CN102238038A - Network equipment security evaluation method and device - Google Patents
Network equipment security evaluation method and device Download PDFInfo
- Publication number
- CN102238038A CN102238038A CN2011102104444A CN201110210444A CN102238038A CN 102238038 A CN102238038 A CN 102238038A CN 2011102104444 A CN2011102104444 A CN 2011102104444A CN 201110210444 A CN201110210444 A CN 201110210444A CN 102238038 A CN102238038 A CN 102238038A
- Authority
- CN
- China
- Prior art keywords
- risk
- type information
- network equipment
- security
- risk type
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000011156 evaluation Methods 0.000 title claims abstract description 59
- 238000000034 method Methods 0.000 claims abstract description 39
- 230000000694 effects Effects 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000004321 preservation Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 238000004891 communication Methods 0.000 description 1
- 230000002354 daily effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000003203 everyday effect Effects 0.000 description 1
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a network equipment security evaluation method and a network equipment security evaluation device, which are used for solving the problem of network equipment security evaluation inaccuracy in the prior art. The method comprises the following steps of: scanning each piece of risk data corresponding to each piece of risk type information in network equipment according at least one piece of set risk type information; and for each piece of risk type information, comparing each piece of risk data corresponding to the risk type information in a scanning result with each piece of saved risk data corresponding to the risk type information in a security baseline set for the network equipment, and outputting a comparison result. Security evaluation is performed on the network equipment according to each piece of saved risk data corresponding to each piece of risk type information in the security baseline set for the network equipment, so the embodiment of the invention can more accurately evaluate the security of the network equipment.
Description
Technical field
The present invention relates to communication technical field, relate in particular to a kind of security assessment method and device of the network equipment.
Background technology
Fast development along with network technology, the office system of most of enterprises and institutions and operation system have all realized with the network being the based computer automation, the continuous growth of business demand, make the continuous dilatation of operation system, the network equipment that needs in the network to manage also gets more and more, and the fail safe of the network environment of this complexity of how to evaluate and the network equipment of application becomes a problem demanding prompt solution.
In realizing process of the present invention, the inventor finds that there are the following problems in the prior art: because the business and the function of the network equipment all are not quite similar, even there is identical scanning result in the different network equipments, also may be different to the influence of network environment and the influence of business.For example, individual main frame a and service server b are carried out system vulnerability scanning, there is identical system vulnerability in two network equipment scanning results, in actual applications, this system vulnerability that service server b exists is bigger with professional influence to network environment than this system vulnerability that individual main frame a exists to the influence of network environment and business, therefore for whole network environment and business, the security risks that service server b exists will be higher than the security risks that individual main frame a exists, and according to the method for prior art, be the fail safe that accurately to assess out two network equipments.
Summary of the invention
The embodiment of the invention provides a kind of security assessment method and device of the network equipment, in order to solve in the prior art the inaccurate problem of the safety evaluation of the network equipment.
The security assessment method of a kind of network equipment that the embodiment of the invention provides comprises:
According at least a risk type information of setting, each risk data of every kind of risk type information correspondence in the scan for networks equipment; And
At every kind of risk type information, each risk data with this risk type information correspondence of comprising in the scanning result, each risk data corresponding with this risk type information that comprises in the security baseline of preserving at described network equipment setting compares, and the output comparing result.
The safety evaluation device of a kind of network equipment that the embodiment of the invention provides comprises:
The security sweep module is used for according at least a risk type information of setting, each risk data of every kind of risk type information correspondence in the scan for networks equipment;
The security baseline administration module is used to preserve the security baseline of setting at the described network equipment;
The security evaluation analysis module, be used at every kind of risk type information, each risk data with this risk type information correspondence of comprising in the scanning result, each risk data corresponding with this risk type information that comprises in the security baseline of preserving at described network equipment setting compares, and the output comparing result.
The embodiment of the invention provides a kind of security assessment method and device of the network equipment, this method is according at least a risk type information of setting, each risk data of every kind of risk type information correspondence in the scan for networks equipment, at every kind of risk type information, each risk data with this risk type information correspondence of comprising in the scanning result, each risk data corresponding with this risk type information that comprises in the security baseline of preserving at this network equipment setting compares, and the output comparing result.Because each risk data of the every kind of risk type information correspondence that comprises in the security baseline according to preservation in the embodiment of the invention at this network equipment setting, this network equipment is carried out safety evaluation, therefore can assess the fail safe of the network equipment more accurately.
Description of drawings
The process of the safety evaluation of the network equipment that Fig. 1 provides for the embodiment of the invention;
The detailed process of the safety evaluation of the network equipment that Fig. 2 provides for the embodiment of the invention;
The safety evaluation apparatus structure schematic diagram of the network equipment that Fig. 3 provides for the embodiment of the invention.
