Unlock instant, AI-driven research and patent intelligence for your innovation.

Inspection method and equipment for security baseline

A security baseline and baseline technology, applied in the communication field, can solve problems such as security risks and configurations that do not meet security requirements, and achieve the effect of eliminating security risks

Active Publication Date: 2015-02-18
CHINA UNITED NETWORK COMM GRP CO LTD
View PDF1 Cites 11 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Because the changed configuration may not meet the security requirements, before being verified, there may be a security risk for A device and

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Inspection method and equipment for security baseline
  • Inspection method and equipment for security baseline
  • Inspection method and equipment for security baseline

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0025] An embodiment of the present invention provides a security baseline verification method, such as figure 2 As shown, wherein, the checked device is a device with SNMP (Simple Network Management Protocol, Simple Network Management Protocol) function, and the method may include:

[0026] Step 101, receiving the SNMP message sent by the checked device.

[0027] Step 102. Obtain a configuration change SNMP message carrying changed configuration parameters from the SNMP message; the configuration change SNMP message is sent when the configuration of the checked device is changed.

[0028] Step 103: If the changed configuration parameter carried in the configuration change SNMP message exceeds the security requirement range of the stored baseline check template, it is determined that the changed configuration parameter does not meet the security requirement.

[0029] The scope of the security requirements of the baseline verification template includes the security requiremen...

Embodiment 2

[0037] Another embodiment of the present invention provides a method for checking a security baseline, which is applied to a security baseline checking device ( Figure 3-b ), compared to the existing security baseline verification equipment ( Figure 3-a ) includes a system management module, a task configuration module, a template management module, a log module, a database module and a check module, and also includes a configuration change monitoring module, a message audit filter module, a comparison module, a version control module and a user configuration module, wherein the present invention adds The module will continue to be introduced later, the embodiment of the present invention is used to check the A device,

[0038] Such as Figure 4 As shown, the method may include:

[0039] Step 201. When starting up, the version control module stores the baseline check template, and executes step 202.

[0040] The baseline verification template is a current version control ...

Embodiment 3

[0064] An embodiment of the present invention provides a security baseline checking device 30, such as Figure 5 As shown, can include:

[0065] The configuration change monitoring module 301 is configured to receive the SNMP message sent by the checked device.

[0066] The message audit filtering module 302 is configured to obtain a configuration change SNMP message carrying changed configuration parameters from the SNMP message; the configuration change SNMP message is sent when the configuration of the checked device is changed.

[0067] The comparison module 303 is configured to determine that the changed configuration parameters do not meet the safety requirements if the changed configuration parameters carried in the configuration change SNMP message exceed the security requirement range of the stored baseline check template.

[0068] In this way, as long as the configuration is changed, the configuration parameter SNMP message carrying the changed configuration paramet...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an inspection method and equipment for a security baseline, and relates to the communication field. When the equipment configuration is changed in an operator network, it is positively inspected in time whether the changed configuration meets the safety requirements of the security baseline, so as to eliminate the potential safety hazard of the inspected equipment. The method comprises the steps of receiving an SNMP (Simple Network Management Protocol) message transmitted by the inspected equipment; obtaining a configuration change SNMP message with changed configuration parameters in the SNMP message, wherein the configuration change SNMP message is transmitted when the configuration of the inspected equipment is changed; if the changed configuration parameters taken in the configuration change SNMP message exceeds the scope of safety requirements of a stored baseline inspection template, determining that the changed configuration parameters do not meet the safety requirements. The inspection method and the inspection equipment for the security baseline provided by the invention are applicable to security baseline inspection.

Description

technical field [0001] The present invention relates to the communication field, in particular to a method and equipment for checking a safety baseline. Background technique [0002] With the increasingly rich network applications of operators and the continuous evolution of network technology architecture, various new security issues continue to emerge. Therefore, various security detection methods have emerged as the times require. Among them, security baseline verification is one of the most widely adopted approaches. [0003] At present, the security baseline check is performed manually or automatically according to the security requirements of the baseline check template and the configuration of the operator's network and each device when the configuration of each device in the operator's network changes, so as to check out the Whether the configuration of the network and each device meets the security requirements, wherein the baseline check template is a set of secur...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L12/24
Inventor 唐磊李姗姗贾亦辰马铮高枫白晓媛俞播姜楠
Owner CHINA UNITED NETWORK COMM GRP CO LTD