Chinese name: Vulnerability scanning Title: Global Hawk belongs to: Interpretation of network information security: game meaning, definition, function, classification, technology, deployment mode, multi-level deployment, missed scanning results, main tools, vulnerability scanning function and the significance of defense and attack. If the network information security work is compared to a war, the vulnerability scanner is the "global hawk" hovering over the terminal equipment and network equipment in this war. Network security work is a game between defense and attack, and it is the cornerstone to ensure information security and smooth work. Only by timely and accurately examining the weak links of our informatization work and examining the loopholes and problems of our information platform can we take the lead and be invincible in this information security war. Only by doing our own safety well can we start our own business and ensure the steady operation of the company's business, which is the first step in the information age. Vulnerability scanner is the beginning to ensure the victory of this information war. It can timely and accurately detect the security of information platform infrastructure, ensure the smooth development of business, ensure the efficient and rapid development of business, and safeguard the security of all information assets of companies, enterprises and countries. Defining vulnerability scanning technology is an important network security technology. It cooperates with firewall and intrusion detection system, which can effectively improve network security. By scanning the network, the network administrator can understand the security settings and application services of the network, discover security vulnerabilities in time, and objectively evaluate the network risk level. Network administrators can correct network security vulnerabilities and wrong settings in the system according to the scanning results, and take precautions before hackers attack. If firewall and network monitoring system are passive defensive measures, then security scanning is active preventive measures, which can effectively avoid hacker attacks and nip in the bud. Function 1. Regular self-detection and evaluation of network security is equipped with a vulnerability scanning system. Network managers can regularly carry out network security testing services. Security detection can help customers eliminate security risks as much as possible, find security vulnerabilities and fix them as soon as possible, effectively use existing systems, optimize resources and improve network operation efficiency. 2. Inspection after installing new software and starting new services Due to various forms of vulnerabilities and security risks, installing new software and starting new services may expose hidden vulnerabilities. Therefore, after these operations are completed, the system should be scanned again to ensure safety. 3. Safety planning evaluation and effectiveness test before and after network construction and network transformation. Network builders must establish an overall security plan, command the overall situation and build a strategic position. Strike a proper balance between tolerable risk level and acceptable cost, and choose between various safety products and technologies. Equipped with network vulnerability scanning/network evaluation system, it is easy to conduct security planning evaluation and effectiveness test. 4. Network security test before undertaking important tasks. Before undertaking important tasks, the network should take more active security measures to prevent accidents, pay more attention to network security and information security from technology and management, form three-dimensional protection, change from passive repair to active prevention, and finally minimize the probability of accidents. Equipped with network vulnerability scanning/network evaluation system, security testing can be easily carried out. 5. Analysis and investigation after network security accidents. After the network security accident, we can identify the network vulnerabilities through the analysis of the network vulnerability scanning/network evaluation system, help make up the vulnerabilities, provide as much information as possible, and facilitate the investigation of the attack source. 6. Preparation before major network security incidents The network vulnerability scanning/network evaluation system before major network security incidents can help users find hidden dangers and vulnerabilities in the network in time and help users make up for the vulnerabilities in time. 7. Security check organized by public security and security departments The security of the Internet is mainly divided into two parts: network operation security and information security. The security of network operation mainly includes the security of 10 computer information systems such as ChinaNet, ChinaGBN and CNC, and the security of other private networks. Information security includes the security of man-machine systems, such as computers, servers and workstations connected to Inter for acquisition, processing, storage, transmission and retrieval. Network vulnerability scanning/network evaluation system can actively cooperate with the security inspection organized by public security and security departments. According to the different scanning methods, vulnerability scanning products are mainly divided into two categories: vulnerability scanning is not only the following three categories, but also 1 for WEB applications and