Embodiment
The embodiment of the invention provides a kind of security assessment method and device of the network equipment, this method is according at least a risk type information of setting, each risk data of every kind of risk type information correspondence in the scan for networks equipment, at every kind of risk type information, each risk data with this risk type information correspondence of comprising in the scanning result, each risk data corresponding with this risk type information that comprises in the security baseline of preserving at this network equipment setting compares, and the output comparing result.Because each risk data of the every kind of risk type information correspondence that comprises in the security baseline according to preservation in the embodiment of the invention at this network equipment setting, this network equipment is carried out safety evaluation, therefore can assess the fail safe of the network equipment more accurately.
Below in conjunction with Figure of description, the embodiment of the invention is described in detail.
The process of the safety evaluation of the network equipment that Fig. 1 provides for the embodiment of the invention specifically may further comprise the steps:
S101: according at least a risk type information of setting, each risk data of every kind of risk type information correspondence in the scan for networks equipment.
In embodiments of the present invention, at least a risk type information of this setting is the data type information of each risk data of the fail safe that influences this network equipment.For example this risk type information can comprise the system vulnerability type, each risk data of this kind risk type information correspondence is in the scan for networks equipment, scan that data type information is each risk data of system vulnerability type in this network equipment, also promptly, scan each system vulnerability information in this network equipment.
And in embodiments of the present invention, the safety evaluation device links to each other with each network equipment in the network, and each risk data of every kind of risk type information correspondence in the remote scanning network equipment.
S102: at every kind of risk type information, each risk data with this risk type information correspondence of comprising in the scanning result, each risk data corresponding with this risk type information that comprises in the security baseline of preserving at this network equipment setting compares, and the output comparing result.
In embodiments of the present invention, all set corresponding security baseline, comprised at least one risk data of at least a risk type information correspondence in this security baseline at each network equipment in the network.Each risk data that comprises in this security baseline wherein, can be set the risk data that comprises in this security baseline according to function and the effect of this network equipment in network for causing the risk data of security risks to this network equipment.
Each the corresponding risk data of this risk type information that comprises in each risk data of this risk type information correspondence of comprising in the scanning result and this security baseline is compared, also, judge whether this risk data also is present in this security baseline promptly at each risk data that comprises in the scanning result.Comparing result is exported as the result who this network equipment is carried out safety evaluation, in the comparing result of output, if certain risk data in the scanning result also is present in the security baseline, illustrate that then this certain risk data in this network equipment may cause security risks to this network equipment, also promptly in the comparing result of output, showed each risk data that may cause security risks in the scanning result this network equipment.
In said process, the safety evaluation device is according at least a risk type information of setting, each risk data of every kind of risk type information correspondence in the scan for networks equipment, and at every kind of risk type information, each the corresponding risk data of this risk type information that comprises in each risk data of this risk type information correspondence of comprising in the scanning result and this security baseline is compared, and the output comparing result.Owing to according to each risk data that comprises in the security baseline of preserving, this network equipment is carried out safety evaluation in the embodiment of the invention, therefore can assess the fail safe of the network equipment more accurately at this network equipment setting.
Because in the practical application scene, the risk data that influences the fail safe of the network equipment has a lot, system vulnerability information for example, but consider function and the effect of the network equipment in network, for some system vulnerability, even there is this some system vulnerability in the network equipment, but for whole network environment, some system vulnerability of this that exists in this network equipment can't impact the fail safe of whole network environment, and promptly this some system vulnerability can not influence the fail safe of this network equipment yet.Therefore in order further to improve accuracy to the safety evaluation of the network equipment, the process of setting security baseline at this network equipment is specially, in the blacklist in this security baseline that the risk data that influences the fail safe of this network equipment is preserved, the risk data that does not influence the fail safe of this network equipment is kept in the white list in this security baseline.Also be, for each risk data that may cause security risk to this network equipment, consider the function and the effect of this network equipment, the fail safe of this network equipment is caused the risk data of security risk for meeting, these risk data are kept in the blacklist of security baseline, even, these risk data are kept in the white list of security baseline for there being the risk data that also can not cause security risk to this network equipment.
When adopting said method to set this security baseline at this network equipment, each the corresponding risk data of this risk type information that comprises in each risk data of comprising this risk type information correspondence in the scanning result and the security baseline is compared, and the process of output comparing result is specially, each risk data that this risk type information that comprises in the blacklist with each risk data of this risk type information correspondence of comprising in the scanning result and security baseline is corresponding compares, the common factor or the difference set of each risk data that this risk type information of comprising in each risk data of this risk type information correspondence of comprising in the scanning result and this blacklist is corresponding, result's output as a comparison.
Wherein, common factor result's output as a comparison of each risk data that this risk type information of comprising in each risk data of this risk type information correspondence of comprising in the scanning result and this blacklist is corresponding, also i.e. output is present in each risk data of this risk type information correspondence in the scanning result and in the blacklist of security baseline simultaneously, for each risk data that comprises in this common factor, illustrate that each risk data in this common factor all can cause security risks to this network equipment.Difference set result's output as a comparison of each risk data that this risk type information of comprising in each risk data of this risk type information correspondence of comprising in the scanning result and this blacklist is corresponding, also promptly output is present in the scanning result, and is not present in each risk data of this risk type correspondence in the blacklist of this security baseline.For each risk data that comprises in this difference set, illustrate that each risk data in this difference set may not can cause security risks to this network equipment when based on this security baseline this network equipment being carried out safety evaluation.
