CN111314308A - System security check method and device based on port analysis - Google Patents
System security check method and device based on port analysis Download PDFInfo
- Publication number
- CN111314308A CN111314308A CN202010057960.7A CN202010057960A CN111314308A CN 111314308 A CN111314308 A CN 111314308A CN 202010057960 A CN202010057960 A CN 202010057960A CN 111314308 A CN111314308 A CN 111314308A
- Authority
- CN
- China
- Prior art keywords
- port
- ports
- target
- analysis
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The disclosure relates to a system security check method and device based on port analysis. The method comprises the following steps: establishing a port analysis task based on preset parameters; extracting a plurality of target ports in a port analysis list based on the port analysis task; establishing connection with the target ports in sequence to acquire current data in the target ports; and carrying out safety inspection on the system based on the current data to generate an inspection result. The system security inspection method and device based on the port analysis can convert a large number of original manual analysis results into automatic management, greatly improve the daily security management efficiency, improve the data management accuracy and provide powerful data support for daily management.
Description
Technical Field
The present disclosure relates to the field of computer information processing, and in particular, to a method and an apparatus for system security check based on port analysis.
Background
The information port can be regarded as an outlet of the device for communicating with the outside. Ports can be divided into virtual ports, which refer to ports within a computer or within a switch router, and physical ports. The physical port, also called an interface, is a visible port. In daily safety test work, at least more than 30% of vulnerabilities classified as serious and high-risk are caused by improper configuration of service ports. Web services are generally identified by port numbers, and once a port is improperly configured, the port may be utilized by an ill-intentioned person, with the consequences often being severe. Such as sensitive data being stolen, server commands being executed arbitrarily, server rights being obtained illegally, etc.
An intruder will usually scan the ports of the target host by using a scanner to determine which ports are open, and from the open ports, the intruder can know which services are approximately provided by the target host, and guess about possible bugs, so that the scanning of the ports can help the system administrator to better know about the target host, and it is the first step of security protection for the system administrator to carefully check the open ports of all servers in the system one by one. However, for a large system, because there are many ports and many programs called by the ports, a system administrator manually checks the opening authority and software usage of each port one by one, which causes a lot of waste of time and money.
Therefore, a new method and apparatus for system security check based on port analysis are needed.
The above information disclosed in this background section is only for enhancement of understanding of the background of the disclosure and therefore it may contain information that does not constitute prior art that is already known to a person of ordinary skill in the art.
Disclosure of Invention
In view of this, the present disclosure provides a system security inspection method and apparatus based on port analysis, which can convert a large number of original manual analysis results into automatic management, greatly improve the daily security management efficiency, and simultaneously improve the data management accuracy, thereby providing powerful data support for daily management.
Additional features and advantages of the disclosure will be set forth in the detailed description which follows, or in part will be obvious from the description, or may be learned by practice of the disclosure.
According to an aspect of the present disclosure, a system security check method based on port analysis is provided, the method including: establishing a port analysis task based on preset parameters; extracting a plurality of target ports in a port analysis list based on the port analysis task; establishing connection with the target ports in sequence to acquire current data in the target ports; and carrying out safety inspection on the system based on the current data to generate an inspection result.
In an exemplary embodiment of the present disclosure, further comprising: taking the target port which does not meet the preset strategy in the inspection result as a risk port; determining a risk level of the risk port; and generating a security processing policy of the risk port according to the risk level.
In an exemplary embodiment of the present disclosure, further comprising: acquiring historical data of the target ports; and performing data analysis based on the historical data and the current data to generate an analysis result.
In an exemplary embodiment of the present disclosure, further comprising: and scanning the full number of ports according to the industry standard to obtain the information of the newly added ports.
In an exemplary embodiment of the present disclosure, the establishing of the port analysis task based on the preset parameter includes at least one of: establishing the port analysis task based on a preset time parameter; establishing the port analysis task based on preset port attribute parameters; and establishing the port analysis task based on the preset port attribute parameters.
