intranet has the login credential information in the intranet asset mark, if so, then scan the vulnerability of the network equipment; if not, do not perform vulnerability scanning on the network equipment scanning; the asset management module uses the login credential information to remotely manage the network device and security device; 所述安全审计模块,用于审计所述网络设备及所述安全设备,发现存在安全问题的问题设备;The security audit module is used to audit the network equipment and the security equipment, and find problematic equipment with security problems; 所述网络管理模块,用于对所述问题设备进行安全修复。The network management module is used to perform security repair on the faulty equipment. 2.如权利要求1所述的内网安全巡警系统,其特征在于:2. Intranet security patrol system as claimed in claim 1, characterized in that: 所述资产管理模块还用于配置具有不同属性的网络资产库单元;The asset management module is also used to configure network asset library units with different attributes; 所述网络资产库单元用于配置所述网络资产库中的网络设备的入侵检测任务和安全审计任务。The network asset library unit is used to configure intrusion detection tasks and security audit tasks of network devices in the network asset library. 3.如权利要求2所述的内网安全巡警系统,其特征在于:3. Intranet security patrol system as claimed in claim 2, characterized in that: 所述内网资产标志信息还包括运行标志信息;The intranet asset flag information also includes running flag information; 所述运行标志信息,用于发现所述内网中的网络设备和安全设备。The running flag information is used to discover network devices and security devices in the intranet. 4.如权利要求1所述的内网安全巡警系统,其特征在于:4. Intranet security patrol system as claimed in claim 1, characterized in that: 所述安全问题包括:发现错误配置、异常登录、违反安全策略的行为;The security issues include: discovery of misconfiguration, abnormal login, and violation of security policies; 所述违反安全策略的行为包括:所述网络设备的系统级的安全策略和所述安全设备的系统级的安全策略。The violation of the security policy includes: a system-level security policy of the network device and a system-level security policy of the security device. 5.如权利要求1或4所述的内网安全巡警系统,其特征在于:5. Intranet security patrol system as claimed in claim 1 or 4, characterized in that: 所述网络管理模块对所述问题设备进行安全修复的内容包括:策略加强、版本更新、漏洞修复及补丁更新。The content of security repair performed by the network management module on the problematic device includes: policy strengthening, version update, bug fix and patch update. 6.如权利要求1或4所述的内网安全巡警系统,其特征在于:6. Intranet security patrol system as claimed in claim 1 or 4, characterized in that: 所述网络管理模块,还用于判断安全问题是否能够被自动化安全修复,若是,则进行自动化安全修复;若否,向内网安全员发出协作通知或安全警告。The network management module is also used to determine whether the security problem can be automatically repaired, and if so, perform automatic security repair; if not, send a cooperation notification or a security warning to the intranet security officer. 7.一种安全可控的内网安全巡警方法,其特征在于,包括:7. A safe and controllable intranet security patrol method, characterized in that it comprises: 安装标志,即对内网中的网络设备安装内网资产标志;Install the logo, that is, install the intranet asset logo on the network equipment in the intranet; 漏洞扫描,即判断所述内网资产标志是否包括登录凭证信息;若是,则对所述网络设备执行漏洞扫描;若否,不对所述网络设备执行漏洞扫描。Vulnerability scanning, that is, judging whether the intranet asset mark includes login credential information; if so, performing vulnerability scanning on the network device; if not, not performing vulnerability scanning on the network device. 8.如权利要求7所述的内网安全巡警方法,其特征在于,在安装标志之后及漏洞扫描之前,所述内网安全巡警方法还包括;8. Intranet security patrol method as claimed in claim 7, is characterized in that, after installing sign and before vulnerability scanning, described intranet security patrol method also comprises; 登记资产,即判断所述内网资产标志是否包括运行标志信息,若是,则将所述网络设备登记为可漏洞扫描设备;若否,则结束所述内网安全巡警方法。Registering assets means judging whether the intranet asset flag includes running flag information, if so, registering the network device as a vulnerability scanning device; if not, ending the intranet security patrol method. 9.如权利要求7或8所述的内网安全巡警方法,其特征在于,在漏洞扫描之后,所述内网安全巡警方法还包括:9. Intranet security patrol method as claimed in claim 7 or 8, is characterized in that, after vulnerability scanning, described intranet security patrol method also comprises: 安全审计,对所述可漏洞扫描设备进行安全审计。Security audit, performing a security audit on the vulnerability scanning device. 10.如权利要求9所述的内网安全巡警方法,其特征在于,在漏洞扫描之后,所述内网安全巡警方法还包括:10. Intranet security patrol method as claimed in claim 9, is characterized in that, after vulnerability scanning, described intranet security patrol method also comprises: 安全修复,对所述可漏洞扫描设备进行安全修复操作,所述安全修复包括:策略加强、版本更新、漏洞修复及补丁更新。Security repair, performing a security repair operation on the vulnerability scanning device, the security repair includes: policy enhancement, version update, vulnerability repair and patch update.
CN201910357390.0A 2019-04-29 2019-04-29 A safe and controllable intranet security patrol system and method Expired - Fee Related CN110086812B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910357390.0A CN110086812B (en) 2019-04-29 2019-04-29 A safe and controllable intranet security patrol system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910357390.0A CN110086812B (en) 2019-04-29 2019-04-29 A safe and controllable intranet security patrol system and method

