Unlock instant, AI-driven research and patent intelligence for your innovation.

A safe and controllable intranet security patrol system and method

An intranet and security technology, applied in transmission systems, electrical components, etc., to solve problems such as denial of service, lack of security reinforcement, and lack of boundary review mechanisms for intranet security products

Active Publication Date: 2021-11-30
GUANGZHOU UNIVERSITY
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] At present, the mainstream intranet security patrol system lacks an effective security boundary detection mechanism, so that when a destination IP address or an IP address range is given, it is easy to generate other non-target host systems outside the IP address or address range. Penetration testing and security auditing, sometimes not only fail to achieve the effect of security reinforcement, but even cause damage to the hosts in the core generation network, affecting the normal operation of the system business
[0005] At present, mainstream intranet security products lack a boundary audit mechanism and effective target host security detection and certification marks. When performing penetration testing and security assessment on intranet hosts, it may be due to the interconnection of internal LANs, which may lead to proliferation or wrong attacks. Some non-target host systems that are normally running are threatened by the intranet security patrol system
Some systems that do not want to be scanned and detected may accidentally damage the host system due to the running of the vulnerability verification script, resulting in information leakage, unauthorized access, and even automatic attack POC that paralyzes the system, such as: Eternal Blue (vulnerability number ms17-010) vulnerability verification script Can make the host of Windows system blue screen, resulting in denial of service

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A safe and controllable intranet security patrol system and method
  • A safe and controllable intranet security patrol system and method
  • A safe and controllable intranet security patrol system and method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0029] See attached figure 1 , the intranet security patrol server proposed by the present invention can be installed on the core switch of the intranet, which is convenient for the intranet security patrol server to manage the network devices in the intranet.

[0030] See attached figure 2 , the safe and controllable intranet security patrol system proposed by the present invention includes: an asset management module, a vulnerability scanning module, a security audit module and a network management module;

[0031] The asset management module is configured to receive the intranet asset identification information sent by the network equipment in the intranet.

[0032] The vulnerability scanning module is used to judge whether the network equipment in the intranet has the login credential information in the intranet asset mark, if so, then scan the network equipment for vulnerabilities; otherwise, do not scan the network equipment for vulnerabilities;

[0033] The security ...

Embodiment 2

[0041] On the basis of Embodiment 1, the intranet asset flag information further includes running flag information. After the intranet patrol server receives the operation flag, it registers the asset information as a credential for subsequent intrusion detection, security audit, and asset management.

[0042]The intranet security officer can use the network asset library unit in the asset management module to divide IT assets and create different asset libraries according to the attributes of the network equipment. Through the network asset library unit, intranet security officers can flexibly create intrusion detection tasks and security audit tasks. The network asset library unit supports asset management functions such as adding and deleting assets, and enables or customizes the intrusion detection of discovered network devices. Intranet security personnel can use the keyword search function to filter out qualified network devices and add them to the vulnerability scanning...

Embodiment 3

[0044] See attached image 3 , is a flow chart of the safe and controllable intranet patrol method proposed by the present invention. The intranet security patrol method includes:

[0045] Install the logo, that is, install the intranet asset logo on the network equipment in the intranet;

[0046] Vulnerability scanning, that is, judging whether the intranet asset mark includes login credential information; if so, performing vulnerability scanning on the network device; otherwise, not performing vulnerability scanning on the network device.

[0047] Security audit, performing a security audit on the vulnerability scanning device;

[0048] Security repair, performing a security repair operation on the vulnerability scanning device, the security repair includes: policy enhancement, version update, vulnerability repair and patch update.

[0049] The meanings of the terms in this embodiment are the same as those in Embodiment 1 and Embodiment 2 of the present invention. Here, ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The present invention relates to the field of computer security, in particular to a safe and controllable intranet security patrol system and method. The method installs an intranet asset mark on a network device in the intranet; judges whether the intranet asset mark includes a login credential information; if yes, execute vulnerability scan with login credential on the network device; otherwise, execute vulnerability scan without login credential on the network device. The present invention scans the network equipment in the intranet for vulnerabilities only when it meets specific conditions. The vulnerability scanning process accidentally damages the host system.

Description

technical field [0001] The invention relates to the field of computer security, in particular to a safe and controllable intranet security patrol system and method. Background technique [0002] With the increasingly widespread network applications, network security, especially "intranet security" has become one of the key issues faced by IT applications. Various products for intranet security represented by intranet patrol police are increasingly valued by users. [0003] As a network security product aimed at active management, control and monitoring of internal networks and private networks, the intranet security patrol system aims to solve the security management, security control, and behavior monitoring of private networks within enterprises and governments. and security control methods to effectively control the hidden dangers of the internal network with technical means. By monitoring and recording each network behavior, the hidden dangers of the network can be visua...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/1425H04L63/1433
Inventor 崔翔刘井强殷丽华谭庆丰姜誉王乐
Owner GUANGZHOU UNIVERSITY