In an exemplary embodiment of the present disclosure, extracting a plurality of target ports in a port analysis list based on the port analysis task further includes: and recording the internet protocol addresses of the total number of terminal ports, and generating the port analysis list.
In an exemplary embodiment of the present disclosure, extracting a plurality of target ports in a port analysis list based on the port analysis task includes: extracting a port identifier or a port internet protocol address range from the port analysis task; extracting a plurality of target ports from the port analysis list based on the port identification or the port internet protocol address range.
In an exemplary embodiment of the present disclosure, sequentially establishing a connection with the target ports to obtain current data in the target ports includes: acquiring a security key of a target port; establishing a connection with the target port based on the security key; and obtaining current data in the target port based on the connection.
In an exemplary embodiment of the disclosure, obtaining current data in the target port based on the connection includes: reading the data in the target port one by one to the local to generate the current data; and prejudging the data in the target port, and reading the data meeting the conditions to the local to generate the current data.
According to an aspect of the present disclosure, a system security inspection apparatus based on port analysis is provided, the apparatus including: the task module is used for establishing a port analysis task based on preset parameters; a port module for extracting a plurality of target ports in a port analysis list based on the port analysis task; the connection module is used for sequentially establishing connection with the target ports so as to acquire current data in the target ports; and the checking module is used for carrying out safety check on the system based on the current data and generating a checking result.
In an exemplary embodiment of the present disclosure, further comprising: the strategy module is used for taking a target port which does not meet a preset strategy in the inspection result as a risk port; determining a risk level of the risk port; and generating a security processing policy of the risk port according to the risk level.
In an exemplary embodiment of the present disclosure, further comprising: the analysis module is used for acquiring historical data of the target ports; and performing data analysis based on the historical data and the current data to generate an analysis result.
In an exemplary embodiment of the present disclosure, further comprising: and the newly added module is used for scanning the full number of ports according to the industry standard so as to obtain the information of the newly added ports.
According to an aspect of the present disclosure, an electronic device is provided, the electronic device including: one or more processors; storage means for storing one or more programs; when executed by one or more processors, cause the one or more processors to implement a method as above.
According to an aspect of the disclosure, a computer-readable medium is proposed, on which a computer program is stored, which program, when being executed by a processor, carries out the method as above.
According to the system security inspection method and device based on the port analysis, a port analysis task is established based on preset parameters; extracting a plurality of target ports in a port analysis list based on the port analysis task; establishing connection with the target ports in sequence to acquire current data in the target ports; and the mode of carrying out safety inspection on the system based on the current data to generate an inspection result can convert the original links of a large number of manual analysis results into automatic management, greatly improve the daily safety management efficiency, simultaneously improve the data management accuracy and provide powerful data support for daily management.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Drawings
The above and other objects, features and advantages of the present disclosure will become more apparent by describing in detail exemplary embodiments thereof with reference to the attached drawings. The drawings described below are merely some embodiments of the present disclosure, and other drawings may be derived from those drawings by those of ordinary skill in the art without inventive effort.
Fig. 1 is a system block diagram illustrating a method and apparatus for system security check based on port analysis according to an exemplary embodiment.
Fig. 2 is a flow diagram illustrating a method for system security checking based on port analysis in accordance with an exemplary embodiment.
Fig. 3 is a schematic diagram illustrating a system security check method based on port analysis according to an exemplary embodiment.
Fig. 4 is a flowchart illustrating a system security check method based on port analysis according to another exemplary embodiment.
Fig. 5 is a schematic diagram illustrating a system security check method based on port analysis according to another exemplary embodiment.
Fig. 6 is a block diagram illustrating a system security check device based on port analysis according to an example embodiment.
Fig. 7 is a block diagram illustrating a system security check device based on port analysis according to another exemplary embodiment.
FIG. 8 is a block diagram illustrating an electronic device in accordance with an example embodiment.
FIG. 9 is a block diagram illustrating a computer-readable medium in accordance with an example embodiment.
