CN112737818A - Automatic configuration management system and method for network security - Google Patents
Automatic configuration management system and method for network security Download PDFInfo
- Publication number
- CN112737818A CN112737818A CN202011499720.9A CN202011499720A CN112737818A CN 112737818 A CN112737818 A CN 112737818A CN 202011499720 A CN202011499720 A CN 202011499720A CN 112737818 A CN112737818 A CN 112737818A
- Authority
- CN
- China
- Prior art keywords
- configuration
- module
- items
- defects
- management
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 10
- 230000007547 defect Effects 0.000 claims abstract description 33
- 238000012545 processing Methods 0.000 claims abstract description 23
- 238000011156 evaluation Methods 0.000 claims abstract description 17
- 238000012544 monitoring process Methods 0.000 claims abstract description 17
- 238000007726 management method Methods 0.000 claims description 40
- 238000012986 modification Methods 0.000 claims description 3
- 230000004048 modification Effects 0.000 claims description 3
- 230000008676 import Effects 0.000 claims description 2
- 238000004891 communication Methods 0.000 abstract description 2
- 230000000694 effects Effects 0.000 description 3
- 238000012423 maintenance Methods 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0631—Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
- H04L41/0813—Configuration setting characterised by the conditions triggering a change of settings
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses an automatic configuration management system and method for network security, relates to the technical field of communication network security, and aims to solve the problem that manual processing is needed after a security policy in network security equipment is updated. The key points of the technical scheme are as follows: the configuration management module is used for managing the configuration items; the system comprises a configuration monitoring module, a configuration command generating module and a configuration connecting module, wherein the configuration monitoring module, the configuration command generating module and the configuration connecting module are used for automatic configuration; the safety evaluation module is used for evaluating the safety of the configuration, and the configuration early warning module is used for positioning the configuration items with defects according to the evaluation result and sending an alarm. According to the invention, after the configuration items are modified and updated according to the configuration strategy, the configuration unit automatically realizes configuration and evaluates and warns the security of the configuration.
Description
Technical Field
The present invention relates to the technical field of communication network security, and in particular, to an automatic configuration management system and method for network security.
Background
With the development of networks and information technologies, networks are gradually changing human life and working modes, and have great profound influence on various industries. The networked society brings convenience to daily life of people, endangers information security of individuals or enterprises, and even has profound influence on national security and international relations.
Network security devices generally control various actually running services in a network through security policies, and when service requirements change, the security policies in the network security devices also need to be updated correspondingly. At present, the work of updating the security policy is generally handled by a network administrator, and the network administrator manually updates the security policy in the network security device. Because of manual operation, the efficiency of updating the security policy is not high.
Disclosure of Invention
The invention aims to provide an automatic configuration management system and method for network security, which have the effects that after configuration items are modified and updated according to a configuration strategy, a configuration unit automatically realizes configuration and evaluates and warns the security of the configuration.
The above object of the present invention is achieved by the following technical solutions:
an automatic configuration management system for network security, comprising:
the configuration management module is used for managing the configuration items, and comprises modification and update configuration items, import configuration items and export configuration items;
the configuration monitoring module is used for monitoring the updating state of the configuration entries;
the configuration command generation module is used for calling the updated configuration item from the configuration management module after the configuration monitoring module monitors that the configuration item is updated, and generating a configuration command according to the configuration item;
the configuration connection module is used for issuing the configuration command to the corresponding configuration unit to execute configuration;
the safety evaluation module is used for evaluating and analyzing the safety information and the running state data of the configured configuration unit;
and the configuration early warning module is used for positioning the configuration items with defects according to the evaluation result and sending out an alarm.
The invention is further configured to: the system also comprises a user management module which is used for managing account information of the user, verifying the identity of the user and granting the login account with the authority of viewing and editing the configuration items through the configuration management module.
The invention is further configured to: the automatic configuration management system further comprises:
the log management system is used for recording configuration entries with defects and corresponding history processing modes;
and the early warning processing module is used for exporting a historical processing mode corresponding to the configuration item with the defect in the log management system after the configuration early warning module locates the configuration item with the defect.
The invention is further configured to: the automatic configuration management system further comprises:
and the display module is used for displaying the interfaces of the configuration management module, the configuration early warning module, the log management system and the early warning processing module.
