CN100536402C - Method and system for combining system managing and fragility scan - Google Patents
Method and system for combining system managing and fragility scan Download PDFInfo
- Publication number
- CN100536402C CN100536402C CNB2006100888808A CN200610088880A CN100536402C CN 100536402 C CN100536402 C CN 100536402C CN B2006100888808 A CNB2006100888808 A CN B2006100888808A CN 200610088880 A CN200610088880 A CN 200610088880A CN 100536402 C CN100536402 C CN 100536402C
- Authority
- CN
- China
- Prior art keywords
- scanning
- api
- scan
- management
- host
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Abstract
This invention relates to a method for combining a system management and weak scan and a system including: 1, a network scan engine, 2, a system management, 3, a display unit, 4, a journal analysis unit, in which, the window domain scanner system utilizes the strong function of the domain management in the weak scan and the management system to carry out weak scanning to the host in the domain and find out the hidden troubles and defects in the host more effectively to increase the accuracy and efficiency of scanning.
Description
Technical field
The present invention relates to the method and system that a kind of system management combines with vulnerability scanning, the present invention relates to computer network security field, the method and system that a kind of system management combines with vulnerability scanning, on the basis of management, increase the accuracy that vulnerability scanning improves vulnerability scanning, solve common vulnerability scanning instrument and can't detect the defective that passive attack utilizes.
Background technology
Existing leak is meant in the computer software (comprising operating system and application program etc.) defective of self or the configuration defective that causes because of improper use, and these defectives may be utilized by the hacker and invade or attack computer system.
The vulnerability scanning technology is to detect a kind of safe practice of long-range or local system leak.What network hole scanning was based on network carries out the system vulnerability scanning technique to distance host, and its advantage is easy to use, scanning engine need be installed on being scanned main frame just can scan main frame in the network.Its shortcoming is that the leak that can scan is few, for the local leak of similar IE and so on, does not authorize and then can't scan.Local system vulnerability scanning technology must be installed scanning engine being scanned on the main frame, its advantage is that scan capability is strong, can any resource of access system.
IDC investigation in 2004, the occupation rate of Microsoft on client operating system market is about 90%; The shock wave and the wave of oscillation worm that cause the Internet almost to be paralysed have utilized the leak of Windows just, and that the annual leak of finding of Windows has is up to a hundred individual.
The territory is the logical organization unit of window networking system, also is the logical organization unit of Internet, and in the Windows system, the territory is a secure border.Domain administrator can management domain the inside member, all there is the security strategy of oneself in each territory, and the safe trusting relationship in it and other territories.One " domain controller " (Domain Controller is abbreviated as DC) must be arranged in each territory, comprised by account, the password in this territory in the domain controller, belonged to the database that the information such as computer in this territory constitute.When computer was linked network, domain controller will differentiate at first whether this computer belongs to this territory, and whether the login account that the user uses exists, whether password is correct.If above information has equally incorrect, domain controller will be refused this user from this computer login so.
Summary of the invention
In order to overcome the deficiency of prior art structure, the invention provides the method and system that a kind of system management combines with vulnerability scanning.Purpose of the present invention is exactly a kind of method and system in conjunction with network hole scanning technique and the work of local vulnerability scanning technology synergy of design, increases substantially the ability and the efficient of network hole scanning technique.
For achieving the above object, the present invention has realized a kind of method and system by territory management function realization network and local vulnerability scanning combination, need not carry out profound level scanning to destination host under the situation that is scanned installation engine on the main frame.
The technical solution adopted for the present invention to solve the technical problems is:
This system comprises:
(1) scanning engine modular unit (hereinafter to be referred as scanning engine): be installed in the network, destination host carried out vulnerability scanning, analysis, have leak in the destination host then report display centre if detect according to the scanning probe rule of setting;
(2) System Management Unit: user oriented, realize the operating state of scanning engine is managed, controls and inquires about, scanning engine is issued scan task;
(3) display unit: report scanning result to user's reading scan engine, comprise the host information, the existing leak of this main frame and the total scan progress that scan;
(4) log analysis unit: with the extraction of classifying of the scanning result of history, provide multiple analysis means and masterplate, can produce the statistical of the needed uniqueness of user and analytical managerial report;
(5) updating and management unit: to the vulnerability database of scanning and the online upgrading of systemic-function renewal.
