Distributed storage method and device for privileged account

Abstract

The invention discloses a method for distributed storage of privileged accounts, which comprises the following steps: multi-level storage of privileged accounts; current privileged accounts stored on any level and any node are to be changed; judging whether the change conditions are met, if so, privilege The account is successfully updated and synchronized to two nodes that can be connected to the upper level, the same level, and the lower level; look up the node information table of the same level; determine whether there are other nodes of the same level that have not been updated, and if so, obtain the current Privileged account control right; judging whether the privileged account control right is obtained, if yes, proceed to the next step; judging whether the acquired node is updated, if yes, updating the node information table. The present invention also relates to a device for realizing the above method for distributed storage of privileged accounts. The invention can greatly improve the storage security of the privileged account, and at the same time, can also realize the requirement of nearby data modification and query, and improve the throughput capacity of the system.

Description

technical field [0001] The invention relates to the field of security management of privileged accounts, in particular to a method and device for distributed storage of privileged accounts. Background technique [0002] At present, the field of IT security is developing rapidly and constantly changing. There are more and more means of informatization security protection, and they are also becoming more and more advanced. However, the last line of defense for data information, the privileged account password has not been effectively protected and managed, and attackers can still enter the internal network of the enterprise through legal technical channels to steal valuable data. The trick they used was to know the leaked privileged account password. These high-privilege accounts, in addition to the personal accounts of employees, also include the underlying system accounts and application embedded accounts of the entire IT infrastructure of the enterprise or organization. ...

AI Technical Summary

Problems solved by technology

As a result, account passwords with high authority are always leaked, and data leakage incidents eventually occur

[0003] Privileged accounts refer to high-risk accounts (such as administrator accounts that can start and stop devices) or high-value accounts (such as application accounts that can read business-sensitive data). Existing privileged accounts are stored in databases. The high-reliability design of dual nodes will be adopted, which belongs to centralized storage; the modern large-scale distributed enterprise information system architecture has a large number of privileged accounts, which are distributed in multiple regions and network segments, and are all key production systems. The core element requires large concurrent real-time response, and the current storage structure is difficult to meet these demanding requirements at the same time

Images