Detailed Description
Example embodiments will now be described more fully with reference to the accompanying drawings. Example embodiments may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of example embodiments to those skilled in the art. The same reference numerals denote the same or similar parts in the drawings, and thus, a repetitive description thereof will be omitted.
Furthermore, the described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. In the following description, numerous specific details are provided to give a thorough understanding of embodiments of the disclosure. One skilled in the relevant art will recognize, however, that the subject matter of the present disclosure can be practiced without one or more of the specific details, or with other methods, components, devices, steps, and so forth. In other instances, well-known methods and apparatus, implementations, or operations have not been shown or described in detail to avoid obscuring aspects of the disclosure.
The block diagrams shown in the figures are functional entities only and do not necessarily correspond to physically separate entities. I.e. these functional entities may be implemented in the form of software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor means and/or microcontroller means.
The flow charts shown in the drawings are merely illustrative and do not necessarily include all of the contents and operations/steps, nor do they necessarily have to be performed in the order described. For example, some operations/steps may be decomposed, and some operations/steps may be combined or partially combined, so that the actual execution sequence may be changed according to the actual situation.
It will be understood that, although the terms first, second, third, etc. may be used herein to describe various components, these components should not be limited by these terms. These terms are used to distinguish one element from another. Thus, a first component discussed below may be termed a second component without departing from the teachings of the disclosed concept. As used herein, the term "and/or" includes any and all combinations of one or more of the associated listed items.
It is to be understood by those skilled in the art that the drawings are merely schematic representations of exemplary embodiments, and that the blocks or processes shown in the drawings are not necessarily required to practice the present disclosure and are, therefore, not intended to limit the scope of the present disclosure.
Fig. 1 is a system block diagram illustrating a method and apparatus for system security check based on port analysis according to an exemplary embodiment.
As shown in fig. 1, the system architecture 10 may include terminal devices 101, 102, 103, a network 104, and a server 105. The network 104 serves as a medium for providing communication links between the terminal devices 101, 102, 103 and the server 105. Network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, to name a few.
The user may use the terminal devices 101, 102, 103 to interact with the server 105 via the network 104 to receive or send messages or the like. The terminal devices 101, 102, 103 may have various communication client applications installed thereon, such as a shopping application, a web browser application, a search application, an instant messaging tool, a mailbox client, social platform software, and the like.
The terminal devices 101, 102, 103 may be various electronic devices having a display screen and supporting web browsing, including but not limited to smart phones, tablet computers, laptop portable computers, desktop computers, and the like.
The server 105 may establish a port analysis task, for example, based on preset parameters; the server 105 may extract a plurality of target ports in a port analysis list, e.g., based on the port analysis task; the server 105 may, for example, sequentially establish connections with the plurality of target ports to obtain current data in the plurality of target ports; server 105 may perform a security check on the system, for example, based on the current data, generating a check result.
The server 105 may be a physical server, or may be composed of a plurality of servers, for example, it should be noted that the system security check method based on port analysis provided in the embodiment of the present disclosure may be executed by the server 105, and accordingly, a system security check device based on port analysis may be disposed in the server 105. And the web page end for providing web page browsing to the user is generally located in the terminal equipment 101, 102, 103.
Fig. 2 is a flow diagram illustrating a method for system security checking based on port analysis in accordance with an exemplary embodiment. The system security inspection method 20 based on port analysis includes at least steps S202 to S208.
As shown in fig. 2, in S202, a port analysis task is established based on preset parameters. The method comprises the following steps: establishing the port analysis task based on a preset time parameter; establishing the port analysis task based on preset port attribute parameters; and establishing the port analysis task based on the preset port attribute parameters.
For example, the administrator inputs the relevant parameters of the current system security check on the user interface, and then generates a port analysis task according to the relevant parameters to execute the current security check. The administrator may, for example, set the execution time of the security check, and more specifically, may choose to perform the security check when the system is not busy in the morning to avoid affecting normal business operations.
For example, the range of the terminal to be inspected for the security inspection may be set, the range of the terminal to be inspected may be determined based on an organization architecture and a hierarchy of a certain company, the terminal performing the port analysis task may be selected according to different part division attributes, and different terminal inspection levels may be assigned to different departments even if the security levels of the different departments are different.