And, each risk data with this risk type information correspondence of comprising in the scanning result, each risk data corresponding with this risk type information that comprises in the security baseline of preserving at this network equipment setting compares, and output comparing result process can also for, each risk data that this risk type information that comprises in the white list with each risk data of this risk type information correspondence of comprising in the scanning result and security baseline is corresponding compares, the common factor or the difference set of each risk data that this risk type information of comprising in each risk data of this risk type information correspondence of comprising in the scanning result and the white list is corresponding, result's output as a comparison.
Wherein, common factor result's output as a comparison of each risk data that this risk type information of comprising in each risk data of this risk type information correspondence of comprising in the scanning result and this white list is corresponding, also i.e. output is present in each risk data of this risk type information correspondence in the scanning result and in the white list of security baseline simultaneously, for each risk data that comprises in this common factor, illustrate that each risk data in this common factor can not cause security risks to this network equipment.Difference set result's output as a comparison of each risk data that this risk type information of comprising in each risk data of this risk type information correspondence of comprising in the scanning result and this white list is corresponding, also promptly output is present in the scanning result, and be not present in each risk data of this risk type correspondence in the white list of this security baseline, for each risk data that comprises in this difference set, when explanation was carried out safety evaluation based on this security baseline to this network equipment, each risk data in this difference set may cause security risks to this network equipment.
Preferable, can be with each risk data of this risk type information correspondence of comprising in the scanning result, each risk data corresponding with this risk type information that comprises in blacklist in the security baseline and the white list all compares, also promptly at each risk data of this risk type information correspondence that comprises in the scanning result, judge whether this risk data is present in the blacklist of security baseline, and judge whether this risk data is present in the white list of security baseline.In the comparing result of output, for the risk data that is present in the scanning result in the blacklist, then this risk data can cause security risks to this network equipment, for the risk data that is present in the scanning result in the white list, then this risk data can not cause security risks to this network equipment, for neither being present in the risk data that also is not present in the blacklist in the white list in the scanning result, illustrate that this risk data may cause security risks to this network equipment, also may not can cause security risks.
In follow-up step,, can adjust this security baseline according to the comparing result of output in order further to improve the accuracy of safety evaluation.Concrete, can this security baseline be adjusted according to the risk data in the white list that also is not present in security baseline in the blacklist that neither is present in security baseline in the scanning result, for example in blacklist or white list, increase some risk data.
In embodiments of the present invention, in order further to improve the accuracy of safety evaluation, at this network equipment set security baseline process can also for, each risk data that comprises in the security baseline is provided with the corresponding level of security and first weighted value.Also promptly, each risk data that comprises in the blacklist with security baseline is provided with the corresponding level of security and first weighted value, and each risk data that comprises in the white list with security baseline also is provided with the corresponding level of security and first weighted value.Wherein, consider that the function of the different network equipments is different with effect, can set the different level of security and first weighted value at the risk data in the security baseline of the different network equipments.For example, suppose that this risk data is a system vulnerability information, the security baseline of setting at network equipment a is: the level of security of system vulnerability A correspondence is 1, and the level of security of system vulnerability B correspondence is 2, and the level of security of system vulnerability C correspondence is 3; And the security baseline of setting at network equipment b is: the level of security of system vulnerability A correspondence is 2, and the level of security of system vulnerability B correspondence is 3, and the level of security of system vulnerability C correspondence is 1; When the safety evaluation device is assessed network equipment a, this risk data of scanning, also promptly there is system vulnerability B in this network equipment a of this system vulnerability information description, the level of security of then determining this risk data map network equipment a is 2, when network equipment b is assessed, also there is system vulnerability B in this network equipment b that the risk data of scanning is described, determines that then the level of security of this risk data map network equipment b is 3.
In embodiments of the present invention, in order further to improve the accuracy of safety evaluation, behind the output comparing result, can also determine the value-at-risk of this network equipment on every kind of risk type information according to each risk data corresponding level of security and first weighted value that is provided with in security baseline of the every kind of risk type information correspondence that comprises in the scanning result.Detailed process is, at every kind of risk type information, obtain each risk data of this risk type information correspondence that comprises in the scanning result, at each risk data of obtaining, according to this risk data corresponding level of security and first weighted value that is provided with in security baseline, determine the level of security of this risk data correspondence and first product of first weighted value, first product that to determine at each risk data of obtaining and, be defined as this network equipment value-at-risk on the risk type information in this, and output.
Continue to continue to use example, first weighted value of supposing the system vulnerability A correspondence set in the corresponding security baseline of network equipment a is 0.3, first weighted value of system vulnerability B correspondence is 0.5, the risk data that comprises system vulnerability type correspondence in the scanning result to this network equipment a exists system vulnerability A and system vulnerability B for this network equipment a, then determine the level of security 1 of system vulnerability A correspondence and first product of first weighted value 0.3, promptly 0.3, determine the level of security 2 of system vulnerability B correspondence and first product of first weighted value 0.5, promptly 1, with each first product of determining and as the value-at-risk of this network equipment a on the system vulnerability type, this value-at-risk is 1.3.