The invention is further configured to: the configuration unit comprises two or more combinations of network equipment, electronic equipment, a system and data.
The second aim of the invention is realized by the following technical scheme:
an automatic configuration management method for network security comprises the following steps:
modifying and updating the configuration items;
monitoring the updating state of the configuration items, and generating configuration commands according to the configuration items after the configuration items are updated;
sending the configuration command to the corresponding configuration unit to execute configuration;
evaluating and analyzing the safety information and the running state data of the configured configuration unit;
and positioning the configuration items with defects according to the evaluation result and sending an alarm.
The invention is further configured to: after the alarm is sent out, the following steps are carried out:
recording the configuration entries with defects and the corresponding processing modes to form a log;
and after the configuration entries with defects are located, deriving the historical processing mode corresponding to the configuration entries with defects from the log for reference.
The invention is further configured to: further comprising the steps of:
and verifying the identity of the user through the account information, and granting the login account with the authority to modify and update the configuration items.
The invention is further configured to: the configuration unit comprises two or more combinations of network equipment, electronic equipment, a system and data.
In conclusion, the beneficial technical effects of the invention are as follows:
and entering the configuration strategy needing to be updated into the system in a mode of manually inputting or importing the configuration items, generating a configuration command by the system according to the configuration items, and automatically executing configuration operation by the configuration unit according to the configuration command to complete configuration. And the safety evaluation module carries out safety evaluation on the configuration unit, and when the evaluation does not meet the standard, the configuration item with the defect is positioned and an alarm is given out to remind a user of manual modification. The system completes automatic configuration, performs safety evaluation on the configuration, finds defects and solves the inconvenience of manual configuration.
Drawings
Fig. 1 is a schematic overall structure diagram of a first embodiment of the present invention.
Detailed Description
Example one
The invention discloses an automatic configuration management system for network security, which refers to fig. 1 and comprises a configuration management module, a configuration monitoring module, a configuration command generation module, a configuration connection module, a security evaluation module and a configuration early warning module. The following is a detailed description of the functions of the above modules:
and the configuration management module is used for managing the configuration items, including modifying and updating the configuration items. In addition, configuration entries may be imported and exported for convenience of operation. In this embodiment, the operation list of the configuration entry is accompanied by a time stamp and an operator, which is convenient for management.
And the configuration monitoring module is used for monitoring the updating state of the configuration items, and immediately triggering the configuration command generating module to work after the configuration monitoring module monitors the updating.
And the configuration command generating module is used for calling the updated configuration items from the configuration management module after the configuration monitoring module monitors the update of the configuration items, and generating the configuration commands according to the configuration items, wherein the configuration commands are provided with operation instructions facing each configuration unit. The configuration unit comprises two or more combinations of network equipment, electronic equipment, a system and data.
And the configuration connection module is used for issuing the configuration command to the corresponding configuration unit to execute the configuration.
And the safety evaluation module is used for evaluating and analyzing the safety information and the running state data of the configured configuration units, and the safety information and the running state data of each configuration unit in the monitoring area reflect the current safety state of the corresponding configuration unit.
And the configuration early warning module is used for positioning the configuration items with defects according to the evaluation result and sending out an alarm.
In this embodiment, each configuration unit has a unique identifier, the configuration entry also has a unique number and a type number, and the alarm information includes the identifier of the corresponding configuration unit with a poor security state of the configuration unit and the number of the configuration entry causing the alarm, so that maintenance personnel can quickly locate the position where the problem occurs.
In order to facilitate maintenance personnel to obtain the method for processing the defect configuration items, the system comprises a log management system and an early warning processing module. The log management system is used for recording configuration items with defects and corresponding historical processing modes, and the early warning processing module is used for exporting the historical processing modes corresponding to the configuration items with the defects in the log management system after the configuration early warning module locates the configuration items with the defects. The system records the configuration entries with defects in history, records the processing mode aiming at the type of defects at the moment, and generates a log for storage. When new defects occur, the same type of defects in the log and a historical processing mode are called, and reference is provided for maintenance personnel.
In order to improve the safety of the system operation, the system comprises a user management module which is used for managing account information of a user, verifying the identity of the user and granting the login account with the authority of viewing and editing the configuration items through a configuration management module.