For example, the port attribute of the security check is set to determine the range of the checked port, and for example, the port attribute range of the security check is determined to be 8022 port and 8080 port, then the two ports of all terminals of the company can be checked.
In S204, a plurality of target ports are extracted in a port analysis list based on the port analysis task.
In one embodiment, further comprising: and recording the internet protocol addresses of the total number of terminal ports, and generating the port analysis list. And (4) sorting all IP addresses of terminal ports of the whole company and the terminals to which the terminal ports belong, and generating a port analysis list.
In one embodiment, extracting a plurality of target ports in a port analysis list based on the port analysis task includes: extracting a port identifier or a port internet protocol address range from the port analysis task; extracting a plurality of target ports from the port analysis list based on the port identification or the port internet protocol address range.
In S206, connections are sequentially established with the target ports to obtain current data in the target ports. The method comprises the following steps: acquiring a security key of a target port; establishing a connection with the target port based on the security key; and obtaining current data in the target port based on the connection.
The server responsible for system security check can be assigned with security authority in advance, so that the server can have data reading authority with all terminals governed by the server.
Further, the server and the terminal may exchange keys one by one, respectively, and the server may store keys of different terminals in a table for calling.
In S208, a security check is performed on the system based on the current data, and a check result is generated.
In one embodiment, further comprising: and scanning the full number of ports according to the industry standard to obtain the information of the newly added ports. The newly added IP address may also be screened, and the newly added IP address has monitoring information of a plurality of dimensions, which may include: port opening condition, high-risk port alarm, newly-added port alarm and the like, and then combining the functions of statistics and analysis of historical monitoring data; and adding scanning task dimensions (including information such as scanning history and alarm quantity), and adding analysis and control capabilities of IP addresses and service units of all terminals in the system.
According to the system safety inspection method based on the port analysis, a port analysis task is established based on preset parameters; extracting a plurality of target ports in a port analysis list based on the port analysis task; establishing connection with the target ports in sequence to acquire current data in the target ports; and the mode of carrying out safety inspection on the system based on the current data to generate an inspection result can convert the original links of a large number of manual analysis results into automatic management, greatly improve the daily safety management efficiency, simultaneously improve the data management accuracy and provide powerful data support for daily management.
It should be clearly understood that this disclosure describes how to make and use particular examples, but the principles of this disclosure are not limited to any details of these examples. Rather, these principles can be applied to many other embodiments based on the teachings of the present disclosure.
Fig. 3 is a schematic diagram illustrating a system security check method based on port analysis according to an exemplary embodiment.
As shown in fig. 3, in one embodiment, the method further includes: taking the target port which does not meet the preset strategy in the inspection result as a risk port; determining a risk level of the risk port; and generating a security processing policy of the risk port according to the risk level.
More specifically, a port that is still working outside the working time range may be defined as a risk port, for example; defining ports that transmit sensitive data as risk ports, etc., may, for example, be securely processed.
In one embodiment, the risk level for a risk port may be generated, for example, based on the data transmitted by the risk port and the security level of the breach operation, and then the port may be modified and adjusted based on the risk level. Specifically, for example, the risk port is added to a blacklist, and the port is prohibited from accessing the internet again, and for example, the risk port is added to a monitoring list, so that the ports in the monitoring list are continuously monitored for a period of time.
For example, the functions of task management, monitoring data management, report output and the like can be integrated into one interface. The interface is newly added with data icon display capability, the monitoring data can be displayed in a dimension incapable manner, and simultaneously, an output report in an HTML format is newly added, so that the report reading capability of an administrator is greatly improved.
Fig. 4 is a flowchart illustrating a system security check method based on port analysis according to another exemplary embodiment. The flow shown in fig. 4 is a detailed description of S102 "" in the flow shown in fig. 2.
As shown in fig. 4, in S402, the current data in the target port is obtained based on the connection.
