Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Security baseline assessment method based on SCAP

A security baseline and baseline technology, applied in computer security devices, instruments, electrical digital data processing, etc., can solve problems such as spending a lot of time, delaying vulnerability repair time, and lack of interoperability.

Inactive Publication Date: 2014-07-16
ELECTRIC POWER RESEARCH INSTITUTE, CHINA SOUTHERN POWER GRID CO LTD +1
View PDF5 Cites 14 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

All of these factors complicate determining what security changes are required on each system, implementing those changes quickly, correctly, and consistently, and validating security configurations
[0007] 2. Slow response to threats
[0008] As of the beginning of 2014, as many as 60,805 software flaws have been added to the US National Vulnerability Database (NVD: National Vulnerability Database). Vulnerabilities are appearing faster and faster. Security vendors need to write their own security baseline assessments for new vulnerabilities. The rules of the tool, it takes a lot of time, and the enterprise cannot reconfigure the software or install the patch in time to eliminate the vulnerability
[0009] 3. Lack of interoperability
This lack of interoperability will lead to inconsistent security assessments, potentially delaying patching
[0011] 4. Lack of a baseline of system state
[0012] At present, most security baseline tools only check the security configuration of the baseline layer and the compliance of security vulnerabilities, and do not involve system status monitoring (processes, ports, accounts, files, etc.) in the security baseline baseline layer

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Security baseline assessment method based on SCAP
  • Security baseline assessment method based on SCAP
  • Security baseline assessment method based on SCAP

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0047] The technical solution of the present invention will be further described in detail below in conjunction with the accompanying drawings, but the protection scope of the present invention is not limited to the following description.

[0048] Such as figure 1 As shown, the SCAP-based security baseline assessment method includes the following steps:

[0049] S1: Asset identification: For the evaluated object, use the unified naming rules of common platform enumeration CPE to name, and build a bridge for common information compatibility and generality. For example, a 64-bit vista system can be named: cpe:2.3:o :microsoft:windows_vista:6.0:sp1:-:-:home_premium:-:x64:-.

[0050]S2: CVE vulnerability scanning: The content of the vulnerability scanning result of OVAL consists of two parts: the vulnerability definition of OVAL and the user's system characteristic information. OVAL's vulnerability definition mainly includes two elements: definitions and tests. OVAL system char...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a security baseline assessment method based on a SCAP. The security baseline assessment method based on the SCAP comprises the first step of asset identification, wherein rules are named through CPE for an assessed object, and the basic management foundation is provided for each assessment item, the second step of CVE, wherein CVE is carried out on the target object whose asset is assessed by using OVAL; the third step of CCE, wherein the security configuration of the asset is inspected by using an XCCDF, the fourth step of security scoring, wherein the security level of the asset is scored through a CVSS, and the fifth step of state baseline monitoring, wherein state baseline monitoring is carried out on the assessed target object reaching an established security baseline. By means of the security baseline assessment method based on the SCAP, the work of CVE, patch management and the like can be combined, and state baseline monitoring can be carried out on the assessed target object.

Description

technical field [0001] The present invention relates to a security baseline assessment method, in particular to a SCAP-based security baseline assessment that can realize the combination of vulnerability scanning, security baseline management, patch management, etc., and can monitor the status baseline of the assessed target object method. Background technique [0002] The daily security maintenance work of the system mainly includes: implementing the system baseline security configuration, continuing to monitor the system security configuration in real time, regularly performing vulnerability scanning, and checking the patch installation status, etc. Due to the huge number of information systems that need security maintenance, various security monitoring tools respond to new vulnerability threats at different speeds, and there is a lack of interoperability between different security monitoring tools. The same vulnerability is detected in different security monitoring tools....

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/57
CPCG06F21/577
Inventor 蒋屹新蒙家晓关泽武郭晓斌文红许爱东李鹏陈华军李腾飞
Owner ELECTRIC POWER RESEARCH INSTITUTE, CHINA SOUTHERN POWER GRID CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com