The content of the invention
It is an object of the invention to provide a kind of terminal security module centralized management system, for solving the peace of current generationFull protection product is independent operating mostly, the problem of managing alone.
A kind of terminal security centralized management system of the present invention, wherein, including:Messaging bus, database, physical layer interface mouldBlock, security module and interface module;The messaging bus is used for the communication interaction with management terminal, routes data to management eventuallyEnd, while the data feedback of management terminal is received, give the data of return to physical layer interface module;The physical layer interface module is to be situated betweenTransitional module between messaging bus and security module, the data feedback of management terminal will be received to each son in security moduleModule, receives the instruction of the security module, and broadcasts data to the messaging bus;The security module is integrated with a variety of safety verificationsFunction, for carrying out security protection to place terminal;The interface module, for providing human-computer interaction interface.
According to the present invention terminal security centralized management system an embodiment, wherein, the messaging bus can also with it is outerPortion's management terminal carries out two-way authentication.
According to an embodiment of the terminal security centralized management system of the present invention, wherein, the physical layer interface module includes planSlightly interface, control interface, log interface and state interface;The control interface is used for the control command for receiving management terminal, willOrder passes to security module;The log interface is used for the call instruction for receiving management terminal, and the daily record of security module is sent outGive management terminal;The state interface is used for the instruction for receiving management terminal, and the reality of current safety module is fed back to management terminalWhen state.
According to an embodiment of the terminal security centralized management system of the present invention, wherein, the security module includes:It is outer in violation of rules and regulationsJoin control module, peripheral port control module, network control module, antivirus module, secure log module;The illegal external connection controlsModule is used to judge whether terminal is connected to network in violation of rules and regulations;Peripheral port control module is used to judge whether terminal accesses in violation of rules and regulationsExternal equipment;The network control module, the packet for terminal to be sent and received carry out traffic organising;The antivirus module is usedIt is viral in removing terminal;The secure log module is used to verify terminal landing information.
According to an embodiment of the terminal security centralized management system of the present invention, wherein, the network control module, with five yuanThe packet that group form sends and receives terminal carries out traffic organising.
According to the present invention terminal security centralized management system an embodiment, wherein, the messaging bus can also with it is outerPortion's management terminal, which carries out two-way authentication, to be included:Identity information is sent to management terminal by the messaging bus, and management terminal foundation obtainsThe identity information taken, judge the legitimacy of information, if legal, management terminal can send one to the messaging bus and contain identityConfirm mark, the key of user encryption and need the random sequence number returned next time;, will after the messaging bus receives dataThe data to be sent, this is after whether the key that end of identification and random sequence number are sent with server is encrypted, and sendsTo management terminal, management terminal returns to the random sequence number for receiving result mark and sending next time after receiving;The message is totalLine receives follow-up supervention and send data, circulates successively, until data are sent.
According to an embodiment of the terminal security centralized management system of the present invention, wherein, management terminal safeguards a time-outMechanism, does not receive the data of the messaging bus in time-out time, and the messaging bus needs to restart identifying procedure.
According to an embodiment of the terminal security centralized management system of the present invention, wherein, the interface module includes:SubmoduleRun shape module, submodule resource occupation module, security function scan module, submodule maintenance module, log audit module, planSlightly control module and safe scoring modules;Submodule operation shape module is used to show security module state;The submodule providesSource takes the dynamic occupied information that module is used to obtain security module;The security function scan module is used in query safe moduleThe quantity of submodule;The submodule maintenance module is used for the control operation for carrying out security module;The log audit module is used to showShow the Operation Log in terminal;In the strategy that the security module that the strategic control module is used for during display is currently running usesHold;The safe scoring modules are used to be based on the security module situation, carry out composite rating.