In S404, the data in the target port are read to local one by one to generate the current data. Based on the connection, all data in the target port are read to the local of the server for subsequent security analysis.
In one embodiment, server idle time may be utilized for security analysis, and the acquisition of the full amount of port data facilitates continuous security supervision of the port.
In S406, the data in the target port is pre-determined. And pre-judging the data in the target port according to a preset condition, providing the data which does not meet the condition, and only carrying out subsequent analysis on the data which meets the condition.
For example, by means of a preset condition, the normal data transmission content of the port is eliminated, and only the sensitive data content is subjected to subsequent analysis.
In S408, the data satisfying the condition is read locally to generate the current data. The method only extracts the sensitive data to carry out local analysis can greatly save the workload of the server and save bandwidth resources. However, this approach may also miss data, resulting in a miss in security checks.
The two modes of full data local storage and partial data local storage can be combined to operate, and different modes can be adopted for ports and terminals with different security levels.
Fig. 5 is a schematic diagram illustrating a system security check method based on port analysis according to an exemplary embodiment.
As shown in fig. 5, the method further includes: acquiring historical data of the target ports; and performing data analysis based on the historical data and the current data to generate an analysis result.
Specifically, for example, after the terminal port is scanned at this time, the data is brought into the historical scanning database, and after the port scanning is completed next time, the terminal can analyze the historical data, so that the conditions of the violation port and the newly added unreported port can be visually judged.
As shown in fig. 5, an information system port automatic detection and troubleshooting tool in the present disclosure performs a comprehensive port scanning operation on 590 desktop terminals of XX company, and scans 3 high-risk ports in a common investigation department, wherein 1 high-risk port belongs to a business department and 2 other high-risk ports belong to the business department; 2 newly added ports at the scanning common investigation place belong to the service department. And the searched dangerous terminals can be processed in time, so that the safety of the information network is guaranteed. Meanwhile, scanning data of ports of 590 terminals are brought into a historical scanning database, historical data analysis can be carried out on the ports of 590 desktop terminals after scanning of the ports of the next month is finished, and the conditions of violation ports and newly-added unreported ports can be visually judged.
Those skilled in the art will appreciate that all or part of the steps implementing the above embodiments are implemented as computer programs executed by a CPU. When executed by the CPU, performs the functions defined by the above-described methods provided by the present disclosure. The program may be stored in a computer readable storage medium, which may be a read-only memory, a magnetic or optical disk, or the like.
Furthermore, it should be noted that the above-mentioned figures are only schematic illustrations of the processes involved in the methods according to exemplary embodiments of the present disclosure, and are not intended to be limiting. It will be readily understood that the processes shown in the above figures are not intended to indicate or limit the chronological order of the processes. In addition, it is also readily understood that these processes may be performed synchronously or asynchronously, e.g., in multiple modules.
The following are embodiments of the disclosed apparatus that may be used to perform embodiments of the disclosed methods. For details not disclosed in the embodiments of the apparatus of the present disclosure, refer to the embodiments of the method of the present disclosure.
Fig. 6 is a block diagram illustrating a system security check device based on port analysis according to an example embodiment. As shown in fig. 6, the system security check device 60 based on port analysis includes: task module 602, port module 604, connection module 606, and check module 608.
The task module 602 is configured to establish a port analysis task based on preset parameters; the task module 602 is further configured to establish the port analysis task based on a preset time parameter; establishing the port analysis task based on preset port attribute parameters; and establishing the port analysis task based on the preset port attribute parameters.
The port module 604 is configured to extract a plurality of target ports in a port analysis list based on the port analysis task; the port module 604 is further configured to extract a port identifier or a port internet protocol address range from the port analysis task; extracting a plurality of target ports from the port analysis list based on the port identification or the port internet protocol address range.
The connection module 606 is configured to sequentially establish a connection with the multiple target ports to obtain current data in the multiple target ports; the connection module 606 is further configured to obtain a security key of the target port; establishing a connection with the target port based on the security key; and obtaining current data in the target port based on the connection.