middleware. Scanner for network 2. Scanner of host 3. Scanner for database Network-based scanner scans vulnerabilities in remote computers through the network; Host-based scanners install agents or services on the target system so that it can access all files and processes, which also enables host-based scanners to scan more vulnerabilities. Compared with the two, the vulnerability scanner based on network is relatively cheap; In the running process, the administrator of the target system does not need to participate, and nothing needs to be installed on the target system during the detection process; Simple maintenance. The loopholes in mainstream databases are gradually exposed, and the number is huge; Only the number of Oracle vulnerabilities published by CVE has reached more than 1 100; Database leak scanning can detect DBMS vulnerabilities, default configuration, privilege escalation vulnerabilities, buffer overflow, patches not upgraded and other vulnerabilities. Technology 1. Host Scan: Determine whether the host on the target network is online. 2. Port scanning: discover the open ports and services of remote hosts. 3.OS identification technology: identify the operating system according to information and protocol stack. 4. Vulnerability detection data collection technology: scanning by network, system and database. 5. Intelligent port identification, multi-service detection, security optimization scanning and system penetration scanning 6. Various database automatic checking technologies and database instance discovery technologies; 7. A variety of password generation technologies of 7.DBMS, providing password explosion library and realizing fast weak password detection method. Deployment mode For users such as e-commerce, e-government, education industry, small and medium-sized enterprises, independent IDC, etc., because of their relatively concentrated data and simple network structure, it is recommended to use the independent deployment mode. Independent deployment means that only one TopScanner device is deployed in the network, which can be used normally after being connected to the network and configured correctly. Its working scope usually includes the entire network address of the user's enterprise. Users can log in to the TopScanner system from any address and post scanning evaluation tasks. The address of the inspection task must be within the product and authorization range assigned to the user. The following figure shows the typical stand-alone deployment mode of the network guardian vulnerability scanning and management system. Multi-level deployment is aimed at * * * industry, military industry, electric power industry, telecom operators, financial industry, securities industry and some large traditional enterprises. Because of its complex organizational structure, many distribution points and relatively scattered data, the network structure adopted is more complicated. For some large-scale and distributed network users, it is recommended to use distributed deployment. Using multiple TopScanner systems to work together in a large network can share and summarize data between systems, which is convenient for users to centrally manage distributed networks. TopScanner supports users' decentralized and layered deployment at two levels. The following figure shows the typical decentralized deployment mode of the network guardian vulnerability scanning and management system. Missing scan results Vulnerability scan results are divided into: 1 recommended 2 optional 3 not recommended. Suggestion: It means that there are loopholes in the system, and patches need to be installed for repair, which is very important for computer security. It is recommended to install patches as soon as possible. Optional: indicates the situation of selectively repairing your own computer. For this patch, everyone should have a full understanding of the computer itself and then make selective repairs. Not recommended: it means that if these patches are fixed, the system may be blue screen and unable to start. Therefore, it is recommended that you do not fix these vulnerabilities, so as not to cause greater computer failures. Of course, these vulnerabilities are often not too harmful to computers. Main Tools There are many vulnerability scanning tools in the market. Among them, Qualys tool, which provides Saas services, is the first tool to provide customized scanning detection and reporting services based on cloud for various enterprises, including enterprise networks and website applications. In addition, FoundStone, Rapid7, Nessus and other manufacturers also have a high position in the industry and can provide relatively advanced services. Comparatively speaking, the technical level of some domestic scanning tools in scanning speed, completeness of problem discovery and false alarm rate needs to be further improved. However, at present, many domestic enterprises have also begun to try cloud customization services and opened up new markets. Vulnerability scanning function Vulnerability scanning is a necessary function of all PaaS and Infrastructure as a Service (IaaS) cloud services. Whether hosting applications in the cloud or running servers and storage infrastructure, users must assess the security status of systems exposed to the Internet. Most cloud providers agree to perform such scanning and testing, but this requires them to communicate and coordinate with customers and/or testers in advance to ensure that other tenants (users) will not encounter interruption events or be affected by performance.