Among all kinds of security modules are uniformly operated in security system by terminal security module centralized management system of the present invention, collectionInto all kinds of security modules, realize that module is managed collectively, uniformly report daily record, Unified Policy to issue;Break information island, fusion is moreThe data of kind security module, there is provided integrated relational analysis is carried out based on Various types of data;Module service efficiency is improved, is pacified for terminalFull module centralized management system terminal, it is convenient for the user to operate.
Embodiment
To make the purpose of the present invention, content and advantage clearer, with reference to the accompanying drawings and examples, to the present invention'sEmbodiment is described in further detail.
Fig. 1 show terminal security centralized management system module map of the present invention, as shown in figure 1, the present invention is for current interiorThe a variety of security protection generic module independent operatings of portion's network, the present situation managed alone, design a kind of the new of centralized management security moduleThe system of theory.Terminal security module centralized management system and management end two parts can be divided.
As shown in figure 1, terminal security module centralized management system includes:Messaging bus 1, database 2, physical layer interface module3, security module 4 and interface module 5.
As shown in figure 1, messaging bus 1 is used for the communication interaction with management end, management end is routed data to, is received simultaneouslyThe data feedback of management end, give the data of return to physical layer interface module 3, it is ensured that the reliable secrecy transmission of data.Messaging bus 1Need to be shaken hands before data are sent, whole handshake procedure is completed by messaging bus 1, it is not necessary to which physical layer interface module 3 is carried outAny processing.
Fig. 2 show the flow chart of handshake procedure, as shown in Fig. 2 handshake procedure includes:Terminal security module is managed concentratedlySystem is sent to management end before transmitting data, by identity information, and management end judges information according to the identity information obtainedLegitimacy, if legal, management end can send one containing identity validation mark, use to terminal security module centralized management systemThe key and need the random sequence number returned next time that family is encrypted;
After terminal security module centralized management system receives data, the data that will send, this whether end of identification withAnd after the key that is sent with server of random sequence number is encrypted, management end is sent to, management end returns after receiving and receives knotThe random sequence number that fruit identifies and sent next time;
Terminal security module centralized management system receives follow-up supervention and send data, circulates successively, until data are sent;
Need to illustrate a bit, management end can safeguard a timeout mechanism, give tacit consent to 30 seconds, if do not received in 30 secondsThe data of terminal security module centralized management system, terminal security module centralized management system need to walk identifying procedure again.
As shown in figure 1, physical layer interface module 3 includes:Policy interface 31, control interface 32, log interface 33 and stateInterface 34.
Physical layer interface module 3 is the transition between messaging bus 1 and security module 4, will receive the data of management endEach submodule in security module 4 is fed back to, while receives the instruction of security module 4, message is passed to through physical layer interface module 3Bus 1, management end is sent data to by messaging bus 1.
Fig. 3 show the flow chart that terminal security module centralized management system processing management end sends data, such as Fig. 3 institutesShow, physical layer interface module 3 includes policy interface 31, control interface 32, log interface 33 and state interface 34.Policy interface 31Strategy for management end to be formulated carries out Preliminary Analysis, gives security module 4.
As shown in figure 3, control interface 32 is used for the control command for receiving management end, order is passed into security module 4, it is realEnabling and disables etc. for the submodule of existing remote secure module 4 operates.Log interface 33 is used for the call instruction for receiving management end,The daily record of security module 4 is sent to management end.State interface 34 is used for the instruction for receiving management end, is fed back to management end currentThe real-time status of security module 4.It should be noted that physical layer interface module 3 is general only to carry out Preliminary Analysis, specific data still byThe grade of security module 4 handles logical analysis.
Table 1 is the structure that terminal security module centralized management system sends packet, and the centralized management of terminal security module isSystem returns data to the package of management end, including packet header and data two parts.