The checking module 608 is configured to perform security checking on the system based on the current data, and generate a checking result.
Fig. 7 is a block diagram illustrating a system security check device based on port analysis according to another exemplary embodiment. As shown in fig. 7, the port analysis based system security check device 70 further includes, on the port analysis based system security check device 60: a policy module 702, an analysis module 704, and a new addition module 706.
The policy module 702 is configured to use a target port that does not satisfy a preset policy in the inspection result as a risk port; determining a risk level of the risk port; and generating a security processing policy of the risk port according to the risk level.
The analysis module 704 is configured to obtain historical data of the target ports; and performing data analysis based on the historical data and the current data to generate an analysis result.
The adding module 706 is configured to scan the full number of ports according to an industry standard to obtain information of the added ports.
According to the system safety inspection device based on the port analysis, a port analysis task is established based on preset parameters; extracting a plurality of target ports in a port analysis list based on the port analysis task; establishing connection with the target ports in sequence to acquire current data in the target ports; and the mode of carrying out safety inspection on the system based on the current data to generate an inspection result can convert the original links of a large number of manual analysis results into automatic management, greatly improve the daily safety management efficiency, simultaneously improve the data management accuracy and provide powerful data support for daily management.
FIG. 8 is a block diagram illustrating an electronic device in accordance with an example embodiment.
An electronic device 800 according to this embodiment of the disclosure is described below with reference to fig. 8. The electronic device 800 shown in fig. 8 is only an example and should not bring any limitations to the functionality and scope of use of the embodiments of the present disclosure.
As shown in fig. 8, electronic device 800 is in the form of a general purpose computing device. The components of the electronic device 800 may include, but are not limited to: at least one processing unit 810, at least one memory unit 820, a bus 830 connecting the various system components (including the memory unit 820 and the processing unit 810), a display unit 840, and the like.
Wherein the storage unit stores program code executable by the processing unit 810 to cause the processing unit 810 to perform steps according to various exemplary embodiments of the present disclosure described in the electronic prescription flow processing method section described above in this specification. For example, the processing unit 810 may perform the steps shown in fig. 2 and 4.
The memory unit 820 may include readable media in the form of volatile memory units such as a random access memory unit (RAM)8201 and/or a cache memory unit 8202, and may further include a read only memory unit (ROM) 8203.
The memory unit 820 may also include a program/utility 8204 having a set (at least one) of program modules 8205, such program modules 8205 including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each of which, or some combination thereof, may comprise an implementation of a network environment.
The electronic device 800 may also communicate with one or more external devices 800' (e.g., keyboard, pointing device, bluetooth device, etc.), with one or more devices that enable a user to interact with the electronic device 800, and/or with any devices (e.g., router, modem, etc.) that enable the electronic device 800 to communicate with one or more other computing devices. Such communication may occur via input/output (I/O) interfaces 850. Also, the electronic device 800 may communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network, such as the internet) via the network adapter 860. The network adapter 860 may communicate with other modules of the electronic device 800 via the bus 830. It should be appreciated that although not shown, other hardware and/or software modules may be used in conjunction with the electronic device 800, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data backup storage systems, among others.
Through the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments described herein may be implemented by software, or by software in combination with necessary hardware. Therefore, as shown in fig. 9, the technical solution according to the embodiment of the present disclosure may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (which may be a CD-ROM, a usb disk, a removable hard disk, etc.) or on a network, and includes several instructions to enable a computing device (which may be a personal computer, a server, or a network device, etc.) to execute the above method according to the embodiment of the present disclosure.
The software product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. A readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium include: an electrical connection having one or more wires, a portable disk, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
The computer readable storage medium may include a propagated data signal with readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A readable storage medium may also be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a readable storage medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Program code for carrying out operations for the present disclosure may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device and partly on a remote computing device, or entirely on the remote computing device or server. In the case of a remote computing device, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., through the internet using an internet service provider).