In order to achieve a good interaction effect, the system further comprises a display module for displaying an interface of the configuration management module, the configuration early warning module, the log management system and the early warning processing module. And a user account login interface in the user management module is also displayed through the display module.
Example two
The invention discloses an automatic configuration management method for network security, which comprises the following steps:
s1, modifying and updating the configuration items;
s2, monitoring the update state of the configuration items, and generating configuration commands according to the configuration items after the configuration items are updated;
s3, sending the configuration command to the corresponding configuration unit to execute configuration, wherein the configuration unit comprises the combination of two or more of network equipment, electronic equipment, system and data;
s4, evaluating and analyzing the safety information and the running state data of the configured configuration unit;
and S5, positioning the configuration items with defects according to the evaluation result and sending an alarm.
In step S5, if the evaluation result shows that there is no defect, the configuration is completed.
After the alarm is issued in step S5, the following steps are performed:
recording the configuration entries with defects and the corresponding processing modes to form a log;
after the configuration entries with defects are located, historical processing modes corresponding to the configuration entries with defects are derived from the log for reference.
In step S1, the user needs to pass authentication before operation. The verification mode is that the user logs in through the account password, the identity of the user is verified, and the right of modifying and updating the configuration items is granted to the login account.
The embodiments of the present invention are preferred embodiments of the present invention, and the scope of the present invention is not limited by these embodiments, so: all equivalent changes made according to the structure, shape and principle of the invention are covered by the protection scope of the invention.
Claims (9)
1. An automatic configuration management system for network security, comprising:
the configuration management module is used for managing the configuration items, and comprises modification and update configuration items, import configuration items and export configuration items;
the configuration monitoring module is used for monitoring the updating state of the configuration entries;
the configuration command generation module is used for calling the updated configuration item from the configuration management module after the configuration monitoring module monitors that the configuration item is updated, and generating a configuration command according to the configuration item;
the configuration connection module is used for issuing the configuration command to the corresponding configuration unit to execute configuration;
the safety evaluation module is used for evaluating and analyzing the safety information and the running state data of the configured configuration unit;
and the configuration early warning module is used for positioning the configuration items with defects according to the evaluation result and sending out an alarm.
2. The system according to claim 1, wherein: the system also comprises a user management module which is used for managing account information of the user, verifying the identity of the user and granting the login account with the authority of viewing and editing the configuration items through the configuration management module.
3. The system according to claim 2, further comprising:
the log management system is used for recording configuration entries with defects and corresponding history processing modes;
and the early warning processing module is used for exporting a historical processing mode corresponding to the configuration item with the defect in the log management system after the configuration early warning module locates the configuration item with the defect.
4. The system according to claim 3, further comprising:
and the display module is used for displaying the interfaces of the configuration management module, the configuration early warning module, the log management system and the early warning processing module.
5. The system according to claim 1, wherein: the configuration unit comprises two or more combinations of network equipment, electronic equipment, a system and data.
6. An automatic configuration management method for network security is characterized by comprising the following steps:
modifying and updating the configuration items;
monitoring the updating state of the configuration items, and generating configuration commands according to the configuration items after the configuration items are updated;
sending the configuration command to the corresponding configuration unit to execute configuration;
evaluating and analyzing the safety information and the running state data of the configured configuration unit;
and positioning the configuration items with defects according to the evaluation result and sending an alarm.
7. The method of claim 6, wherein the following steps are performed after the alarm is issued:
recording the configuration entries with defects and the corresponding processing modes to form a log;
and after the configuration entries with defects are located, deriving the historical processing mode corresponding to the configuration entries with defects from the log for reference.
8. The method for automatic configuration management of network security according to claim 7, further comprising the steps of:
and verifying the identity of the user through the account information, and granting the login account with the authority to modify and update the configuration items.