Table 1
Data host type:The big Type division of current data, integer representation, strategy are that 1, control is 2, daily record 3, stateFor 4, can be extended again according to being actually needed;
Data subtypes:Specific division under a certain major class, integer representation, distribution thinking is with reference to host type;
System identifier:Terminal security module centralized management system ID values are identified, during by system registry to management end, by management endUnique ID of generation;
Send the time:The time that data are sent;
Send IP:The IP address of host side where security system;
Send MAC Address:The IP address of host side where security system;
Active user:Main frame current user information where system.
It should be noted that physical layer interface module 3 is completed without parsing, parsing work by security module 4.
As shown in figure 1, security module 4 includes:Illegal external connection control module 41, peripheral port control module 42, network controlMolding block 43, antivirus module 44, secure log module 45.Whether illegal external connection control module 41 is used for main frame where judging systemIt is connected in violation of rules and regulations on network.Peripheral port control module 42 is used to judge whether main frame where system accesses external equipment in violation of rules and regulations.Network control module 43, will be main where system for five-tuple (source IP, purpose IP, source port, destination interface, agreement) formThe packet that machine sends and receives carries out traffic organising.Antivirus module 44 is used to remove main frame virus.Secure log module 45 is usedVerified in place main frame logon information.
As shown in figure 1, security module 4 be responsible for realizing the installation of all kinds of submodules, startup, stopping, restarting, upgrading,The control functions such as unloading and offer report and submit the data interaction function such as data according to submodule running situation to management end.
Fig. 4 show the upgrading flow chart of security module, as shown in figure 4, before upgrading, it is necessary to be with management end confirmationNo to have AKU, the result returned according to management end carries out the download and installation of AKU.
Except above-mentioned control function, the interactive function when runtime system of security module 4 provides submodule operation, these functionsIncluding:Report and submit submodule bulk state:Each submodule running status of real-time report, including to management end and local graphical interfaces;ReceiveAnd perform control strategy:The long-range sending strategy of management end is received, and performs corresponding strategy;Receiving submodule runs control command:Receive control command, executive control operation;Control command may be from management end, it is also possible to come from local graphical interfaces;Receive log query condition and return to log recording:Querying command is received, returns to Query Result;Querying command may be from pipeManage end, it is also possible to come from local graphical interfaces.
As shown in figure 1, interface module 5, for providing human-computer interaction interface, concrete function is to send call instruction to operationWhen system, then by data display on graphical interfaces.Interface module 5 includes submodule operation shape module 51 and is used to show safetySubmodule bulk state, enable, disable.Submodule resource occupation module 52 is used to obtain the dynamic such as CPU, internal memory of safe submoduleOccupied information.Security function scan module 53 is used for inquiring about how much safe submodules are mounted with current system.Submodule is safeguardedModule 54 such as is used to realizing the startup of safe submodule, deactivation, upgrades, restarts at the control operation.Log audit module 55 is used to showShow the Operation Log in the machine.Strategic control module 56 is used for the strategy for showing that the safe submodule in being currently running usesContent.Safe scoring modules are used to be based on current safety submodule situation, carry out comprehensive grading.
Among all kinds of security modules are uniformly operated in security system by terminal security module centralized management system of the present invention, byManagement end is unified to be provided to each submodule policy control, the external O&M of log audit and displaying.Terminal security module is managed concentratedlySystem supports all security protection products to exist in the form of system sub-modules and driving, and has security system to carry out themThe function such as control, audit log collection and association analysis during operation, and security system also provides end host running status,It is the solution of a, audit safe to termination set and monitoring.All kinds of security modules are integrated, realize that module is managed collectively, systemOne reports daily record, Unified Policy to issue;Break information island, merge the data of a variety of security modules, there is provided based on Various types of dataCarry out integrated relational analysis;Module service efficiency is improved, for terminal security module centralized management system main frame, is easy to user to graspMake.
Described above is only the preferred embodiment of the present invention, it is noted that for the ordinary skill people of the artFor member, without departing from the technical principles of the invention, some improvement and deformation can also be made, these are improved and deformationAlso it should be regarded as protection scope of the present invention.