检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
作 者:章思宇[1] 周育玲 刘楚彤 ZHANG Siyu;ZHOU Yuling;LIU Chutong(Shanghai Jiao Tong University,Shanghai 200240,China)
机构地区:[1]上海交通大学,上海200240
出 处:《通信技术》2021年第3期727-731,共5页Communications Technology
摘 要:云环境默认较强的网络隔离和访问控制提升了系统的安全性,也给漏洞扫描带来了挑战。通过对传统扫描流程的改造,将漏洞扫描系统与OpenStack私有云管理系统对接,利用浮动IP地址分配、安全组规则以及主机安全基线核查信息,引导扫描系统精准进行端口扫描和漏洞、弱口令检测。在具有数千云主机的真实私有云环境下的实验显示,改造后的方法可将开放端口检出数量提高14%,高危漏洞检出数量提升9.5%,充分发挥了云平台网络和安全策略集中管控的优势。Stricter network isolation and access control imposed by default in cloud computing environment strengthens system security,and also brings challenges to vulnerability scanning.To improve the scanning process,vulnerability scanner and OpenStack management system are better integrated.Floating IP addresses,security group rules and server baseline assessment information are used to guide the scanner to perform more accurate port scanning,vulnerability and weak password detection.Experiments in real-world private cloud with thousands of virtual servers indicate that,the improved method detected 14%more open ports and 9.5%more high-risk vulnerabilities,therefore fully leveraged the advantage of centralized network and security policy enforcement in cloud environment.
分 类 号:TP393.08[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.222
