Serial threat access management and control system and method

Abstract

The invention discloses a serial threat access management and control system and method, and the system comprises an application identification module and the like which are serially connected to a link between a test evaluation system and a tested network. An attack host in the test evaluation system generates attack data, according to a preset white list, the attack data which is identified by an application identification module and meets the white list condition can be packaged into a data packet through TCP/IP service, then a preset label is pressed into the data packet through a label press-fitting module, and the data packet enters the threat access management and control system through a gateway. And the label processing module identifies, processes and recycles the label, transmits an attack data packet to the data processing module, forwards the attack data packet and then enters a tested network for penetration test, and test data generated by the test can be directly returned to the test evaluation system through the gateway to form a service closed loop. A test evaluation means strictly controlled from a test source is adopted, the network state threat access management and control system at the beginning of evaluation is a unique, safe and controllable access channel between the test evaluation system and a tested network, and the safety of software and hardware environments of the tested network system in the test evaluation process is ensured on the basis of solving real-time data transmission.

Description

technical field [0001] The present invention relates to the field of cyberspace security, in particular to a serialized network threat access management and control system and method, and more specifically, to a network threat access management and control system for network security testing and evaluation and network virtualization shooting ranges. Background technique [0002] Faced with an increasingly complex network security environment and a wide variety of attack threats, more and more organizations and institutions realize that it is unrealistic to design an absolutely secure network system, and relying on a single defense method to respond passively after an attack occurs Unable to solve the security problem, the information system network needs to conduct an objective and comprehensive evaluation of its own security and flexibility. Under this demand situation, the test and evaluation research on network security has gradually become a research hotspot in the field ...

AI Technical Summary

Problems solved by technology

[0004] Network security test assessment is not only based on non-destructive assessment of security compliance, but also covers fierce intrusive penetration testing, etc. During the implementation process, it is inevitable to cause a certain degree of damage to the evaluated information system, some damage It is even irreversible, which is not conducive to the promotion of test evaluation technology

In network offensive and defensive confrontation activities, it is very difficult to strictly limit the use of designated technical means by both offensive and defensive parties. On the one hand, the data volume of attack tools is large, and there are high requirements for the delay of traffic entering the network under test. On the other hand, the attack data Once encapsulated into a data packet, it is difficult to be restored efficiently, resulting in a relatively high rate of false positives and false negatives in attack recognition

Images