The method that a kind of system management combines with vulnerability scanning; May further comprise the steps:
Step 1: with domain administrator identity operation scanning engine;
Step 2: control centre and scanning engine connect, and issue scan task;
Step 3: main frame in the engine scanning field, and the result is reported to control centre;
Step 4: control centre hands to display centre with the result, writes database simultaneously and does with post analysis and use;
Step 5: report program carries out statistical analysis to historical data and handles by accessing database.
Beneficial effect of the present invention, the method and system that a kind of system management of being applied in this patent combines with vulnerability scanning is network vulnerability scanning of Windows territory and management system, the ease for use that had both had the network hole scanning system has the accuracy of local vulnerability scanning simultaneously.On former network hole scanning system, use the territory management, by the Windows netbios protocol, visit and get resource in the territory in the main frame, and the resource that is obtained is analyzed, by judging system whether patch is installed, whether whether the system file version is low excessively, wait the analysis means to come to scan more accurately leak and exist.
Network vulnerability scanning of Windows territory and management system (DSS:Domain Scanner System) mainly are the powers that has utilized the territory management in network vulnerability scanning and management system, long-range main frame in the territory is carried out vulnerability scanning, more effectively find the hidden danger and the defective that exist in the main frame, improve the accuracy and the scan efficiency of scanning.
Description of drawings
Below in conjunction with drawings and Examples invention is further specified.
Fig. 1. the implementation framework figure of system.
Fig. 2. the realization flow figure of system.
Embodiment
Embodiment: as shown in Figure 1 and Figure 2, with " control centre ", " display centre ", " database ", " log analysis " are installed in the machine; " scanning engine " is installed on the machine in the territory, lands the territory with the domain administrator identity, and the operation scanning engine.By ICP/IP protocol " control centre " is connected with " scanning engine ".
" control centre " formulates scan task, and scan task is issued to " scanning engine ", and " scanning engine " scans main frame in the territory, scanning result is uploaded to " control centre "." control centre " is saved to scanning result " database ", forwards the data to " display centre " simultaneously so that the user in time checks.The user can check historical scanning result analysis by " log analysis " module.
The method that a kind of system management combines with vulnerability scanning; May further comprise the steps:
1, with domain administrator authority login system, the operation scanning engine;
2, scanning mainly is to utilize the API that provides in the netbios protocol of Microsoft to realize the function of local scanning;
3, obtain destination host and share information by calling NetShareEnum API such as (), whether dangerous sharing;
4, obtain user profile by NetUseEnum API such as (), whether have the disabled user;
5, open the remote login table by RegOpenKeyEx (), RegQueryValueEx API such as (), the information in the visit remote login table is checked whether patch is installed;
6,, judge the system file version by the system file in fopen (), GetFi leAttributes API Access such as the () distance host;
7, utilize above these API can realize remote host system is conducted interviews, therefrom extract necessary information it is resolved, judge whether to have leak;
8, analysis finishes, and the result is reported to control centre and display centre.
Claims (1)
1, the method that combines with vulnerability scanning of a kind of system management is characterized in that may further comprise the steps:
(1) with domain administrator authority login system, the operation scanning engine;
(2) scanning utilizes the API that provides in the netbios protocol of Microsoft to realize local scanning;
(3) obtain destination host and share information by calling NetShareEnum () API, whether dangerous sharing;
(4) obtain user profile by NetUseEnum () API, whether have the disabled user;
(5) open the remote login table by RegOpenKeyEx (), RegQueryValueEx () API, the information in the visit remote login table is checked whether patch is installed;
(6), judge the system file version by the system file in fopen (), GetFileAttributes () the API Access distance host;
(7) utilize above these API to realize remote host system is conducted interviews, therefrom extract necessary information it is resolved, judge whether to have leak;