9. The method of claim 6, wherein the method comprises: the configuration unit comprises two or more combinations of network equipment, electronic equipment, a system and data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011499720.9A CN112737818A (en) | 2020-12-17 | 2020-12-17 | Automatic configuration management system and method for network security |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011499720.9A CN112737818A (en) | 2020-12-17 | 2020-12-17 | Automatic configuration management system and method for network security |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112737818A true CN112737818A (en) | 2021-04-30 |
Family
ID=75602877
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011499720.9A Pending CN112737818A (en) | 2020-12-17 | 2020-12-17 | Automatic configuration management system and method for network security |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112737818A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116032581A (en) * | 2022-12-19 | 2023-04-28 | 国网河北省电力有限公司衡水供电分公司 | Network equipment security management method and electronic equipment |
| CN116032580A (en) * | 2022-12-19 | 2023-04-28 | 国网河北省电力有限公司衡水供电分公司 | Network equipment security management system and method |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140359694A1 (en) * | 2013-06-03 | 2014-12-04 | eSentire, Inc. | System and method for computer system security |
| CN105119750A (en) * | 2015-09-08 | 2015-12-02 | 南京联成科技发展有限公司 | Distributed information security operation and maintenance management platform based on massive data |
| CN106302304A (en) * | 2015-05-11 | 2017-01-04 | 中兴通讯股份有限公司 | The method and apparatus in management information security specification storehouse |
| CN108462676A (en) * | 2017-02-20 | 2018-08-28 | 中兴通讯股份有限公司 | The management method and device of Network Security Device |
-
2020
- 2020-12-17 CN CN202011499720.9A patent/CN112737818A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140359694A1 (en) * | 2013-06-03 | 2014-12-04 | eSentire, Inc. | System and method for computer system security |
| CN106302304A (en) * | 2015-05-11 | 2017-01-04 | 中兴通讯股份有限公司 | The method and apparatus in management information security specification storehouse |
| CN105119750A (en) * | 2015-09-08 | 2015-12-02 | 南京联成科技发展有限公司 | Distributed information security operation and maintenance management platform based on massive data |
| CN108462676A (en) * | 2017-02-20 | 2018-08-28 | 中兴通讯股份有限公司 | The management method and device of Network Security Device |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116032581A (en) * | 2022-12-19 | 2023-04-28 | 国网河北省电力有限公司衡水供电分公司 | Network equipment security management method and electronic equipment |
| CN116032580A (en) * | 2022-12-19 | 2023-04-28 | 国网河北省电力有限公司衡水供电分公司 | Network equipment security management system and method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105844142B (en) | Management-control method in a kind of database account number safe collection | |
| CN108960456A (en) | Private clound secure, integral operation platform | |
| CN111524306A (en) | Centralized monitoring system for power environment of machine room | |
| CN114143033B (en) | Cloud platform user management and operation and maintenance integrated system | |
| CN110768963B (en) | Trusted security management platform with distributed architecture | |
| CN112737818A (en) | Automatic configuration management system and method for network security | |
| CN106852050B (en) | Safety cabinet and control method thereof | |
| CN116545725A (en) | Account management method and device based on blockchain technology | |
| CN109858223A (en) | Electromechanical equipment authorization method, control device and storage medium based on identification technology | |
| CN117056170A (en) | Self-service machine background management system and method | |
| CN115310078B (en) | Application method of auditing system on industrial production line | |
| CN113421360A (en) | Safety operation control system and method based on man-machine bidirectional intelligent identification switch cabinet | |
| CN111245782B (en) | System and method for intelligently monitoring entry-exit self-service acceptance equipment | |
| CN112214772A (en) | Privilege certificate centralized management and control and service system | |
| CN114360125B (en) | A kind of intelligent management system and method for non-sensitive personnel | |
| CN111652454A (en) | Supervision quality and safety production management evaluation management system | |
| CN115664984A (en) | Information security monitoring system and method based on Internet of things | |
| CN113536380A (en) | Data privacy protection system | |
| CN111131464A (en) | Distributed terminal management system for laboratory of colleges and universities | |
| CN111770100B (en) | Method and system for verifying safe access of external equipment to Internet of things terminal | |
| CN113645244A (en) | Safety supervision platform and supervision method thereof | |
| CN112613015A (en) | Intelligent authority management system and method for production equipment | |
| CN110543762A (en) | Privileged account threat analysis system | |
| CN111741089A (en) | Intelligent safety operation management and control system and method based on industrial Internet of things | |
| CN113759831A (en) | Information processing method, information processing system and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210430 |
|
| RJ01 | Rejection of invention patent application after publication |