In embodiments of the present invention, in order further to improve the accuracy of safety evaluation, at this network equipment set security baseline process can also for, the every kind of risk type information that comprises in the security baseline is provided with the second corresponding weighted value.Thereby, after the definite value-at-risk of the network equipment on every kind of risk type information, can also be at every kind of risk type information, according to this network equipment value-at-risk on the risk type information in this of determining, and second weighted value of this kind risk type information correspondence that comprises in the security baseline, determine second product of second weighted value that the value-at-risk of this network equipment on this kind risk type information is corresponding with this kind risk type information, and second product that will determine at every kind of risk type information and, be defined as the integrated risk value of this network equipment.Adopt this method to carry out safety evaluation to the network equipment more accurately, and can represent assessment result more intuitively.
When adopting said method, because the risk data that comprises in the security baseline at the different network equipments, the different level of securitys and first weighted value have been set, and second weighted value of setting at every kind of risk type information also can be different, even therefore have identical system vulnerability in two network equipments, if but the effect of these two network equipments is different with function, after so these two network equipments being carried out safety evaluation, the integrated risk value of these two network equipments of determining also is not necessarily identical, therefore can assess the fail safe of the network equipment accurately.
Owing to influence the system vulnerability of factor except existing in the network equipment of the fail safe of the network equipment, also comprise the security configuration of the network equipment and the system mode of the network equipment etc., therefore in the embodiment of the invention in order to improve accuracy to the safety evaluation of the network equipment, this risk type information comprises: security configuration type, system mode type and system vulnerability type, the risk type information that certainly, can also comprise the fail safe that other influence the network equipment.When every kind of risk type information setting is security configuration type, system mode type and system vulnerability type, the risk data of the risk data of the risk data of security configuration type correspondence, system mode type correspondence and system vulnerability type correspondence in the safety evaluation device scan for networks equipment.
Wherein, the risk type information is the security configuration information of the risk data of security configuration type for this network equipment, and this security configuration information has been described the configuration of this network equipment, for example daily record configuration, port arrangement, account configuration etc.The risk type information is the system status information of the risk data of system mode type for this network equipment, and this system status information has been described the state of this network equipment, for example port status, file status, process status, account status etc.
In embodiments of the present invention,, can carry out safety evaluation to the network equipment, for example every day this network equipment be carried out the once safety assessment according to the time interval of setting in order further to improve the accuracy of safety evaluation.Simultaneously, the trend that changes for the fail safe that this network equipment is provided accurately, after the integrated risk value of determining this network equipment, the safety evaluation device also will be preserved the integrated risk value of this definite network equipment, and the moment corresponding when determining the integrated risk value of this network equipment, and according to each integrated risk value of this network equipment of determining of preserving, and when determining each integrated risk value of this network equipment correspondence each constantly, generate the integrated risk value and the corresponding fail safe tendency chart of time of this network equipment.Also be, foundation is the coordinate system of reference axis with integrated risk value and time, according to each integrated risk value of this network equipment of preserving, and this each integrated risk value moment corresponding, the integrated risk value and the corresponding fail safe tendency chart of time of this network equipment of generation in this coordinate system.
The detailed process of the safety evaluation of the network equipment that Fig. 2 provides for the embodiment of the invention specifically may further comprise the steps:
S201: the safety evaluation device is according at least a risk type information of setting, each risk data of every kind of risk type information correspondence in the scan for networks equipment.
Wherein, the risk type information comprises Configuration Type, Status Type and system vulnerability type.
S202: at every kind of risk type information, with each risk data of this risk type information correspondence of comprising in the scanning result, each risk data corresponding with this risk type information that comprises in the blacklist of the security baseline of setting at this network equipment compares.
S203: output is present in the scanning result and the risk data in the blacklist of security baseline simultaneously.
S204:, obtain each risk data of this risk type information correspondence that comprises in the scanning result at every kind of risk type information.
S205: at each risk data of obtaining, according to this risk data corresponding level of security and first weighted value that is provided with in security baseline, first product of the level of security of this risk data correspondence and first weighted value.
S206: first product that will determine at each risk data of obtaining and, be defined as the value-at-risk of this network equipment on this kind risk type information, and output.
S207: at every kind of risk type information, according to the value-at-risk of this network equipment on this kind risk type information of determining, and second weighted value of this kind risk type information correspondence that comprises in the security baseline, determine second product of second weighted value that the value-at-risk of the described network equipment on this kind risk type information is corresponding with this kind risk type information.
S208: second product that will determine at every kind of risk type information and, be defined as the integrated risk value of this network equipment and output.
S209: the integrated risk value of this network equipment of preserve determining, and the moment corresponding when determining the integrated risk value of this network equipment.