The computer readable medium carries one or more programs which, when executed by a device, cause the computer readable medium to perform the functions of: establishing a port analysis task based on preset parameters; extracting a plurality of target ports in a port analysis list based on the port analysis task; establishing connection with the target ports in sequence to acquire current data in the target ports; and carrying out safety inspection on the system based on the current data to generate an inspection result.
Those skilled in the art will appreciate that the modules described above may be distributed in the apparatus according to the description of the embodiments, or may be modified accordingly in one or more apparatuses unique from the embodiments. The modules of the above embodiments may be combined into one module, or further split into multiple sub-modules.
Through the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments described herein may be implemented by software, or by software in combination with necessary hardware. Therefore, the technical solution according to the embodiments of the present disclosure may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (which may be a CD-ROM, a usb disk, a removable hard disk, etc.) or on a network, and includes several instructions to enable a computing device (which may be a personal computer, a server, a mobile terminal, or a network device, etc.) to execute the method according to the embodiments of the present disclosure.
Exemplary embodiments of the present disclosure are specifically illustrated and described above. It is to be understood that the present disclosure is not limited to the precise arrangements, instrumentalities, or instrumentalities described herein; on the contrary, the disclosure is intended to cover various modifications and equivalent arrangements included within the spirit and scope of the appended claims.
Claims (10)
1. A system security check method based on port analysis is characterized by comprising the following steps:
establishing a port analysis task based on preset parameters;
extracting a plurality of target ports in a port analysis list based on the port analysis task;
establishing connection with the target ports in sequence to acquire current data in the target ports; and
and carrying out safety inspection on the system based on the current data to generate an inspection result.
2. The method of claim 1, further comprising:
taking the target port which does not meet the preset strategy in the inspection result as a risk port;
determining a risk level of the risk port; and
and generating a security processing strategy of the risk port according to the risk level.
3. The method of claim 1, further comprising:
acquiring historical data of the target ports;
and performing data analysis based on the historical data and the current data to generate an analysis result.
4. The method of claim 1, further comprising:
and scanning the full number of ports according to the industry standard to obtain the information of the newly added ports.
5. The method of claim 1, wherein establishing port analysis tasks based on preset parameters comprises at least one of:
establishing the port analysis task based on a preset time parameter;
establishing the port analysis task based on preset port attribute parameters;
and establishing the port analysis task based on the preset port attribute parameters.
6. The method of claim 1, wherein extracting a plurality of target ports in a port analysis list based on the port analysis task, further comprises:
and recording the internet protocol addresses of the total number of terminal ports, and generating the port analysis list.
7. The method of claim 6, wherein extracting a plurality of target ports in a port analysis list based on the port analysis task comprises:
extracting a port identifier or a port internet protocol address range from the port analysis task;
extracting a plurality of target ports from the port analysis list based on the port identification or the port internet protocol address range.
8. The method of claim 1, wherein establishing connections with the plurality of destination ports in sequence to obtain current data in the plurality of destination ports comprises:
acquiring a security key of a target port;
establishing a connection with the target port based on the security key; and
obtaining current data in the target port based on the connection.
9. The method of claim 8, wherein obtaining current data in the target port based on the connection comprises:
reading the data in the target port one by one to the local to generate the current data;
and prejudging the data in the target port, and reading the data meeting the conditions to the local to generate the current data.
