Data center account maintenance system

Abstract

The invention discloses a data center account maintenance system, which comprises a data collector, wherein the data collector logs in a server at regular time, searches the storage position of an account in an operation system of the server, and obtains all accounts on the server; newly appearing server accounts are automatically increased; and the data collector automatically modifies passwordsof all the accounts at regular time. The data center operation and maintenance system has the advantages that account data can be comprehensively collected, all server accounts existing in a data center are acquired, and comprehensive risk evaluation is performed on the accounts; and account passwords are directly obtained from an operating system, and are compatible with all asset types of a datacenter through multiple password detection modes. The account password configuration strategy is preset in the data collector; data transmission is achieved through an API, seamless linkage with a bastion host is achieved, the data collector is rapidly integrated with a bastion host or other servers in a plug-in mode, and the data center account maintenance system can be suitable for a super-large-scale account management scene.

Description

Technical field [0001] The invention relates to the field of information security, in particular to a data center account maintenance system. Background technique [0002] This section is only for the convenience of understanding the content of the present invention and should not be regarded as prior art. [0003] According to different users of the network, the network can be divided into an external network (Internet) and an internal network (local area network). Intranet can be divided into office network and production network. The Internet behavior of office Internet is relatively developed, and it is prone to virus and network intrusion incidents. If office users and production users are on the same network, viruses and intrusions that occur on the office network will quickly spread to the production network with little obstacles, posing a great threat to production safety. Therefore, the office network and production network are also required to be isolated. The product...

AI Technical Summary

Problems solved by technology

3. WWW deception, the webpage being visited has been tampered with by hackers, and the information on the webpage is false! For example, the hacker rewrites the URL of the webpage that the user wants to browse to point to the hacker's own server. When the user browses the target webpage, it actually sends a request to the hacker's server.

4. Node attack, after the attacker breaks through a device, he often uses this device as a base to attack other devices

The problems of this abnormal event alarm mechanism are: 1. The fixed rules are rigid and unable to keep pace with the times

However, it is possible that the account needs to enter the data center for a temporary work task, and has been approved by the workflow engine to form an allowed operation, but the allowed operation is not a fixed rule, therefore, a legally allowed operation When the account logs in to the data center during the valid period specified by the non-fixed rules, the account dimension will send out an account abnormal event alarm

2. Alarms are only issued from a single dimension, and abnormal events in a single dimension cannot constitute abnormal behavior or attack behavior

The problems caused by these reasons mainly include: 1. High false positive rate. 2. Single-dimension abnormal event alarm. There is no information in other dimensions other than the information in this dimension. Therefore, it is impossible to judge whether the abnormal event is caused by an attack behavior. Abnormal event alarm low reference value

The high rate of false alarms and the low reference value of alarms lead to operation and maintenance personnel habitually ignoring abnormal event alarms, resulting in the alarm being useless

Images