S210: according to each integrated risk value of this network equipment of determining of preserving, and when determining each integrated risk value of this network equipment correspondence each constantly, generate the integrated risk value and the corresponding fail safe tendency chart of time of this network equipment.
In said process, the safety evaluation device is according at least a risk type information of setting, each risk data of every kind of risk type information correspondence in the scan for networks equipment, and at every kind of risk type information, each the corresponding risk data of this risk type information that comprises in each risk data of this risk type information correspondence of comprising in the scanning result and this security baseline is compared, and the output comparing result.Owing to according to each risk data that comprises in the security baseline of preserving, this network equipment is carried out safety evaluation in the embodiment of the invention, therefore can assess the fail safe of the network equipment more accurately at this network equipment setting.
And, each risk data of every kind of risk type information correspondence of safety evaluation device scanning is security configuration information, system status information, and system vulnerability information, determine the level of security of this network equipment according to security configuration information, system status information, system vulnerability information, take all factors into consideration security configuration information, system status information, system vulnerability information to the influence that the fail safe of the network equipment brings, further improved the accuracy of safety evaluation.
In the process of practical operation, the network O﹠M personnel can select to carry out the network equipment of safety evaluation earlier by the safety evaluation device, and select every kind of risk type information scanning, and the security baseline of safety evaluation time institute foundation is carried out in setting to this network equipment, indicate this safety evaluation device to scan each risk data of every kind of risk type information correspondence in the network equipment of this selection then, and according to each risk data that comprises in the security baseline of setting at this network equipment, and each risk data that comprises in the scanning result, this network equipment is carried out safety evaluation, determine the integrated risk value of this network equipment.
The safety evaluation apparatus structure schematic diagram of the network equipment that Fig. 3 provides for the embodiment of the invention specifically comprises:
Security sweep module 301 is used for according at least a risk type information of setting, each risk data of every kind of risk type information correspondence in the scan for networks equipment;
Security baseline administration module 302 is used to preserve the security baseline of setting at the described network equipment;
Security evaluation analysis module 303, be used at every kind of risk type information, each risk data with this risk type information correspondence of comprising in the scanning result, each risk data corresponding with this risk type information that comprises in the security baseline of preserving at described network equipment setting compares, and the output comparing result.
Described security evaluation analysis module 303 specifically is used for, each risk data that this risk type information that comprises in the blacklist with each risk data of this risk type information correspondence of comprising in the described scanning result and described security baseline is corresponding compares, the common factor or the difference set of each risk data that this risk type information of comprising in each risk data of this risk type information correspondence of comprising in the described scanning result and the described blacklist is corresponding, result's output as a comparison, perhaps, each risk data that this risk type information that comprises in the white list with each risk data of this risk type information correspondence of comprising in the described scanning result and described security baseline is corresponding compares, the common factor or the difference set of each risk data that this risk type information of comprising in each risk data of this risk type information correspondence of comprising in the described scanning result and the described white list is corresponding, result's output as a comparison.
Described security baseline administration module 302 specifically is used for, and each risk data that comprises in the described security baseline is provided with the corresponding level of security and first weighted value.
Described security evaluation analysis module 303 also is used for, at every kind of risk type information, obtain each risk data of this risk type information correspondence that comprises in the described scanning result, at each risk data of obtaining, according to this risk data corresponding level of security and first weighted value that is provided with in described security baseline, determine the level of security of this risk data correspondence and first product of first weighted value, first product that to determine at each risk data of obtaining and, be defined as the value-at-risk of the described network equipment on this kind risk type information, and output.
Described security baseline administration module 302 also is used for, and the every kind of risk type information that comprises in the described security baseline is provided with the second corresponding weighted value.
Described security evaluation analysis module 303 also is used for, at every kind of risk type information, according to the value-at-risk of the described network equipment on this kind risk type information of determining, and second weighted value of this kind risk type information correspondence that comprises in the described security baseline, determine second product of second weighted value that the value-at-risk of the described network equipment on this kind risk type information is corresponding with this kind risk type information, second product that to determine at every kind of risk type information and, be defined as the integrated risk value of the described network equipment, and output.
And, above-mentioned safety evaluation device can also comprise task management module and log pattern, the task management module is used to manage each evaluation tasks of the network equipment being carried out safety evaluation, and log pattern is used to write down the assessment result and the assessment moment of the network equipment being carried out safety evaluation.
The embodiment of the invention provides a kind of security assessment method and device of the network equipment, this method is according at least a risk type information of setting, each risk data of every kind of risk type information correspondence in the scan for networks equipment, at every kind of risk type information, each risk data with this risk type information correspondence of comprising in the scanning result, each risk data corresponding with this risk type information that comprises in the security baseline of preserving at this network equipment setting compares, and the output comparing result.Because each risk data of the every kind of risk type information correspondence that comprises in the security baseline according to preservation in the embodiment of the invention at this network equipment setting, this network equipment is carried out safety evaluation, therefore can assess the fail safe of the network equipment more accurately.