Publications (2)

Publication Number Publication Date
CN110086812A true CN110086812A (en) 2019-08-02
CN110086812B CN110086812B (en) 2021-11-30

Family

ID=67417763

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910357390.0A Expired - Fee Related CN110086812B (en) 2019-04-29 2019-04-29 A safe and controllable intranet security patrol system and method

Country Status (1)

Country Link
CN (1) CN110086812B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111711613A (en) * 2020-05-26 2020-09-25 微梦创科网络科技(中国)有限公司 A network security vulnerability scanning method and system
CN112464249A (en) * 2020-12-10 2021-03-09 北京冠程科技有限公司 Asset equipment attack vulnerability repairing method, device, equipment and storage medium

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050097199A1 (en) * 2003-10-10 2005-05-05 Keith Woodard Method and system for scanning network devices
CN101610174A (en) * 2009-07-24 2009-12-23 深圳市永达电子股份有限公司 A kind of log correlation analysis system and method
CN103118003A (en) * 2012-12-27 2013-05-22 北京神州绿盟信息安全科技股份有限公司 Risk scanning method, device and system based on assets
CN106650458A (en) * 2016-10-17 2017-05-10 杭州迪普科技股份有限公司 Scanning method and device of loophole
CN107809433A (en) * 2017-11-06 2018-03-16 中国联合网络通信集团有限公司 Assets management method and device
CN108322446A (en) * 2018-01-05 2018-07-24 深圳壹账通智能科技有限公司 Intranet assets leak detection method, device, computer equipment and storage medium
CN108416408A (en) * 2018-03-21 2018-08-17 联想(北京)有限公司 Methods, devices and systems for asset management
CN108737425A (en) * 2018-05-24 2018-11-02 北京凌云信安科技有限公司 Fragility based on multi engine vulnerability scanning association analysis manages system

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050097199A1 (en) * 2003-10-10 2005-05-05 Keith Woodard Method and system for scanning network devices
CN101610174A (en) * 2009-07-24 2009-12-23 深圳市永达电子股份有限公司 A kind of log correlation analysis system and method
CN103118003A (en) * 2012-12-27 2013-05-22 北京神州绿盟信息安全科技股份有限公司 Risk scanning method, device and system based on assets
CN106650458A (en) * 2016-10-17 2017-05-10 杭州迪普科技股份有限公司 Scanning method and device of loophole
CN107809433A (en) * 2017-11-06 2018-03-16 中国联合网络通信集团有限公司 Assets management method and device
CN108322446A (en) * 2018-01-05 2018-07-24 深圳壹账通智能科技有限公司 Intranet assets leak detection method, device, computer equipment and storage medium
CN108416408A (en) * 2018-03-21 2018-08-17 联想(北京)有限公司 Methods, devices and systems for asset management
CN108737425A (en) * 2018-05-24 2018-11-02 北京凌云信安科技有限公司 Fragility based on multi engine vulnerability scanning association analysis manages system

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111711613A (en) * 2020-05-26 2020-09-25 微梦创科网络科技(中国)有限公司 A network security vulnerability scanning method and system
CN112464249A (en) * 2020-12-10 2021-03-09 北京冠程科技有限公司 Asset equipment attack vulnerability repairing method, device, equipment and storage medium

Also Published As

Publication number Publication date
CN110086812B (en) 2021-11-30

Similar Documents

Publication Publication Date Title
CN114978584B (en) Network security protection security method and system based on unit units
US10587647B1 (en) Technique for malware detection capability comparison of network security devices
JP6334069B2 (en) System and method for accuracy assurance of detection of malicious code
US8495745B1 (en) Asset risk analysis
US12526292B2 (en) Security threat remediation for network-accessible devices
CN107809433A (en) Assets management method and device
US12401689B2 (en) Centralized management of policies for network-accessible devices
WO2017034072A1 (en) Network security system and security method
US8392998B1 (en) Uniquely identifying attacked assets
CN115720161A (en) Network security vulnerability type analysis, vulnerability detection and information protection method
KR101768079B1 (en) System and method for improvement invasion detection
CN118200016A (en) Asset monitoring method based on equipment fingerprint
CN116566654B (en) A protection system for blockchain management server
Wang et al. A measurement study on the (in) security of end-of-life (eol) embedded devices
CN110086812B (en) A safe and controllable intranet security patrol system and method
CN113132412B (en) A method for testing and checking computer network security
KR101767591B1 (en) System and method for improvement invasion detection
CN119512690A (en) A hierarchical security strategy and hierarchical cloud storage system for ecological compensation data value
Karie et al. Cybersecurity incident response in the enterprise
CN119210856A (en) A method, device, equipment and medium for accessing enterprise resource information based on zero-trust network security protection
CN117195235A (en) User terminal access trusted computing authentication system and method
Nilsson et al. Vulnerability scanners
US11108800B1 (en) Penetration test monitoring server and system
Ruha Cybersecurity of computer networks
CN116961977A (en) Safety detection methods, devices, equipment and computer program products

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20211130