10. A system safety check device based on port analysis is characterized by comprising:
the task module is used for establishing a port analysis task based on preset parameters;
a port module for extracting a plurality of target ports in a port analysis list based on the port analysis task;
the connection module is used for sequentially establishing connection with the target ports so as to acquire current data in the target ports; and
and the checking module is used for carrying out safety check on the system based on the current data to generate a checking result.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010057960.7A CN111314308A (en) | 2020-01-16 | 2020-01-16 | System security check method and device based on port analysis |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010057960.7A CN111314308A (en) | 2020-01-16 | 2020-01-16 | System security check method and device based on port analysis |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111314308A true CN111314308A (en) | 2020-06-19 |
Family
ID=71160343
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010057960.7A Pending CN111314308A (en) | 2020-01-16 | 2020-01-16 | System security check method and device based on port analysis |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111314308A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112637244A (en) * | 2021-01-08 | 2021-04-09 | 江苏天翼安全技术有限公司 | Threat detection method for common and industrial control protocols and ports |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106921680A (en) * | 2017-05-05 | 2017-07-04 | 腾讯科技(深圳)有限公司 | A kind of port scanning method and device |
| CN107038372A (en) * | 2016-11-14 | 2017-08-11 | 平安科技(深圳)有限公司 | Leaking data interface detection method and device |
| CN108200068A (en) * | 2018-01-08 | 2018-06-22 | 平安科技(深圳)有限公司 | Port monitoring method, apparatus, computer equipment and storage medium |
| CN108763916A (en) * | 2018-06-05 | 2018-11-06 | 阿里巴巴集团控股有限公司 | Business interface safety evaluation method and device |
-
2020
- 2020-01-16 CN CN202010057960.7A patent/CN111314308A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107038372A (en) * | 2016-11-14 | 2017-08-11 | 平安科技(深圳)有限公司 | Leaking data interface detection method and device |
| CN106921680A (en) * | 2017-05-05 | 2017-07-04 | 腾讯科技(深圳)有限公司 | A kind of port scanning method and device |
| CN108200068A (en) * | 2018-01-08 | 2018-06-22 | 平安科技(深圳)有限公司 | Port monitoring method, apparatus, computer equipment and storage medium |
| CN108763916A (en) * | 2018-06-05 | 2018-11-06 | 阿里巴巴集团控股有限公司 | Business interface safety evaluation method and device |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112637244A (en) * | 2021-01-08 | 2021-04-09 | 江苏天翼安全技术有限公司 | Threat detection method for common and industrial control protocols and ports |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109716343B (en) | Enterprise graphic method for threat detection | |
| CN109361711B (en) | Firewall configuration method and device, electronic equipment and computer readable medium | |
| US20220232040A1 (en) | Advanced cybersecurity threat mitigation using software supply chain analysis | |
| CN113489713B (en) | Network attack detection method, device, equipment and storage medium | |
| US20220014561A1 (en) | System and methods for automated internet-scale web application vulnerability scanning and enhanced security profiling | |
| CN103414585A (en) | Method and device for building safety baselines of service system | |
| Ezzati-Jivan et al. | A stateful approach to generate synthetic events from kernel traces | |
| CN112668010A (en) | Method, system and computing device for scanning industrial control system for bugs | |
| CN109684863B (en) | Data leakage prevention method, device, equipment and storage medium | |
| CN114024764A (en) | Monitoring method, monitoring system, equipment and storage medium for abnormal access of database | |
| CN109542764B (en) | Webpage automatic testing method and device, computer equipment and storage medium | |
| CN111586005A (en) | Scanner scanning behavior identification method and device | |
| CN113347060B (en) | Method, device and system for detecting power network fault based on process automation | |
| CN109067587B (en) | Method and device for determining key information infrastructure | |
| CN111314308A (en) | System security check method and device based on port analysis | |
| CN111488580A (en) | Potential safety hazard detection method and device, electronic equipment and computer readable medium | |
| CN116662987A (en) | Service system monitoring method, device, computer equipment and storage medium | |
| CN112733104B (en) | Account registration request processing method and device | |
| KR102541888B1 (en) | Image-based malicious code analysis method and apparatus and artificial intelligence-based endpoint detection and response system using the same | |
| CN113342619A (en) | Log monitoring method and system, electronic device and readable medium | |
| CN111858782A (en) | Database construction method, device, medium and equipment based on information security | |
| CN112738087A (en) | Attack log display method and device | |
| CN111582648A (en) | User policy generation method and device and electronic equipment | |
| CN112989403A (en) | Method, device and equipment for detecting database destruction and storage medium | |
| WO2024109136A1 (en) | Cloud computing technology-based digital asset security risk analysis method, and apparatus |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200619 |
|
| RJ01 | Rejection of invention patent application after publication |