Obviously, those skilled in the art can carry out various changes and modification to the present invention and not break away from the spirit and scope of the present invention.Like this, if of the present invention these are revised and modification belongs within the scope of claim of the present invention and equivalent technologies thereof, then the present invention also is intended to comprise these changes and modification interior.
Claims (13)
1. the security assessment method of a network equipment is characterized in that, comprising:
According at least a risk type information of setting, each risk data of every kind of risk type information correspondence in the scan for networks equipment; And
At every kind of risk type information, each risk data with this risk type information correspondence of comprising in the scanning result, each risk data corresponding with this risk type information that comprises in the security baseline of preserving at described network equipment setting compares, and the output comparing result.
2. the method for claim 1, it is characterized in that, each risk data with this risk type information correspondence of comprising in the scanning result, each risk data corresponding with this risk type information that comprises in the security baseline of preserving at described network equipment setting compares, and the output comparing result, specifically comprise:
Each risk data that this risk type information that comprises in the blacklist with each risk data of this risk type information correspondence of comprising in the described scanning result and described security baseline is corresponding compares, the common factor or the difference set of each risk data that this risk type information of comprising in each risk data of this risk type information correspondence of comprising in the described scanning result and the described blacklist is corresponding, result's output as a comparison; Perhaps
Each risk data that this risk type information that comprises in the white list with each risk data of this risk type information correspondence of comprising in the described scanning result and described security baseline is corresponding compares, the common factor or the difference set of each risk data that this risk type information of comprising in each risk data of this risk type information correspondence of comprising in the described scanning result and the described white list is corresponding, result's output as a comparison.
3. the method for claim 1 is characterized in that, sets security baseline at the described network equipment, specifically comprises:
Each risk data that comprises in the described security baseline is provided with the corresponding level of security and first weighted value.
4. method as claimed in claim 3 is characterized in that, described method also comprises:
At every kind of risk type information, obtain each risk data of this risk type information correspondence that comprises in the described scanning result;
At each risk data of obtaining,, determine the level of security of this risk data correspondence and first product of first weighted value according to this risk data corresponding level of security and first weighted value that is provided with in described security baseline;
First product that to determine at each risk data of obtaining and, be defined as the value-at-risk of the described network equipment on this kind risk type information, and output.
5. method as claimed in claim 4 is characterized in that, sets security baseline at the described network equipment, also comprises:
The every kind of risk type information that comprises in the described security baseline is provided with the second corresponding weighted value.
6. method as claimed in claim 5 is characterized in that, described method also comprises:
At every kind of risk type information, according to the value-at-risk of the described network equipment on this kind risk type information of determining, and second weighted value of this kind risk type information correspondence that comprises in the described security baseline, determine second product of second weighted value that the value-at-risk of the described network equipment on this kind risk type information is corresponding with this kind risk type information;
Second product that to determine at every kind of risk type information and, be defined as the integrated risk value of the described network equipment and output.
7. the method for claim 1 is characterized in that, described risk type information comprises: security configuration type, system mode type and system vulnerability type.
8. the safety evaluation device of a network equipment is characterized in that, comprising:
The security sweep module is used for according at least a risk type information of setting, each risk data of every kind of risk type information correspondence in the scan for networks equipment;
The security baseline administration module is used to preserve the security baseline of setting at the described network equipment;
The security evaluation analysis module, be used at every kind of risk type information, each risk data with this risk type information correspondence of comprising in the scanning result, each risk data corresponding with this risk type information that comprises in the security baseline of preserving at described network equipment setting compares, and the output comparing result.
9. device as claimed in claim 8, it is characterized in that, described security evaluation analysis module specifically is used for, each risk data that this risk type information that comprises in the blacklist with each risk data of this risk type information correspondence of comprising in the described scanning result and described security baseline is corresponding compares, the common factor or the difference set of each risk data that this risk type information of comprising in each risk data of this risk type information correspondence of comprising in the described scanning result and the described blacklist is corresponding, result's output as a comparison, perhaps, each risk data that this risk type information that comprises in the white list with each risk data of this risk type information correspondence of comprising in the described scanning result and described security baseline is corresponding compares, the common factor or the difference set of each risk data that this risk type information of comprising in each risk data of this risk type information correspondence of comprising in the described scanning result and the described white list is corresponding, result's output as a comparison.
10. device as claimed in claim 8 is characterized in that, described security baseline administration module specifically is used for, and each risk data that comprises in the described security baseline is provided with the corresponding level of security and first weighted value.
11. device as claimed in claim 10, it is characterized in that, described security evaluation analysis module also is used for, at every kind of risk type information, obtain each risk data of this risk type information correspondence that comprises in the described scanning result, at each risk data of obtaining, according to this risk data corresponding level of security and first weighted value that is provided with in described security baseline, determine the level of security of this risk data correspondence and first product of first weighted value, first product that to determine at each risk data of obtaining and, be defined as the value-at-risk of the described network equipment on this kind risk type information, and output.