(8) analysis finishes, and the result is reported to control centre and display centre.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2006100888808A CN100536402C (en) | 2006-07-24 | 2006-07-24 | Method and system for combining system managing and fragility scan |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2006100888808A CN100536402C (en) | 2006-07-24 | 2006-07-24 | Method and system for combining system managing and fragility scan |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1901472A CN1901472A (en) | 2007-01-24 |
| CN100536402C true CN100536402C (en) | 2009-09-02 |
Family
ID=37657223
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2006100888808A Expired - Fee Related CN100536402C (en) | 2006-07-24 | 2006-07-24 | Method and system for combining system managing and fragility scan |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100536402C (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101964780B (en) * | 2010-01-28 | 2012-11-28 | 北京邮电大学 | Method and system for analyzing vulnerability of IP multimedia subsystem network |
| US8595822B2 (en) * | 2011-12-29 | 2013-11-26 | Mcafee, Inc. | System and method for cloud based scanning for computer vulnerabilities in a network environment |
| CN104821950B (en) * | 2015-05-12 | 2018-05-04 | 上海携程商务有限公司 | distributed host vulnerability scanning method |
| CN105681314A (en) * | 2016-01-29 | 2016-06-15 | 博雅网信(北京)科技有限公司 | Cloud environment security scanner and method |
| CN110311912B (en) * | 2019-07-01 | 2022-06-21 | 深信服科技股份有限公司 | Cloud server, intranet scanning client, system, intranet remote scanning method and device and storage medium |
-
2006
- 2006-07-24 CN CNB2006100888808A patent/CN100536402C/en not_active Expired - Fee Related
Non-Patent Citations (5)
| Title |
|---|
| .计算机应用,第23卷第7期. 2003 |
| 一个基于网络的脆弱性扫描系统. 刘海燕,杨洪路,王崛 |
| 一个基于网络的脆弱性扫描系统. 刘海燕,杨洪路,王崛;.计算机应用,第23卷第7期. 2003 * |
| 直击网络软肋. 个人电脑,第02期. 2004 |
| 直击网络软肋. 个人电脑,第02期. 2004 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1901472A (en) | 2007-01-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7448067B2 (en) | Method and apparatus for enforcing network security policies | |
| CN100536402C (en) | Method and system for combining system managing and fragility scan | |
| US8392963B2 (en) | Techniques for tracking actual users in web application security systems | |
| CA2742705C (en) | Method and system protecting against identity theft or replication abuse | |
| US20170195349A1 (en) | Platform for protecting small and medium enterprises from cyber security threats | |
| US7895319B2 (en) | Variable DNS responses based on client identity | |
| US10003975B2 (en) | Authorized areas of authentication | |
| DE202013102441U1 (en) | System for checking digital certificates | |
| EP2076078A2 (en) | Defining a boundary for wireless network using physical access control systems | |
| US20070162954A1 (en) | Network security system based on physical location | |
| US9858399B2 (en) | Group definition management system | |
| CN101193027A (en) | A single-point login system and method for integrated isomerous system | |
| US20080209566A1 (en) | Method and System For Network Vulnerability Assessment | |
| WO2007089786B1 (en) | Identifying unauthorized privilege escalations | |
| CN100512107C (en) | Security identification method | |
| CN107864112B (en) | Login security verification method and device | |
| WO2012063493A1 (en) | Vulnerability-diagnosis device | |
| KR20090044202A (en) | System and method for processing security for webservices detecting evasion attack by roundabout way or parameter alteration | |
| Deeptha et al. | Website Vulnerability Scanner | |
| KR102176324B1 (en) | Automatic Target Recognition And Screening System For Security Vulnerability Check and Its Method | |
| CN109543419B (en) | Method and device for detecting asset security | |
| US7734962B2 (en) | Secure problem resolution techniques for complex data response networks | |
| KR20120085684A (en) | Epc network authentication apparatus using reserve proxy and the method thereof | |
| Barceló et al. | Open-Source Security Testing Methodology Manual | |
| Nash | Backdoors and holes in network perimeters |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| ASS | Succession or assignment of patent right |
Owner name: BEIJING QIMINGXINCHEN INFORMATION SECURITY TECHNOL |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| COR | Change of bibliographic data |
Free format text: CORRECT: ADDRESS; FROM: 100081 NO 188, NO.12, ZHONGGUANCUN SOUTH AVENUE, HAIDIAN DISTRICT, BEIJING CITY TO: 100193 QIMINGXINGCHEN BUILDING, BUILDING 21, ZHONGGUANCUN SOFTWARE PARK, NO.8, DONGBEIWANG WEST ROAD, HAIDIAN DISTRICT, BEIJING CITY |
|
| TR01 | Transfer of patent right |
Effective date of registration: 20100507 Address after: 100193 Beijing city Haidian District Dongbeiwang qimingxingchenmansionproject Building No. 21 West Road No. 8 Zhongguancun Software Park Co-patentee after: Beijing Venusense Information Security Technology Co., Ltd. Patentee after: Beijing Venus Information Technology Co., Ltd. Address before: 100081 No. 12 South Avenue, Haidian District, Zhongguancun, No. 188, Beijing Patentee before: Beijing Venus Information Technology Co., Ltd. |
|
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20090902 Termination date: 20130724 |