12. device as claimed in claim 11 is characterized in that, described security baseline administration module also is used for, and the every kind of risk type information that comprises in the described security baseline is provided with the second corresponding weighted value.
13. device as claimed in claim 12, it is characterized in that, described security evaluation analysis module also is used for, at every kind of risk type information, according to the value-at-risk of the described network equipment on this kind risk type information of determining, and second weighted value of this kind risk type information correspondence that comprises in the described security baseline, determine second product of second weighted value that the value-at-risk of the described network equipment on this kind risk type information is corresponding with this kind risk type information, second product that to determine at every kind of risk type information and, be defined as the integrated risk value of the described network equipment, and output.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011102104444A CN102238038A (en) | 2011-07-26 | 2011-07-26 | Network equipment security evaluation method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011102104444A CN102238038A (en) | 2011-07-26 | 2011-07-26 | Network equipment security evaluation method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102238038A true CN102238038A (en) | 2011-11-09 |
Family
ID=44888284
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2011102104444A Pending CN102238038A (en) | 2011-07-26 | 2011-07-26 | Network equipment security evaluation method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102238038A (en) |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103118003A (en) * | 2012-12-27 | 2013-05-22 | 北京神州绿盟信息安全科技股份有限公司 | Risk scanning method, device and system based on assets |
| CN103226470A (en) * | 2013-03-21 | 2013-07-31 | 北京神州绿盟信息安全科技股份有限公司 | Method and device for determining weighted value of check item based on BVS (benchmark verification system) |
| CN103517304A (en) * | 2012-06-28 | 2014-01-15 | 腾讯科技(深圳)有限公司 | Method and device for obtaining safe state of mobile terminal |
| CN103619012A (en) * | 2013-12-02 | 2014-03-05 | 中国联合网络通信集团有限公司 | Method and system for security assessment of mobile internet |
| CN105210078A (en) * | 2013-03-26 | 2015-12-30 | 韩国电子通信研究院 | Apparatus and method for quantifying vulnerability of a system |
| CN105915533A (en) * | 2016-05-23 | 2016-08-31 | 浪潮电子信息产业股份有限公司 | Method, device and system for security assessment |
| CN106656996A (en) * | 2016-11-09 | 2017-05-10 | 航天科工智慧产业发展有限公司 | Information safety risk assessment method |
| CN107294979A (en) * | 2017-06-29 | 2017-10-24 | 国家计算机网络与信息安全管理中心 | The network safety evaluation method and device verified based on configuration |
| CN107431718A (en) * | 2015-02-11 | 2017-12-01 | 霍尼韦尔国际公司 | Means and methods for providing possible causes, recommended actions, and potential impacts related to identified cybersecurity risk items |
| CN107534654A (en) * | 2015-02-11 | 2018-01-02 | 霍尼韦尔国际公司 | Apparatus and method for linking cybersecurity risk analysis to common risk methodologies and risk levels |
| CN107689954A (en) * | 2017-08-21 | 2018-02-13 | 国家电网公司 | Power information system monitoring method and device |
| CN103996006B (en) * | 2013-02-17 | 2018-09-04 | 中国移动通信集团山西有限公司 | A kind of method and apparatus of Evaluation of Information System Security Risk |
| CN109246125A (en) * | 2018-10-09 | 2019-01-18 | 郑州云海信息技术有限公司 | A kind of Host Security condition evaluation system |
| CN116132158A (en) * | 2023-02-08 | 2023-05-16 | 东北电力大学 | Power monitoring system network risk assessment method considering subareas |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101150432A (en) * | 2007-08-24 | 2008-03-26 | 北京启明星辰信息技术有限公司 | An information system risk evaluation method and system |
| CN101162993A (en) * | 2007-11-29 | 2008-04-16 | 哈尔滨工程大学 | Network risk analysis method |
| CN101174973A (en) * | 2006-10-31 | 2008-05-07 | 华为技术有限公司 | A network security management framework |
-
2011
- 2011-07-26 CN CN2011102104444A patent/CN102238038A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101174973A (en) * | 2006-10-31 | 2008-05-07 | 华为技术有限公司 | A network security management framework |
| CN101150432A (en) * | 2007-08-24 | 2008-03-26 | 北京启明星辰信息技术有限公司 | An information system risk evaluation method and system |
| CN101162993A (en) * | 2007-11-29 | 2008-04-16 | 哈尔滨工程大学 | Network risk analysis method |
Cited By (21)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103517304A (en) * | 2012-06-28 | 2014-01-15 | 腾讯科技(深圳)有限公司 | Method and device for obtaining safe state of mobile terminal |
| CN103118003B (en) * | 2012-12-27 | 2015-11-18 | 北京神州绿盟信息安全科技股份有限公司 | A kind of risk scan method, Apparatus and system based on assets |
| CN103118003A (en) * | 2012-12-27 | 2013-05-22 | 北京神州绿盟信息安全科技股份有限公司 | Risk scanning method, device and system based on assets |
| CN103996006B (en) * | 2013-02-17 | 2018-09-04 | 中国移动通信集团山西有限公司 | A kind of method and apparatus of Evaluation of Information System Security Risk |
| CN103226470B (en) * | 2013-03-21 | 2016-09-14 | 北京神州绿盟信息安全科技股份有限公司 | A kind of method and device determining check item weighted value based on BVS |
| CN103226470A (en) * | 2013-03-21 | 2013-07-31 | 北京神州绿盟信息安全科技股份有限公司 | Method and device for determining weighted value of check item based on BVS (benchmark verification system) |
| CN105210078A (en) * | 2013-03-26 | 2015-12-30 | 韩国电子通信研究院 | Apparatus and method for quantifying vulnerability of a system |
| CN105210078B (en) * | 2013-03-26 | 2018-07-24 | 韩国电子通信研究院 | Apparatus and method for quantifying vulnerability of a system |
| CN103619012B (en) * | 2013-12-02 | 2017-04-12 | 中国联合网络通信集团有限公司 | Method and system for security assessment of mobile internet |
| CN103619012A (en) * | 2013-12-02 | 2014-03-05 | 中国联合网络通信集团有限公司 | Method and system for security assessment of mobile internet |
| CN107431718A (en) * | 2015-02-11 | 2017-12-01 | 霍尼韦尔国际公司 | Means and methods for providing possible causes, recommended actions, and potential impacts related to identified cybersecurity risk items |
| CN107534654A (en) * | 2015-02-11 | 2018-01-02 | 霍尼韦尔国际公司 | Apparatus and method for linking cybersecurity risk analysis to common risk methodologies and risk levels |
| CN107534654B (en) * | 2015-02-11 | 2021-09-28 | 霍尼韦尔国际公司 | Apparatus and method for linking cyber-security risk analysis to common risk methodologies and risk levels |
| CN105915533A (en) * | 2016-05-23 | 2016-08-31 | 浪潮电子信息产业股份有限公司 | Method, device and system for security assessment |
| CN105915533B (en) * | 2016-05-23 | 2019-03-05 | 浪潮电子信息产业股份有限公司 | A security assessment method, device and system |
| CN106656996B (en) * | 2016-11-09 | 2020-09-15 | 航天科工智慧产业发展有限公司 | Information security risk assessment method |
| CN106656996A (en) * | 2016-11-09 | 2017-05-10 | 航天科工智慧产业发展有限公司 | Information safety risk assessment method |
| CN107294979A (en) * | 2017-06-29 | 2017-10-24 | 国家计算机网络与信息安全管理中心 | The network safety evaluation method and device verified based on configuration |
| CN107689954A (en) * | 2017-08-21 | 2018-02-13 | 国家电网公司 | Power information system monitoring method and device |
| CN109246125A (en) * | 2018-10-09 | 2019-01-18 | 郑州云海信息技术有限公司 | A kind of Host Security condition evaluation system |
| CN116132158A (en) * | 2023-02-08 | 2023-05-16 | 东北电力大学 | Power monitoring system network risk assessment method considering subareas |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102238038A (en) | Network equipment security evaluation method and device | |
| US11640324B2 (en) | Intelligent cloud management based on profile | |
| US11095675B1 (en) | System and method for identifying system vulnerabilities | |
| US11003563B2 (en) | Compliance testing through sandbox environments | |
| CN103383768A (en) | Agricultural product tracking service system based on mobile terminals | |
| CN103236951A (en) | Method and system for distributing and identifying optical network resource | |
| CN110347694B (en) | Equipment monitoring method, device and system based on Internet of things | |
| CN113590372A (en) | Log-based link tracking method and device, computer equipment and storage medium | |
| US9069819B1 (en) | Method and apparatus for reliable I/O performance anomaly detection in datacenter | |
| CN113783828A (en) | Business system monitoring method and device | |
| US11228614B1 (en) | Automated management of security operations centers | |
| US10007583B2 (en) | Generating a data structure to maintain error and connection information on components and use the data structure to determine an error correction operation | |
| CN107248042A (en) | Work attendance method, device and server | |
| CN103490978A (en) | Terminal, server and message monitoring method | |
| CN110555150A (en) | Data monitoring method, device, equipment and storage medium | |
| CN114157584A (en) | Cloud mobile phone monitoring method and device, electronic equipment and storage medium | |
| US20170017913A1 (en) | Managing data quality and compliance | |
| CA2785370A1 (en) | Meter access management system | |
| CN115190008B (en) | Fault processing method, fault processing device, electronic equipment and storage medium | |
| TR201603971A2 (en) | Monitoring of LV (Low Voltage) Electrical Infrastructure by Using GSM Communication Technology and Preventive Measures Method and System | |
| CN114328151B (en) | Operation and maintenance event relation mining method, device, equipment and medium | |
| CN106528487A (en) | Intelligent computer room management system | |
| CN115938090A (en) | Data warning method, device, electronic device and computer-readable storage medium | |
| CN104463517A (en) | Server and logistics data processing system and method | |
| CN115827699A (en) | Method, device and equipment for processing managed service data and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20111109 |